- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
SCC will be stored inside of the credentials file for later use on API calls.
This way we add system clone detection for systems using this version of SUSE
Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
information in SCC and proxies more accurate. (bsc#1196076)
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- aaa_base
-
- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
* The wrapper rootsh is not a restricted shell (bsc#1199492)
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
allow ICMP ping
- added patches
+ git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
current version which includes a rename of patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
as otherwise autopatch macro does not work anymore
- use autopatch
- update first two patches from git originals to have the
same apply depth as the rest:
- git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
- git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
- fix get_kernel_version.c to work also for recent kernels
on the s390/X platform (bsc#1191563)
- git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch
- support xz compressed kernel (bsc#1162581)
- git-38-4c0060639f6fa854830a708a823976772afe7764.patch
- Fixing possible resource leak
- git-39-df622b89bc92fd882a6715c5743095528a643546.patch
- excluding new kernel string in version search
- Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch:
* Add $HOME/.local/bin to PATH, if it exists (bsc#1192248)
- Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch
* sysctl.d/50-default.conf:
allow everybody to create IPPROTO_ICMP sockets (bsc#1174504)
- Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch
* sysctl.d/50-default.conf: fix ping_group_range syntax error
- Include all fixes and changes for systemwide inputrc to remove
the 8 bit escape sequence which interfere with UTF-8 multi byte
characters as well as support the vi mode of readline library.
This is done with the patches
* git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
* git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
before the changed patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
rename it to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
and also add the patches
* git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
* git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- amazon-ssm-agent
-
- Fix mangled ExlusiveArch field
- Update to version 3.1.1260.0
+ Added missing check for invalid S3 path parameter
+ Added support for domain join using a non-local username
+ Fixed broken links in README.md
+ Fixed ECS Exec issue where agent was using environment variables for credentials
+ Updated Ec2Detector test to query smbios directly for system information
- from version 3.1.1208.0
+ Updated ec2detector module to use Get-CmiInstance instead of wmic.exe
+ Fixed file creation mode of ssm-agent-users sudoer file (bsc#1196556, CVE-2022-29527)
- from version 3.1.1188.0
+ Added new ec2detector module to determine if agent is on EC2
+ Added support for port forwarding to remote host
+ Added quotes around inventory parameter ValueName on Windows
+ Fix for domain join DNS IP assignments in shared directories
+ Replaced namedpipe updater test with ec2detector test
- from version 3.1.1141.0
+ Add application inventory by file for Bottlerocket
+ Fix infinite retry logic to send failed replies in MGSInteractor
+ Remove usage of io/fs package
- from version 3.1.1080.0
+ (windows only) Remove symlink scan during update
- from version 3.1.1045.0
+ Fixed sourceHash validation for aws:application document plugin
+ Added document parameter validation for values passed to target document of aws:runDocument plugin
+ (windows only) Fix process leak when legacy cloudwatch plugin is enabled
+ (windows only) Fail installation if C:ProgramDataAmazonSSM has symlinks
- from version 3.1.1004.0
+ Added platform detection for Bottlerocket OS
+ Consolidated regional endpoint generation to common endpoint module
- from version 3.1.941.0
+ Added support for Rocky linux
+ Fixed sharefile/shareprofile not being propagated to updateutil
+ Fixed incorrect darwin platform detection post BigSur
+ Fixed log flush issue in updater
+ Updated .NET dependencies for domainjoin and cloudwatch (windows only)
+ Updated go version to 1.17.6
- from version 3.1.821.0
+ Implement new core module named MessageService to start processing commands from both MGS and MDS
* Merge functionalities from RunCommandService core module and Session core module.
* Receive run command documents through MGS if connected and fallback to MDS otherwise.
This functionality requires appropriate permissions for both endpoints and will be rolled
out gradually to end users.
* Provide filesystem based idempotency check to avoid duplicate run command document execution.
* Increase default run command pool buffer size from 1 to 5 to load additional documents
before-hand for processing.
+ Fix nil pointer deference panic produced in named pipe test case during agent update
+ Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop
- from version 3.1.804.0
+ Add support for upstart when running get-diagnostic command using ssm-cli
+ Fix systemctl service name to support older versions of systemctl
+ Include changes to facilitate testing
+ Update DNS server selection logic for seamless domain join on linux and darwin
+ Update go version to go1.17.5
+ Update golang sys package dependency
- from version 3.1.715.0
+ Derive default directories from appconfig on Darwin
+ Set x-bit on newly-created directories
- from version 3.1.634.0
+ Fix for ssm-setup-cli to be able to select service manager without the agent being installed
- from version 3.1.630.0
+ Added greengrass component recipe for the new SystemsManagerAgent component
+ Added support for registering agent on a greengrass device
+ Added support for downloading more than 1000 objects in downloadContent
+ Fixed retry logic for onprem and s3 upload
+ Fixed unit tests when running on Mac
+ Update AWS SDK to v1.41.4
+ Update logic to retrieve platform details for Rocky Linux
- from version 3.1.501.0
+ Add diagnostics command to ssm-cli
+ Fix caching for onprem credentials
+ Additional configuration options for Seamless Domain Join
+ Gracefully exit session if group of runas user is modified
+ Skip retries for cert validation errors in S3 HEAD requests
+ Fix DNS failures on CentOS 8.2
+ Update several dependencies
- from version 3.1.459.0
+ Fixed a bug with powershell command for Inventory
- from version 3.1.426.0
+ Fixed cpu spike issue manifesting on snap
+ Fixed issue with version comparison in EC2Config update plugin
+ Fixed panic when command output was being truncated
+ Updated build to use go1.16.8
+ Removed Profile from inventory powershell commands on Windows
- from version 3.1.338.0
+ Fix to eliminate WaitGroup reuse panic triggered during agent reboot
+ Fix to include applications without UninstallString in Inventory for Windows
+ Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand
+ Fixed a bug where RunCommand could delay executions for up to 15 minutes
- from version 3.1.282.0
+ Add serial port logging of AwsNitroEnclaves package version on windows during startup
+ Allow usage of existing loggroup/logstream when the user does not have create permission
+ Change service interrogate request log to debug
+ Cleanup old surveyor channel files on startup
+ Fix filehandle leak in windows leading to agent going offline
+ Fix to schedule correct next run time during orchestration directories cleanup
+ Fix to sequentially update correct runcount value in the document bookkeeping file
+ Fix a bug with version parsing EC2Config updater
+ Updated rpm packaging for fips compliance
- from version 3.1.192.0
+ Added darwin arm64 to makefile
+ Added logic to limit orchestration directory cleanup
+ Added packaging for public SSM Agent container image
+ Fixed cloudwatch endpoint for telemetry metrics requests
+ Fixed handling of Windows filepaths and mutex locks
+ Fixed agent worker handling of OS signals and termination channel requests
+ Updated datachannel retry strategy to not retry for a specific error scenario
+ Updated default gomaxproc value for Windows
+ Update build to use go1.16.6
- from version 3.1.127.0
+ Added a workaround for windows random halts
+ Fixed race condition during reboot document execution
- from version 3.1.90.0
+ Updated to version 3.1
+ Updated build to build statically linked binaries for linux 64bit
* Minimum supported linux kernel version for linux 64bit is 3.2+
+ Fixed permissions for docker config file
+ Fixed issue with ubuntu prerm and postinst scripts
+ Fixed issue where processor stop was being called twice
- from version 3.0.1390.0
+ Added config option to delete orchestration folder
+ Added snapcraft packaging config
+ Added workaround for aws:runDocument status bug
+ Added improved handling of file closure
+ Added support for go mod and updated build to use go 1.16.4
+ Fixed bug parsing vpce s3 urls
+ Refactored use of agent identity in agent cli
+ Updated check if agent is running as windows service
+ Updated handling of session cancellation to still send output to client side
+ Updated interactive session exit code logic to match non-interactive mode
+ Updated vendor dependencies
- Update directory path for GOPATH
- Update to version 3.0.1295.0
+ Added configurable custom identity and identity consumption order
+ Added cross-account domain join
+ Added cleanup for older versions of updater artifacts
+ Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching
+ Added a workaround for log file contention on Windows
+ Added synchronization to RunCommand service stop
+ Changed hibernation log level
+ MacOS executables are now signed
+ Removed delay in non-interactive session type
- apparmor
-
- update add-samba-bgqd.diff: to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
- add add-samba-bgqd.diff: add profile for samba-bgqd;
(bsc#1191532).
- fixed requires of python3 module (bsc#1191690).
- Don't provide python2 symbol for python3 package (bsc#1191690).
- Be explicit about using python2 macros, when needed.
- augeas
-
- add augeas-sysctl_parsing.patch (bsc#1197443)
* backport original patch and rebase
- support new chrony 4.1 options (jsc#SLE-17334)
augeas-new_options_for_chrony.patch
- Allow all printable ASCII characters in WPA-PSK definition
* augeas-allow_printable_ASCII.patch
* bsc#1187512
* Sourced from https://github.com/hercules-team/augeas/pull/723/commits
* Credit to Michal Filka <mfilka@suse.com
- autofs
-
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
Fix problem with quote handling
(bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
Fix locking problem that causes deadlock when sss used.
(bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
- autoyast2
-
- Fix detection disk serial and size in the "/disks"/ ERB helper
(bsc#1199000).
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.102
- Respect general/signature-handling settings during the 2nd
stage (bsc#1197655).
- 4.3.101
- Properly handle the "/dopackages"/ option in the openFile
method of the AyastSetup module (bsc#1196566).
- 4.3.100
- Avoid login while running AutoYaST init-scripts (bsc#1196594 and
related to bsc#1195059).
- 4.3.99
- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910)
- 4.3.98
- Modified init-scripts service dependencies fixing a root login
systemd timeout when installing with ssh (bsc#1195059)
- 4.3.97
- Fix handling of add-on signature settings, introduced when fixing
bsc#1192437 (bsc#1194881).
- 4.3.96
- Properly merge the autoupgrade workflow when using the online
medium (bsc#1192437, bsc#1194440).
- 4.3.95
- During autoupgrade merge the selected product workflow in order
to execute 2nd stage modules (bsc#1192437)
- 4.3.94
- Do not process the <add-on/> section during the 2nd stage
(bsc#1192185).
- 4.3.93
- Stop autoyast installation when registration failed on online
medium (bsc#1188211)
- 4.3.92
- Add the "/keep_unknown_lv"/ element to the partitioning schema
(bsc#1191968).
- 4.3.91
- Add the "/hostname"/ element to the rules schema (bsc#1190696).
- 4.3.90
- Ensure closing notification pop-ups even if a user script
was not executed to prevent "/No widget with ID ..."/ error pop-up
(bsc#1188930, bsc#1188716)
- 4.3.89
- Fixed handling of the "/final_reboot"/ and "/final_halt"/ options,
add the custom scripts only once and avoid displaying
a warning popup during installation (bsc#1188356)
- 4.3.88
- Copy the init-scripts to the right location during 1st stage
(bsc#1188360).
- 4.3.87
- avahi
-
- Downgrade python3-Twisted to a Recommends. It is not available
on SLED or PackageHub, and it is only needed by avahi-bookmarks
(bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
- aws-cli
-
- Update to version 1.24.4 (bsc#1199716)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.24.4/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.24.1
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.24.1/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.23.11
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.23.11/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.23.1
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.23.1/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.87
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.87/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.65
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.65/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.46
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.46/CHANGELOG.rst
- Add missing python-rpm-macros to BuildRequires
- Update Requires in spec file from setup.py
- Update to version 1.22.35
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.35/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.28
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.28/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.22.24
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.22.24/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.21.6
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.21.6/CHANGELOG.rst
- Relax upper version dependency for python-docutils in Requires
- Update Requires in spec file from setup.py
- Update to version 1.20.32
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.20.32/CHANGELOG.rst
- Fix rpmlint warnings
+ use defattr for default permissions
+ mark zsh completion file as a config file
- Use github download url as a Source0
- Update Requires in spec file from setup.py
- Update to version 1.20.7
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.20.7/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.20.7 (bsc#1189649)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.20.7/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.19.112
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.112/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.19.86
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.86/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.19.75
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.75/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.19.50
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.50/CHANGELOG.rst
- Update Requires in spec file from setup.py
- bind
-
- Security Fixes:
* Previously, there was no limit to the number of database lookups
performed while processing large delegations, which could be abused
to severely impact the performance of named running as a recursive
resolver. This has been fixed.
[bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
* A memory leak was fixed that could be externally triggered in the
DNSSEC verification code for the ECDSA algorithm.
[bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
* Memory leaks were fixed that could be externally triggered in the
DNSSEC verification code for the EdDSA algorithm.
[bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- Changed ownership of /var/lib/named/master from named:named to
root:root.
[bsc#1201247, bind.conf]
- When using forwarders, bogus NS records supplied by, or via, those
forwarders may be cached and used by named if it needs to recurse
for any reason, causing it to obtain and pass on potentially
incorrect answers.
[CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- Fixed CVE-2021-25219:
The lame-ttl option controls how long named caches certain types
of broken responses from authoritative servers (see the security
advisory for details). This caching mechanism could be abused by
an attacker to significantly degrade resolver performance. The
vulnerability has been mitigated by changing the default value of
lame-ttl to 0 and overriding any explicitly set value with 0,
effectively disabling this mechanism altogether. ISC's testing has
determined that doing that has a negligible impact on resolver
performance while also preventing abuse.
Administrators may observe more traffic towards servers issuing
certain types of broken responses than in previous BIND 9 releases.
[bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
- binutils
-
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
Adds binutils-add-efi-aarch64-1.diff,
binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
in crash not accepting some of our .ko.debug files.
- Add binutils-revert-rela.diff to revert back to old behaviour
of not ignoring the in-section content of to be relocated
fields on x86-64, even though that's a RELA architecture.
Compatibility with buggy object files generated by old tools.
[bsc#1198422]
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- Add binutils-revert-hlasm-insns.diff for compatibility on old
code stream that expect 'brcl 0,label' to not be disassembled
as 'jgnop label' on s390x. [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
(boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
PR28422, PR28192, PR28391. Also adds some s390x arch14
instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
binutils in different ways, adds binutils-compat-old-behaviour.diff
and adjusts binutils-revert-nm-symversion.diff and
binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
- -gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
- -sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses "/no
symbols"/ diagnostic.
- Includes fixes for these CVEs:
bnc#1181452 aka CVE-2021-20197 aka PR26945
bnc#1183511 aka CVE-2021-20284 aka PR26931
bnc#1184519 aka CVE-2021-20294 aka PR26929
bnc#1184620 aka CVE-2021-3487 aka PR26946
bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
- march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the "/variable section"/ from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
- -no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
- Includes fixes for these CVEs:
bnc#1179898 aka CVE-2020-16590 aka PR25821
bnc#1179899 aka CVE-2020-16591 aka PR25822
bnc#1179900 aka CVE-2020-16592 aka PR25823
bnc#1179901 aka CVE-2020-16593 aka PR25827
bnc#1179902 aka CVE-2020-16598 aka PR25840
bnc#1179903 aka CVE-2020-16599 aka PR25842
bnc#1180451 aka CVE-2020-35493 aka PR25307
bnc#1180454 aka CVE-2020-35496 aka PR25308
bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
* binutils-fix-relax.diff
* binutils-revert-nm-symversion.diff
* binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- blktrace
-
- Fix crash due to dropped first event while using pipe input (bsc#1191788).
* blkparse: skip check_cpu_map with pipe input
* blkparse: fix incorrectly sized memset in check_cpu_map
* Added:
- blkparse-skip-check_cpu_map-with-pipe-input.patch
- blkparse-fix-incorrectly-sized-memset-in-check_cpu_m.patch
- blog
-
- Update to version 2.26
* On s390/x and PPC64 gcc misses unused arg0
- Remove patch fcb9e0c2.patch as now part of tar ball
- Add upstream patch fcb9e0c2.patch
* On s390/x and PPC64 gcc misses unused arg0
- Update to version 2.24
* Avoid install errror due missed directory
- Update to version 2.22
* Avoid KillMode=none for newer systemd version as well as rework
the systemd unit files of blog (boo#1186506)
- Move to /usr for UsrMerge (boo#1191057)
- Update to version 2.21
* Merge pull request #4 from samueldr/fix/makefile
Fixup Makefile for better build system support
* Silent new gcc compiler
- ca-certificates-mozilla
-
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
Removed:
- Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CA:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
- chrony
-
- Fix config file handling in the spec file and remove "/ntsdumpdir"/
from default config, because augeas-lenses cannot parse it during
installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- boo#1187906: Consolidate all references to the helper script.
- Add now working CONFIG parameter to sysusers generator
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
can do all the other required crypto via nettle+gnutls. no need
for another crypto library.
- Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and "/reload sources"/ command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get "/maxsources"/
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add "/add pool"/ command
- Add "/reset sources"/ command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option "/version 3"/)
- Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
enable the new features)
- drop patches which are included in the update:
chrony-test-update-processing-of-packet-log.patch
chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
osc build --without=testsuite
testsuite still runs by default
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
- Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
not actually live below libexecdir.
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
- Fix incorrect download link for package signature
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
- fix chrony-service-helper.patch
- Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Update testsuite to version 58c5e8b
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
- Update clknetsim to revision 8b48422
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
- Update the keyring and uncomment it in the spec file
- Comment out bad signature
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
- Update clknetsim to revision 42b693b
* Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
- Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- cifs-utils
-
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
(bsc#1198976, CVE-2022-29869)
* add cifs-utils-CVE-2022-29869.patch
- CVE-2022-27239: mount.cifs: fix length check for ip option
parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
* add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- cloud-init
-
- Update to version 21.4 (bsc#1192343, jsc#PM-3181)
+ Also include VMWare functionality for (jsc#PM-3175)
+ Remove patches included upstream:
- cloud-init-purge-cache-py-ver-change.patch
- cloud-init-update-test-characters-in-substitution-unit-test.patch
+ Forward port:
- cloud-init-write-routes.patch
- cloud-init-no-tempnet-oci.patch
+ Add cloud-init-vmware-test.patch
- Test is system dependend, not properly mocked
+ Azure: fallback nic needs to be reevaluated during reprovisioning
(#1094) [Anh Vo]
+ azure: pps imds (#1093) [Anh Vo]
+ testing: Remove calls to 'install_new_cloud_init' (#1092)
+ Add LXD datasource (#1040)
+ Fix unhandled apt_configure case. (#1065) [Brett Holman]
+ Allow libexec for hotplug (#1088)
+ Add necessary mocks to test_ovf unit tests (#1087)
+ Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336)
+ distros: Remove a completed "/TODO"/ comment (#1086)
+ cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)
[dermotbradley]
+ Add "/install hotplug"/ module (SC-476) (#1069) (LP: #1946003)
+ hosts.alpine.tmpl: rearrange the order of short and long hostnames
(#1084) [dermotbradley]
+ Add max version to docutils
+ cloudinit/dmi.py: Change warning to debug to prevent console display
(#1082) [dermotbradley]
+ remove unnecessary EOF string in
disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele
Giuseppe Esposito]
+ Add module 'write-files-deferred' executed in stage 'final' (#916)
[Lucendio]
+ Bump pycloudlib to fix CI (#1080)
+ Remove pin in dependencies for jsonschema (#1078)
+ Add "/Google"/ as possible system-product-name (#1077) [vteratipally]
+ Update Debian security suite for bullseye (#1076) [Johann Queuniet]
+ Leave the details of service management to the distro (#1074)
[Andy Fiddaman]
+ Fix typos in setup.py (#1059) [Christian Clauss]
+ Update Azure _unpickle (SC-500) (#1067) (LP: #1946644)
+ cc_ssh.py: fix private key group owner and permissions (#1070)
[Emanuele Giuseppe Esposito]
+ VMware: read network-config from ISO (#1066) [Thomas Weißschuh]
+ testing: mock sleep in gce unit tests (#1072)
+ CloudStack: fix data-server DNS resolution (#1004)
[Olivier Lemasle] (LP: #1942232)
+ Fix unit test broken by pyyaml upgrade (#1071)
+ testing: add get_cloud function (SC-461) (#1038)
+ Inhibit sshd-keygen@.service if cloud-init is active (#1028)
[Ryan Harper]
+ VMWARE: search the deployPkg plugin in multiarch dir (#1061)
[xiaofengw-vmware] (LP: #1944946)
+ Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493)
+ Use specified tmp location for growpart (#1046) [jshen28]
+ .gitignore: ignore tags file for ctags users (#1057) [Brett Holman]
+ Allow comments in runcmd and report failed commands correctly (#1049)
[Brett Holman] (LP: #1853146)
+ tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050)
[Paride Legovini]
+ Allow disabling of network activation (SC-307) (#1048) (LP: #1938299)
+ renderer: convert relative imports to absolute (#1052) [Paride Legovini]
+ Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045)
[Vlastimil Holer]
+ integration-requirements: bump the pycloudlib commit (#1047)
[Paride Legovini]
+ Allow Vultr to set MTU and use as-is configs (#1037) [eb3095]
+ pin jsonschema in requirements.txt (#1043)
+ testing: remove cloud_tests (#1020)
+ Add andgein as contributor (#1042) [Andrew Gein]
+ Make wording for module frequency consistent (#1039) [Nicolas Bock]
+ Use ascii code for growpart (#1036) [jshen28]
+ Add jshen28 as contributor (#1035) [jshen28]
+ Skip test_cache_purged_on_version_change on Azure (#1033)
+ Remove invalid ssh_import_id from examples (#1031)
+ Cleanup Vultr support (#987) [eb3095]
+ docs: update cc_disk_setup for fs to raw disk (#1017)
+ HACKING.rst: change contact info to James Falcon (#1030)
+ tox: bump the pinned flake8 and pylint version (#1029)
[Paride Legovini] (LP: #1944414)
+ Add retries to DataSourceGCE.py when connecting to GCE (#1005)
[vteratipally]
+ Set Azure to apply networking config every BOOT (#1023)
+ Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603)
+ docs: fix typo and include sudo for report bugs commands (#1022)
[Renan Rodrigo] (LP: #1940236)
+ VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun]
+ Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798)
+ Integration test upgrades for the 21.3-1 SRU (#1001)
+ Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans]
+ Improve ug_util.py (#1013) [Shreenidhi Shedi]
+ Support openEuler OS (#1012) [zhuzaifangxuele]
+ ssh_utils.py: ignore when sshd_config options are not key/value pairs
(#1007) [Emanuele Giuseppe Esposito]
+ Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006)
+ cc_update_etc_hosts: Use the distribution-defined path for the hosts
file (#983) [Andy Fiddaman]
+ Add CloudLinux OS support (#1003) [Alexandr Kravchenko]
+ puppet config: add the start_agent option (#1002) [Andrew Bogott]
+ Fix `make style-check` errors (#1000) [Shreenidhi Shedi]
+ Make cloud-id copyright year (#991) [Andrii Podanenko]
+ Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi]
+ Update ds-identify to pass shellcheck (#979) [Andrew Kutz]
+ Azure: Retry dhcp on timeouts when polling reprovisiondata (#998)
[aswinrajamannar]
+ testing: Fix ssh keys integration test (#992)
- From 21.3
+ Azure: During primary nic detection, check interface status continuously
before rebinding again (#990) [aswinrajamannar]
+ Fix home permissions modified by ssh module (SC-338) (#984)
(LP: #1940233)
+ Add integration test for sensitive jinja substitution (#986)
+ Ignore hotplug socket when collecting logs (#985) (LP: #1940235)
+ testing: Add missing mocks to test_vmware.py (#982)
+ add Zadara Edge Cloud Platform to the supported clouds list (#963)
[sarahwzadara]
+ testing: skip upgrade tests on LXD VMs (#980)
+ Only invoke hotplug socket when functionality is enabled (#952)
+ Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz]
+ cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi]
+ Replace broken httpretty tests with mock (SC-324) (#973)
+ Azure: Check if interface is up after sleep when trying to bring it up
(#972) [aswinrajamannar]
+ Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi]
+ Azure: Logging the detected interfaces (#968) [Moustafa Moustafa]
+ Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz]
+ Azure: Limit polling network metadata on connection errors (#961)
[aswinrajamannar]
+ Update inconsistent indentation (#962) [Andrew Kutz]
+ cc_puppet: support AIO installations and more (#960) [Gabriel Nagy]
+ Add Puppet contributors to CLA signers (#964) [Noah Fontes]
+ Datasource for VMware (#953) [Andrew Kutz]
+ photon: refactor hostname handling and add networkd activator (#958)
[sshedi]
+ Stop copying ssh system keys and check folder permissions (#956)
[Emanuele Giuseppe Esposito]
+ testing: port remaining cloud tests to integration testing framework
(SC-191) (#955)
+ generate contents for ovf-env.xml when provisioning via IMDS (#959)
[Anh Vo]
+ Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski]
+ Implementing device_aliases as described in docs (#945)
[Mal Graty] (LP: #1867532)
+ testing: fix test_ssh_import_id.py (#954)
+ Add ability to manage fallback network config on PhotonOS (#941) [sshedi]
+ Add VZLinux support (#951) [eb3095]
+ VMware: add network-config support in ovf-env.xml (#947) [PengpengSun]
+ Update pylint to v2.9.3 and fix the new issues it spots (#946)
[Paride Legovini]
+ Azure: mount default provisioning iso before try device listing (#870)
[Anh Vo]
+ Document known hotplug limitations (#950)
+ Initial hotplug support (#936)
+ Fix MIME policy failure on python version upgrade (#934)
+ run-container: fixup the centos repos baseurls when using http_proxy
(#944) [Paride Legovini]
+ tools: add support for building rpms on rocky linux (#940)
+ ssh-util: allow cloudinit to merge all ssh keys into a custom user
file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito]
(LP: #1911680)
+ VMware: new "/allow_raw_data"/ switch (#939) [xiaofengw-vmware]
+ bump pycloudlib version (#935)
+ add renanrodrigo as a contributor (#938) [Renan Rodrigo]
+ testing: simplify test_upgrade.py (#932)
+ freebsd/net_v1 format: read MTU from root (#930) [Gonéri Le Bouder]
+ Add new network activators to bring up interfaces (#919)
+ Detect a Python version change and clear the cache (#857)
[Robert Schweikert]
+ cloud_tests: fix the Impish release name (#931) [Paride Legovini]
+ Removed distro specific network code from Photon (#929) [sshedi]
+ Add support for VMware PhotonOS (#909) [sshedi]
+ cloud_tests: add impish release definition (#927) [Paride Legovini]
+ docs: fix stale links rename master branch to main (#926)
+ Fix DNS in NetworkState (SC-133) (#923)
+ tests: Add 'adhoc' mark for integration tests (#925)
+ Fix the spelling of "/DigitalOcean"/ (#924) [Mark Mercado]
+ Small Doc Update for ReportEventStack and Test (#920) [Mike Russell]
+ Replace deprecated collections.Iterable with abc replacement (#922)
(LP: #1932048)
+ testing: OCI availability domain is now required (SC-59) (#910)
+ add DragonFlyBSD support (#904) [Gonéri Le Bouder]
+ Use instance-data-sensitive.json in jinja templates (SC-117) (#917)
(LP: #1931392)
+ doc: Update NoCloud docs stating required files (#918) (LP: #1931577)
+ build-on-netbsd: don't pin a specific py3 version (#913)
[Gonéri Le Bouder]
+ Create the log file with 640 permissions (#858) [Robert Schweikert]
+ Allow braces to appear in dhclient output (#911) [eb3095]
+ Docs: Replace all freenode references with libera (#912)
+ openbsd/net: flush the route table on net restart (#908)
[Gonéri Le Bouder]
+ Add Rocky Linux support to cloud-init (#906) [Louis Abel]
+ Add "/esposem"/ as contributor (#907) [Emanuele Giuseppe Esposito]
+ Add integration test for #868 (#901)
+ Added support for importing keys via primary/security mirror clauses
(#882) [Paul Goins] (LP: #1925395)
+ [examples] config-user-groups expire in the future (#902)
[Geert Stappers]
+ BSD: static network, set the mtu (#894) [Gonéri Le Bouder]
+ Add integration test for lp-1920939 (#891)
+ Fix unit tests breaking from new httpretty version (#903)
+ Allow user control over update events (#834)
+ Update test characters in substitution unit test (#893)
+ cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886)
[dermotbradley]
+ Add AlmaLinux OS support (#872) [Andrew Lukoshko]
- systemctl location (bsc#1193531)
- Add cloud-init-sysctl-not-in-bin.patch
- The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
- Update to version 21.2 (bsc#1186004)
+ Remove patches included upstream:
- cloud-init-azure-def-usr-pass.patch
- cloud-init-after-kvp.diff
- cloud-init-recognize-hpc.patch
- use_arroba_to_include_sudoers_directory-bsc_1181283.patch
- cloud-init-bonding-opts.patch
- cloud-init-log-file-mode.patch
- cloud-init-no-pwd-in-log.patch
- 0001-templater-drop-Jinja-Python-2-compatibility-shim.patch
+ Remove cloud-init-sle12-compat.patch, version in SLE 12 is frozen to 20.2
+ Remove cloud-init-tests-set-exec.patch no longer needed
+ Forward port:
- cloud-init-write-routes.patch
- cloud-init-break-resolv-symlink.patch
- cloud-init-sysconf-path.patch
- cloud-init-no-tempnet-oci.patch
+ Add rn check for SSH keys in Azure (#889)
+ Revert "/Add support to resize rootfs if using LVM (#721)"/ (#887)
(LP: #1922742)
+ Add Vultaire as contributor (#881) [Paul Goins]
+ Azure: adding support for consuming userdata from IMDS (#884) [Anh Vo]
+ test_upgrade: modify test_upgrade_package to run for more sources (#883)
+ Fix chef module run failure when chef_license is set (#868) [Ben Hughes]
+ Azure: Retry net metadata during nic attach for non-timeout errs (#878)
[aswinrajamannar]
+ Azure: Retrieve username and hostname from IMDS (#865) [Thomas Stringer]
+ Azure: eject the provisioning iso before reporting ready (#861) [Anh Vo]
+ Use `partprobe` to re-read partition table if available (#856)
[Nicolas Bock] (LP: #1920939)
+ fix error on upgrade caused by new vendordata2 attributes (#869)
(LP: #1922739)
+ add prefer_fqdn_over_hostname config option (#859)
[hamalq] (LP: #1921004)
+ Emit dots on travis to avoid timeout (#867)
+ doc: Replace remaining references to user-scripts as a config module
(#866) [Ryan Harper]
+ azure: Removing ability to invoke walinuxagent (#799) [Anh Vo]
+ Add Vultr support (#827) [David Dymko]
+ Fix unpickle for source paths missing run_dir (#863)
[lucasmoura] (LP: #1899299)
+ sysconfig: use BONDING_MODULE_OPTS on SUSE (#831) [Jens Sandmann]
+ bringup_static_routes: fix gateway check (#850) [Petr Fedchenkov]
+ add hamalq user (#860) [hamalq]
+ Add support to resize rootfs if using LVM (#721)
[Eduardo Otubo] (LP: #1799953)
+ Fix mis-detecting network configuration in initramfs cmdline (#844)
(LP: #1919188)
+ tools/write-ssh-key-fingerprints: do not display empty header/footer
(#817) [dermotbradley]
+ Azure helper: Ensure Azure http handler sleeps between retries (#842)
[Johnson Shi]
+ Fix chef apt source example (#826) [timothegenzmer]
+ .travis.yml: generate an SSH key before running tests (#848)
+ write passwords only to serial console, lock down cloud-init-output.log
(#847) (LP: #1918303)
+ Fix apt default integration test (#845)
+ integration_tests: bump pycloudlib dependency (#846)
+ Fix stack trace if vendordata_raw contained an array (#837) [eb3095]
+ archlinux: Fix broken locale logic (#841)
[Kristian Klausen] (LP: #1402406)
+ Integration test for #783 (#832)
+ integration_tests: mount more paths IN_PLACE (#838)
+ Fix requiring device-number on EC2 derivatives (#836) (LP: #1917875)
+ Remove the vi comment from the part-handler example (#835)
+ net: exclude OVS internal interfaces in get_interfaces (#829)
(LP: #1912844)
+ tox.ini: pass OS_* environment variables to integration tests (#830)
+ integration_tests: add OpenStack as a platform (#804)
+ Add flexibility to IMDS api-version (#793) [Thomas Stringer]
+ Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
[Paride Legovini] (LP: #1916629)
+ doc: remove duplicate "/it"/ from nocloud.rst (#825) [V.I. Wood]
+ archlinux: Use hostnamectl to set the transient hostname (#797)
[Kristian Klausen]
+ cc_keys_to_console.py: Add documentation for recently added config key
(#824) [dermotbradley]
+ Update cc_set_hostname documentation (#818) [Toshi Aoyama]
From 21.1
+ Azure: Support for VMs without ephemeral resource disks. (#800)
[Johnson Shi] (LP: #1901011)
+ cc_keys_to_console: add option to disable key emission (#811)
[Michael Hudson-Doyle] (LP: #1915460)
+ integration_tests: introduce lxd_use_exec mark (#802)
+ azure: case-insensitive UUID to avoid new IID during kernel upgrade
(#798) (LP: #1835584)
+ stale.yml: don't ask submitters to reopen PRs (#816)
+ integration_tests: fix use of SSH agent within tox (#815)
+ integration_tests: add UPGRADE CloudInitSource (#812)
+ integration_tests: use unique MAC addresses for tests (#813)
+ Update .gitignore (#814)
+ Port apt cloud_tests to integration tests (#808)
+ integration_tests: fix test_gh626 on LXD VMs (#809)
+ Fix attempting to decode binary data in test_seed_random_data test (#806)
+ Remove wait argument from tests with session_cloud calls (#805)
+ Datasource for UpCloud (#743) [Antti Myyrä]
+ test_gh668: fix failure on LXD VMs (#801)
+ openstack: read the dynamic metadata group vendor_data2.json (#777)
[Andrew Bogott] (LP: #1841104)
+ includedir in suoders can be prefixed by "/arroba"/ (#783)
[Jordi Massaguer Pla]
+ [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware]
+ Revert integration test associated with reverted #586 (#784)
+ Add jordimassaguerpla as contributor (#787) [Jordi Massaguer Pla]
+ Add Rick Harding to CLA signers (#792) [Rick Harding]
+ HACKING.rst: add clarifying note to LP CLA process section (#789)
+ Stop linting cloud_tests (#791)
+ cloud-tests: update cryptography requirement (#790) [Joshua Powers]
+ Remove 'remove-raise-on-failure' calls from integration_tests (#788)
+ Use more cloud defaults in integration tests (#757)
+ Adding self to cla signers (#776) [Andrew Bogott]
+ doc: avoid two warnings (#781) [Dan Kenigsberg]
+ Use proper spelling for Red Hat (#778) [Dan Kenigsberg]
+ Add antonyc to .github-cla-signers (#747) [Anton Chaporgin]
+ integration_tests: log image serial if available (#772)
+ [VMware] Support cloudinit raw data feature (#691) [xiaofengw-vmware]
+ net: Fix static routes to host in eni renderer (#668) [Pavel Abalikhin]
+ .travis.yml: don't run cloud_tests in CI (#756)
+ test_upgrade: add some missing commas (#769)
+ cc_seed_random: update documentation and fix integration test (#771)
(LP: #1911227)
+ Fix test gh-632 test to only run on NoCloud (#770) (LP: #1911230)
+ archlinux: fix package upgrade command handling (#768) [Bao Trinh]
+ integration_tests: add integration test for LP: #1910835 (#761)
+ Fix regression with handling of IMDS ssh keys (#760) [Thomas Stringer]
+ integration_tests: log cloud-init version in SUT (#758)
+ Add ajmyyra as contributor (#742) [Antti Myyrä]
+ net_convert: add some missing help text (#755)
+ Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL
(#753) [Eduardo Otubo]
+ doc: document missing IPv6 subnet types (#744) [Antti Myyrä]
+ Add example configuration for datasource `AliYun` (#751) [Xiaoyu Zhong]
+ integration_tests: add SSH key selection settings (#754)
+ fix a typo in man page cloud-init.1 (#752) [Amy Chen]
+ network-config-format-v2.rst: add Netplan Passthrough section (#750)
+ stale: re-enable post holidays (#749)
+ integration_tests: port ca_certs tests from cloud_tests (#732)
+ Azure: Add telemetry for poll IMDS (#741) [Johnson Shi]
+ doc: move testing section from HACKING to its own doc (#739)
+ No longer allow integration test failures on travis (#738)
+ stale: fix error in definition (#740)
+ integration_tests: set log-cli-level to INFO by default (#737)
+ PULL_REQUEST_TEMPLATE.md: use backticks around commit message (#736)
+ stale: disable check for holiday break (#735)
+ integration_tests: log the path we collect logs into (#733)
+ .travis.yml: add (most) supported Python versions to CI (#734)
+ integration_tests: fix IN_PLACE CLOUD_INIT_SOURCE (#731)
+ cc_ca_certs: add RHEL support (#633) [cawamata]
+ Azure: only generate config for NICs with addresses (#709)
[Thomas Stringer]
+ doc: fix CloudStack configuration example (#707) [Olivier Lemasle]
+ integration_tests: restrict test_lxd_bridge appropriately (#730)
+ Add integration tests for CLI functionality (#729)
+ Integration test for gh-626 (#728)
+ Some test_upgrade fixes (#726)
+ Ensure overriding test vars with env vars works for booleans (#727)
+ integration_tests: port lxd_bridge test from cloud_tests (#718)
+ Integration test for gh-632. (#725)
+ Integration test for gh-671 (#724)
+ integration-requirements.txt: bump pycloudlib commit (#723)
+ Drop unnecessary shebang from cmd/main.py (#722) [Eduardo Otubo]
+ Integration test for LP: #1813396 and #669 (#719)
+ integration_tests: include timestamp in log output (#720)
+ integration_tests: add test for LP: #1898997 (#713)
+ Add integration test for power_state_change module (#717)
+ Update documentation for network-config-format-v2 (#701) [ggiesen]
+ sandbox CA Cert tests to not require ca-certificates (#715)
[Eduardo Otubo]
+ Add upgrade integration test (#693)
+ Integration test for 570 (#712)
+ Add ability to keep snapshotted images in integration tests (#711)
+ Integration test for pull #586 (#706)
+ integration_tests: introduce skipping of tests by OS (#702)
+ integration_tests: introduce IntegrationInstance.restart (#708)
+ Add lxd-vm to list of valid integration test platforms (#705)
+ Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL
(#685) [Eduardo Otubo]
+ Delete image snapshots created for integration tests (#682)
+ Parametrize ssh_keys_provided integration test (#700) [lucasmoura]
+ Drop use_sudo attribute on IntegrationInstance (#694) [lucasmoura]
+ cc_apt_configure: add riscv64 as a ports arch (#687)
[Dimitri John Ledkov]
+ cla: add xnox (#692) [Dimitri John Ledkov]
+ Collect logs from integration test runs (#675)
From 20.4.1
+ Revert "/ssh_util: handle non-default AuthorizedKeysFile config (#586)"/
From 20.4
+ tox: avoid tox testenv subsvars for xenial support (#684)
+ Ensure proper root permissions in integration tests (#664) [James Falcon]
+ LXD VM support in integration tests (#678) [James Falcon]
+ Integration test for fallocate falling back to dd (#681) [James Falcon]
+ .travis.yml: correctly integration test the built .deb (#683)
+ Ability to hot-attach NICs to preprovisioned VMs before reprovisioning
(#613) [aswinrajamannar]
+ Support configuring SSH host certificates. (#660) [Jonathan Lung]
+ add integration test for LP: #1900837 (#679)
+ cc_resizefs on FreeBSD: Fix _can_skip_ufs_resize (#655)
[Mina Galić] (LP: #1901958, #1901958)
+ DataSourceAzure: push dmesg log to KVP (#670) [Anh Vo]
+ Make mount in place for tests work (#667) [James Falcon]
+ integration_tests: restore emission of settings to log (#657)
+ DataSourceAzure: update password for defuser if exists (#671) [Anh Vo]
+ tox.ini: only select "/ci"/ marked tests for CI runs (#677)
+ Azure helper: Increase Azure Endpoint HTTP retries (#619) [Johnson Shi]
+ DataSourceAzure: send failure signal on Azure datasource failure (#594)
[Johnson Shi]
+ test_persistence: simplify VersionIsPoppedFromState (#674)
+ only run a subset of integration tests in CI (#672)
+ cli: add + -system param to allow validating system user-data on a
machine (#575)
+ test_persistence: add VersionIsPoppedFromState test (#673)
+ introduce an upgrade framework and related testing (#659)
+ add + -no-tty option to gpg (#669) [Till Riedel] (LP: #1813396)
+ Pin pycloudlib to a working commit (#666) [James Falcon]
+ DataSourceOpenNebula: exclude SRANDOM from context output (#665)
+ cloud_tests: add hirsute release definition (#662)
+ split integration and cloud_tests requirements (#652)
+ faq.rst: add warning to answer that suggests running `clean` (#661)
+ Fix stacktrace in DataSourceRbxCloud if no metadata disk is found (#632)
[Scott Moser]
+ Make wakeonlan Network Config v2 setting actually work (#626)
[dermotbradley]
+ HACKING.md: unify network-refactoring namespace (#658) [Mina Galić]
+ replace usage of dmidecode with kenv on FreeBSD (#621) [Mina Galić]
+ Prevent timeout on travis integration tests. (#651) [James Falcon]
+ azure: enable pushing the log to KVP from the last pushed byte (#614)
[Moustafa Moustafa]
+ Fix launch_kwargs bug in integration tests (#654) [James Falcon]
+ split read_fs_info into linux & freebsd parts (#625) [Mina Galić]
+ PULL_REQUEST_TEMPLATE.md: expand commit message section (#642)
+ Make some language improvements in growpart documentation (#649)
[Shane Frasier]
+ Revert "/.travis.yml: use a known-working version of lxd (#643)"/ (#650)
+ Fix not sourcing default 50-cloud-init ENI file on Debian (#598)
[WebSpider]
+ remove unnecessary reboot from gpart resize (#646) [Mina Galić]
+ cloudinit: move dmi functions out of util (#622) [Scott Moser]
+ integration_tests: various launch improvements (#638)
+ test_lp1886531: don't assume /etc/fstab exists (#639)
+ Remove Ubuntu restriction from PR template (#648) [James Falcon]
+ util: fix mounting of vfat on *BSD (#637) [Mina Galić]
+ conftest: improve docstring for disable_subp_usage (#644)
+ doc: add example query commands to debug Jinja templates (#645)
+ Correct documentation and testcase data for some user-data YAML (#618)
[dermotbradley]
+ Hetzner: Fix instance_id / SMBIOS serial comparison (#640)
[Markus Schade]
+ .travis.yml: use a known-working version of lxd (#643)
+ tools/build-on-freebsd: fix comment explaining purpose of the script
(#635) [Mina Galić]
+ Hetzner: initialize instance_id from system-serial-number (#630)
[Markus Schade] (LP: #1885527)
+ Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634)
[Eduardo Otubo]
+ get_interfaces: don't exclude Open vSwitch bridge/bond members (#608)
[Lukas Märdian] (LP: #1898997)
+ Add config modules for controlling IBM PowerVM RMC. (#584)
[Aman306] (LP: #1895979)
+ Update network config docs to clarify MAC address quoting (#623)
[dermotbradley]
+ gentoo: fix hostname rendering when value has a comment (#611)
[Manuel Aguilera]
+ refactor integration testing infrastructure (#610) [James Falcon]
+ stages: don't reset permissions of cloud-init.log every boot (#624)
(LP: #1900837)
+ docs: Add how to use cloud-localds to boot qemu (#617) [Joshua Powers]
+ Drop vestigial update_resolve_conf_file function (#620) [Scott Moser]
+ cc_mounts: correctly fallback to dd if fallocate fails (#585)
(LP: #1897099)
+ .travis.yml: add integration-tests to Travis matrix (#600)
+ ssh_util: handle non-default AuthorizedKeysFile config (#586)
[Eduardo Otubo]
+ Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo]
+ bddeb: new + -packaging-branch argument to pull packaging from branch
(#576) [Paride Legovini]
+ Add more integration tests (#615) [lucasmoura]
+ DataSourceAzure: write marker file after report ready in preprovisioning
(#590) [Johnson Shi]
+ integration_tests: emit settings to log during setup (#601)
+ integration_tests: implement citest tests run in Travis (#605)
+ Add Azure support to integration test framework (#604) [James Falcon]
+ openstack: consider product_name as valid chassis tag (#580)
[Adrian Vladu] (LP: #1895976)
+ azure: clean up and refactor report_diagnostic_event (#563) [Johnson Shi]
+ net: add the ability to blacklist network interfaces based on driver
during enumeration of physical network devices (#591) [Anh Vo]
+ integration_tests: don't error on cloud-init failure (#596)
+ integration_tests: improve cloud-init.log assertions (#593)
+ conftest.py: remove top-level import of httpretty (#599)
+ tox.ini: add integration-tests testenv definition (#595)
+ PULL_REQUEST_TEMPLATE.md: empty checkboxes need a space (#597)
+ add integration test for LP: #1886531 (#592)
+ Initial implementation of integration testing infrastructure (#581)
[James Falcon]
+ Fix name of ntp and chrony service on CentOS and RHEL. (#589)
[Scott Moser] (LP: #1897915)
+ Adding a PR template (#587) [James Falcon]
+ Azure parse_network_config uses fallback cfg when generate IMDS network
cfg fails (#549) [Johnson Shi]
+ features: refresh docs for easier out-of-context reading (#582)
+ Fix typo in resolv_conf module's description (#578) [Wacław Schiller]
+ cc_users_groups: minor doc formatting fix (#577)
+ Fix typo in disk_setup module's description (#579) [Wacław Schiller]
+ Add vendor-data support to seedfrom parameter for NoCloud and OVF (#570)
[Johann Queuniet]
+ boot.rst: add First Boot Determination section (#568) (LP: #1888858)
+ opennebula.rst: minor readability improvements (#573) [Mina Galić]
+ cloudinit: remove unused LOG variables (#574)
+ create a shutdown_command method in distro classes (#567)
[Emmanuel Thomé]
+ user_data: remove unused constant (#566)
+ network: Fix type and respect name when rendering vlan in
sysconfig. (#541) [Eduardo Otubo] (LP: #1788915, #1826608)
+ Retrieve SSH keys from IMDS first with OVF as a fallback (#509)
[Thomas Stringer]
+ Add jqueuniet as contributor (#569) [Johann Queuniet]
+ distros: minor typo fix (#562)
+ Bump the integration-requirements versioned dependencies (#565)
[Paride Legovini]
+ network-config-format-v1: fix typo in nameserver example (#564)
[Stanislas]
+ Run cloud-init-local.service after the hv_kvp_daemon (#505)
[Robert Schweikert]
+ Add method type hints for Azure helper (#540) [Johnson Shi]
+ systemd: add Before=shutdown.target when Conflicts=shutdown.target is
used (#546) [Paride Legovini]
+ LXD: detach network from profile before deleting it (#542)
[Paride Legovini] (LP: #1776958)
+ redhat spec: add missing BuildRequires (#552) [Paride Legovini]
+ util: remove debug statement (#556) [Joshua Powers]
+ Fix cloud config on chef example (#551) [lucasmoura]
From 20.3
+ Azure: Add netplan driver filter when using hv_netvsc driver (#539)
[James Falcon] (LP: #1830740)
+ query: do not handle non-decodable non-gzipped content (#543)
+ DHCP sandboxing failing on noexec mounted /var/tmp (#521) [Eduardo Otubo]
+ Update the list of valid ssh keys. (#487)
[Ole-Martin Bratteng] (LP: #1877869)
+ cmd: cloud-init query to handle compressed userdata (#516) (LP: #1889938)
+ Pushing cloud-init log to the KVP (#529) [Moustafa Moustafa]
+ Add Alpine Linux support. (#535) [dermotbradley]
+ Detect kernel version before swap file creation (#428) [Eduardo Otubo]
+ cli: add devel make-mime subcommand (#518)
+ user-data: only verify mime-types for TYPE_NEEDED and x-shellscript
(#511) (LP: #1888822)
+ DataSourceOracle: retry twice (and document why we retry at all) (#536)
+ Refactor Azure report ready code (#468) [Johnson Shi]
+ tox.ini: pin correct version of httpretty in xenial{,-dev} envs (#531)
+ Support Oracle IMDSv2 API (#528) [James Falcon]
+ .travis.yml: run a doc build during CI (#534)
+ doc/rtd/topics/datasources/ovf.rst: fix doc8 errors (#533)
+ Fix 'Users and Groups' configuration documentation (#530) [sshedi]
+ cloudinit.distros: update docstrings of add_user and create_user (#527)
+ Fix headers for device types in network v2 docs (#532)
[Caleb Xavier Berger]
+ Add AlexBaranowski as contributor (#508) [Aleksander Baranowski]
+ DataSourceOracle: refactor to use only OPC v1 endpoint (#493)
+ .github/workflows/stale.yml: s/Josh/Rick/ (#526)
+ Fix a typo in apt pipelining module (#525) [Xiao Liang]
+ test_util: parametrize devlist tests (#523) [James Falcon]
+ Recognize LABEL_FATBOOT labels (#513) [James Falcon] (LP: #1841466)
+ Handle additional identifier for SLES For HPC (#520) [Robert Schweikert]
+ Revert "/test-requirements.txt: pin pytest to <6 (#512)"/ (#515)
+ test-requirements.txt: pin pytest to <6 (#512)
+ Add "/tsanghan"/ as contributor (#504) [tsanghan]
+ fix brpm building (LP: #1886107)
+ Adding eandersson as a contributor (#502) [Erik Olof Gunnar Andersson]
+ azure: disable bouncing hostname when setting hostname fails (#494)
[Anh Vo]
+ VMware: Support parsing DEFAULT-RUN-POST-CUST-SCRIPT (#441)
[xiaofengw-vmware]
+ DataSourceAzure: Use ValueError when JSONDecodeError is not available
(#490) [Anh Vo]
+ cc_ca_certs.py: fix blank line problem when removing CAs and adding
new one (#483) [dermotbradley]
+ freebsd: py37-serial is now py37-pyserial (#492) [Gonéri Le Bouder]
+ ssh exit with non-zero status on disabled user (#472)
[Eduardo Otubo] (LP: #1170059)
+ cloudinit: remove global disable of pylint W0107 and fix errors (#489)
+ networking: refactor wait_for_physdevs from cloudinit.net (#466)
(LP: #1884626)
+ HACKING.rst: add pytest.param pytest gotcha (#481)
+ cloudinit: remove global disable of pylint W0105 and fix errors (#480)
+ Fix two minor warnings (#475)
+ test_data: fix faulty patch (#476)
+ cc_mounts: handle missing fstab (#484) (LP: #1886531)
+ LXD cloud_tests: support more lxd image formats (#482) [Paride Legovini]
+ Add update_etc_hosts as default module on *BSD (#479) [Adam Dobrawy]
+ cloudinit: fix tip-pylint failures and bump pinned pylint version (#478)
+ Added BirknerAlex as contributor and sorted the file (#477)
[Alexander Birkner]
+ Update list of types of modules in cli.rst [saurabhvartak1982]
+ tests: use markers to configure disable_subp_usage (#473)
+ Add mention of vendor-data to no-cloud format documentation (#470)
[Landon Kirk]
+ Fix broken link to OpenStack metadata service docs (#467)
[Matt Riedemann]
+ Disable ec2 mirror for non aws instances (#390)
[lucasmoura] (LP: #1456277)
+ cloud_tests: don't pass + -python-version to read-dependencies (#465)
+ networking: refactor is_physical from cloudinit.net (#457) (LP: #1884619)
+ Enable use of the caplog fixture in pytest tests, and add a
cc_final_message test using it (#461)
+ RbxCloud: Add support for FreeBSD (#464) [Adam Dobrawy]
+ Add schema for cc_chef module (#375) [lucasmoura] (LP: #1858888)
+ test_util: add (partial) testing for util.mount_cb (#463)
+ .travis.yml: revert to installing ubuntu-dev-tools (#460)
+ HACKING.rst: add details of net refactor tracking (#456)
+ .travis.yml: rationalise installation of dependencies in host (#449)
+ Add dermotbradley as contributor. (#458) [dermotbradley]
+ net/networking: remove unused functions/methods (#453)
+ distros.networking: initial implementation of layout (#391)
+ cloud-init.service.tmpl: use "/rhel"/ instead of "/redhat"/ (#452)
+ Change from redhat to rhel in systemd generator tmpl (#450)
[Eduardo Otubo]
+ Hetzner: support reading user-data that is base64 encoded. (#448)
[Scott Moser] (LP: #1884071)
+ HACKING.rst: add strpath gotcha to testing gotchas section (#446)
+ cc_final_message: don't create directories when writing boot-finished
(#445) (LP: #1883903)
+ .travis.yml: only store new schroot if something has changed (#440)
+ util: add ensure_dir_exists parameter to write_file (#443)
+ printing the error stream of the dhclient process before killing it
(#369) [Moustafa Moustafa]
+ Fix link to the MAAS documentation (#442)
[Paride Legovini] (LP: #1883666)
+ RPM build: disable the dynamic mirror URLs when using a proxy (#437)
[Paride Legovini]
+ util: rename write_file's copy_mode parameter to preserve_mode (#439)
+ .travis.yml: use $TRAVIS_BUILD_DIR for lxd_image caching (#438)
+ cli.rst: alphabetise devel subcommands and add net-convert to list (#430)
+ Default to UTF-8 in /var/log/cloud-init.log (#427) [James Falcon]
+ travis: cache the chroot we use for package builds (#429)
+ test: fix all flake8 E126 errors (#425) [Joshua Powers]
+ Fixes KeyError for bridge with no "/parameters:"/ setting (#423)
[Brian Candler] (LP: #1879673)
+ When tools.conf does not exist, running cmd "/vmware-toolbox-cmd
config get deployPkg enable-custom-scripts"/, the return code will
be EX_UNAVAILABLE(69), on this condition, it should not take it as
error. (#413) [chengcheng-chcheng]
+ Document CloudStack data-server well-known hostname (#399) [Gregor Riepl]
+ test: move conftest.py to top-level, to cover tests/ also (#414)
+ Replace cc_chef is_installed with use of subp.is_exe. (#421)
[Scott Moser]
+ Move runparts to subp. (#420) [Scott Moser]
+ Move subp into its own module. (#416) [Scott Moser]
+ readme: point at travis-ci.com (#417) [Joshua Powers]
+ New feature flag functionality and fix includes failing silently (#367)
[James Falcon] (LP: #1734939)
+ Enhance poll imds logging (#365) [Moustafa Moustafa]
+ test: fix all flake8 E121 and E123 errors (#404) [Joshua Powers]
+ test: fix all flake8 E241 (#403) [Joshua Powers]
+ test: ignore flake8 E402 errors in main.py (#402) [Joshua Powers]
+ cc_grub_dpkg: determine idevs in more robust manner with grub-probe
(#358) [Matthew Ruffell] (LP: #1877491)
+ test: fix all flake8 E741 errors (#401) [Joshua Powers]
+ tests: add groovy integration tests for ubuntu (#400)
+ Enable chef_license support for chef infra client (#389) [Bipin Bachhao]
+ testing: use flake8 again (#392) [Joshua Powers]
+ enable Puppet, Chef mcollective in default config (#385)
[Mina Galić (deprecated: Igor Galić)] (LP: #1880279)
+ HACKING.rst: introduce .net + > Networking refactor section (#384)
+ Travis: do not install python3-contextlib2 (dropped dependency) (#388)
[Paride Legovini]
+ HACKING: mention that .github-cla-signers is alpha-sorted (#380)
+ Add bipinbachhao as contributor (#379) [Bipin Bachhao]
+ cc_snap: validate that assertions property values are strings (#370)
+ conftest: implement partial disable_subp_usage (#371)
+ test_resolv_conf: refresh stale comment (#374)
+ cc_snap: apply validation to snap.commands properties (#364)
+ make finding libc platform independent (#366)
[Mina Galić (deprecated: Igor Galić)]
+ doc/rtd/topics/faq: Updates LXD docs links to current site (#368) [TomP]
+ templater: drop Jinja Python 2 compatibility shim (#353)
+ cloudinit: minor pylint fixes (#360)
+ cloudinit: remove unneeded __future__ imports (#362)
+ migrating momousta lp user to Moustafa-Moustafa GitHub user (#361)
[Moustafa Moustafa]
+ cloud_tests: emit dots on Travis while fetching images (#347)
+ Add schema to apt configure config (#357) [lucasmoura] (LP: #1858884)
+ conftest: add docs and tests regarding CiTestCase's subp functionality
(#343)
+ analyze/dump: refactor shared string into variable (#350)
+ doc: update boot.rst with correct timing of runcmd (#351)
+ HACKING.rst: change contact info to Rick Harding (#359) [lucasmoura]
+ HACKING.rst: guide people to add themselves to the CLA file (#349)
+ HACKING.rst: more unit testing documentation (#354)
+ .travis.yml: don't run lintian during integration test package builds
(#352)
+ Add test to ensure docs examples are valid cloud-init configs (#355)
[James Falcon] (LP: #1876414)
+ make suse and sles support 127.0.1.1 (#336) [chengcheng-chcheng]
+ Create tests to validate schema examples (#348)
[lucasmoura] (LP: #1876412)
+ analyze/dump: add support for Amazon Linux 2 log lines (#346)
(LP: #1876323)
+ bsd: upgrade support (#305) [Gonéri Le Bouder]
+ Add lucasmoura as contributor (#345) [lucasmoura]
+ Add "/therealfalcon"/ as contributor (#344) [James Falcon]
+ Adapt the package building scripts to use Python 3 (#231)
[Paride Legovini]
+ DataSourceEc2: use metadata's NIC ordering to determine route-metrics
(#342) (LP: #1876312)
+ .travis.yml: introduce caching (#329)
+ cc_locale: introduce schema (#335)
+ doc/rtd/conf.py: bump copyright year to 2020 (#341)
+ yum_add_repo: Add Centos to the supported distro list (#340)
- Add cloud-init-update-test-characters-in-substitution-unit-test.patch
to fix unit test fail in TestGetPackageMirrorInfo::test_substitution.
- Add patch from upstream to remove python2 compatibility so
cloud-init builds fine in Tumbleweed with a recent Jinja2
version. This patch is only applied in TW.
* 0001-templater-drop-Jinja-Python-2-compatibility-shim.patch
+ Still need to consider the "/network"/ configuration option
- cloud-netconfig
-
- Update to version 1.6:
+ Ignore proxy when accessing metadata (bsc#1187939)
+ Print warning in case metadata is not accessible
+ Documentation update
- containerd
-
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
- bsc1200145-Limit-the-response-size-of-ExecSync.patch
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
+ bsc1200145-Limit-the-response-size-of-ExecSync.patch
- Update to containerd v1.5.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.5.12>
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
- CVE-2022-23648.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
- bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
- coreutils
-
- coreutils-df-fuse-portal-dummy.patch:
df: Add "/fuse.portal"/ as a dummy file system (used in flatpak
implementations). (bsc#1189152)
- cracklib
-
- %check: really test the package [bsc#1191736]
- crash
-
- Fix build on ppc64 - it needs full TOC as much as ppc64le.
- Fix module loading (bsc#1190743 ltc#194414).
+ crash-mod-fix-module-object-file-lookup.patch
- cryptsetup
-
- cryptsetup 2.3.7:
* Fix possible attacks against data confidentiality through LUKS2 online
reencryption extension crash recovery (CVE-2021-4122).
* Improve internal metadata validation code for reencryption metadata.
* Add updated documentation for LUKS2 On-Disk Format Specification
- reencrypt evil maid fixes (bsc#1194469, CVE-2021-4122,
0001-CVE-2021-4122-fix.patch).
- cryptsetup 2.3.6:
* integritysetup: Fix possible dm-integrity mapping table truncation.
* cryptsetup: Backup header can be used to activate TCRYPT device.
Use --header option to specify the header.
* cryptsetup: Avoid LUKS2 decryption without detached header.
This feature will be added later and is currently not supported.
* Additional fixes and workarounds for common warnings produced
by some static analysis tools (like gcc-11 analyzer) and additional
code hardening.
* Fix standalone libintl detection for compiled tests.
* Add Blake2b and Blake2s hash support for crypto backends.
Kernel and gcrypt crypto backend support all variants.
OpenSSL supports only Blake2b-512 and Blake2s-256.
Crypto backend supports kernel notation e.g. "/blake2b-512"/.
- cryptsetup 2.3.5:
* Fix partial reads of passphrase from an interactive terminal
* Fix maximum length of password entered through a terminal
* integritysetup: support new dm-integrity HMAC recalculation
options
* integritysetup: display of recalculating sector in dump command
* veritysetup: fix verity FEC if stored in the same image with
hashes
* veritysetup: run FEC repair check even if root hash fails
* veritysetup: do not process hash image if hash area is empty
* veritysetup: store verity hash algorithm in superblock in
lowercase
* bitlk: fix a crash if the device disappears during BitLocker
scan
* bitlk: show a better error when trying to open an NTFS device
* bitlk: add support for startup key protected VMKs
* Fix LUKS1 repair code (regression since version 1.7.x)
* Fix luksKeyChange for LUKS2 with assigned tokens
* Fix cryptsetup resize using LUKS2 tokens
* Print a visible error if device resize is not supported
* Add error message when suspending wrong non-LUKS device
* Fix default XTS mode key size in reencryption
* Rephrase missing locking directory warning and move it to
debug level
* Many fixes for the use of cipher_null (empty debug cipher)
* Fixes for libpasswdqc 2.0.x (optional passphrase quality check)
* Fixes for problems discovered by various tools for code
analysis
* Various fixes to man pages
- silence hmac packaging warnings
- move licenses to licensedir
- cups
-
- cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff
is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for
https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b
(except the not needed hunk for patching CHANGES.md which fails)
that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch
bsc#1201511:
Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0
- cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691
cups: authentication bypass and code execution (bsc#1199474)
- SUSE_bsc_1189517.patch is
https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79
which belongs to https://github.com/apple/cups/issues/5288
that fixes bsc#1189517
"/cups printservice takes much longer than before
with a big number of printers"/
see in particular
https://github.com/apple/cups/issues/5288#issuecomment-921626381
- SUSE_bsc_1195115.patch is
https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44
which belongs to https://github.com/apple/cups/issues/5538
that fixes bsc#1195115
"/CUPS PreserveJobHistory doesn't work with seconds"/
- curl
-
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
* Control codes in cookie denial of service
* Add curl-CVE-2022-35252.patch
- Security fix: [bsc#1200735, CVE-2022-32206]
* HTTP compression denial of service
* Add curl-CVE-2022-32206.patch
- Security fix: [bsc#1200737, CVE-2022-32208]
* FTP-KRB bad message verification
* Add curl-CVE-2022-32208.patch
- Securiy fix: [bsc#1199223, CVE-2022-27781]
* CERTINFO never-ending busy-loop
* Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
* TLS and SSH connection too eager reuse
* Add curl-CVE-2022-27782.patch
- Security fix: [bsc#1198766, CVE-2022-27776]
* Auth/cookie leak on redirect
* Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198723, CVE-2022-27775]
* Bad local IPv6 connection reuse
* Add backported curl-CVE-2022-27775.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
* OAUTH2 bearer bypass in connection re-use
* Add backported curl-CVE-2022-22576.patch
- MIME: Properly check Content-Type even if it has parameters
* Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
* STARTTLS protocol injection via MITM
* Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
* Protocol downgrade required TLS bypassed
* Add curl-CVE-2021-22946.patch
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
- cyrus-sasl-saslauthd
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- dapl
-
- Add reproducible.patch to override build date (boo#1047218)
- dbus-1
-
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* fix-upstream-CVE-2020-35512.patch
- dhcp
-
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
- docker
-
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Update to Docker 20.10.17-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
bsc#1193930 bsc#1197284
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.14-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
CVE-2022-24769
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
bsc#1190670
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- dosfstools
-
- To be able to create filesystems compatible with previous
version, add -g command line option to mkfs (boo#1188401,
dosfstools-add-g.patch).
- BREAKING CHANGES:
After fixing of bsc#1172863 in the last update, mkfs started to
create different images than before. Applications that depend on
exact FAT file format (e. g. embedded systems) may be broken in
two ways:
* The introduction of the alignment may create smaller images
than before, with a different positions of important image
elements. It can break existing software that expect images in
doststools <= 4.1 style.
To work around these problems, use "/-a"/ command line argument.
* The new image may contain a different geometry values. Geometry
sensitive applications expecting doststools <= 4.1 style images
can fails to accept different geometry values.
There is no direct work around for this problem. But you can
take the old image, use "/file -s $IMAGE"/, check its
"/sectors/track"/ and "/heads"/, and use them in the newly
introduced "/-g"/ command line argument.
- dracut
-
- Update to version 049.1+suse.238.gd8dbb075:
* fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
* fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
- Update to version 049.1+suse.234.g902e489c:
* fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
- Update to version 049.1+suse.232.g2ccee559:
* fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
* fix(dracut-functions.sh): ip route parsing (bsc#1195011)
- Update to version 049.1+suse.228.g07676562:
* fix(network): consistent use of "/$gw"/ for gateway (bsc#1192685)
* fix(install): handle builtin modules (bsc#1194716)
- Update to version 049.1+suse.224.gd285ddd8:
* fix(dracut.spec): change util-linux-systemd version for SLE15-SP2 (bsc#1194162)
* fix(dracut.spec): require util-linux-systemd (bsc#1194162)
* fix(url-lib): improve ca-bundle detection (bsc#1175892)
- Update to version 049.1+suse.218.gca24e614:
* fix(iscsi): add iscsi-init.service requirements (bsc#1193512)
- Update to version 049.1+suse.216.gf705637b:
* fix(iscsi): add support for the new iscsiadm "/no-wait"/ (-W) command
* fix(iscsi): add iscsid.service requirements
(bsc#1187190)
- Update to version 049.1+suse.213.g346cf20c:
* fix(suse): add 60-io-scheduler.rules (bsc#1188713)
* fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
- Update to version 049.1+suse.209.gebcf4f33:
* fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
* fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
* fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
- e2fsprogs
-
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
for libreadline.so.7 for Leap 15.3 (bsc#1196939)
- elfutils
-
- Added 4G memory build constraint for aarch64 to pass testing.
- Update to version 0.177 (Martin Liška):
elfclassify: New tool to analyze ELF objects.
readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
backends: Add support for C-SKY.
- Update to version 0.176
build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
backends: riscv improved core file and return value location support.
Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether
the dyn data read from core file is truncated (bnc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero
terminated string (CVE is a bit misleading, as this is not a bug
in libelf as described) (bnc#1125007)
- Removed patches:
- libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
- libebl-check-NT_PLATFORM-core-notes.patch
- Update to version 0.175 (Martin Liška):
readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
libdwelf: New function dwelf_elf_begin.
libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bnc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are
files (bnc#1112726)
- Removed patches:
- arlib-check-that-sh_entsize-isnt-zero.patch
- libdwfl-sanity-check-partial-core-file-data-reads.patch
- size-handle-recursive-elf-ar-files.patch
- Update to version 0.174 (Martin Liška):
libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
strip: Handle mixed (out of order) allocated/non-allocated
sections.
unstrip: Handle SHT_GROUP sections.
backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- CVE-2018-16402: libelf: denial of service/double free on an
attempt to decompress the same section twice (bnc#1107066)
Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
Removed patches:
libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
libdw-check-end-of-attributes-list-consistently.patch
libdw-readelf-make-sure-there-is-enough-data-to-read.patch
- Update to version 0.173 (Martin Liška):
More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
- Update to version 0.172 (Martin Liška):
No functional changes compared to 0.171.
Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
- Update to version 0.171 (Martin Liška):
DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
readelf: Handle all new DWARF5 sections.
- -debug-dump=info+ will show split unit DIEs when found.
- -dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
- Update to version 0.170 (Martin Liška):
libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
backends: The bpf disassembler is now always build on all platforms.
- Includes changes in 0.169
backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bnc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bnc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bnc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bnc#1033084)
- CVE-2017-7608: heap-based buffer overflow in
ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption)
via a crafted ELF file (bnc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
over-read and application crash) via a crafted ELF file (bnc#1033089)
- Removed patches:
- obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
- ppc-machine-flags.patch
- elflint-check-symbol-table-data-is-big-enough-before-check.patch
- elflint-dont-check-section-group-without-flags-word.patch
- libelf-check-compression-before-allocate-output-buffer.patch
- readelf-fix-off-by-one-sanity-check.patch
- use-the-empty-string-for-note-names-with-zero-size.patch
- elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
- elfutils-dont-trust-sh_entsize.patch
- Packaging cleanups:
- Modernize specfile and metadata. (Jan Engelhardt)
- Use %make_build (Martin Liška)
- Update License tag to GPL-3.0-or-later, as requested by legal
review. (Dominique Leuenberger)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils. (Antoine Belvire)
- Fix typo in the recommends name bsc#1104264 (Tomas Chvatal)
- Use %license (boo#1082318) (Fabian Vogt)
- Test fixes (Andreas Schwab):
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
- expat
-
- Security fix:
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
* (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
function in xmlparse.c
- Added patch expat-CVE-2022-40674.patch
- Security fixes:
* (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
- Security fix (CVE-2021-45960, bsc#1194251)
* A left shift by 29 (or more) places in the storeAtts function
in xmlparse.c can lead to realloc misbehavior.
* Added expat-CVE-2021-45960.patch
- Security fix (CVE-2021-46143, bsc#1194362)
* Integer overflow exists for m_groupSize in doProlog
* Added expat-CVE-2021-46143.patch
- Security fix (CVE-2022-22822, bsc#1194474)
* Integer overflow in addBinding in xmlparse.c
* Added expat-CVE-2022-22822.patch
- Security fix (CVE-2022-22823, bsc#1194476)
* Integer overflow in build_model in xmlparse.c
* Added expat-CVE-2022-22823.patch
- Security fix (CVE-2022-22824, bsc#1194477)
* Integer overflow in defineAttribute in xmlparse.c
* Added expat-CVE-2022-22824.patch
- Security fix (CVE-2022-22825, bsc#1194478)
* Integer overflow in lookup in xmlparse.c
* Added expat-CVE-2022-22825.patch
- Security fix (CVE-2022-22826, bsc#1194479)
* Integer overflow in nextScaffoldPart in xmlparse.c
* Added expat-CVE-2022-22826.patch
- Security fix (CVE-2022-22827, bsc#1194480)
* Integer overflow in storeAtts in xmlparse.c
* Added expat-CVE-2022-22827.patch
- Refresh expat-CVE-2018-20843.patch as a p1 patch.
- Use %autosetup macro
- filesystem
-
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- freetype2
-
- disable brotli linkage / WOFF2 support for now to keep dependencies
as before.
- Added patches:
* CVE-2022-27404.patch
+ fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
* CVE-2022-27405.patch
+ fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
* CVE-2022-27406.patch
+ fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
* Fix a heap buffer overflow has been found in the handling of
embedded PNG bitmaps, introduced in FreeType version 2.6
(CVE-2020-15999 bsc#1177914)
* Minor improvements to the B/W rasterizer.
* Auto-hinter support for Medefaidrin script.
* Fix various memory leaks (mainly for CFF) and other issues that
might cause crashes in rare circumstances.
- Update to version 2.10.2
* Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
* Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
MM fonts.
* Type 1 fonts with non-integer metrics are now supported by the new
(CFF) engine introduced in FreeType 2.9.
* Drop support for Python 2 in Freetype's API reference generator
* Auto-hinter support for Hanifi Rohingya
* Document the `FT2_KEEP_ALIVE' debugging environment variable.
- gcc10
-
- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
* includes remaining regression fixes from the branch
- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
- Remove sys/rseq.h from include-fixed
- Put libstdc++6-pp Requires on the shared library and drop
to Recoomends.
- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
GPL-3.0-or-later WITH GCC-exception-3.1
- Remove bits/unistd_ext.h from include-fixed
- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
* Removes cyclades header use from libsanitizer. [boo#1188076]
- Force using llvm11 for amdgcn offloading since llvm12 doesn't
yet work.
- Fix value of %slibdir64 for usrmerge
- gcc7
-
- Adjust some ambiguous SPDX license specifications to prevent
spec-cleaner from messing up.
- Add gcc7-pr55917.patch to do not handle exceptions in std::thread
(jsc#CAR-1182)
- - Add gcc7-pfe-0001-Backport-Add-entry-for-patchable_function_entry.patch
gcc7-pfe-0002-Backport-Skip-fpatchable-function-entry-tests-for-nv.patch
gcc7-pfe-0003-Backport-Error-out-on-nvptx-for-fpatchable-function-.patch
gcc7-pfe-0004-Backport-Adapt-scan-assembler-times-for-alpha.patch
gcc7-pfe-0005-Backport-patchable_function_entry-decl.c-Use-3-NOPs-.patch
gcc7-pfe-0006-Backport-IBM-Z-Use-the-dedicated-NOP-instructions-fo.patch
gcc7-pfe-0007-Backport-Add-regex-to-search-for-uppercase-NOP-instr.patch
gcc7-pfe-0008-Backport-ICE-segmentation-fault-with-patchable_funct.patch
gcc7-pfe-0009-Backport-patchable_function_entry-decl.c-Pass-mcpu-g.patch
gcc7-pfe-0010-Backport-patchable_function_entry-decl.c-Do-not-run-.patch
gcc7-pfe-0011-Backport-patchable_function_entry-decl.c-Add-fno-pie.patch
gcc7-pfe-0012-Backport-PR-c-89946-ICE-in-assemble_start_function-a.patch
gcc7-pfe-0013-Backport-targhooks.c-default_print_patchable_functio.patch
gcc7-pfe-0014-Backport-Align-__patchable_function_entries-to-POINT.patch
gcc7-pfe-0015-Backport-Fix-PR-93242-patchable-function-entry-broke.patch
gcc7-pfe-0016-Backport-AArch64-PR92424-Fix-fpatchable-function-ent.patch
gcc7-pfe-0017-Backport-Fix-patchable-function-entry-on-arc.patch
gcc7-pfe-0018-Backport-Add-patch_area_size-and-patch_area_entry-to.patch
gcc7-pfe-0019-Backport-testsuite-Adjust-patchable_function-tests-f.patch
gcc7-pfe-0020-Backport-Use-the-section-flag-o-for-__patchable_func.patch
gcc7-pfe-0021-Backport-varasm-Fix-up-__patchable_function_entries-.patch
gcc7-pfe-0022-Backport-rs6000-Avoid-fpatchable-function-entry-regr.patch
gcc7-pfe-0023-Fix-unwinding-issues-when-pfe-is-enabled.patch
to add -fpatchable-function-entry feature to gcc-7.
- Add gcc7-ada-MINSTKSZ.patch to fix build with glibc 2.34.
- Add bits/unistd_ext.h to the list of removed fixed includes.
- Add gcc7-sanitizer-cyclades.patch to remove cyclades.h use from
libsanitizer fixing builds with recent kernels.
- gcc8
-
- Add gcc7-sanitizer-cyclades.patch, gcc8-pr100144.patch and
gcc8-pr92154.patch to fix build against SP4. [bsc#1197716]
- Remove bogus fixed include bits/statx.h from glibc 2.30.
[gcc#91085, bsc#1197716]
- glib2
-
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
- glibc
-
- x86-shared-non-temporal-threshold.patch: Reversing calculation of
__x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
(jsc#PED-987)
- disable-check-consistency.patch: i386: Disable check_consistency for GCC
5 and above (bsc#1201640, BZ #25788)
- static-tls-surplus.patch: Remove tunables (bsc#1201560)
- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for
optimizations (bsc#1200855, BZ #25051)
- strncpy-power9-vsx.patch: powerpc: Fix VSX register number on
__strncpy_power9 (bsc#1200334, BZ #29197)
- selinux-deprecated.patch: Disable warnings due to deprecated libselinux
symbols used by nss and nscd (bsc#1197718)
- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP
(bsc#1197718, BZ #28771)
- Add s390-add-z16-name.diff for bsc#1198751.
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
(CVE-2021-3999, bsc#1194640, BZ #28769)
- 0001-powerpc-Optimized-strcpy-for-POWER9.patch,
0002-powerpc-Optimized-stpcpy-for-POWER9.patch,
0003-powerpc-Optimized-rawmemchr-for-POWER9.patch,
0004-powerpc64le-add-optimized-strlen-for-P9.patch,
0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch,
0006-powerpc-Add-optimized-strncpy-for-POWER9.patch,
0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch,
0008-powerpc-Add-optimized-ilogb-for-POWER9.patch,
0009-powerpc-Add-optimized-llogb-for-POWER9.patch,
0010-powerpc-Add-optimized-strlen-for-POWER10.patch,
0011-powerpc64le-Optimized-memmove-for-POWER10.patch,
0012-powerpc64le-Optimize-memcpy-for-POWER10.patch,
0013-powerpc64le-Optimize-memset-for-POWER10.patch,
0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch,
0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc
improvements (bsc#1194785, jsc#SLE-18195)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
(CVE-2022-23218, bsc#1194770, BZ #28768)
- Add support for livepatches (jsc#SLE-20049).
- Enable livepatching on x86_64.
- Generate ipa-clones tarball artifact when livepatching is enabled.
- 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch,
0002-S390-Optimize-__memcpy_z196.patch,
0003-S390-Optimize-__memset_z196.patch,
0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch,
0005-S390-Add-new-hwcap-values.patch,
0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 -
GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
(CVE-2021-33574, bsc#1186489, BZ #27896)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- gmp
-
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618]
- gnu-compilers-hpc
-
- Improve setting of standard binaries (c, c++) for non-base
versions.
- Improve environment settings: only set CC, CXX etc when
compilers are installed. Thus, if only gnu<X>-compiler-hpc
is installed, they will not be set.
- Add build support for gcc11 to HPC build (jsc#SLE-18780,
jsc#SLE-18781, jsc#SLE-18782).
- gnutls
-
- Security fix: [bsc#1202020, CVE-2022-2509]
* Fixed double free during verification of pkcs7 signatures
* Add gnutls-CVE-2022-2509.patch
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
of 3DES if we are in FIPS mode. (bsc#1196125)
- grep
-
- Make profiling deterministic (bsc#1040589, SLE-24115)
- grub2
-
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
* 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
* 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
* 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
* 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
* 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
* 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
* 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0016-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0022-net-ip-Do-IP-fragment-maths-safely.patch
* 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0027-net-tftp-Avoid-a-trivial-UAF.patch
* 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0029-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch
* 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
* 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
* 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
* 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
* 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
* 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
* 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
the root LV is completely in the boot LUN (bsc#1197948)
* 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
- Fix grub-install error when efi system partition is created as mdadm software
raid1 device (bsc#1179981) (bsc#1195204)
* 0001-install-fix-software-raid1-on-esp.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix wrong default entry when booting snapshot (bsc#1159205)
* grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
- Improve support for SLE Micro 5.1 on s390x. (bsc#1190395)
* grub2-s390x-04-grub2-install.patch
- Patch refreshed
* grub2-s390x-11-secureboot.patch
- Add support for simplefb (boo#1193532).
* grub2-simplefb.patch
- Fix error lvmid disk cannot be found after second disk added to the root
volume group (bsc#1189874) (bsc#1071559)
* 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
* 0001-grub-install-Fix-inverted-test-for-NLS-enabled-when-.patch
* 0001-Filter-out-POSIX-locale-for-translation.patch
- Fix unknown TPM error on buggy uefi firmware (bsc#1191504)
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522)
* 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
* 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
- gzip
-
- Add support to zstd in zgrep, fixes bsc#1198922
* xz_lzma.patch -> xz_lzma_zstd.patch
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
* bsc1198062.patch
* bsc1198062-2.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
nvme_core.multipath=1 (bsc#1199948)
- 21.82
- merge gh#openSUSE/hwinfo#112
- fix bug in determining serial console device name (bsc#1198043)
- 21.81
- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79
- merge gh#openSUSE/hwinfo#106
- Always read numerical 32bit serial number from EDID header.
Override this with ASCII serial number from display descriptor,
if available.
- Display numerical 32bit serial number for monitors without serial
number display descriptor
- 21.78
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
- merge gh#openSUSE/hwinfo#100
- recognize loongarch64 architecture
- 21.75
- merge gh#openSUSE/hwinfo#98
- update pci and usb ids
- 21.74
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
- icu
-
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
from upstream, use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- iproute2
-
ss-fix-end-of-line-printing-in-misc-ss.c.patch
xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
bridge-Fix-typo.patch
bridge-Fix-output-with-empty-vlan-lists.patch
tc-action-fix-time-values-output-in-JSON-format.patch
Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch
bpf-Fixes-a-snprintf-truncation-warning.patch
tipc-fixed-a-compile-warning-in-tipc-link.c.patch
ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch
bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch
ip-link-Fix-indenting-in-help-text.patch
ip-iplink_ipoib.c-Remove-extra-spaces.patch
devlink-fix-uninitialized-warning.patch
bridge-fix-string-length-warning.patch
f_u32-fix-compiler-gcc-10-compiler-warning.patch
rdma-Fix-statistics-bind-unbing-argument-handling.patch
lib-namespace-fix-ip-all-netns-return-code.patch
lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch
lib-fs-avoid-double-call-to-mkdir-on-make_path.patch
q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch
ip-xfrm-limit-the-length-of-the-security-context-nam.patch
erspan-fix-JSON-output.patch
devlink-always-check-strslashrsplit-return-value.patch
nexthop-fix-memory-leak-in-add_nh_group_attr.patch
rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch
rdma-stat-fix-return-code.patch
lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch
lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
ip-drop-2-char-command-assumption.patch
man-fix-syntax-for-ip-link-property.patch
lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch
libnetlink-check-error-handler-is-present-before-a-c.patch
ipmonitor-Fix-recvmsg-with-ancillary-data.patch
tc-u32-Fix-key-folding-in-sample-option.patch
man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch
ss-fix-fallback-to-procfs-for-raw-sockets.patch
iptuntap-fix-multi-queue-flag-display.patch
tc-f_flower-fix-port-range-parsing.patch
lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
- refresh:
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
- iputils
-
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- json-c
-
- Add patch bsc1171479.patch
+ fix integer overflow and out-of-bounds write (CVE-2020-12762, bsc#1171479)
- kdump
-
- unload.sh-support-kexec-unload-when-kexec_file_load.patch
Fix unload when secure boot enabled (bsc#1186272)
- fix-network-related-dracut-options-handling-for-fadu.patch
Fix network-related dracut options handling for fadump case
(bsc#1201051)
- Update kdump-add-watchdog-modules.patch
Fix return code when no watchdog sysfs entry is found (bsc#1197069)
- kdump-add-watchdog-modules.patch
Add watchdog modules to kdump initrd (bsc#1189923)
- kdump-do-not-iterate-past-end-of-string.patch:
URLParser::extractAuthority(): Do not iterate past end of string
(bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
code checking after "/local"/ with assignment (bsc#1184616
LTC#192282).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
/etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
initrd.target.wants directory exists (bsc#1172670).
- kernel-default
-
- Update metadata references
- commit 26d4ba7
- wifi: mac80211: fix crash in beacon protection for P2P-device
(CVE-2022-42722 bsc#1204125).
- commit a6f4ca8
- wifi: mac80211: refactor elements parsing with parameter struct
(CVE-2022-42719 bsc#1204051).
- commit 26c2d4f
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
bsc#1204051).
- commit a818808
- mac80211: always allocate struct ieee802_11_elems
(CVE-2022-42719 bsc#1204051).
- commit a183a67
- wifi: cfg80211: avoid nontransmitted BSS list corruption
(CVE-2022-42721 bsc#1204060).
- commit 5fe81ec
- wifi: mac80211: fix MBSSID parsing use-after-free
(CVE-2022-42719 bsc#1204051).
- commit 6462e9c
- wifi: mac80211: refactor elements parsing with parameter struct
(CVE-2022-42719 bsc#1204051).
- commit 7b3171e
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
bsc#1204051).
- mac80211: always allocate struct ieee802_11_elems
(CVE-2022-42719 bsc#1204051).
- commit 1d0e42c
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
bsc#1204059).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
bsc#1204051).
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
bsc#1204059).
- cfg80211: hold bss_lock while updating nontrans_list
(CVE-2022-42719 bsc#1204051).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
bsc#1204051).
- mac80211: don't re-parse elems in ieee80211_assoc_success()
(CVE-2022-42719 bsc#1204051).
- commit cf17eed
- Refresh metadata
Refresh:
patches.suse/nvme-ensure-subsystem-reset-is-single-threaded.patch
patches.suse/nvme-restrict-management-ioctls-to-admin.patch
- commit 32aee9f
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit b5c1e4b
- nvme: ensure subsystem reset is single threaded (bsc#1203290
CVE-2022-3169).
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit fb89dd3
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 6251214
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit c6f643b
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
(CVE-2022-41849 bsc#1203992).
- commit 1b1c9cc
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
(git-fixes).
- commit d6b115e
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 6863cfd
- blacklist.conf: cleanup that breaks kABI
- commit 9b1761f
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 0a4bc80
- struct ehci_hcd: hide new member (git-fixes).
- commit 47be3bf
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- commit 6d316e7
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- commit f6f0e1f
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- commit 659ffb3
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 803fd47
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit cd54e08
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- commit 1eec519
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 78526f5
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- commit 1907554
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- commit b65f350
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- commit bdc6c6e
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- commit a9060b8
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 25390e7
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential
padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and
consistency (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN
Manager application (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically
allocated/freed phba (bsc#1185032 bsc#1203939).
Dropped:
patches.suse/lpfc-decouple-port_template-and-vport_template.patch
- scsi: lpfc: Fix multiple NVMe remoteport registration calls
for the same NPort ID (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early
return VMID cases (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver
unload (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology
(bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling
(bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- commit 829fcfa
- scsi: lpfc: Add missing destroy_workqueue() in error path
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
DID_REQUEUE (bsc#1203939).
- commit 26a6fd8
- wifi: cfg80211: ensure length byte is present before access
(CVE-2022-41674 bsc#1203770).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
(CVE-2022-41674 bsc#1203770).
- wifi: cfg80211: fix u8 overflow in
cfg80211_update_notlisted_nontrans() (CVE-2022-41674
bsc#1203770).
- commit a878ee7
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 7c106a6
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit 80690be
- psi: Fix uaf issue when psi trigger is destroyed while being
polled (bsc#1203909).
- commit fd0515b
- cgroup: cgroup_get_from_id() must check the looked-up kn is
a directory (bsc#1203906).
- Refresh patches.suse/scsi-cgroup-Add-cgroup_get_from_id.patch.
- commit f918358
- mm/mremap: hold the rmap lock in write mode when moving page
table entries (CVE-2022-41222 bsc#1203622).
- commit 07909f0
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit 5a61004
- blacklist.conf: irrelevant in our kernel configurations
- commit 0547ac8
- usb: dwc3: disable USB core PHY management (git-fixes).
- commit 5595967
- blacklist.conf: black list commit 2fdbb8dd0155
Add commit 2fdbb8dd0155 ("/fuse: fix deadlock between atomic O_TRUNC and page
invalidation"/) to the blacklist. It's a real bug, but it's been there for a
long time, it seems to have low impact and the backport risks are high.
- commit e45fa09
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 345c930
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- commit aa1dc74
- Revert "/SUNRPC: Remove unreachable error condition"/ (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSv4: Fix races in the legacy idmapper upcall (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
(git-fixes).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
(git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: Don't call connect() more than once on a TCP socket
(git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept()
(git-fixes).
- commit 3437f45
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit 7da5a85
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 2078b95
- ima: force signature verification when CONFIG_KEXEC_SIG is
configured (bsc#1203737).
- kexec: do not verify the signature without the lockdown or
mandatory signature (bsc#1203737).
- commit 6aaef78
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- commit f16766a
- kexec, KEYS, s390: Make use of built-in and secondary keyring
for signature verification (bsc#1196444).
- arm64: kexec_file: use more system keyrings to verify kernel
image signature (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
(bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- kexec_file: drop weak attribute from
arch_kexec_apply_relocations[_add] (bsc#1196444).
- commit 57f8f15
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread
is invalid (git-fixes).
- commit 3a8854b
- blacklist.conf: add git-fixes not needed to list
- commit 0514bb0
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
in mpc85xx (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
(git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
(git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel
(git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
(git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
(git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB
RmNet mode (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
Dot keymap fixes (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
(git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in
chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
(git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
(git-fixes).
- drm/radeon: add a force flush to delay work when radeon
(git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
(git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- commit 41cd9fa
- blacklist.conf: Remove vt patch entry that is needed by other fix
- commit d86dd83
- Revert "/ALSA: usb-audio: Split endpoint setups for hw_params
and prepare"/ (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using
jiffies timer (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
(git-fixes).
- commit c844286
- Move upstreamed patches into sorted section
- commit 8fc0f8a
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 260d985
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit 698f0eb
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit a7baae2
- Delete
patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch.
(bsc#1203313)
- commit 95f983b
- blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment
- commit de5ca80
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit b9d53ba
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 7105c05
- scsi: smartpqi: Shorten drive visibility after removal
(bsc#1200622).
Delete no longer needed SUSE-specific patch that adds tunable
parameters for smartpqi reset.
Deleted:
patches.suse/scsi-smartpqi-create-module-parameters-for-LUN-reset.patch.
- commit 46fd862
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit 8eb4b9e
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- commit 6f5d84d
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit 8fdd2ed
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit cb91fc5
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still work so
that it can be disabled.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit 922ee7a
- md: unlock mddev before reap sync_thread in action_store
(bsc#1197659).
- commit a26c618
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit b06f37e
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
value (git-fixes).
- commit 16015a8
- KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP (git-fixes).
- commit 3f756c3
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks (git-fixes).
- commit 56bf87e
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit a4e3370
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 01ba066
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 3a4afff
- Revert "/random: fix crash on multiple early calls to (bsc#1201645)"/
This reverts commit d8168ccb1401eeeed63fa376ac53b5ab983f6d1e.
This version of the patch causes regression of the problem it's supposed
to fix, drop it again.
- commit 55b3759
- Refresh sorted patches, move out-of-tree ppc patches to ppc section.
- commit 4fb7690
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit d91e617
- JFS: more checks for invalid superblock (git-fixes).
- commit 9d9aa1f
- JFS: fix memleak in jfs_mount (git-fixes).
- commit aaf1dca
- jfs: prevent NULL deref in diFree (bsc#1203389).
- commit 55c4d53
- jfs: fix GPF in diFree (bsc#1203389).
- commit 48bda4c
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit de3f02b
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
(git-fixes).
- commit 16424ba
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 5b60469
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- commit 9208a35
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- commit 790c147
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- commit 68c8906
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- commit ec68a76
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 3cd5dd6
- arm64: mm: fix p?d_leaf() (git-fixes)
- commit a914a52
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit 77f79cc
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- commit 500bc08
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- commit 93eea81
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- commit f1a43b3
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- commit b0eb54a
- blacklist.conf: ("/arm64: Fix kernel address detection of __is_lm_address()"/)
- commit 2aab643
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- commit f8968ca
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- commit cfcfe62
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- commit 067e57e
- blacklist.conf: ("/arm64: Drop unnecessary include from asm/smp.h"/)
- commit 998d48c
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
table (CVE-2022-2586 bsc#1202095).
Note: this patch is a backport of a 5.9-rc1 mainline commit which was only
backported into SLE15-SP3 so that it cannot be added to cve/linux-5.3.
- commit 10f848d
- dccp: don't duplicate ccid when cloning dccp sock
(CVE-2020-16119 bsc#1177471).
- commit 7c77568
- netfilter: nf_tables: do not allow RULE_ID to refer to another
chain (CVE-2022-2586 bsc#1202095).
- netfilter: nf_tables: do not allow SET_ID to refer to another
table (CVE-2022-2586 bsc#1202095).
- commit 9335568
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- commit cc91c04
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- ALSA: usb-audio: Register card again for iface over
delayed_register option (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- commit b46a495
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984
LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode
(bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization
(bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- commit 9031a4b
- regulator: core: Clean up on enable failure (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
overflow in il4965_rs_fill_link_cmd() (git-fixes).
- commit e4c4fe1
- USB: serial: ch341: fix disabled rx timer on older devices
(git-fixes).
- commit 85a0dd6
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit bf1a320
- USB: serial: ch341: name prescaler, divisor registers
(git-fixes).
- commit 63aa28e
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313
bsc#1201489).
- commit d4bd81f
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- commit cdc0881
- nvme-fabrics: parse nvme connect Linux error codes
(bsc#1201865).
- commit 9e2c1de
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- commit 173564a
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit ed68f11
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 84aac57
- netfilter: nf_tables: disallow binding to already bound chain
(bsc#1203117 CVE-2022-39190).
- commit 933f567
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- commit e82b600
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit a949534
- Revert "/clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"/
(git-fixes).
- Revert "/usb: gadget: udc-xilinx: replace memcpy with
memcpy_toio"/ (git-fixes).
- commit 855ba08
- gpio: pca953x: Add mutex_lock for regcache sync in PM
(git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for
the transmit engine to complete (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
(git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
(git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
(git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
(git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/i915/reg: Fix spelling mistake "/Unsupport"/ -> "/Unsupported"/
(git-fixes).
- driver core: Don't probe devices after bus_type.match() probe
deferral (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion
(git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error()
(git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- HID: steam: Prevent NULL pointer dereference in
steam_{recv,send}_report (git-fixes).
- commit ed7b741
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
(git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
instead of uvcg_info (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast
(git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet
(git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- commit 86912f8
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue
(git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
error path (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of
(git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
sm_release (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
(git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- commit b9934d3
- i2c: imx: Make sure to unregister adapter on remove()
(git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
(git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
(git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: wacom: Don't register pad_input for touch switch
(git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- commit f90560c
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- drm/meson: Fix refcount bugs in
meson_vpu_has_available_connectors() (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings
(git-fixes).
- dmaengine: sprd: Cleanup in .remove() after
pm_runtime_get_sync() failed (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
(git-fixes).
- commit 9b0074c
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs
(git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ALSA: info: Fix llseek return value when using callback
(git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path
(git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
S8_TLV (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in
mt6797_mt6351_dev_probe (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock()
(git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
DMI quirks (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
(git-fixes).
- commit a8924db
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit f477eb5
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit cfac9ee
- scsi: lpfc: Copyright updates for 14.2.0.6 patches
(bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
(bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during
PT2PT discovery (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue()
(bsc#1203063).
- commit e207225
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
!nested_run_pending case (git-fixes).
- commit 17df333
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit 55dfee4
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
case (git-fixes).
- commit 1a5a475
- KVM: x86: accept userspace interrupt only if no event is
injected (git-fixes).
- commit b61f5d7
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
(git-fixes).
- commit b27e2cd
- blacklist.conf: Add three patches
44585f7bc0cb psi: fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
5102bb1c9f82 psi: Fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
ec2444530612 psi: Fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit f8fef55
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- commit 32b8c39
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- nvme: fix RCU hole that allowed for endless looping in multipath
round robin (bsc#1202636).
- commit e7e083b
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
CVE-2022-3028).
- commit 50479c7
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
(git-fixes).
- commit 4ad76ff
- Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920).
- commit 52cb092
- usb: dwc3: gadget: Store resource index of start cmd
(git-fixes).
- commit 4fd8e68
- Update patch reference for USB gadget fix (CVE-2020-27784 bsc#1202895)
- commit 8033d12
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 32c5550
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 7db43e6
- usb: dwc3: Switch to platform_get_irq_byname_optional()
(git-fixes).
- commit 73d1e58
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
fallocate (bsc#1194272 CVE-2021-4155).
- commit 049d5e6
- usb: gadget: u_audio: fix race condition on endpoint stop
(git-fixes).
- commit 152ca21
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- commit af1df0f
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit 9881846
- bpf: Don't use tnum_range on array range checking for poke
descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905).
- commit c59b8fc
- blacklist.conf: Add reverted patch
d11219ad53dc amdgpu: disable powerpc support for the newer display engine
c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit b8f5e97
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
(git-fixes).
- commit 16c3d44
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet
(bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for out of order rx completion
(bsc#1200431).
- vmxnet3: add support for large passthrough BAR register
(bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration
(bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach()
(bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- commit b577aa9
- kbuild: do not create built-in objects for external module
builds (jsc#SLE-24559 bsc#1202756).
- commit 56b8142
- tracing/probes: Have kprobes and uprobes use $COMM too
(git-fixes).
- commit 26bf0d1
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
functions (git-fixes).
- commit 8c340f6
- tracing/histograms: Fix memory leak problem (git-fixes).
- commit 07d4ab9
- blacklist.conf: tracepoint cleanup for drivers/char/random
- commit f75eb58
- tracing/histogram: Fix a potential memory leak for kstrdup()
(git-fixes).
- commit cce24b0
- ceph: don't truncate file in atomic_open (bsc#1202811).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202810).
- commit 75744b6
- blacklist.conf: blacklist fea013e020e6
- commit 2fc68a2
- tracing: Add ustring operation to filtering string pointers
(git-fixes).
- commit 3fbf519
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- commit dade489
- blacklist.conf: not-relevant cleanup for drivers/char/random
- commit c90e359
- blktrace: fix blk_rq_merge documentation (git-fixes).
- commit c03c0ec
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet
info (bsc#1202701).
- commit 173844d
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
bsc#1202672).
- commit b71aab0
- list: add "/list_del_init_careful()"/ to go with
"/list_empty_careful()"/ (bsc#1202745).
- commit 71ed084
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 595e8a4
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
(bsc#1202722).
- commit f84d929
- blk-iocost: rename propagate_active_weights() to
propagate_weights() (bsc#1202722).
- commit 2724a56
- blacklist.conf: Blacklist aebf5db91705
- commit 578fbe5
- blk-iocost: fix operation ordering in iocg_wake_fn()
(bsc#1202720).
- commit 31b540e
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1202718).
- commit c85296f
- blk-iocost: fix weight updates of inner active iocgs
(bsc#1202717).
- commit 06cf027
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
(bsc#1197763).
- commit f7b5cbd
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
journal aborted (bsc#1202716).
- commit d741558
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- commit 4df2139
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages
(bsc#1200873).
- commit b654d4c
- ocfs2: fix crash when initialize filecheck kobj fails
(bsc#1197920).
- commit 137054f
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit 24a97d8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit d8cc34a
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
(bsc#1202714).
- commit 4fc81aa
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- commit 79e5db2
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit e96e640
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 8d9a89d
- ext4: fix use-after-free in ext4_rename_dir_prepare
(bsc#1200871).
- commit c9d1b13
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- commit f4c59a1
- ext4: force overhead calculation if the s_overhead_cluster
makes no sense (bsc#1200870).
- commit 24d5cfc
- ext4: fix overhead calculation to account for the reserved
gdt blocks (bsc#1200869).
- commit 8fa6a02
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- commit bc9242b
- ext4: fix symlink file size not match to file content
(bsc#1200868).
- commit 888bc97
- ext4: fix error handling in ext4_restore_inline_data()
(bsc#1197757).
- commit ed0d1f6
- ext4: don't use the orphan list when migrating an inode
(bsc#1197756).
- commit 2d21beb
- ext4: Fix BUG_ON in ext4_bread when write quota data
(bsc#1197755).
- commit 0551e1a
- ext4: fix potential infinite loop in ext4_dx_readdir()
(bsc#1191662).
- commit 26c80a3
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
(bsc#1202709).
- commit bb20240
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
(bsc#1202708).
- commit 070ad26
- ext4: fix invalid inode checksum (bsc#1179723).
- commit e670453
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- commit 5b945e4
- blacklist.conf: Blacklist ext2 since we don't even compile it
- commit 8f69ba8
- xfs: prevent a UAF when log IO errors race with unmount
(git-fixes).
- commit f7eb5c7
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- commit f514fcd
- xfs: make xfs_rtalloc_query_range input parameters const
(git-fixes).
- commit 0b84c2b
- xfs: only reset incore inode health state flags when reclaiming
an inode (git-fixes).
- commit a9e17d5
- xfs: bunmapi has unnecessary AG lock ordering issues
(git-fixes).
- commit a76eaaf
- xfs: mark a data structure sick if there are cross-referencing
errors (git-fixes).
- commit b0269a0
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 1433b65
- fuse: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit 53bc420
- usb: dwc3: qcom: fix missing optional irq warnings.
- commit de0c0d4
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
(git-fixes).
- commit fff57cf
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit 603bd9d
- powerpc/perf: Optimize clearing the pending PMI and remove
WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- commit d72c6fd
- powerpc/xive: Fix refcount leak in xive_get_max_prio
(fate#322438 git-fixess).
- commit 76798e0
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit 35df6ef
- powerpc: define get_cycles macro for arch-override
(bsc#1065729).
- commit 39ee615
- blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select
- commit b069bcf
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit a0b9b11
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
(CVE-2022-2588 bsc#1202096).
- commit b08a235
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- commit b08465c
- blacklist.conf: duplicate
- commit 23a0769
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command
(git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 86ac68c
- KVM: PPC: Book3S HV: Context tracking exit guest context before
enabling irqs (bsc#1065729).
- commit b7e4839
- blacklist.conf: later reverted in upstream
- commit 31b3f5b
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit f3043dc
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 1ba1d86
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- commit 1b534db
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit 47070d3
- ext4: Fix check for block being out of directory size
(bsc#1198577 CVE-2022-1184).
- commit e41d129
- ext4: make sure ext4_append() always allocates new block
(bsc#1198577 CVE-2022-1184).
- commit 5c3a0a2
- ext4: check if directory block is within i_size (bsc#1198577
CVE-2022-1184).
- commit d289dcd
- Refresh
patches.suse/locking-lockdep-Avoid-potential-access-of-invalid-me.patch.
Fix builds with CONFIG_LOCKDEP on.
- commit b4f11f2
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
(bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
(bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific
interfaces (bsc#1200845).
- commit 7ab7313
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit 18b6fb8
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1198971).
- commit 948b7e8
- ext4: remove EA inode entry from mbcache on inode eviction
(bsc#1198971).
- commit d96ae24
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit dc90bf2
- mbcache: don't reclaim used entries (bsc#1198971).
- commit 9b2430e
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
stale pointer (git-fixes).
- commit 267c700
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
(git-fixes).
- commit ece08bc
- ARM: 9078/1: Add warn suppress parameter to
arm_gen_branch_link() (git-fixes).
- commit 3398bca
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE (git-fixes).
- commit 1d2e217
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- commit 83b5d04
- blacklist.conf: rework and optimization ftrace commits, not bug fixes
- commit e11832c
- Update config files.
- commit 7f7a8ef
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
ppc64: NVRAM=y
- commit 5e8bf01
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Updated
patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
Add missing objtool annotations from upstream commits and update the latter
patch to fix bsc#1202396.
- commit 8f03705
- objtool: Add support for intra-function calls (bsc#1202396).
- commit eabf007
- objtool: Remove INSN_STACK (bsc#1202396).
- commit c48377d
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit ef33ad6
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit cd6e886
- objtool: Support multiple stack_op per instruction
(bsc#1202396).
- Refresh
patches.suse/objtool-allow-no-op-cfi-ops-in-alternatives.patch.
- Refresh
patches.suse/objtool-fix-cfi-insn_state-propagation.patch.
- Refresh patches.suse/objtool-fix-orc-vs-alternatives.patch.
- Refresh patches.suse/objtool-rename-struct-cfi_state.patch.
- commit 5c735b5
- s390/ptrace: pass invalid syscall numbers to tracing
(bsc#1192594 LTC#197522).
- commit ad9e50e
- lib: bitmap: provide devm_bitmap_alloc() and
devm_bitmap_zalloc() (git-fixes).
- commit 2469dd3
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- commit 99eaa98
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
symbols (git-fixes).
- commit 35509ca
- blacklist.conf: unneeded and kABI-breaking module loader commits
- commit 3ccf763
- mm: memcontrol: fix potential oom_lock recursion deadlock
(bsc#1202447).
- commit bc21375
- blacklist.conf: Add 7b3c36fc4c23 ptrace: fix task_join_group_stop() for the case when current is traced
- commit 572eadd
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
(git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING
(git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent
methods (git-fixes).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
not available (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from
the PHY (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params
(git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- random: fix crash on multiple early calls to
add_bootloader_randomness() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for
tegra20 and tegra30 (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters
in ethtool (git-fixes).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put
(git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- commit b9e0ed7
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- commit 7d8ce88
- locking/lockdep: Avoid potential access of invalid memory in
lock_class (git-fixes).
- commit 6e699d5
- Update
patches.suse/can-ems_usb-ems_usb_start_xmit-fix-double-dev_kfree_.patch
(CVE-2022-28390 bsc#1198031).
- commit 9c17688
- Update
patches.suse/can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfre.patch
(CVE-2022-28389 bsc#1198033).
- commit 1983a37
- net: ethernet: ezchip: fix error handling (git-fixes).
- commit 5d377ed
- net: ethernet: ezchip: remove redundant check (git-fixes).
- commit cb426d4
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit ed56f34
- blacklist.conf: v5.16-rc2-1-gd257cc8cb8d5 introduces a rwsem regression
- commit edee2a5
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit f83edca
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- commit d5e4943
- perf bench: Share some global variables to fix build with gcc 10
(git-fixes).
- commit a397021
- net: moxa: Use devm_platform_get_and_ioremap_resource()
(git-fixes).
- commit d13dcd2
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit f14e06e
- net: pch_gbe: Propagate error from devm_gpio_request_one()
(git-fixes).
- commit 51f37b6
- net: ethernet: fix potential use-after-free in ec_bhf_remove
(git-fixes).
- commit 7175e70
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 16317aa
- net: stmmac: disable clocks in stmmac_remove_config_dt()
(git-fixes).
- commit 1bbbc9a
- net: stmmac: dwmac1000: Fix extended MAC address registers
definition (git-fixes).
- commit c6d0ccf
- ice: report supported and advertised autoneg using PHY
capabilities (git-fixes).
- commit 2243129
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- commit b4db988
- net/mlx5e: Check for needed capability for cvlan matching
(git-fixes).
- commit e46f646
- net: hns: Fix kernel-doc (git-fixes).
- commit 80f2716
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- commit 99b3a0b
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- commit 55781d8
- net: fec: fix the potential memory leak in fec_enet_init()
(git-fixes).
- commit 43431b4
- net: netcp: Fix an error message (git-fixes).
- commit 0432102
- qlcnic: Add null check after calling netdev_alloc_skb
(git-fixes).
- commit 9764dcc
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit ca3de9d
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit c1a547c
- net: stmicro: handle clk_prepare() failure during init
(git-fixes).
- commit 1249947
- Revert "/net: stmicro: fix a missing check of clk_prepare"/
(git-fixes).
- commit c8483b4
- Revert "/net: fujitsu: fix a potential NULL pointer dereference"/
(git-fixes).
- commit 35e4846
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
- commit 11b1f00
- net: davinci_emac: Fix incorrect masking of tx and rx error
channel (git-fixes).
- commit cef2ac2
- blacklist.conf: update blacklist
- commit e0f7a96
- blacklist.conf: Add 59b18a1e65b7 x86/msi: Fix msi message data shadow struct
- commit b422277
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- commit 090b87e
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
(git-fixes).
- commit 5b77923
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
(git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- commit 8286b1b
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machines (git-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch.
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch.
- commit 3b1083d
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
(git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
(git-fixes).
- commit e17531e
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
(git-fixes).
- commit 6646862
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
(git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- commit 4dbfddf
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- commit 99b2a82
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
(git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
(git-fixes).
- commit a6cb05c
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
Zenith II (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
(git-fixes).
- drm/gem: Properly annotate WW context on
drm_gem_lock_reservations() error (git-fixes).
- commit fc95967
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948).
- commit 97b83f0
- devlink: Fix use-after-free after a failed reload (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning
(git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
(git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable
(git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
should be bool (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
(git-fixes).
- pinctrl: nomadik: Fix refcount leak in
nmk_pinctrl_dt_subnode_to_map (git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- Revert "/scripts/mod/modpost.c: permit '.cranges' secton for
sh64 architecture."/ (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(git-fixes).
- commit 4ff3e1b
- blacklist.conf: Add 5f89468e2f06 swiotlb: manipulate orig_addr when tlb_addr has offset
- commit a6010ca
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- commit f1b6523
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- commit c36c19c
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- commit 34bbfc0
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator
(git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask
(git-fixes).
- commit 040a9c6
- blacklist.conf: add various fixes
- commit 73738d1
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
(CVE-2022-20368 bsc#1202346).
- commit e8bbbca
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
across ioctls (bsc#1202347 CVE-2022-20369).
- commit 36d8575
- iommu/vt-d: avoid invalid memory access via
node_online(NUMA_NO_NODE) (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
out of loop (git-fixes).
- commit c88bace
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
git-fixes).
- commit d5191b9
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified
beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- commit 7944adf
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
(git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
(git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
on error (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID
flag (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- SUNRPC reverting d03727b248d0 ("/NFSv4 fix CLOSE not waiting
for direct IO compeletion"/) (git-fixes).
- commit a827eeb
- md/bitmap: don't set sb values if can't pass sanity check
(bsc#1197158).
- commit 3927074
- kabi/severities: add stmmac driver local sumbols
- commit 31f077f
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 9af3eff
- octeontx2-af: fix infinite loop in unmapping NPC counter
(git-fixes).
- commit c88fc73
- net: mvpp2: fix interrupt mask/unmask skip condition
(git-fixes).
- commit 3584e08
- net: hdlc_x25: Return meaningful error code in x25_open
(git-fixes).
- commit 212e2be
- Update metadata references
- commit b372491
- net: dsa: b53: fix an off by one in checking "/vlan->vid"/
(git-fixes).
- commit ea4caa5
- can: m_can: process interrupt only when not runtime suspended
(git-fixes).
- commit bd4c919
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- commit 834df98
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of
devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand
side' (git-fixes).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before
memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
ark_set_pixclock() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
giveback (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit c5d77c5
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit abba98d
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 061bcfd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
(bsc#1201726 CVE-2022-26373).
- commit 16768aa
- acpi: Disable APEI error injection if the kernel is locked down
(bsc#1023051, CVE-2016-3695).
- commit 80750a7
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- commit 6458cfa
- net: stmmac: Modify configuration method of EEE timers
(git-fixes).
- commit b6da91b
- net: stmmac: Use resolved link config in mac_link_up()
(git-fixes).
- commit 4dba15f
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- commit 8d37be1
- blacklist.conf: update blacklist
- commit 51d7b18
- powerpc: powernv: kABI: add back powernv_get_random_long
(bsc#1065729).
- commit f61a28c
- KVM: PPC: Use arch_get_random_seed_long instead of powernv
variant (bsc#1156395).
- commit 3e6dc98
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
later in boot (bsc#1065729).
- commit 74ae44c
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
(bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit a69b0d7
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
(bsc#1065729).
- commit 98a575d
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit ec6a677
- blacklist.conf: update blacklist
- commit 63fa2f9
- blacklist.conf: update blacklist
- commit cc1d04f
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
loop (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
(git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation
(git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in
esdhc_signal_voltage_switch (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
(git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
(git-fixes).
- PCI: dwc: Always enable CDM check if "/snps,enable-cdm-check"/
exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
(git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using
iATU (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI/portdrv: Don't disable AER reporting in
get_port_device_capability() (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write
(git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now
useless comments (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
completion (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove()
(git-fixes).
- soundwire: bus_type: fix remove and shutdown support
(git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
(git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety
(git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer
(git-fixes).
- intel_th: Fix a resource leak in an error handling path
(git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
(git-fixes).
- commit 2bc728a
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
(git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
(git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety
(git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety
(git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety
(git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
(git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- commit 7981ef6
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
domain (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
(git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
(git-fixes).
- driver core: fix potential deadlock in __driver_attach
(git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
large (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- commit 9bda156
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
bsc#1202154).
- commit bfc6551
- blacklist.conf: update blacklist
- commit 847721e
- virtio-gpu: fix a missing check to avoid NULL dereference
(git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
(git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe()
(git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
mt76_led_init() (git-fixes).
- mt76: mt76x02u: fix possible memory leak in
__mt76x02u_mcu_send_msg (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- regulator: of: Fix refcount leak bug in
of_get_regulation_constraints() (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
(git-fixes).
- virtio-net: fix the race between refill work and close
(git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi
Dongle (git-fixes).
- commit 347666b
- drm/amd/display: Enable building new display engine with KCOV
enabled (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when
clk_set_parent() failed (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
function (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
(git-fixes).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
(git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: dsi: Add correct stop condition to
vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom
edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
(git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
(git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
(git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- commit cce0615
- drm/bridge: tc358767: Make sure Refclk clock are enabled
(git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register
(git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off
(git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off
(git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off
(git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off
(git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by
board_name only (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old
error logs (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources
(git-fixes).
- commit 6ee2d65
- ipv4: avoid using shared IP generator for connected sockets
(CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
bsc#1196616).
- commit 6c53c05
- blacklist.conf: add "/sched: Reenable interrupts in do_sched_yield()"/
This patch caused unexplained regressions and it's not fixing any
important issue.
- commit 7b4ecae
- Revert "/Refresh patches.suse/random-fix-crash-on-multiple-early-calls..."/ (bsc#1201645)
This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
- commit ef555c8
- media: smipcie: fix interrupt handling and IR timeout
(git-fixes).
- commit 72251a4
- sched/fair: Revise comment about lb decision matrix (git fixes
(sched/fair)).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
(git fixes (kernel/time)).
- random: remove useless header comment (git fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- sched/membarrier: fix missing local execution of
ipi_sync_rq_state() (git fixes (sched/membarrier)).
- mm: fix page reference leak in soft_offline_page() (git fixes
(mm/memory-failure)).
- commit b0029fe
- blacklist.conf: xtensa not used
- commit c7e553d
- blacklist.conf: UML not used
- commit d38c3c3
- blacklist.conf: Cosmetic patch
- commit 137482b
- blacklist.conf: GCC-12 not used
- commit b35581e
- blacklist.conf: KASAN not configured
- commit ddca4d2
- blacklist.conf: Clang not used for build
- commit f6cb05a
- blacklist.conf: KASAN not configured
- commit db5c6ef
- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
- commit ae569d4
- blacklist.conf: Build time micro-optimisation
- commit 091232d
- blacklist.conf: Build time micro-optimisation
- commit 06fea81
- blacklist.conf: Build time micro-optimisation
- commit c5a48f8
- blacklist.conf: Build fix that assumes bash does not exist
- commit a35739b
- blacklist.conf: Comment fix only
- commit 1f940f0
- blacklist.conf: Fixes pointing to misleading commit
- commit b94c0dc
- blacklist.conf: Patch has a number of high risk dependencies
- commit 58c61ac
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- media: rtl28xxu: add missing sleep before probing slave demod
(git-fixes).
- commit ac926ca
- media: usb: dvb-usb-v2: rtl28xxu: convert to use
i2c_new_client_device() (git-fixes).
- commit 47f6029
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
dongle (git-fixes).
- commit cf3cc2d
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- commit 27a23c1
- media: rc: increase rc-mm tolerance and add debug message
(git-fixes).
- commit 532733e
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
(git-fixes).
- commit 981dce5
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
(git-fixes).
- commit 691e7d8
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
(git-fixes).
- commit 2786445
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- Refresh
patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
- Refresh
patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
- commit de6720f
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit bafbca0
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit a77b059
- KVM: x86: Update vCPU's hv_clock before back to guest when
tsc_offset is adjusted (git-fixes).
- commit 143ba5a
- Updated commit IDs from a rebased upstream branch:
- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
- commit a3cdcd5
- KVM: x86: Fix split-irqchip vs interrupt injection window
request (git-fixes).
- commit 69e8da6
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
(git-fixes).
- commit 156ec3b
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- commit 2fe0bb0
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit cd08705
- KVM: VMX: Don't freeze guest when event delivery causes an
APIC-access exit (git-fixes).
- commit 13e27e5
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- commit 5a414a0
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- commit 65c08ec
- net: usb: ax88179_178a: remove redundant assignment to variable
ret (git-fixes).
- commit 75d1e2c
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- commit 8bcd286
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
(git-fixes).
- commit 18afbc0
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
(git-fixes).
- commit ad2b012
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- commit 564965b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- commit 8fc5407
- netfilter: nf_queue: do not allow packet truncation below
transport header offset (bsc#1201940 CVE-2022-36946).
- commit f4f33cd
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- commit 0a6851d
- nvme: consider also host_iface when checking ip options
(bsc#1199670).
- commit edd56ec
- drivers/net: Fix kABI in tun.c (git-fixes).
- commit 3adafd5
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 49c7c8d
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 87b1bf0
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
(git-fixes).
- commit 11d0ba1
- net: macb: restore cmp registers on resume path (git-fixes).
- commit 73e4cc3
- drivers: net: fix memory leak in peak_usb_create_dev
(git-fixes).
- commit bf7b83d
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- commit 1811ff5
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit 58be63e
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
clock (git-fixes).
- commit 5683f5d
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
(git-fixes).
- commit a1e8450
- ftgmac100: Restart MAC HW once (git-fixes).
- commit 9b2ea44
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
(git-fixes).
- commit 74dff8e
- net/mlx5e: When changing XDP program without reset, take refs
for XSK RQs (git-fixes).
- commit 4584eb8
- net: lapbether: Remove netif_start_queue / netif_stop_queue
(git-fixes).
- commit 9195d10
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (git-fixes).
- commit 3eac36a
- net: enetc: keep RX ring consumer index in sync with hardware
(git-fixes).
- commit 5b9c123
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
packets (git-fixes).
- commit d2c7696
- net: hns3: fix error mask definition of flow director
(git-fixes).
- commit e86b116
- blacklist.conf: update blacklist
- commit 545a342
- scsi: lpfc: Copyright updates for 14.2.0.5 patches
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
configuration (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix possible memory leak when failing to issue
CMF WQE (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in
XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
malformed user input (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in
lpfc_nvme_cancel_iocb() (bsc#1201956).
- commit 6e7b732
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
(bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers
(bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size
(bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- commit d5c3642
- Drop qla2xxx patch which prevented nvme port discovery
(bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
Upstream fixed the problem by reverting the offending commit.
Delete:
- patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 1cb16fb
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
(bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
(bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive
buffer (bsc#1199364).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
(bsc#1199364).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
signature (bsc#1199364).
- commit cffae99
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 317f350
- Refresh
patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c513474
- Update
patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
references (add CVE-2022-32250).
- commit 8871b3f
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit e1d6992
- random: fix typo in comments (git-fixes).
- commit 49bfcbe
- blacklist.conf: a cleanup that breaks kABI
- commit f8d13cb
- random: document add_hwgenerator_randomness() with other input
functions (git-fixes).
- commit 9a03f2f
- drbd: fix potential silent data corruption (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
(git-fixes).
- commit a9f5081
- kABI workaround for including mm.h in fs/sysfs/file.c
(bsc#1200598 cve-2022-20166).
- commit 29d7d8a
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit b651717
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 3ba5a53
- net: stmmac: fix CBS idleslope and sendslope calculation
(git-fixes).
- commit e0b11c6
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- commit 6020ebf
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 858de54
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit 75c3dff
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 2d480f1
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
timeout (git-fixes).
- commit 5734e3e
- net: axienet: Handle deferred probe on clock properly
(git-fixes).
- commit c2493d6
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
(git-fixes).
- commit 421a813
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- commit f6ff8de
- macvlan: remove redundant null check on data (git-fixes).
- commit 37296a9
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit d83cfd7
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
(bsc#1201846 ltc#198761).
- commit 4aa9f78
- net: macb: unprepare clocks in case of failure (git-fixes).
- commit 9b3aefc
- net: macb: add function to disable all macb clocks (git-fixes).
- commit e67caf5
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- commit 2629e74
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- commit 12700d6
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- commit 823b92f
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- commit 3311dc2
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- commit 0e7bc32
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
(git-fixes).
- commit 0b9accc
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- commit 96affe9
- net: ll_temac: Fix potential NULL dereference in temac_probe()
(git-fixes).
- commit 9f3a68c
- net: stmmac: dwmac1000: provide multicast filter fallback
(git-fixes).
- commit 173655e
- net: ll_temac: Use devm_platform_ioremap_resource_byname()
(git-fixes).
- commit bd77f60
- net: mscc: Fix OF_MDIO config check (git-fixes).
- commit 6a2a9df
- blacklist.conf: update blacklist
- commit 5495889
- blacklist.conf: update blacklist
- commit ccb0438
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- gpio: pca953x: use the correct register address when regcache
sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
(git-fixes).
- commit 20d420c
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
serial8250_request_std_resource() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
(git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
model (git-fixes).
- ASoC: madera: Fix event generation for rate controls
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: ops: Fix off by one in range control validation
(git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
(git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
(git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 7b686cc
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
for migration (bsc#1201610).
- commit fecc544
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
All are reports of the same problem - the IBRS_* regs push/popping was
wrong but it needs
1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
too.
- commit cc90276
- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
(git-fixes bsc#1200910 CVE-2020-36558).
Add references.
- commit d84e9d7
- Update
patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
(git-fixes bsc#1201429 CVE-2020-36557).
Add references.
- commit 76ab189
- lockdown: Fix kexec lockdown bypass with ima policy
(CVE-2022-21505 bsc#1201458).
- commit 5806b46
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- commit b51a741
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit 9493568
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
All are reports of the same problem - the IBRS_* regs push/popping was
wrong but it needs
1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
too.
- commit 7226005
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit b81e242
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- blacklist.conf: updated blacklist for new issue
- commit 93feb45
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
sysfs_emit (bsc#1200598 cve-2022-20166).
- commit 6f05f26
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
cve-2022-20166).
- commit 6ff7ebb
- drivers core: Remove strcat uses around sysfs_emit and neaten
(bsc#1200598 cve-2022-20166).
- commit 4cafd1f
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit bcf7213
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
* ...) functions (bsc#1200598 cve-2022-20166).
- commit 747b6a7
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
(bsc#1200598 cve-2022-20166).
- commit 4aaf7f0
- fbmem: Check virtual screen sizes in fb_set_var()
(CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
(CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
(CVE-2021-33655 bsc#1201635).
- commit a7693d8
- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
The patch seems causing a regression on Mac.
- commit f885f68
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- commit 036b703
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- commit 9d510a3
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit e7722fa
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 2f78693
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 5213f10
- kABI workaround for rtsx_usb (git-fixes).
- commit 4ee0d92
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- commit 0dca060
- power/reset: arm-versatile: Fix refcount leak in
versatile_reboot_probe (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
(git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
(git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
(git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
(git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: Fix a potential integer overflow in
ima_appraise_measurement (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
(git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector() (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
(git-fixes).
- misc: rtsx_usb: use separate command and response buffers
(git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
(git-fixes).
- fbcon: Disallow setting font bigger than screen size
(git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
(git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
(git-fixes).
- commit aa669e5
- ASoC: Intel: Skylake: Correct the handling of fmt_config
flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- commit 2be6c70
- arm64: fix compat syscall return truncation (git-fixes)
- commit 24bf105
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- commit 992de8b
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 867aa84
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ad8af15
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit 02d9d74
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- commit 4265617
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 080c096
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- commit ddc1d85
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit aff711b
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit d286e63
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- commit 437cb00
- usb: typec: add missing uevent when partner support PD
(git-fixes).
- commit 8f7dacd
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 052f747
- blacklist.conf: will speed up booting in exchange for breaking charging
from a switched off laptop with some firmwares
- commit bd8e45d
- blacklist.conf: build fix that does not matter on a released kernel
- commit 3296a39
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit a69d674
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 1caf14d
- Sort in RETbleed backport into the sorted section
Now that it is upstream..
- Refresh
patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit 94dfede
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- commit ed82a39
- blacklist.conf: blocks a driver from building
- commit 2f8d19f
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- commit 1950671
- arm64: lib: Use modern annotations for assembly functions (git-fixes)
Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
- commit fb5a868
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
(git-fixes).
- Refresh
patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
- commit 8e36894
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- commit a5d53f5
- usbnet: fix memory leak in error case (git-fixes).
- commit 988ba16
- arm64: module: rework special section handling (git-fixes)
- commit 7d368bc
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit fb0447a
- dm mirror log: round up region bitmap size to BITS_PER_LONG
(git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
(git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one
device (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
digest size (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
sizes (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
(git-fixes).
- dm: fix mempool NULL pointer race when completing IO
(git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
crypt_page_alloc() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
(git-fixes).
- blk-zoned: allow zone management send operations without
CAP_SYS_ADMIN (git-fixes).
- dm btree remove: assign new_root only when removal succeeds
(git-fixes).
- dm snapshot: properly fix a crash when an origin has no
snapshots (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk
size (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
table reload sequences (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
(git-fixes).
- dm persistent data: packed struct should have an aligned()
attribute too (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during
tear down (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size
(git-fixes).
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way
(git-fixes).
- dm integrity: conditionally disable "/recalculate"/ feature
(git-fixes).
- dm integrity: fix a crash if "/recalculate"/ used without
"/internal_hash"/ (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm snapshot: flush merged data before committing metadata
(git-fixes).
- lib/string.c: implement stpcpy (git-fixes).
- commit ab41893
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
rx queue (bsc#1201381).
- commit ae4d431
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- commit 5e710e7
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 8d18bba
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- commit 2dbbe9d
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- commit 6a3fc85
- pty: do tty_flip_buffer_push without port->lock in pty_write
(bsc#1198829 CVE-2022-1462).
- commit ce8f318
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cbf8ad3
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- Update config files:
- MODULE_ALLOW_BTF_MISMATCH=y
- commit 0660602
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- Refresh
patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit 6a4211c
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- Refresh
patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit ec84a18
- kbuild: Skip module BTF generation for out-of-tree external
modules (jsc#SLE-24559).
- commit b411a90
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- commit dd48d54
- kbuild: Build kernel module BTFs if BTF is enabled and pahole
supports it (jsc#SLE-24559).
- Update config files:
- PAHOLE_HAS_SPLIT_BTF=y
- DEBUG_INFO_BTF_MODULES=y
- commit 00469b9
- bpf: Assign ID to vmlinux BTF and return extra info for BTF
in GET_OBJ_INFO (jsc#SLE-24559).
- commit bf525c4
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- commit de75fe3
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- Refresh
patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
- commit 97960b8
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- commit d74c2bd
- kbuild: drop $(wildcard $^) check in if_changed* for faster
rebuild (jsc#SLE-24559).
- commit 2b23691
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- Refresh
patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
- Refresh
patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
- Refresh
patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
- Refresh
patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
- commit 860eb7e
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- Refresh
patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
- commit e48ca3e
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- commit 089d37f
- io_uring: fix fs->users overflow (CVE-2022-1116, bsc#1199647).
- commit e8dfed6
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
(git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
(git-fixes).
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
changes to RUNNING (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
(git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
error (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- commit cad0d5f
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 12197a1
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit ef1c2ca
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 41afdd9
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6b54061
- ibmvnic: Properly dispose of all skbs during a failover
(bsc#1200925).
- commit 06221e8
- mm/slub: add missing TID updates on slab deactivation
(git-fixes).
- commit af73675
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit 89b5cfc
- xen: don't continue xenstore initialization in case of errors
(git-fixes).
- commit a397042
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- commit 223f7ba
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
intel_pmu_refresh() (git-fixes).
- commit 2a600a1
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
GPAs (git-fixes).
- commit a048eb5
- KVM: apic: avoid calculating pending eoi from an uninitialized
val (git-fixes).
- commit bd607c6
- KVM: nVMX: handle nested posted interrupts when apicv is
disabled for L1 (git-fixes).
- commit a486b7a
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
attacks (git-fixes).
- commit eb73c2f
- KVM: x86: Don't let userspace set host-reserved cr4 bits
(git-fixes).
- commit 404b24a
- net: hso: bail out on interrupt URB allocation failure
(git-fixes).
- commit f562212
- blacklist.conf: misattributed in upstream
- commit 202e210
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
bsc#1201251).
- commit 84c7e09
- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
- commit 4566057
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- commit 8890fb5
- xen/netfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33741, XSA-403).
- commit 7daee4f
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-33740, XSA-403).
- commit bfb8cc2
- xen/blkfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33742, XSA-403).
- commit 9c6c1df
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-26365, XSA-403).
- commit 7095954
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b7a3331
- x86/common: Stamp out the stepping madness (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 3962a01
- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit a2b7d09
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit fd58624
- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 79152af
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit f625aa5
- KVM: VMX: Convert launched argument to flags (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit e0dd694
- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 528b21e
- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 5c70c82
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 4f79cdb
- x86/speculation: Use cached host SPEC_CTRL value for guest
entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 140d756
- x86/speculation: Fix SPEC_CTRL write on SMT state change
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 43488f5
- x86/speculation: Fix firmware entry SPEC_CTRL handling
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 410bedf
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 3ed82bb
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 914bf03
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 0636a43
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
(git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
(git-fixes).
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- virtio-net: fix race between ndo_open() and
virtio_device_ready() (git-fixes).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in
brcmstb_pm_probe (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation
(git-fixes).
- usb: chipidea: udc: check request status before setting device
address (git-fixes).
- USB: serial: option: add Quectel RM500K module support
(git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting
(git-fixes).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask
chips (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume
(git-fixes).
- commit 3920c43
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
(git-fixes).
- hwmon: (ibmaem) don't call platform_device_del() if
platform_device_add() fails (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and
ndo_open() (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name
(git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register
(git-fixes).
- iio:accel:bma180: rearrange iio trigger get and register
(git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
(git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models
(git-fixes).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
(git-fixes).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure
(git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template
tracepoint (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- commit aa4e5a5
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- blacklist.conf:
remove this entry
- commit 6e5bc29
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
This patches never made it to mainline. Instead a simpler solution was
added upstream 14dc7a18abbe ("/block: Fix handling of offline queues in
blk_mq_alloc_request_hctx().
- commit a4e1276
- blacklist.conf: breaks kABI in an unfixable manner
- commit de9d595
- kabi: nvme workaround header include (bsc#1201193).
- commit 1e4257b
- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b3da909
- intel_idle: Disable IBRS during long idle (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit bff00e1
- xhci: Add reset resume quirk for AMD xhci controller
(git-fixes).
- commit 144d367
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 9a4b6fa
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
(git-fixes).
- Refresh
patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch.
- Refresh
patches.suse/usb-xhci-do-not-perform-Soft-Retry-for-some-xHCI-hos.patch.
- commit 1d0d070
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit eda1e45
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c12a655
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 94eb4a2
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 7077b17
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit c21cae3
- netfilter: nf_tables: stricter validation of element data
(CVE-2022-34918 bsc#1201171).
- commit d3cb893
- scsi: nvme: Added a new sysfs attribute appid_store
(bsc#1201193).
- commit 946af0d
- blacklist.conf: update
- blacklist.conf: Add new commit
- commit 6c8c02b
- block/keyslot-manager: prevent crash when num_slots=1
(git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats
(git-fixes).
- commit ef13f5c
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet-rdma: Fix NULL deref when SEND is completed with error
(git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr
INADDR_ANY (git-fixes).
- commit ad1ec47
- blacklist.conf: Add nvmet patch
- commit f8744f6
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- commit 781a006
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 3a3473f
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit 89f84ec
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 13522d3
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b13e1ec
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit ba20e78
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit e26025b
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit a16eea7
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 1744d2e
- x86/bpf: Use alternative RET encoding (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 3599ff8
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 9c190f7
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for
nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Add more logging of cmd and cqe information for
aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is
aborted (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after
starget_to_rport() (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path
refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path
refactoring (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices
(bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os
(bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol
independent (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid()
(bsc#1201193).
- commit 7f7c840
- net: stmmac: reset Tx desc base address before restarting Tx
(git-fixes).
- commit db66d0c
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- commit 021df50
- net: ethernet: stmmac: Disable hardware multicast filter
(git-fixes).
- commit 36ce5b8
- sunvnet: use icmp_ndo_send helper (git-fixes).
- commit 22762aa
- gtp: use icmp_ndo_send helper (git-fixes).
- commit b9a3ced
- veth: fix races around rq->rx_notify_masked (git-fixes).
- commit c90500d
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 8c700c0
- Update config files.
- commit d2069d8
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
injection (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
with I/Os (bsc#1201160).
Refresh:
- patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
(bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
tests (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
timeouts (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
(bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
(bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default
(bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
(bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
(bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
(bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
(bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface
(bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
(bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
(bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
(bsc#1201160).
- commit d2cb0ed
- Revert "/block: Fix a lockdep complaint triggered by request
queue flushing"/ (git-fixes).
- commit 4eca7cd
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
(bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
(bsc#1201160).
- commit 4780b01
- nvme-multipath: set nr_zones for zoned namespaces (git-fixes). - Refresh patches.suse/nvme-fix-refcounting-imbalance-when-all-paths-are-do.patch.
- commit 76d2349
- ceph: clean up locking annotation for ceph_get_snap_realm and
__lookup_snap_realm (bsc#1201149).
- Refresh
patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit d26c619
- ceph: add some lockdep assertions around snaprealm handling
(bsc#1201147).
- Refresh
patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit 2f1c9fc
- blacklist.conf: add commit
- commit aaeabea
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 9a7c312
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- commit 8a0b165
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- commit 7e67c38
- blacklist.conf: ignore documentation fix
- commit ea0880a
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- commit d76d5ab
- scsi: sd_zbc: Support disks with more than 2**32 logical
(git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
(git-fixes).
- scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc (git-fixes).
- commit 29c91b5
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit ea71447
- crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341).
- commit af7f65a
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- commit 9db78a9
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks
(git-fixes).
- blacklist.conf: Remove entry from blacklist
- commit 5cb2eb0
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Don't limit max_zone_append sectors to
(git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- commit 6f51c10
- x86: Add straight-line-speculation mitigation (bsc#1201050
CVE-2021-26341).
- Update config files.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit d2ed44a
- x86/alternative: Relax text_poke_bp() constraint (bsc#1201050
CVE-2021-26341).
- commit 2e7822c
- x86/alternatives: Teach text_poke_bp() to emulate RET
(bsc#1201050 CVE-2021-26341).
- commit 4eb3542
- x86/alternatives: Implement a better poke_int3_handler()
completion scheme (bsc#1201050 CVE-2021-26341).
- commit cf0f438
- x86/alternative: Shrink text_poke_loc (bsc#1201050
CVE-2021-26341).
- commit db3f434
- x86/alternative: Remove text_poke_loc::len (bsc#1201050
CVE-2021-26341).
- commit 90aebc8
- x86/alternative: Add text_opcode_size() (bsc#1201050
CVE-2021-26341).
- commit 83d7faa
- x86/alternatives: Add and use text_gen_insn() helper
(bsc#1201050 CVE-2021-26341).
- commit 5121e4e
- x86/alternatives, jump_label: Provide better text_poke()
batching interface (bsc#1201050 CVE-2021-26341).
- commit 1b220c6
- x86: Prepare inline-asm for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit 6687132
- x86: Prepare asm files for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit f2fec2e
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
CVE-2021-26341).
- commit 88d97d1
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
(bsc#1201050 CVE-2021-26341).
- commit 59b7688
- Update metadata references
- commit 45bbc74
- usb: gadget: u_ether: fix regression in setting fixed MAC
address (git-fixes).
- commit 23f9eaa
- move devm_allocate to end of structure for kABI (git-fixes).
- commit 39ff4a9
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- commit 531527e
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
bsc#1200599).
- commit b1e8eec
- sctp: use call_rcu to free endpoint (CVE-2022-20154
bsc#1200599).
- commit 44ec44b
- kABI fix of sysctl_run_estimation (git-fixes).
- ipvs: add sysctl_run_estimation to support disable estimation
(bsc#1195504).
- commit 326d103
- bcache: avoid unnecessary soft lockup in kworker
update_writeback_rate() (bsc#1197362).
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal
bucket (git-fixes).
- bcache: remove incremental dirty sector counting for
bch_sectors_dirty_init() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init()
(git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions
(git-fixes).
- bcache: fixup multiple threads crash (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- commit 702bf9b
- Fixup !CONFIG_BLK_CGROUP build in
patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch.
- commit bfec8fb
- phy: aquantia: Fix AN when higher speeds than 1G are not
advertised (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
(git-fixes).
- i2c: designware: Use standard optional ref clock implementation
(git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
(git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new
baseline (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
registration failed (git-fixes).
- ata: libata-core: fix NULL pointer deref in
ata_host_alloc_pinfo() (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
(git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control
(git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume
controls (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls
(git-fixes).
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on
(git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
(git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
(git-fixes).
- commit 3c059bb
- arm64: ftrace: fix branch range checks (git-fixes)
- commit 78ca39c
- block: Fix kABI in blk-merge.c (bsc#1198020).
- commit fa9f9d3
- ext4: add check to prevent attempting to resize an fs with
sparse_super2 (bsc#1197754).
- commit 063f013
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
Exported symbols under drivers/nvme/target/ are only used by the
nvmet subsystem itself.
- commit 60db37f
- blacklist.conf: Blacklist 14dc7a18abbe
- commit e3d2bff
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- commit 5d5a2b9
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- commit e2cebc4
- blacklist.conf: Blacklist e583b5c472bd
- commit e1ae80a
- iomap: iomap_write_failed fix (bsc#1200829).
- commit c8ee717
- jfs: fix divide error in dbNextAG (bsc#1200828).
- commit 8668968
- ext4: make variable "/count"/ signed (bsc#1200820).
- commit 8506661
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- commit 9bcd180
- writeback: Fix inode->i_io_list not be protected by
inode->i_lock error (bsc#1200821).
- commit 5276354
- blk-mq: do not update io_ticks with passthrough requests
(bsc#1200816).
- commit 25cf6a6
- blacklist.conf: Blacklist 14362a254179 and e730558adffb
- commit 84080f8
- blacklist.conf: Blacklist 623af4f538b5
- commit e09c291
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- commit dd7c510
- Update tags in:
patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch.
patches.suse/bfq-Get-rid-of-__bio_blkcg-usage.patch.
patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch.
patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch.
patches.suse/bfq-Split-shared-queues-on-move-between-cgroups.patch.
patches.suse/bfq-Track-whether-bfq_group-is-still-online.patch.
patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch.
- commit fa82b91
- writeback: Avoid skipping inode writeback (bsc#1200813).
- commit fbc0033
- blk-iolatency: Fix inflight count imbalances and IO hangs on
offline (bsc#1200825).
- commit 77a71d2
- block: don't merge across cgroup boundaries if blkcg is enabled
(bsc#1198020).
- commit 08df09c
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- commit 90ad366
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- commit 599d1b0
- blacklist.conf: Blacklist cb8435dc8ba3
- commit 82be35e
- ext4: fix race condition between ext4_write and
ext4_convert_inline_data (bsc#1200807).
- commit ab76d02
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
(bsc#1200806).
- commit 6fb9b0d
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- nvme: add new discovery log page entry definitions
(bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
Refresh:
- patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvme: expose subsystem type in sysfs attribute 'subsystype'
(bsc#1192761).
Refresh:
- patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvmet: set 'CNTRLTYPE' in the identify controller data
(bsc#1192761).
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvme: add CNTRLTYPE definitions for 'identify controller'
(bsc#1192761).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet: don't check iosqes,iocqes for discovery controllers
(bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- commit 829b0a6
- blk-mq: clear active_queues before clearing
BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- commit e0430df
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
universally for now) added two new compiler-dependent configs:
* CC_NO_ARRAY_BOUNDS
* GCC12_NO_ARRAY_BOUNDS
Ignore them -- they are unset by dummy tools (they depend on gcc version
== 12), but set as needed during real compilation.
- commit a14607c
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
bsc#1199487).
- commit 1ae14c9
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 272b7b1
- powerpc/perf: Fix the threshold compare group constraint for
power9 (bsc#1065729).
- powerpc/idle: Fix return value of __setup() handler
(bsc#1065729).
- commit 60a1a9d
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during
probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- commit 161dd5d
- pNFS: Don't keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in
xdr_get_next_encode_buffer() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS
layout (git-fixes).
- NFS: Memory allocation failures are not server fatal errors
(git-fixes).
- NFS: Don't report errors from nfs_pageio_complete() more than
once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors
(git-fixes).
- commit b6dcac2
- Update patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch
(git-fixes CVE-2021-4157 bnc#1194013).
- commit fccebe3
- random: Add and use pr_fmt() (bsc#1184924).
- commit 565b0b7
- random: remove unnecessary unlikely() (bsc#1184924).
- commit 30b0d5d
- Refresh patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch.
Update to upstream version.
- commit f01d1a8
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
buffer address (bsc#1200343 ltc#198477).
- commit eae5ebe
- exec: Force single empty string when argv is empty
(bsc#1200571).
- commit dffa04e
- scsi: smartpqi: create module parameters for LUN reset
(bsc#1179195 bsc#1200622).
- commit 96f3f82
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
bsc#1200619).
- HID: bigbenff: prevent null pointer dereference (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
(CVE-2022-20132 bsc#1200619).
- commit f2f08be
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- commit f8ff78e
- HID: check for valid USB device for many HID drivers
(CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
detection (CVE-2022-20132 bsc#1200619).
- commit 3fe30db
- blacklist.conf: add already cherry-picked usb revert commit
- commit 5b3636f
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(git-fixes).
- commit 6e1c6be
- drm/i915/reset: Fix error_state_read ptr + offset use
(git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in
ax25_recvmsg (git-fixes).
- commit 24d4858
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
CVE-2022-20141).
- commit 34bf464
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- commit 4bfd1c5
- vringh: Fix loop descriptors check in the indirect cases
(git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol()
(git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: option: add Quectel BG95 modem (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- usb: dwc2: gadget: don't reset gadget's driver->bus (git-fixes).
- USB: hcd-pci: Fully suspend across freeze/thaw cycle
(git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend()
(git-fixes).
- USB: host: isp116x: check return value after calling
platform_get_resource() (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
(git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios()
(git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init()
(git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in
rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in
ieee80211_beacons_stop() (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system
(git-fixes).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- mwifiex: add mutex lock for call in
mwifiex_dfs_chan_sw_work_queue (git-fixes).
- media: cx25821: Fix the warning when removing the module
(git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width}
based on DMA direction (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size
(git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout
occurs (git-fixes).
- commit f8749e6
- efi: Do not import certificates from UEFI Secure Boot for T2
Macs (git-fixes).
- Refresh
patches.suse/0003-MODSIGN-load-blacklist-from-MOKx.patch.
- commit 316d54d
- drm/atomic: Force bridge self-refresh-exit on CRTC switch
(git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of
kstrdup() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour
(git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- i2c: cadence: Increase timeout per message if necessary
(git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(git-fixes).
- drm/plane: Move range check for format_count earlier
(git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails
(git-fixes).
- fbcon: Consistently protect deferred_takeover with
console_lock() (git-fixes).
- drm/virtio: fix NULL pointer dereference in
virtio_gpu_conn_get_modes (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels
after beacon rx (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit()
(git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
(git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad
(git-fixes).
- hwmon: Make chip parameter for with_info API mandatory
(git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow
on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info
(git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined
TWSI controllers (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
(git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- commit 71b82f0
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
(git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632
(git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6
(git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP
(git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map()
return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances
(git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
data type (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ASoC: dapm: Don't fold register value changes into notifications
(git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices
(git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable
(git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable
(git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(git-fixes).
- cfg80211: set custom regdomain after wiphy registration
(git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use
(git-fixes).
- commit d8922a7
- kabi: return type change of secure_ipv_port_ephemeral()
(CVE-2022-1012 bsc#1199482).
- tcp: drop the hash_32() part from the index calculation
(CVE-2022-1012 bsc#1199482).
- tcp: increase source port perturb table to 2^16 (CVE-2022-1012
bsc#1199482).
- tcp: dynamically allocate the perturb table used by source ports
(CVE-2022-1012 bsc#1199482).
- tcp: add small random increments to the source port
(CVE-2022-1012 bsc#1199482).
- tcp: resalt the secret every 10 seconds (CVE-2022-1012
bsc#1199482).
- tcp: use different parts of the port_offset for index and offset
(CVE-2022-1012 bsc#1199482).
- secure_seq: use the 64 bits of the siphash for port offset
calculation (CVE-2022-1012 bsc#1199482).
- commit f0bb4ae
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- commit 000b775
- Refresh 0002-PKCS-7-Check-codeSigning-EKU-for-kernel-module-and-k.patch
- commit 4835ae7
- kernel-binary.spec: check s390x vmlinux location
As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
directly into arch/s390/boot. As the specfile is shared among branches,
check both locations and let objcopy use one that exists.
- commit cd15543
- platform/x86: wmi: Fix driver->notify() vs ->probe() race
(git-fixes).
- commit e932131
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(git-fixes).
- commit 2771a0e
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- Update config files
- commit 0d6e862
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: Fix read inconsistency for ESE DASD devices
(bsc#1200206 LTC#198455).
- s390/dasd: Fix read for ESE with blksize < 4k (bsc#1200206
LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices
(bsc#1200207 LTC#198454).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207
LTC#198454).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
guests (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(git-fixes).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
(git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
(git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector
packed decimal facility (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto
masks (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
(git-fixes).
- commit 61a09d5
- NFS: Don't report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing
(git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- commit a49fc21
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 070ca14
- blk-mq: Fix wrong wakeup batch configuration which will cause
hang (bsc#1200263).
- commit d25a54b
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- commit 0a1fb57
- PCI: hv: Fix NUMA node assignment when kernel boots with custom
NUMA topology (bsc#1199365).
- commit 533234b
- cifs: fix uninitialized pointer in error case in
dfs_cache_get_tgt_share (bsc#1200217).
- commit 61fbb01
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- commit ee56e7d
- cifs: update internal module number (bsc#1200217).
- commit f5cdb99
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1200217).
- commit 1734132
- cifs: do not build smb1ops if legacy support is disabled
(bsc#1200217).
- commit aba3c47
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- commit e9cc20c
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1200217).
- commit 294d1b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
(bsc#1200217).
- commit 98c0db1
- cifs: fix potential double free during failed mount
(bsc#1200217).
- commit bce142b
- cifs: avoid parallel session setups on same channel
(bsc#1200217).
- commit 1f42004
- cifs: use new enum for ses_status (bsc#1200217).
- commit 7268b31
- cifs: do not use tcpStatus after negotiate completes
(bsc#1200217).
- commit 7674d31
- smb3: add mount parm nosparse (bsc#1200217).
- commit 2ffada9
- smb3: don't set rc when used and unneeded in query_info_compound
(bsc#1200217).
- commit 6fd63ad
- smb3: check for null tcon (bsc#1200217).
- commit b858070
- cifs: fix minor compile warning (bsc#1200217).
- commit fd0fc4d
- Add various fsctl structs (bsc#1200217).
- commit 90bede3
- smb3: add trace point for oplock not found (bsc#1200217).
- commit 346f7ed
- cifs: return the more nuanced writeback error on close()
(bsc#1200217).
- commit 7742646
- smb3: add trace point for lease not found issue (bsc#1200217).
- commit 0658354
- cifs: smbd: fix typo in comment (bsc#1200217).
- commit c4afc8a
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1200217).
- commit 706627f
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- commit 6a639c3
- cifs: move definition of cifs_fattr earlier in cifsglob.h
(bsc#1200217).
- commit f6bc702
- cifs: print TIDs as hex (bsc#1200217).
- commit e89f4ca
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- commit 415ae81
- cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs
was set (bsc#1200217).
- commit a90922b
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1200217).
- commit 586cc75
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1200217).
- commit ee0782f
- cifs: destage any unwritten data to the server before calling
copychunk_write (bsc#1200217).
- commit 1bda1c7
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- commit 8a9f3fb
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1200217).
- commit 6a33928
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- commit b1096ec
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1200217).
- commit 7b9058f
- cifs: potential buffer overflow in handling symlinks
(bsc#1200217).
- commit 6cb9820
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- commit 349ed65
- cifs: release cached dentries only if mount is complete
(bsc#1200217).
- commit 6b464d5
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- commit dde64e8
- cifs: update internal module number (bsc#1193629).
- commit 92220f4
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- commit 83df40d
- cifs: remove check of list iterator against head past the loop
body (bsc#1200217).
- commit c041716
- cifs: fix potential race with cifsd thread (bsc#1200217).
- commit 4db1b1e
- smb3: fix ksmbd bigendian bug in oplock break, and move its
struct to smbfs_common (bsc#1200217).
[ ematsumiya: remove ksmbd parts ]
- commit 49a5253
- smb3: cleanup and clarify status of tree connections
(bsc#1200217).
- commit 7a8d282
- smb3: move defines for query info and query fsinfo to
smbfs_common (bsc#1200217).
[ ematsumiya: remove ksmbd parts ]
- commit 980c599
- smb3: move defines for ioctl protocol header and SMB2 sizes
to smbfs_common (bsc#1200217).
[ ematsumiya: remove ksmbd parts ]
- commit 4816364
- [smb3] move more common protocol header definitions to
smbfs_common (bsc#1200217).
[ ematsumiya: remove ksmbd parts ]
- commit 6224ee1
- cifs: fix incorrect use of list iterator after the loop
(bsc#1200217).
- commit aef3af4
- cifs: change smb2_query_info_compound to use a cached fid,
if available (bsc#1200217).
- commit 351d3bd
- cifs: use a different reconnect helper for non-cifsd threads
(bsc#1200217).
- commit f30e918
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1200217).
- commit 7cfcd55
- cifs: fix handlecache and multiuser (bsc#1200217).
- commit 3ed19f3
- smb3: fix incorrect session setup check for multiuser mounts
(bsc#1200217).
- commit 7016d61
- cifs: fix confusing unneeded warning message on smb2.1 and
earlier (bsc#1200217).
- commit 5c8e870
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1200217).
- commit 48a34af
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1200217).
- commit f99992c
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1200217).
- commit 84b55ef
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- commit eb184a1
- smb3: fix snapshot mount option (bsc#1200217).
- commit 874c094
- cifs: mark sessions for reconnection in helper function
(bsc#1200217).
- commit 0a58bbf
- cifs: call helper functions for marking channels for reconnect
(bsc#1200217).
- commit 9ee8dff
- cifs: call cifs_reconnect when a connection is marked
(bsc#1200217).
- commit da0085d
- [smb3] improve error message when mount options conflict with
posix (bsc#1200217).
- commit 2105c8f
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- commit 5c19405
- cifs: unlock chan_lock before calling cifs_put_tcp_session
(bsc#1200217).
- commit 154c129
- Fix a warning about a malformed kernel doc comment in cifs
(bsc#1200217).
- commit b2b7511
- cifs: update internal module number (bsc#1200217).
- commit fd57627
- smb3: send NTLMSSP version information (bsc#1200217).
- commit 713e861
- cifs: cifs_ses_mark_for_reconnect should also update reconnect
bits (bsc#1200217).
- commit 9a2f0ac
- cifs: update tcpStatus during negotiate and sess setup
(bsc#1200217).
- commit d9e3178
- cifs: make status checks in version independent callers
(bsc#1200217).
- commit bd7b0d4
- cifs: remove repeated state change in dfs tree connect
(bsc#1200217).
- commit 010f86c
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- commit 8872018
- cifs: remove unused variable ses_selected (bsc#1200217).
- commit ff25a18
- cifs: protect all accesses to chan_* with chan_lock
(bsc#1200217).
- commit 570e7fa
- cifs: fix the connection state transitions with multichannel
(bsc#1200217).
- commit 9e04600
- cifs: check reconnects for channels of active tcons too
(bsc#1200217).
- commit 7d36579
- cifs: serialize all mount attempts (bsc#1200217).
- commit 551fdd3
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for
non-ASCII dfs refs (bsc#1200217).
- commit c9efbf1
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
path is empty (bsc#1200217).
- commit 764a91d
- cifs: clean up an inconsistent indenting (bsc#1200217).
- commit 248e46d
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- commit 43eb5cf
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- commit 41d17b7
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- commit ef6d710
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
(bsc#1200217).
- commit f53ea90
- cifs: avoid race during socket reconnect between send and recv
(bsc#1200217).
- commit 722c8b7
- cifs: maintain a state machine for tcp/smb/tcon sessions
(bsc#1200217).
- commit 51b486f
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- commit fd0e196
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- commit 27f6fb8
- cifs: reconnect only the connection and not smb session where
possible (bsc#1200217).
- commit 16bf87d
- cifs: add WARN_ON for when chan_count goes below minimum
(bsc#1200217).
- commit a58714b
- cifs: adjust DebugData to use chans_need_reconnect for conn
status (bsc#1200217).
- commit 7ddcbf5
- cifs: use the chans_need_reconnect bitmap for reconnect status
(bsc#1200217).
- commit d6f970b
- cifs: track individual channel status using chans_need_reconnect
(bsc#1200217).
- commit b7aed75
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- commit a5a52e3
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- commit d076172
- cifs: ignore resource_id while getting fscache super cookie
(bsc#1200217).
- commit 2d5c0e6
- cifs: fix ntlmssp auth when there is no key exchange
(bsc#1200217).
- commit 93704ce
- cifs: wait for tcon resource_id before getting fscache super
(bsc#1200217).
- commit b7f6657
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- commit e83f639
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
architectural PMU (git-fixes).
- commit b46bf26
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- commit 27bee90
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- commit a28f4e5
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps
are in use (git-fixes).
- commit d008aa3
- kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
- commit 5797afc
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested
VM-Enter (git-fixes).
- commit acadff0
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR
emulation (git-fixes).
- commit e4539a4
- KVM: x86: Don't force set BSP bit when local APIC is managed
by userspace (git-fixes).
- commit eb244fb
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any
BSP (git-fixes).
- commit e4d1ca5
- KVM: nVMX: Set LDTR to its architecturally defined value on
nested VM-Exit (git-fixes).
- commit 738798b
- KVM: x86: Immediately reset the MMU context when the SMM flag
is cleared (git-fixes).
- commit 09330a5
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit f9d0532
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (git-fixes).
- commit d9ed32f
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- commit 9620f9a
- kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
(git-fixes).
- commit ef4dd36
- kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
(git-fixes).
- commit f6cd4b8
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest
(git-fixes).
- commit 0207dce
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in
64-bit mode (git-fixes).
- commit 167dd6e
- Revert "/KVM: x86: work around leak of uninitialized stack
contents"/ (git-fixes).
- commit 750d1b0
- nfc: st21nfca: fix incorrect sizing calculations in
EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
(git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- commit 31b71c0
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- commit 006ad54
- KVM: nVMX: Invalidate all roots when emulating INVVPID without
EPT (git-fixes).
- commit 6adfb0f
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush
(git-fixes).
- commit a06b778
- ftrace: Clean up hash direct_functions on register failures
(git-fixes).
- commit adaac4e
- tilcdc: tilcdc_external: fix an incorrect NULL check on list
iterator (git-fixes).
- commit 8f16892
- Refresh
patches.suse/drm-vmwgfx-Initialize-drm_mode_fb_cmd2.patch.
Alt-commit
- commit 30ee9bf
- Refresh
patches.suse/0001-drm-vmwgfx-Remove-unused-compile-options.patch.
Alt-commit
- commit e57beef
- blacklist.conf: Remove blacklisting of backported patch
- Refresh
patches.suse/drm-vc4-hdmi-Move-the-HSM-clock-enable-to-runtime_pm.patch.
Alt-commit
- commit 64d3607
- block: fix bio_clone_blkg_association() to associate with
proper blkcg_gq (bsc#1200259).
- commit ce6dfd1
- Refresh
patches.suse/drm-i915-Call-i915_globals_exit-if-pci_register_devi.patch.
Alt-commit
- commit fbaa188
- drm/msm/dsi: fix address for second DSI PHY on SDM660
(git-fixes).
- commit 2435776
- Refresh
patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch.
Alt-commit
- commit 693f083
- Refresh patches.suse/drm-amdkfd-Fix-GWS-queue-count.patch.
Alt-commit
- commit cef7148
- Refresh
patches.suse/drm-amdgpu-smu10-fix-SoC-fclk-units-in-auto-mode.patch.
Alt-commit
- commit 7e7296e
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
(git-fixes).
- commit 25b074b
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- commit cd35e5a
- blacklist.conf: 0d979509539e drm/ttm: remove ttm_bo_vm_insert_huge()
- commit b0d7e4a
- blacklist.conf: 10a6de19cad6 seq_file: fix passing wrong private data
- commit 88787ec
- drm/i915: fix i915_globals_exit() section mismatch error
(git-fixes).
- commit f035fef
- add mainline tag for a pci-hyperv change
- commit 77f42e9
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
(CVE-2022-1972 bsc#1200019).
- commit 323e166
- netfilter: nf_tables: disallow non-stateful expression in sets
earlier (CVE-2022-1966 bsc#1200015).
- commit 41de480
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: use bdev_alignment_offset instead of
queue_alignment_offset (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes
(git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- commit d165ee8
- Added blacklist git-fix: just fixes compiler warning but breaks kabi
- commit 2f740d4
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG
(bsc#1198971).
- Update config files to disable mistakenly enabled CONFIG_JBD2_DEBUG
- commit 1c1f326
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- commit 3c1ac51
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- commit a293be9
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- commit 5ddd111
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- commit b7d0c5f
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- commit ac2aae4
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- commit dd8afe7
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- commit de37b40
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- commit b06c831
- qlcnic: Fix error code in probe (git-fixes).
- commit 34dcd67
- net: korina: fix return value (git-fixes).
- commit 2399b03
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- commit ecd49f2
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- commit 5655db7
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 9d94c81
- netdevice: demote the type of some dev_addr_set() helpers
(bsc#1200216).
- commit eaa7009
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
9520 laptop (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ASoC: rt5514: Fix event generation for "/DSP Voice Wake Up"/
control (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- commit f5268ed
- gpio: adp5588: Remove support for platform setup and teardown
callbacks (git-fixes).
- gpio: pca953x: use the correct register address to do regcache
sync (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
(git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in
dmi_sysfs_register_handle (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
(git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors
(git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values
(git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right
(git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return
value check (git-fixes).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
(git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
(git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe
(git-fixes).
- USB: storage: karma: fix rio_karma_init return (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity
(git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
(git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: sh-sci: Don't allow CS5-6 (git-fixes).
- serial: txx9: Don't allow CS5-6 (git-fixes).
- serial: rda-uart: Don't allow CS5-6 (git-fixes).
- serial: digicolor-usart: Don't allow CS5-6 (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
(git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: don't overwrite xmit->buf[0] by x_char (git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h>
(git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h>
(git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in
owl_uart_probe (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port
(git-fixes).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- commit e15e5e6
- powerpc/xive: Add some error handling code to
'xive_spapr_init()' (fate#322438 git-fixes).
- commit 29a15ff
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
backlog (bsc#1183405).
- commit 5f8489b
- tracing: Fix return value of trace_pid_write() (git-fixes).
- commit 332fdc6
- tracing: Fix potential double free in create_var_ref()
(git-fixes).
- commit 142f9d7
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- commit 9790edc
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
OPT_HOST_IFACE (bsc#1199670).
- commit a8aa700
- ceph: fix setting of xattrs on async created inodes
(bsc#1200192).
- commit 91687d7
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- commit 9250a63
- soc: rockchip: Fix refcount leak in rockchip_grf_init
(git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- rtc: mt6397: check return value after calling
platform_get_resource() (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
(git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct
(git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped
(git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(git-fixes).
- commit db358bc
- powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438
git-fixes).
- commit 4062633
- NFC: netlink: fix sleep in atomic bug when firmware download
timeout (CVE-2022-1975 bsc#1200143).
- commit bcae1e0
- nfc: replace improper check device_is_registered() in netlink
related functions (CVE-2022-1974 bsc#1200144).
- Refresh
patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch.
- commit 8ab4a08
- certs: Add EFI_CERT_X509_GUID support for dbx entries
(bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 6bf28b7
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 43f073a
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- commit 013d17b
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- commit 42eec11
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- commit 93d1bda
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- commit 7e7bd88
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- commit 5ee912a
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- commit 8161416
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- commit 4e538b6
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- commit 676db9a
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- commit 70b2b9b
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- commit 50fc702
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- commit 12ddc7c
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- commit 123bc41
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- commit d5627c3
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- commit 5b0fb4f
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- commit 7371c56
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- commit f4ca8bd
- blacklist.conf: ("/ARM: dts: spear1340: Update serial node properties"/)
- commit 2719ba1
- blacklist.conf: ("/ARM: dts: spear13xx: Update SPI dma properties"/)
- commit d4905d6
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- commit 23153db
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- commit 5fc1380
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- commit 71afe29
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- commit afc6580
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- commit bc1fb03
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- commit fee81b1
- blacklist.conf: ("/ARM: iop32x: offset IRQ numbers by 1"/)
- commit abcec77
- ARM: tegra: Move panels to AUX bus (git-fixes)
- commit 50fd172
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- commit 0f51816
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- commit 40ff6d7
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- commit 27df56a
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- commit 62b05df
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- commit 587bb4a
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- commit 8309249
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- commit 2e353f0
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- commit c7c1408
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- commit ca31c5d
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- commit 43a6857
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- commit 8773156
- nvme-tcp: allow selecting the network interface for connections
(bsc#1199670).
- commit 24adf25
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
(bsc#1200046).
- commit 0e2231e
- Refresh
patches.suse/nvme-multipath-use-vmalloc-for-ana-log-buffer.patch.
- commit 971fe0e
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for
NVMe I/O (bsc#1200045).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up
(bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric
parameters (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in
rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1200045).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion
(bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths
(bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call
(bsc#1200045).
- scsi: lpfc: Fix additional reference counting in
lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in
lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches
(bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
(bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
(bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
(bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post
RSCN completion (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in
Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
(bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for
trunk groups (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1200045).
- scsi: lpfc: Correct CRC32 calculation for congestion stats
(bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic
disable (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for
ELS_RDF path (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link
down or aborted (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after
guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to
issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a
new FLOGI (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports
link down (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field
(bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
(bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling
lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe
rescan (bsc#1200045).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line
(bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
(bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045
bsc#1198989 bsc#1197675).
- commit d7157b7
- iommu/amd: Increase timeout waiting for GA log enablement
(bsc#1199052).
- commit fe9fbe6
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989)
The update was reverted due to some regression on older
hardware. These have been fixed in the meantime, thus update the
driver.
- commit 200ac05
- revert scsi: qla2xxx: Changes to support FCP2 Target
(bsc#1198438).
- commit 12ff2a5
- net: rtlwifi: properly check for alloc_workqueue() failure
(git-fixes).
- Revert "/rtlwifi: fix a potential NULL pointer dereference"/
(git-fixes).
- commit 24fe374
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (git-fixes).
- commit 962a439
- spi: Introduce device-managed SPI controller allocation
(git-fixes).
- commit 9cd5722
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
(bsc#1061840 git-fixes).
- commit 6362663
- blacklist.conf: kABI, cleanup that renames constants
- commit e8bfcff
- blacklist.conf: kABI, renames declarations
- commit 1b506e7
- blacklist.conf: switches off compilation of a driver on some arches. Either irrelevant or breaks kABI.
- commit a8132c8
- media: netup_unidvb: Don't leak SPI master in probe error path
(git-fixes).
- commit 539b59b
- Refresh
patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch.
In this case, we can not simply use __GENKSYMS__ to wrap new
LOCKDOWN_DBG_WRITE/READ_KERNEL fields in enum lockdown_reason
struct. So let's remove __GENKSYMS__ and add a kabi workaround
patch. (bsc#1199426 CVE-2022-21499)
- commit 88eddb5
- lockdown: kABI workaround for lockdown_reason changes
(bsc#1199426, CVE-2022-21499).
- commit fe7a29a
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry
and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- commit 4e35232
- powerpc/fadump: fix PT_LOAD segment for boot memory area
(bsc#1103269 ltc#169948 git-fixes).
- commit 726e54b
- Update patch metadata references
- commit c29f6ae
- KVM: VMX: Fix stale docs for
kvm-intel.emulate_invalid_guest_state (git-fixes).
- commit 56b5e51
- Kconfig.debug: drop selecting non-existing
HARDLOCKUP_DETECTOR_ARCH (git-fixes).
- commit 9876873
- arm64: paravirt: Use RCU read locks to guard stolen_time
(git-fixes).
- commit 06cf912
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- commit 798956d
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- commit 25a1706
- Input: stmfts - do not leave device disabled in
stmfts_input_open (git-fixes).
- commit 7f01cd9
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: idxd: Fix the error handling path in
idxd_cdev_register() (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe
(git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value
(git-fixes).
- pinctrl/rockchip: support deferring other gpio params
(git-fixes).
- commit 9a75e78
- btrfs: extent-tree: kill the BUG_ON() in
insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 31a8792
- btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
(CVE-2019-19377 bsc#1158266).
- commit 75b17c1
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: x86 - eliminate anonymous module_init & module_exit
(git-fixes).
- mfd: ipaq-micro: Fix error check return value of
platform_get_irq() (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description
(git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- tty: fix deadlock caused by calling printk() under
tty_port->lock (git-fixes).
- commit ec70afa
- NFC: hci: fix sleep in atomic context bugs in
nfc_hci_hcp_message_tx (git-fixes).
- commit 61459e4
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
(git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove
(git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in
pvr2_i2c_core_init (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (git-fixes).
- thermal/drivers/bcm2711: Don't clamp temperature at zero
(git-fixes).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking
(git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend
(git-fixes).
- regulator: pfuze100: Fix refcount leak in
pfuze_parse_regulators_dt (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(git-fixes).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (git-fixes).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
(git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms
(git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- mmc: block: Use generic_cmd6_time when modifying
INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
(git-fixes).
- commit 45f0e7e
- gma500: fix an incorrect NULL check on list iterator
(git-fixes).
- media: uvcvideo: Fix missing check to determine if element is
found in list (git-fixes).
- media: media-entity.h: Fix documentation for
media_create_intf_link (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
(git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky
(git-fixes).
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
(git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open
(git-fixes).
- Input: add bounds checking to input_set_capability()
(git-fixes).
- commit 6469b91
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS
response (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base
protocol (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
(git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when
deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when
deadlock is detected (git-fixes).
- drm/msm/hdmi: fix error check return value of
irq_of_parse_and_map() (git-fixes).
- commit 0cce114
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit
functions (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use
after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
(git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- commit def8c76
- drivers/base/memory: fix an unlikely reference counting issue
in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data
(git-fixes).
- ASoC: max98090: Move check for invalid values before casting
in max98090_put_enab_tlv() (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
(git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: atmel-classd: Remove endianness flag on class d component
(git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component
(git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure
(git-fixes).
- ASoC: mediatek: Fix missing of_node_put in
mt2701_wm8960_machine_probe (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks
(git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled
(git-fixes).
- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm: sti: don't use kernel-doc markers (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails
(git-fixes).
- drm/edid: fix invalid EDID extension block filtering
(git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on
list iterator (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
(git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in
sco_sock_timeout (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- docs: submitting-patches: Fix crossref to 'The canonical patch
format' (git-fixes).
- ACPI: property: Release subnode properties with data nodes
(git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360
(git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
(git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove
(git-fixes).
- Bluetooth: call hci_le_conn_failed with hdev lock in
hci_le_conn_failed (git-fixes).
- commit 72b8536
- Update patch reference for libata fix (bsc#1118212).
- commit 9e93177
- KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 3afdfd4
- lockdown: also lock down previous kgdb use (bsc#1199426
CVE-2022-21499).
- commit 090b59e
- kernel-binary.spec: Support radio selection for debuginfo.
To disable debuginfo on 5.18 kernel a radio selection needs to be
switched to a different selection. This requires disabling the currently
active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- perf: Fix sys_perf_event_open() race against self
(CVE-2022-1729, bsc#1199507).
- commit feaf8f1
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 7356a15
- Update bug reference to bsc#1196840
bsc#1195826 is for SLE15-SP4
- commit c323b60
- ext4: avoid cycles in directory h-tree (bsc#1198577
CVE-2022-1184).
- commit b98a7a0
- ext4: verify dir block before splitting it (bsc#1198577
CVE-2022-1184).
- commit 1b10a51
- x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f7e3619
- series.conf: sort the patches
- commit 77394cc
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 449a24c
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- commit 55daac9
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits
(bsc#1199631).
- commit 9223fba
- ionic: fix missing pci_release_regions() on error in
ionic_probe() (bsc#1167773).
- net/mlx5e: Fix the calling of update_buffer_lossy() API
(jsc#SLE-15172).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS
flag (jsc#SLE-8371 bsc#1153274).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- net: hns3: clear inited state and stop client after failed to
register netdev (bsc#1154353).
- netfilter: nft_set_rbtree: overlap detection with element
re-addition after deletion (bsc#1176447).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(jsc#SLE-15176, jsc#SLE-16387).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
(jsc#SLE-12878).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
(jsc#SLE-7926).
- ice: Clear default forwarding VSI during VSI release
(jsc#SLE-12878).
- net: hns3: fix bug when PF set the duplicate MAC address for
VFs (jsc#SLE-14777).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: Don't send reset commands if FW isn't running
(bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean()
(jsc#SLE-16649).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- commit 16310e3
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit c2d3c0f
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
ltc#159753).
- commit a757a54
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 93d2214
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- commit 76e65ef
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f354e6f
- blacklist.conf: add Renesas SuperH Ethernet
- commit d918a41
- x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit e71b0a6
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- commit 1cc3b7f
- Update patch reference for crypto fix (bsc#1197601)
- commit afd04b9
- Add dtb-starfive
- commit 85335b1
- Update patch references for ax25 fixes (CVE-2022-1204 bsc#1198025)
- commit 18cea2f
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- commit b16b2e0
- blacklist.conf: riscv architecture not supported.
- commit c0e1845
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
mtk_i2c_probe() (git-fixes).
- commit ee5045f
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 81d7b12
- Input: ili210x - fix reset timing (git-fixes).
- commit 6a3dd7d
- clk: at91: generated: consider range when calculating best rate
(git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity
(git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target
bit (git-fixes).
- commit cb7aee7
- ping: fix the sk_bound_dev_if match in ping_lookup
(bsc#1195826).
- commit fc7752f
- NFC: nci: fix sleep in atomic context bugs caused by
nci_skb_alloc (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
(git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (git-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- USB: serial: pl2303: add device id for HP LM930 Display
(git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(git-fixes).
- ASoC: max98090: Generate notifications on changes for custom
control (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
(git-fixes).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- commit f35fecc
- kABI: Fix kABI after CVE-2022-0171 backport (CVE-2022-0171
bsc#1199509).
- commit da4b250
- KVM: SEV: add cache flush to solve SEV cache incoherency issues
(CVE-2022-0171 bsc#1199509).
- commit b851a8d
- ping: remove pr_err from ping_lookup (bsc#1195826).
- commit d9c0959
- patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch:
(bsc#1195826).
- commit 964b9e7
- floppy: use a statically allocated error counter (bsc#1199063
CVE-2022-1652).
- commit 3cde83e
- media: vim2m: Register video device after setting up internals
(git-fixes).
- commit c68692a
- netfilter: nf_conntrack_tcp: re-init for syn packets only
(bsc#1199035).
- commit adf0a01
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
options (bsc#1199035).
- commit 306abaf
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- commit 9167545
- netfilter: conntrack: move synack init code to helper
(bsc#1199035).
- commit 0f49ef3
- netfilter: conntrack: connection timeout after re-register
(bsc#1199035).
- commit f95a3ee
- copy_process(): Move fd_install() out of sighand->siglock
critical section (bsc#1199626).
- commit 7c0210b
- blacklist.conf: Add 7d613f9f72ec signal: Remove the bogus sigkill_pending in ptrace_stop
- commit e163427
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit b279627
- Update patch reference for NFC fix (CVE-2022-1734 bsc#1199605).
- commit d3208d6
- nfc: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
bsc#1199605 git-fixes).
- commit 4841312
- blacklist.conf: kABI
- commit 3cbffe4
- blacklist.conf: fixes only a warning, generated code not changed
- commit e762772
- blacklist.conf: depends on support for the AST2600, which we don't have
- commit 10f8b9b
- media: platform: add missing put_device() call in
mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- commit 686e148
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(git-fixes).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct
dce_{version, environment} types (git-fixes).
- commit ffb14db
- SUNRPC: Ensure that the gssproxy client can start in a connected
state (git-fixes).
- commit d77dab5
- Revert "/SUNRPC: Ensure gss-proxy connects on setup"/ (git-fixes).
- commit 7ee04aa
- NFS: limit use of ACCESS cache for negative responses
(bsc#1196570).
- Refresh
patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch.
- commit 0b13da9
- Update
patches.suse/sctp-delay-auto_asconf-init-until-binding-the-first-.patch
headers (CVE-2021-23133 bsc#1184675).
Remove unwanted patch headers which have hidden intended CVE and bugzilla
references (shown above) when the patch was added. The primary purpose of
this commit is to get the CVE/bugzilla references to git and rpm changelog.
- commit 33c2a2f
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- commit 8a557d3
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(git-fixes).
- commit 287c3d2
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
(git-fixes).
- commit 8690a8c
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- commit f0cde52
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- commit 61bf915
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit b8775dd
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- commit 8f25bcd
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
(git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
(git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of
list iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state
(git-fixes).
- scsi: hisi_sas: Change permission of parameter prot_mask
(git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
(git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix payload initialization in
pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix payload initialization in
pm80xx_set_thermal_config() (git-fixes).
- scsi: pm8001: Fix command initialization in
pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in
pm80XX_send_read_log() (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- commit 4f3c957
- Added two git-fixes to be blacklisted
- commit 35e3e29
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit fd4d93d
- Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413)
Also shorten the patch file name to standard size
- commit 483f56d
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU
protection (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
(git-fixes).
- batman-adv: Don't skb_split skbuffs with frag_list (git-fixes).
- dim: initialize all struct fields (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux
(git-fixes).
- ASoC: da7219: Fix change notifications for tone generator
frequency (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls
(git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(git-fixes).
- firewire: remove check of list iterator against head past the
loop body (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- commit 7fe0786
- smsc911x: allow using IRQ0 (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(git-fixes).
- USB: serial: whiteheat: fix heap overflow in
WHITEHEAT_GET_DTR_RTS (git-fixes).
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
(git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
compositions (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to
500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- commit 432e747
- NFC: netlink: fix sleep in atomic bug when firmware download
timeout (git-fixes).
- nfc: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value
(git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in
ak8975_power_on() (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in
phy_mdm6600_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in
omap_usb2_enable_clocks (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe
error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
(git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- mtd: rawnand: Fix return value check of
wait_for_completion_timeout (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map()
(git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response
(git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the
constant (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which
can never be negative (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- commit 6ee3f02
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected
by 4 bytes (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled
(irq_mask not set) (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
(git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory
(git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- bus: sunxi-rsb: Fix the return value of
sunxi_rsb_device_create() (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
(git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
(git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining
(git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing
the constant (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing
the constant (git-fixes).
- commit 12e07e6
- EDAC/synopsys: Read the error count from the correct register
(bsc#1178134).
- commit 247c29e
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- commit 72503c7
- blacklist.conf: Add 35d2f249ef0 powerpc/64s: Fix copy-paste data exposure into newly created tasks
- commit f5594b7
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (bsc#1195612 CVE-2022-24448).
- commit db3a8ef
- kABI: ivtv: restore caps member (git-fixes).
- commit 2c3f6cc
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- commit 2ffad22
- media: saa7134: fix incorrect use to determine if list is empty
(git-fixes).
- commit faf8c31
- blacklist.conf: changes API visible to user space
- commit e83f4b0
- blacklist.conf: cleanup designed to break kABI
- commit a17a5f2
- media: davinci: vpif: fix use-after-free on driver unbind
(git-fixes).
- commit 0d124d5
- media: davinci: vpif: fix unbalanced runtime PM enable
(git-fixes).
- commit 62da1d6
- media: davinci: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- commit 8aa4890
- media: videobuf2: Fix the size printk format (git-fixes).
- commit 0442925
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 039ffb2
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 46bcd39
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
(git-fixes).
- commit e008ec3
- usb: typec: ucsi: Fix role swapping (git-fixes).
- commit 0f6815d
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- commit 384b054
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- commit 9995a55
- USB: quirks: add a Realtek card reader (git-fixes).
- commit 1c7cb74
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- commit e27a1b4
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- commit d7997c9
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- commit abdcbca
- genirq/timings: Fix error return code in (git-fixes)
- commit 12c2013
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- commit f56bf3a
- genirq/timings: Prevent potential array overflow in (git-fixes)
- commit 218e50c
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- commit 8a841da
- lib/raid6/test: fix multiple definition linking error
(git-fixes).
- commit 22722bc
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- commit bc0a024
- drm/i915: Update TGL and RKL DMC firmware versions
(bsc#1198924).
- commit cce0630
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- commit 7b2fde0
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- commit 420a601
- series.conf: cleanup
- Move submitted patch to "/sorted"/ section
patches.suse/SUNRPC-change-locking-for-xs_swap_enable-disable.patch
- commit d411c20
- timers: Fix warning condition in __run_timers() (git-fixes)
- commit 91079b8
- Revert "/SUNRPC: attempt AF_LOCAL connect on setup"/ (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- NFSv4: Don't invalidate inode attributes on delegation return
(git-fixes).
- commit c794712
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(CVE-2022-0168 bsc#1197472).
- commit 5256a40
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(CVE-2022-0168 bsc#1197472).
- commit 3989909
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- commit 6437352
- net: hns3: add a check for index in hclge_get_rss_key()
(git-fixes).
- commit 43b8d6e
- net: hdlc_ppp: Fix issues when mod_timer is called while timer
is running (git-fixes).
- commit e3f1aee
- net: bcmgenet: Fix a resource leak in an error handling path
in the probe functin (git-fixes).
- commit 93f6ac8
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- commit 47f1751
- lan743x: remove redundant assignment to variable
rx_process_result (git-fixes).
- commit 529465d
- series.conf: sort out patches
- commit a6ad4ca
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- sched/topology: Skip updating masks for non-online nodes
(bsc#1197446 ltc#183000).
- commit 1e43cf6
- Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000).
- commit 89f63a7
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2
(git-fixes).
- commit 7bb7073
- objtool: Fix type of reloc::addend (git-fixes).
- commit 9c82829
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
(bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
(bsc#1196426 CVE-2021-33061).
- commit c5d1777
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- commit 098565a
- usb: dwc3: gadget: Return proper request status (git-fixes).
- commit 73a340f
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- commit 454e4d6
- usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- commit c81dcdc
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit eb15c95
- blacklist.conf: ("/arm64: patch_text: Fixup last cpu should be master"/)
- commit ec52e4c
- blacklist.conf: ("/arm64: prevent instrumentation of bp hardening callbacks"/)
- commit 4711dc6
- blacklist.conf: ("/arm64: dts: ls1046a: Update i2c node dma properties"/)
- commit 35426a5
- blacklist.conf: ("/arm64: dts: ls1043a: Update i2c dma properties"/)
- commit 080fa21
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- commit ff56d7c
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- commit ae709d6
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- commit 7fe2a15
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- commit 86007a2
- net: mana: Remove unnecessary check of cqe_type in
mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
mana_gd_create_dma_region() (bsc#1195651).
- commit c23f4de
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- commit 1b82f10
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- commit dd7ee34
- arm64: Always force a branch protection mode when the compiler has one (git-fixes).
Refresh patches.suse/arm64-enable-tlbi-range-instructions.patch.
- commit fa4122b
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a40b3c9
- blacklist.conf: Append 'drm/tegra: Add back arm_iommu_detach_device()'
- commit f7fdb0f
- blacklist.conf: Append 'drm/i915: Fix syncmap memory leak'
- commit 5ad47f2
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- commit f640496
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- commit 30a990e
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- commit 40b57d4
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- commit e9f409a
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- commit 20ca121
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- commit dd83cfa
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- commit 9612dd6
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- commit fdc716b
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- commit 83451f5
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- blacklist.conf:
- commit 88c7ed6
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 62d4fc3
- blacklist.conf: Append 'Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/'
- commit f314ea7
- Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/ (bsc#1152489)
- commit 3316fe5
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- commit 1614767
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- commit c29d398
- blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer'
- commit 0f90ce0
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- commit 7533a77
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513
git-fixes).
- commit 2fb7add
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit fb3d244
- usb: gadget: uvc: Fix crash when encoding data for usb request
(git-fixes).
- commit 41fb68a
- USB: Fix xhci event ring dequeue pointer ERDP update issue
(git-fixes).
- commit a4a5749
- net/x25: Fix null-ptr-deref caused by x25_disconnect
(CVE-2022-1516 bsc#1199012).
- commit bd2f1ec
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit c8d9e53
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- commit 6f1b5e7
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- commit 9480dc7
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
Refresh patches.suse/drm-vc4-crtc-Make-sure-the-HDMI-controller-is-powere.patch.
- commit f23bc57
- Refresh patches.suse/nvme-pci-disable-the-write-zeros-command-for-Intel-6.patch.
Workaround rapidquilt patch parsing bug.
- commit 87d73da
- bfq: Make sure bfqg for which we are queueing requests is online
(bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
Refresh patches.kabi/block-fixup-kabi-blk_mq_sched_try_insert_merge.patch
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- commit ad5069e
- Update config files (bsc#1199024).
arm LIBNVDIMM y->m
ppc64le ND_BLK ->m
- commit bfd0e0e
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit f31a75c
- ovl: fix missing negative dentry check in ovl_rename()
(CVE-2021-20321 bsc#1191647).
- commit 14422d8
- Update of patches.suse/xen-x86-obtain-full-video-frame-buffer-address-for-D.patch
- commit e4f67dd
- Update of patches.suse/xen-x86-obtain-upper-32-bits-of-video-frame-buffer-a.patch
- commit 62cffc1
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- commit 5792732
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
(bsc#1028340 bsc#1198825).
- commit daeb829
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- commit 8b93fb0
- Report kabi after Revert "/NFSv4: Handle the special Linux file
open access mode"/ (git-fixes).
- commit eaf3351
- SUNRPC: Handle low memory situations in call_status()
(git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
(git-fixes).
- commit bc9b111
- Refresh
patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
update info now this has landed in mainline
- commit 62eff20
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
(git-fixes).
- commit ae48f44
- pahole 1.22 required for full BTF features.
also recommend pahole for kernel-source to make the kernel buildable
with standard config
- commit 364f54b
- net: asix: add proper error handling of usb read errors
(git-fixes).
- commit ff1011e
- blacklist.conf: breaks ABI
- commit 8ec9040
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748).
added CVE number
- commit dfbe27e
- random: check for signal_pending() outside of need_resched()
check (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
(git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- commit 628fd01
- blacklist.conf: add one ARCH_NOMADIK entry
- commit e6296cd
- drm/vc4: Use pm_runtime_resume_and_get to fix
pm_runtime_get_sync() usage (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in
prepare (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
initialised (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec
is in use (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator
(git-fixes).
- ASoC: atmel: Remove system clock tree configuration for
at91sam9g20ek (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF
(git-fixes).
- commit 964158d
- drm/mediatek: Add AAL output size configuration (git-fixes).
- commit 655aeed
- drm/i915: Call i915_globals_exit() if pci_register_device()
fails (git-fixes).
- commit 1f2658b
- blacklist.conf: 0abb33bfca0f drm/i915/gtt: drop the page table optimisation
- commit e68827f
- blacklist.conf: 11e3c676683c drm/imx: ipuv3-plane: Remove two unnecessary export symbols
- commit 6474a0a
- blacklist.conf: b2423184ac33 drm/i915: Enable -Wuninitialized
- commit d70d26a
- blacklist.conf: 34b07d47dd00 drm/i915: Enable -Wuninitialized
- commit fb880ad
- drm/mediatek: Fix aal size config (git-fixes).
- commit 0c5a7bd
- Refresh
patches.suse/drm-i915-gem-Flush-coherency-domains-on-first-set-do.patch.
Alt-commit
- commit 4d3e42c
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl
(git-fixes).
- commit 174f497
- use jobs not processors in the constraints
jobs is the number of vcpus available to the build, while processors
is the total processor count of the machine the VM is running on.
- commit a6e141d
- Refresh
patches.suse/0007-drm-vc4-hdmi-Make-sure-the-controller-is-powered-in-.patch.
Alt-commit
- commit 02dff0c
- Refresh
patches.suse/0004-drm-amdgpu-Don-t-query-CE-and-UE-errors.patch.
Alt-commit
- commit 875e622
- Refresh
patches.suse/drm-radeon-Avoid-power-table-parsing-memory-leaks.patch.
Alt-commit
- commit 5dbb1a1
- Refresh
patches.suse/drm-radeon-Fix-off-by-one-power_state-index-heap-ove.patch.
Alt-commit
- commit 0db3384
- Refresh
patches.suse/0003-amdgpu-fix-GEM-obj-leak-in-amdgpu_display_user_frame.patch.
Alt-commit
- commit f3ae579
- Refresh
patches.suse/drm-i915-gt-Prevent-use-of-engine-wa_ctx-after-error.patch.
Alt-commit
- commit bdf1613
- Update patch reference for drm fix (CVE-2022-1419 bsc#1198742)
- commit 5c0501b
- dmaengine: idxd: add RO check for wq max_transfer_size write
(git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write
(git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap
(git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- commit c3cb470
- RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1179878
CVE-2020-27835).
- RDMA/mlx5: Add a missing update of cache->last_add
(jsc#SLE-15175).
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
(jsc#SLE-15175).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache
ODP MR (jsc#SLE-15175).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled
(jsc#SLE-15172).
- commit 8664ee1
- drm/amd/display: don't ignore alpha property on pre-multiplied
mode (git-fixes).
- ALSA: pcm: Test for "/silence"/ field in struct "/pcm_format_data"/
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- regulator: wm8994: Add an off-on delay for WM8994 variant
(git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume
(git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array()
(git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amd/display: Update VTEM Infopacket definition (git-fixes).
- drm/amd/display: fix audio format not updated after edid updated
(git-fixes).
- drm/amd: Add USBC connector ID (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
(git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
(git-fixes).
- commit d7352af
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660).
- commit 0581a66
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 37ea6b2
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803).
- commit d408779
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time
(git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- commit fa0433d
- Delete patches.suse/PM-wakeup-simplify-the-output-logic-of-pm_show_wakel.patch
The patch is superfluous (config not enabled) and would break the build.
- commit 6270819
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem
and controller (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
(git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit
(git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in
ene_ub6250.c (git-fixes).
- usb: dwc3: omap: fix "/unbalanced disables for smps10_out1"/
on omap5evm (git-fixes).
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by
xhci_decode_ctrl_ctx() (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in
atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- power: supply: wm8350-power: Add missing free in
free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for
wm8350_register_irq (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled()
wrong false return (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
(git-fixes).
- power: supply: axp20x_battery: properly report current when
discharging (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in
gemini_poweroff_probe (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
(git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
(git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- mt76: mt7615: check sta_rates pointer in
mt7615_sta_rate_tbl_update (git-fixes).
- mt76: mt7603: check sta_rates pointer in
mt7603_sta_rate_tbl_update (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
(git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
(git-fixes).
- video: fbdev: w100fb: Reset global state (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
(git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks()
(git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit a1662ac
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl()
(git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
(git-fixes).
- firmware: arm_scmi: Fix sorting of retrieved clock rates
(git-fixes).
- drm/msm/dsi: Use connector directly in
msm_dsi_manager_connector_init() (git-fixes).
- lz4: fix LZ4_decompress_safe_partial read out of bound
(git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list
(git-fixes).
- drm/edid: check basic audio support on CEA extension block
(git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
(git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
(git-fixes).
- HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
(git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases
for dt (git-fixes).
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
(git-fixes).
- drm/amd/display: Remove vupdate_int_entry definition
(git-fixes).
- drm/amdkfd: make CRAT table missing message informational only
(git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
(git-fixes).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm/edid: Don't clear formats if using deep color (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in
__dw_mipi_dsi_probe (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- media: cx88-mpeg: clear interrupt status register before
streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
(git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is
missing (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2()
(git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- commit f6dc585
- cfg80211: hold bss_lock while updating nontrans_list
(git-fixes).
- ath9k: Properly clear TX status area before reporting to
mac80211 (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for
implicit fb (git-fixes).
- dmaengine: Revert "/dmaengine: shdma: Fix runtime PM imbalance
on error"/ (git-fixes).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2
(git-fixes).
- dma-debug: fix return value of __setup handlers (git-fixes).
- Documentation: update stable tree link (git-fixes).
- Documentation: add link to stable release candidate tree
(git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
(git-fixes).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
(git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params
(git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with
memcpy_toio (git-fixes).
- brcmfmac: firmware: Allocate space for default boardrev in nvram
(git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup
error path (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
(git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
(git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer
(git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai
name (git-fixes).
- ACPI: processor idle: Check for architectural support for LPI
(git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there
(git-fixes).
- commit d3a3908
- fibmap: Reject negative block numbers (bsc#1198448).
- commit a2724a8
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap
(bsc#1198448).
- commit d8c35f2
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit 981f1ec
- Update
patches.suse/RDMA-rtrs-clt-Fix-possible-double-free-in-error-case.patch
(jsc#SLE-15176 bsc#1198515 CVE-2022-29156).
Added CVE reference.
- commit 377f598
- SUNRPC: Ensure we flush any closed sockets before
xs_xprt_free() (bsc#1198330 CVE-2022-28893).
- commit f607730
- Update patch reference for dma-buf fix (CVE-2021-0707 bsc#1198437)
- commit 05bffce
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (bsc#1198413).
- commit daaf8a2
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit 91b4481
- Update patches.suse/cgroup-verify-that-source-is-a-string.patch
(bsc#1190131 bsc#1193842 CVE-2021-4154).
- commit 0f6b5cd
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit 5e3bc51
- bpf: Resolve to prog->aux->dst_prog->type only for
BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- commit 3b5cd8a
- blacklist.conf: kABI
- commit 2d0be1f
- Update patch reference for DRM fix (CVE-2021-20292 bsc#1183723)
- commit f6cdff5
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
(git-fixes).
- mmc: renesas_sdhi: don't overwrite TAP settings when HS400
tuning is complete (git-fixes).
- Revert "/mmc: sdhci-xenon: fix annoying 1.8V regulator warning"/
(git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes
(git-fixes).
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
(git-fixes).
- commit 5e07dff
- scsi: mpt3sas: Fix use after free in
_scsih_expander_node_remove() (git-fixes).
- commit 139e22c
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
commands (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- commit 1ac8b89
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch
(bsc#1181147 bsc#1192845 CVE-2021-43975).
Added CVE reference
- commit 3261376
- fuse: handle kABI change in struct fuse_req (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit 5920a58
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
- commit caea381
- Update patch reference for NFS/RDMA fix (CVE-2022-0812 bsc#1196639)
- commit 7e276c6
- livepatch: Don't block removal of patches that are safe to
unload (bsc#1071995).
- commit 21cea26
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
(git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator
(git-fixes).
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
(git-fixes).
- commit 1e2cb1a
- Move upstreamed ALSA, BT and input patches into sorted section
- commit d4e3d80
- x86/speculation: Restore speculation related MSRs during S3
resume (bsc#1198400).
- commit aece496
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- commit 087a75e
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- commit cb1ef60
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- commit e6f7c40
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- commit 5770b13
- blacklist.conf: ("/arm64: dts: rockchip: fix audio-supply for Rock Pi 4"/)
- commit 65a864d
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- commit 66efebd
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- commit 1a4266e
- x86/pm: Save the MSR validity status at context setup
(bsc#1198400).
- commit 2364cfa
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- commit 45ad518
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- commit 470d68d
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- commit 9b2d9f5
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- commit 146ef42
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- commit 027cf90
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- commit 6684287
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- commit 4fac006
- blacklist.conf: ("/arm64/mm: Fix ttbr0 values stored in struct thread_info for"/)
- commit db10f73
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- commit c603535
- arm64: dts: ls1028a: fix memory node (git-fixes)
- commit 578cf73
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit 61796af
- direct-io: defer alignment check until after the EOF check
(bsc#1197656).
- commit 709fa3b
- direct-io: don't force writeback for reads beyond EOF
(bsc#1197656).
- commit 8628885
- direct-io: clean up error paths of do_blockdev_direct_IO
(bsc#1197656).
- commit 16ec2fe
- xen: fix is_xen_pmu() (git-fixes).
- commit b66d3d5
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c15cd4
- blacklist.conf: add 1dbd11ca75 ("/xen: remove gnttab_query_foreign_access()"/)
- commit f877952
- powerpc/perf: Expose Performance Monitor Counter SPR's as part
of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events
struct (bsc#1198077 ltc#197299).
- commit 141f049
- Update
patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
references (add CVE-2022-28356 bsc#1197391).
- commit bf5ad66
- cifs: fix bad fids sent over wire (bsc#1197157).
- commit 604b674
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit e700718
- s390/tape: fix timer initialization in tape_std_assign()
(bsc#1197677 LTC#197378).
- commit cc6ef16
- drm: drm_file struct kABI compatibility workaround
(bsc#1197914).
- commit dd24982
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
(bsc#1197914).
- drm: add a locked version of drm_is_current_master
(bsc#1197914).
- commit 82a498a
- drm: drm_file struct kABI compatibility workaround
(bsc#1197914).
- commit 7d8a3b5
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
(bsc#1197914).
- drm: add a locked version of drm_is_current_master
(bsc#1197914).
- commit 05fda16
- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
- commit 8d52c36
- Reinstate some of "/swiotlb: rework "/fix info leak with
DMA_FROM_DEVICE"/"/ (CVE-2022-0854 bsc#1196823).
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
bsc#1196823).
- commit ff554b5
- blacklist.conf: list unneeded commit
- commit 27adcc4
- NFSv4/pNFS: Fix another issue with a list iterator pointing
to the head (git-fixes).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
(git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent()
(git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors
(git-fixes).
- commit 0460a48
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016 bsc#1197227).
- commit 7111961
- Delete
patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
This was the original work-in-progress patch for CVE-2022-0435 /
bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
("/tipc: improve size validations for received domain records"/) was added as
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
this patch was left in place. As it adds the check a bit later than
upstream fix, it did not cause a conflict so nobody noticed the duplicity.
- commit ef08708
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit 2237578
- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028).
- commit 49e69cc
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027).
- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205
bsc#1198027).
- ax25: Fix NULL pointer dereferences in ax25 timers
(CVE-2022-1205 bsc#1198027).
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205
bsc#1198027).
- ax25: fix UAF bugs of net_device caused by rebinding operation
(CVE-2022-1205 bsc#1198027).
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205
bsc#1198027).
- commit cfa1c37
- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028)
- commit 1b5a483
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199
bsc#1198028).
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199
bsc#1198028).
- commit f30e94a
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(CVE-2022-1198 bsc#1198030).
- commit 6da2b7d
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195
bsc#1198029).
- commit fcd70e2
- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195
bsc#1198029).
- hamradio: defer 6pack kfree after unregister_netdev
(CVE-2022-1195 bsc#1198029).
- hamradio: defer ax25 kfree after unregister_netdev
(CVE-2022-1195 bsc#1198029).
- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195
bsc#1198029).
- commit d30e348
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28390 bsc#1198031).
- commit d6e6523
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time
(bsc#1180153).
- commit 96da58a
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit bd0a18b
- KVM: SVM: Don't flush cache if hardware enforces cache coherency
across encryption domains (bsc#1178134).
- commit 706a179
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit e2095ad
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
(bsc#1156395).
- commit 130da3b
- mm/page_alloc.c: do not warn allocation failure on zone DMA
if no managed pages (bsc#1197501).
- dma/pool: create dma atomic pool only if dma zone has managed
pages (bsc#1197501).
- mm_zone: add function to check if managed dma zone exists
(bsc#1197501).
- commit c0f79a1
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
(git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled
(git-fixes).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
(git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
(git-fixes).
- commit 972eb7f
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
(bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
(bsc#1197675 bsc#1196478).
- commit 6fc0429
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (git-fixes).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (git-fixes).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
pwmchip_add() (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in
adsp_alloc_memory_region (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
(git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
(git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: actions: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- commit 01f6f64
- printk: disable optimistic spin during panic (bsc#1197894).
- commit 0716386
- printk: Add panic_in_progress helper (bsc#1197894).
- commit f29520c
- blacklist.conf: printk: cosmetic problem
- commit eabafef
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- commit dcd324e
- btrfs: Remove unnecessary check from join_running_log_trans
(bsc#1194649).
- commit dc4697b
- btrfs: do not commit delayed inode when logging a file in full
sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name
exists (bsc#1194649).
- commit b03bb01
- Revert "/module, async: async_synchronize_full() on module init
iff async is used"/ (bsc#1197888).
- commit 2252be2
- btrfs: avoid unnecessary lock and leaf splits when updating
inode in the log (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing
log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
(bsc#1194649).
- commit c49b58c
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
(bsc#1194649).
- commit bcb58d4
- btrfs: check error value from btrfs_update_inode in tree log
(bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts
(bsc#1194649).
- commit 215b0a5
- btrfs: remove unnecessary directory inode item update when
deleting dir entry (bsc#1194649).
- commit ebbb134
- x86/mm/pat: Don't flush cache if hardware enforces cache
coherency across encryption domnains (bsc#1178134).
- commit ed78280
- btrfs: fix race leading to unnecessary transaction commit when
logging inode (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction
commit (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor
inodes (bsc#1194649).
- btrfs: fix race that results in logging old extents during a
fast fsync (bsc#1194649).
- commit 54994e0
- scsi: lpfc: Copyright updates for 14.2.0.0 patches
(bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the
FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to
native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
(bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
(bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call
(bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1197675).
- commit e642242
- btrfs: check if a log tree exists at inode_logged()
(bsc#1194649).
- commit 1fd0acd
- btrfs: remove no longer needed full sync flag check at
inode_logged() (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode
was logged (bsc#1194649).
- commit df30719
- btrfs: skip unnecessary searches for xattrs when logging an
inode (bsc#1194649).
- commit e2ffdf0
- btrfs: check if a log root exists before locking the log_mutex
on unlink (bsc#1194649).
- Refresh
patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
- commit 2097b4a
- ext2: correct max file size computing (bsc#1197820).
- commit f1d2053
- block/wbt: fix negative inflight counter when remove scsi device
(bsc#1197819).
- commit 6f18f30
- block: update io_ticks when io hang (bsc#1197817).
- commit 4ee5ce6
- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815).
- commit 0c58e0d
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- commit 18f264d
- ecryptfs: Fix typo in message (bsc#1197811).
- commit 9a64b6f
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 2d63590
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit db7647d
- bpf: Remove config check to enable bpf support for branch
records (git-fixes bsc#1177028).
- commit 5fff22c
- net: sched: fix use-after-free in tc_new_tfilter()
(CVE-2022-1055 bsc#1197702).
- commit 4c7dc78
- net: mcs7830: handle usb read errors properly (git-fixes).
- commit b5b4cb6
- blacklist.conf: kABI
- commit 79d1df3
- blacklist.conf: cleanup, not a bugfix
- commit 3a5b1ab
- blacklist.conf: cleanup, not a bugfix
- commit a1c1b85
- Revert "/usb: dwc3: gadget: Use list_replace_init() before
traversing lists"/ (git-fixes).
- commit 978c488
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
(bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID
processing (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
(bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix crash during module load unload test
(bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
(bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management
failure (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state
(bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str
(bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- commit d7f7c48
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1065729).
- commit 14ca561
- usb: bdc: Fix a resource leak in the error handling path of
'bdc_probe()' (git-fixes).
- commit b8afee8
- usb: bdc: remove duplicated error message (git-fixes).
- commit 3971aef
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- commit 0a2966f
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- commit f4c7fea
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- commit 3293f5c
- usb: gadget: bdc: use readl_poll_timeout() to simplify code
(git-fixes).
- commit 686f431
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling
(git-fixes).
- serial: 8250_lpss: Balance reference count for PCI DMA device
(git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device
(git-fixes).
- serial: core: Fix the definition name in the comment of UPF_*
flags (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake
(git-fixes).
- misc: sgi-gru: Don't cast parameter in bit operations
(git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in
rockchip_pinctrl_probe (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
(git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
(git-fixes).
- pinctrl: mediatek: paris: Fix "/argument"/ argument type for
mtk_pinconf_get() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
(git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
ARRAY_SIZE() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- commit ed99607
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
- commit d8de3ca
- driver core: dd: fix return value of __setup handler
(git-fixes).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- iio: accel: mma8452: use the correct logic to get mma8452_data
(git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit
reversing (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations
(git-fixes).
- iio: inkern: make a best effort on offset calculation
(git-fixes).
- iio: inkern: apply consumer scale when no channel scale is
available (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
(git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97
codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
(git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
NT-USB (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
(git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface
Go 3 (git-fixes).
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
(git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- commit 34d0dc9
- blacklist.conf: Add 1e9d74660d4d "/bpf: Fix mount source show for bpffs"/
Missing required dependency
- commit 5a8e47e
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(git-fixes).
- commit 36f2c3d
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
(git-fixes).
- commit b94b06c
- x86/cpu: Add hardware-enforced cache coherency as a CPUID
feature (bsc#1178134).
- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature.
- commit 9b8fd9f
- Metadata update
- commit 20a72ea
- Revert "/Input: clear BTN_RIGHT/MIDDLE on buttonpads"/
(bsc#1197243).
- commit 1e324a1
- Drop HID multitouch fix patch (bsc#1197243)
Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
Replaced with another revert patch.
- commit 169cf98
- usb: dwc3: qcom: add IRQ check (git-fixes).
- commit 0f04f35
- usb: dwc3: gadget: Use list_replace_init() before traversing
lists (git-fixes).
- commit fa45b43
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
- commit 6c80c92
- Add CVE tags to
patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
(bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit f3cb08f
- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP
- commit ae70ffd
- drm/i915/gem: add missing boundary check in vm_access
(git-fixes).
- commit 99cd925
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- commit 9c986de
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
(git-fixes).
- commit 38ac9a8
- Refresh
patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch.
Alt-commit
- commit 81cf826
- Refresh
patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch.
Alt-commit
- commit 9f55faf
- Refresh
patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch.
Alt-commit
- commit eb12d1f
- drm/amd/display: Add affected crtcs to atomic state for dsc
mst unplug (git-fixes).
- commit 1b3e76b
- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don't offset by 2 in FRU EEPROM
- commit 6877985
- drm/amd/pm: return -ENOTSUPP if there is no
get_dpm_ultimate_freq function (git-fixes).
- commit fb7d1f2
- drm/nouveau/acr: Fix undefined behavior in
nvkm_acr_hsfw_load_bl() (git-fixes).
- commit 4a1a717
- drm/doc: overview before functions for drm_writeback.c
(git-fixes).
- commit 6d05b7f
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- commit 8027fb9
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
nwl_dsi_probe (git-fixes).
- commit c253ca8
- drm/meson: Fix error handling when afbcd.ops->init fails
(git-fixes).
- commit 42a3562
- drm/meson: osd_afbcd: Add an exit callback to struct
meson_afbcd_ops (git-fixes).
- commit f2138e4
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- commit 4765cfb
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- commit 047d2b7
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
as vbG200 to avoid black screen (git-fixes).
- commit 3094fd1
- drm/vc4: crtc: Make sure the HDMI controller is powered when
disabling (git-fixes).
- commit 0e082ec
- esp: Fix possible buffer overflow in ESP transformation
(bsc#1197131 CVE-2022-0886 CVE-2022-27666).
- commit 39a5891
- Update
patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch
(bsc#1194589 bsc#1197366 CVE-2021-45868).
- commit 1a6f8a7
- pinctrl: samsung: drop pin banks references on error paths
(git-fixes).
- memory: emif: check the pointer temp in get_device_details()
(git-fixes).
- memory: emif: Add check for setup_interrupts (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc
(git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
(git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe()
(git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (git-fixes).
- media: Revert "/media: em28xx: add missing
em28xx_close_extension"/ (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame
(git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: hantro: Fix overfill bottom register field name
(git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
(git-fixes).
- media: bttv: fix WARNING regression on tunerless devices
(git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
(git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
(git-fixes).
- video: fbdev: atmel_lcdfb: fix an error code in
atmel_lcdfb_probe() (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
(git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
as vbG200 to avoid black screen (git-fixes).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers
(git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and
suspend functions (git-fixes).
- commit 33bac97
- firmware: qcom: scm: Remove reassignment to desc following
initializer (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
(git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
wcd934x_codec_parse_data (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
in msm8916_wcd_digital_probe (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
(git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config()
callback (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: atmel: Add missing of_node_put() in
at91sam9g20ek_audio_probe (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp() (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
(git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
(git-fixes).
- ASoC: topology: Allow TLV control to be either read or write
(git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ASoC: codecs: wcd934x: fix return value of
wcd934x_rx_hph_mode_put (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
transaction (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
(git-fixes).
- commit 364280e
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit 0f1f53e
- cifs: use the correct max-length for dentry_path_raw()
(bsc1196196).
- commit d014f56
- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
- commit 2d7347b
- config: enable DEBUG_INFO_BTF
This option allows users to access the btf type information for vmlinux
but not kernel modules.
- commit fb07e10
- quota: check block number when reading the block in quota file
(bsc#1197366 CVE-2021-45868).
- commit a7d4915
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 8a9b87d
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 12628f8
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit aee063f
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- commit 8c138d0
- fuse: handle kABI change in struct fuse_args (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit 112493c
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
(git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
(git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings
(git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
(git-fixes).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels
(git-fixes).
- crypto: cavium/nitrox - don't cast parameter in bit operations
(git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes).
- crypto: qat - don't cast parameter in bit operations
(git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
(git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in
pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check
(git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source
scatterlist (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup()
(git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment
(git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource
documentation (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
(git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler
(git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no
more references (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap
in timer_of_base_init() (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting
udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in
rndis_set_response() (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to
connector (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT
(git-fixes).
- iwlwifi: don't advertise TWT support (git-fixes).
- mac80211: refuse aggregations sessions before authorized
(git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
device when fully ready (git-fixes).
- commit 240077f
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- commit 4fc5228
- blacklist.conf: Add 2ecedd756908 ("/membarrier: Add an actual barrier before rseq_preempt()"/)
- commit e7a5059
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- commit 3a3c855
- netfilter: conntrack: don't refresh sctp entries in closed state
(bsc#1197389).
- commit d30cf2f
- NFS: Do not report writeback errors in nfs_getattr()
(git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field
(git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Don't skip directory entries when doing uncached readdir
(git-fixes).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
client (git-fixes).
- NFS: Ensure the server has an up to date ctime before
hardlinking (git-fixes).
- commit 0dffa33
- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3
- commit 7de8046
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- net: hns3: add a check for tqp_index in
hclge_get_ring_chain_from_mbx() (git-fixes).
- commit 197c612
- net: watchdog: hold device global xmit lock during tx disable
(git-fixes).
- commit 5f626af
- net: stmmac: set TxQ mode back to DCB after disabling CBS
(git-fixes).
- commit 64e0e15
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- commit 48628ab
- net: dsa: mv88e6xxx: override existent unicast portvec in
port_fdb_add (git-fixes).
- commit d733e4e
- team: protect features update by RCU to avoid deadlock
(git-fixes).
- commit 0917ada
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- commit e20b4bd
- Update config files.
- commit 5e3d4fd
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- commit 2e1e919
- drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check() (git-fixes).
- commit 37de9a5
- macros.kernel-source: Fix conditional expansion.
Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- ibmvnic: fix race between xmit and reset (bsc#1197302
ltc#197259).
- commit 1372669
- Revert "/Revert "/build initrd without systemd"/ (bsc#1197300)"/
This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd.
- commit 72ed14f
- Update config files (bsc#1195926 bsc#1175667).
VIRTIO_PCI=m -> VIRTIO_PCI=y
- commit 3edad5c
- Revert "/Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/"/
This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15.
Which was propagated from my local local tree. Restore the commit
- commit ee9cedc
- rpm: Use bash for %() expansion (jsc#SLE-18234).
Since 15.4 alternatives for /bin/sh are provided by packages
<something>-sh. While the interpreter for the build script can be
selected the interpreter for %() cannot.
The kernel spec files use bashisms in %().
While this could technically be fixed there is more serious underlying
problem: neither bash nor any of the alternatives are 100% POSIX
compliant nor bug-free.
It is not my intent to maintain bug compatibility with any number of
shells for shell scripts embedded in the kernel spec file. The spec file
syntax is not documented so embedding the shell script in it causes some
unspecified transformation to be applied to it. That means that
ultimately any changes must be tested by building the kernel, n times if
n shells are supported.
To reduce maintenance effort require that bash is used for kernel build
always.
- commit bb95fef
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1178134).
- Refresh
patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch.
- commit 8588aa6
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- commit 5c5db21
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1178134).
- commit a719566
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
(bsc#1197243).
- commit 53c2db3
- Sort in upstreamed BHB patches
- Refresh
patches.suse/documentation-hw-vuln-update-spectre-doc.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch.
- commit 4062a7a
- s390/mm: fix VMA and page table handling code in storage key
handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
(git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
(git-fixes).
- commit 808c094
- Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/
This reverts commit 1da843983718d4cfdd652a76e428abee98e37450.
- commit f349b81
- Revert "/build initrd without systemd"/ (bsc#1197300)
This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76.
It seems to be the cause of a stall in OBS build that resulted in
the failure with obs-build-qa (and possibly others).
- commit ff2b28e
- net/smc: Reset conn->lgr when link group registration fails
(git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early
(git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- commit 759dc2b
- blacklist.conf: net/smc cleanup with no functional change
- commit 5a33cbb
- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245)
- commit fd3b6e8
- s390/hypfs: include z/VM guests with access control group set
(bsc#1195640 LTC#196352).
- commit 598f26f
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- commit 1580ab2
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- commit 1cdc779
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 891ddc4
- rpm: Run external scriptlets on uninstall only when available
(bsc#1196514 bsc#1196114 bsc#1196942).
When dependency cycles are encountered package dependencies may not be
fulfilled during zypper transaction at the time scriptlets are run.
This is a problem for kernel scriptlets provided by suse-module-tools
when migrating to a SLE release that provides these scriptlets only as
part of LTSS. The suse-module-tools that provides kernel scriptlets may
be removed early causing migration to fail.
- commit ab8dd2d
- sr9700: sanity check for packet length (bsc#1196836
CVE-2022-26966).
- commit edaafdd
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- commit bc1865f
- blacklist.conf: prerequisites break kABI
- commit d0b972b
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- s390/kexec_file: fix error handling when applying relocations
(git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- commit 2f0dd10
- s390/bpf: Perform r1 range checking before accessing
jit->seen_reg (git-fixes).
- commit 1cc7c78
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- commit 3863766
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- commit 9d7504f
- aio: fix use-after-free due to missing POLLFREE handling
(CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
(CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- commit 5ad82f7
- usb: dwc3: meson-g12a: Disable the regulator in the error
handling path of the probe (git-fixes).
- commit 6109544
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- commit 44ceec6
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- bpf, selftests: Add test case trying to taint map value pointer
(bsc#1196130,CVE-2021-45402).
- bpf: Make 32->64 bounds propagation slightly more robust
(bsc#1196130,CVE-2021-45402).
- bpf: Fix signed bounds propagation after mov32
(bsc#1196130,CVE-2021-45402).
- commit 63a6298
- net: phy: DP83822: clear MISR2 register to disable interrupts
(git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
(git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete
(git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
(git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx()
(git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit ea6e976
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1178134).
- commit c292d6b
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- EDAC/altera: Fix deferred probing (bsc#1178134).
- commit 13cc9b2
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (git-fixes).
- commit f4a5de3
- usb: host: xen-hcd: add missing unlock in error path
(git-fixes).
- commit daa9ea7
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- commit 8823060
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 504b440
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1176774).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1176447).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1181147).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case
(jsc#SLE-15176).
- net/mlx5e: TC, Reject rules with forward and drop actions
(git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (jsc#SLE-15172).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1176447).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(git-fixes).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (jsc#SLE-15172).
- bonding: force carrier update when releasing slave (git-fixes).
- RDMA/mlx4: Don't continue event handler after memory allocation
failure (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
(git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
empty entry (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty
entry (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for
private_data_len (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling
RCFW with pending cmd-bit"/ (git-fixes).
- RDMA/core: Don't infoleak GRH fields (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
(git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- commit 5d0d3c3
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 954cba8
- usb: hub: Fix usb enumeration issue due to address0 race
(git-fixes).
- commit 831632a
- USB: hub: Clean up use of port initialization schemes and
retries (git-fixes).
- commit 39e09e3
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433
ltc#196449).
- commit 5cf33af
- mask out added spinlock in rndis_params (git-fixes).
- commit cf77fd5
- usb: gadget: rndis: add spinlock for rndis response list
(git-fixes).
- commit 6500e0b
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(git-fixes).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound
(git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound
(git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- commit add4eb4
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
(git-fixes).
- scsi: ufs: Fix race conditions related to driver data
(git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(git-fixes).
- commit 2185cf5
- Add SCSI git-fix to blacklist: too pervasive
- commit 3f4a3f6
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 511f680
- cgroup/cpuset: Fix "/suspicious RCU usage"/ lockdep warning
(bsc#1196868).
- commit 30013c2
- cpuset: Fix the bug that subpart_cpus updated wrongly in
update_cpumask() (bsc#1196866).
- commit 8ee9c97
- blacklist.conf: prerequisites break kABI
- commit 88b00ea
- blacklist.conf: kABI
- commit 11980b2
- blacklist.conf: patch not applicable due to missing infrastructure
- commit be9f64f
- usb: dwc2: use well defined macros for power_down (git-fixes).
- commit 781db9c
- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 59d5e34
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- commit f6cf219
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit b360f79
- sched/core: Mitigate race (git-fixes)
- commit d6e526f
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- commit 3b82dc0
- blacklist.conf: Blacklist uclamp related fixes
- commit af69679
- sr9700: sanity check for packet length (bsc#1196836).
- commit 558034f
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 184ff86
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files
(git-fixes).
- commit f1e7b8d
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit fd10ace
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during
load (git-fixes).
- commit 8b4713c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- Update
patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch
(bsc#1195612 CVE-2022-24448).
- Update
patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
(bsc#1194888 CVE-2022-0644 bsc#1196155).
- commit 096ea36
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(git-fixes).
- commit 46ecf36
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- commit 0f3e3c7
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
Deleted:
patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
- vrf: Fix fast path output packet handling with async Netfilter
rules (git-fixes).
- commit 4dafe3d
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- commit 2d08f14
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
advertisement (git-fixes).
- commit 644c57f
- net: hns3: Clear the CMDQ registers before unmapping BAR region
(git-fixes).
- commit 09653f6
- netsec: ignore 'phy-mode' device property on ACPI systems
(git-fixes).
- commit b2241ca
- net: sfc: Replace in_interrupt() usage (git-fixes).
- commit 254377d
- gtp: remove useless rcu_read_lock() (git-fixes).
- commit 2588833
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
configuration (git-fixes).
- commit 28ecaea
- Refresh
patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch.
- Refresh
patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch.
- Refresh
patches.suse/ibmvnic-complete-init_done-on-transport-events.patch.
- Refresh
patches.suse/ibmvnic-define-flush_reset_queue-helper.patch.
- Refresh
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch.
- Refresh
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch.
- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch.
- Refresh
patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch.
- Refresh
patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch.
- Refresh
patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch.
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 25457d5
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1196299 CVE-2022-25636).
- commit 30b89a9
- batman-adv: Don't expect inter-netns unique iflink indices
(git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check
(git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection
(git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
(git-fixes).
- commit 1c8fa49
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1196723).
- commit 3d0b2e2
- blacklist.conf: Add 51e50fbd3efc psi: fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit 2727993
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set
(git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- USB: gadget: validate interface OS descriptor requests
(git-fixes).
- commit a54291e
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
(bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 59ca885
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 6dcfd65
- blk-mq: don't free tags if the tag_set is used by other device
in queue initialztion (bsc#1193787).
- commit 5b79ad2
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- powerpc/fadump: register for fadump as early as possible
(bsc#1179439 ltc#190038).
- commit 3f54d95
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/pseries/iommu: Fix window size for direct mapping with
pmem (bsc#1196472 ltc#192278).
- powerpc/dma: Fallback to dma_ops when persistent memory present
(bsc#1196472 ltc#192278).
Update config files.
- dma-mapping: Allow mixing bypass and mapped DMA operation
(bsc#1196472 ltc#192278).
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
ltc#192278).
- commit a04953d
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit b546cd9
- arm64: Mitigate spectre style branch history side channels
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Update config files.
- commit d035616
- KVM: arm64: Add templates for BHB mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 8c9b0c2
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit c3c4a06
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
CVE-2022-0002).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 284cd49
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 4f3bbf5
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
(git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(git-fixes).
- efivars: Respect "/block"/ flag in efivar_entry_set_safe()
(git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger
(git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (git-fixes).
- tty: n_gsm: fix proper link termination after failed open
(git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV
(git-fixes).
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
(git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- commit c381750
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- ibmvnic: Allow queueing resets during probe (bsc#1196516
ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
ltc#196391).
- commit 1cc99d0
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- commit 92ab7ec
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- commit a3c85e9
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (git-fixes).
- nvme: don't return an error from nvme_configure_metadata
(git-fixes).
- nvme: let namespace probing continue for unsupported features
(git-fixes).
- commit a5b2a87
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
(bsc#1193787 git-fixes).
- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
(bsc#1193787 git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue
(bsc#1193787).
- commit cc53802
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (git-fixes).
- commit 209cee8
- drm/i915: Correctly populate use_sagv_wm for all pipes
(git-fixes).
- commit 5d7b5fe
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
LTC#194674).
- KVM: remember position in kvm->vcpus array (bsc#1190972
LTC#194674).
- commit 81f3dbb
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
bit (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
(bsc#1195081 LTC#196088).
- commit 0ce3482
- s390/cio: verify the driver availability for path_event call
(bsc#1195928 LTC#196418).
- commit 4741f1a
- scsi: zfcp: Fix failed recovery on gone remote port with
non-NPIV FCP devices (bsc#1195378 LTC#196244).
- commit 6fb3d19
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
LTC#195540).
- commit 79f1350
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
LTC#196028).
- commit 512e596
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
LTC#195549).
- commit 6f84bff
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
ltc#196449).
- commit 72793cf
- block: do not send a rezise udev event for hidden block device
(bsc#1193096).
- commit c3addda
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- commit 542287e
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(git-fixes).
- commit 774f927
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
ltc#195815).
- commit 7099d61
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- commit 9b7f6a6
- ext4: check for inconsistent extents between index and leaf
block (bsc#1194163 bsc#1196339).
- commit 8a25180
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit b72afd9
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
(git-fixes).
- mtd: rawnand: gpmi: don't leak PM reference in error path
(git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(git-fixes).
- ASoC: Revert "/ASoC: mediatek: Check for error clk pointer"/
(git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw() (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
(git-fixes).
- ALSA: hda: Fix regression on forced probe mask option
(git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(git-fixes).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
(git-fixes).
- commit ea7f847
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- blk-tag: Hide spin_lock (bsc#1193787).
- commit 78741a7
- blk-mq: clearing flush request reference in tags->rqs
(bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one
request pool (bsc#1193787).
- blk-mq: grab rq->refcount before calling ->fn in
blk_mq_tagset_busy_iter (bsc#1193787).
- block: avoid double io accounting for flush request
(bsc#1193787).
- block: mark flush request as IDLE when it is really finished
(bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io()
(bsc#1193787).
- commit 2d33352
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- commit 445785b
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- commit 436acc9
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- commit a9ec6c0
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
- commit ace9b16
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- commit 4beb0b0
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
- commit 41c6188
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- commit b25996b
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- commit f36b423
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- commit ef6e83a
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- commit 718c631
- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
- commit 142c6ac
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
(git-fixes).
- iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping() (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown
(git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
(git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume
(git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
allocation failure (git-fixes).
- commit 50e60e3
- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
- commit b7dc18b
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- net/ibmvnic: Cleanup workaround doing an EOI after partition
migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit 0dfd4da
- drm/i915/opregion: check port number bounds for SWSCI display
power state (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
(git-fixes).
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
devices (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: Fix MDI-x polarity setting in
88e1118-compatible PHYs (git-fixes).
- usb: dwc2: gadget: don't try to disable ep0 in
dwc2_hsotg_suspend (git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
OneXPlayer (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118
(git-fixes).
- commit cc7a24c
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- commit 9af94a7
- USB: gadget: validate interface OS descriptor requests
(CVE-2022-25258 bsc#1196095).
- commit 4c69367
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
Also update blacklist
- commit 4f68062
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
(bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- commit 4a8e1e2
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
(bsc#1195506).
- commit c74c330
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- commit 8ef8f22
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- commit bcd3697
- powerpc/pseries: read the lpar name from the firmware
(bsc#1187716 ltc#193451).
- commit 181541b
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit c964381
- powerpc: add link stack flush mitigation status in debugfs
(bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- commit 5862a79
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit 11e3668
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1195012).
- commit 4d29ac4
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 73dbd5c
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
(bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
(bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
(bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
(bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
(bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
(bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit c358f38
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
(bsc#1176447).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF
(git-fixes).
- RDMA/cma: Use correct address when leaving multicast group
(bsc#1181147).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(git-fixes).
- commit 679175c
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(git-fixes).
- commit 546d043
- tracing: Don't inc err_log entry count if entry allocation fails
(git-fixes).
- commit 5c45742
- tracing: Propagate is_signed to expression (git-fixes).
- commit a834cba
- blacklist.conf: b59f2f2b865c ("/tracing: Fix smatch warning for do while check in event_hist_trigger_parse()"/)
Cosmetic only.
- commit f0fcec9
- tracing: Fix smatch warning for null glob in
event_hist_trigger_parse() (git-fixes).
- commit 329e4ac
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
bsc#1198484)
Let's iron out the reduced initrd optimisation in Tumbleweed.
Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 877b9c1
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- misc: fastrpc: avoid double fput() on failed usercopy
(git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
(git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
(git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
transition (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields
(git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
Master (newer chipset) (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
X570 ALC1220 quirks (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- commit 033cee4
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- commit 7b9eed7
- blacklist.conf: misattributed upstream
- commit f62cf37
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- commit a103972
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit 96dda76
- scsi: target: iscsi: Fix cmd abort fabric stop race
(bsc#1195286).
- commit 52d26b6
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- commit 3d90f3c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- commit c0baca0
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- commit 9308a14
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- s390/protvirt: fix error return code in uv_info_init()
(jsc#SLE-22135).
- commit 7f8b088
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- commit 004f3c6
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1195516 CVE-2022-0516).
- commit d46602b
- ceph: set pool_ns in new inode layout for async creates
(bsc#1195799).
- ceph: properly put ceph_string reference after async create
attempt (bsc#1195798).
- commit 8f44ef0
- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
- commit 9acc804
- s390/uv: fix prot virt host indication compilation
(jsc#SLE-22135).
- s390/uv: add prot virt guest/host indication files
(jsc#SLE-22135).
- commit f479d35
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- commit ea4d32b
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed
(bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode
(bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup
(bsc#1195211).
- commit d7995a2
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
ltc#195811).
- commit 902d854
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit ccd41ed
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 413d689
- RDMA/ucma: Protect mc during concurrent multicast leaves
(bsc#1181147).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(jsc#SLE-15172).
- gve: fix the wrong AdminQ buffer queue index check
(bsc#1176940).
- gve: Fix GFP flags when allocing pages (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- commit 6aa87c4
- Update patch reference for HD-audio fix (bsc#1183872)
- commit 1e16eaa
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
- commit 2492c7d
- mmc: sdhci-of-esdhc: Check for error num after setting mask
(git-fixes).
- ima: Do not print policy rule with inactive LSM labels
(git-fixes).
- ima: Allow template selection with ima_template[_fmt]= after
ima_hash= (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: check the return value of audit_log_start()
(git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- commit a8bf0cb
- RDMA/core: Always release restrack object (git-fixes)
- commit a4c74f1
- RDMA/siw: Release xarray entry (git-fixes)
- commit cfa201c
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit 06f1504
- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
- commit 2bfec1b
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
(git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- commit 5e3ed1a
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
LTC#194816).
- commit 5aa085e
- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
- commit 5b20187
- powerpc/perf: Fix power_pmu_disable to call
clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
- commit a08ca77
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- commit 82ce09e
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- commit 4b56cb2
- RDMA/core: Don't access cm_id after its destruction (git-fixes)
- commit 4a117e6
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- commit 875e0ed
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- commit 07c8b4d
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- commit d84b45b
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- commit 8c226d5
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- commit a7eff62
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- commit 2db1c84
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- commit 591cdce
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- commit e5e3d6f
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- commit 76267d4
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- commit 270bb46
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- commit 05c0e16
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- commit d86d9cb
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- commit fa7abfc
- RDMA/addr: Be strict with gid size (git-fixes)
- commit 0b96850
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- commit 0f86491
- IB/mlx5: Add missing error code (git-fixes)
- commit 06919f0
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- commit 1cb9b27
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- commit 35656e8
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- commit 328cd44
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- commit ad066a1
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- commit 6a7743e
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- commit 671cb83
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- commit 2186e0a
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- commit ba2e4e5
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- commit 0fc8532
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- commit 1beb1a9
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- commit b747600
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- commit d209b75
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- commit 1bcb139
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- commit 000358b
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- commit a95b8b5
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- commit c125ce0
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes)
- commit 717d46c
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- commit e2b003d
- Input: wm97xx: Simplify resource management (git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe
(git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put()
(git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling
of_get_child_by_name (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple
of period bytes (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors
(git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling
(git-fixes).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking
(git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a
preconfigured line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- commit 78392e2
- nvme: fix use after free when disconnecting a reconnecting ctrl
(git-fixes).
- commit 6b18639
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(git-fixes).
- commit 64fba5e
- nvme-tcp: fix possible use-after-completion (git-fixes).
- commit 656adbf
- nvme-fabrics: avoid double completions in
nvmf_fail_nonready_command (git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for
nvme_init_ns_head (git-fixes).
- commit 35ee4c2
- Refresh patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch.
Update upstream info
- commit 7228799
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails
(git-fixes).
- NFS: Ensure the server has an up to date ctime before renaming
(git-fixes).
- commit 1b23644
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- commit af99987
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (bsc#1195481).
- commit 1d9f7ed
- ext4: fix an use-after-free issue about data=journal writeback
mode (bsc#1195482).
- commit dec4e3b
- ext4: make sure quota gets properly shutdown on error
(bsc#1195480).
- commit 37600f0
- blacklist.conf: blacklist 4013d47a5307
- commit 3d0f1d1
- fsnotify: fix fsnotify hooks in pseudo filesystems
(bsc#1195479).
- commit 3ed7ace
- fsnotify: invalidate dcache before IN_DELETE event
(bsc#1195478).
- commit 776f92d
- udf: Restore i_lenAlloc when inode expansion fails
(bsc#1195477).
- commit fa5618c
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1195476).
- commit 26d7db1
- blacklist.conf: Blacklist ee12595147ac
- commit 1e354ac
- USB: serial: mos7840: fix probe error handling (git-fixes).
- commit 3875819
- xhci-pci: Allow host runtime PM as default for Intel Alpine
Ridge LP (git-fixes).
- commit 7bdac2d
- Update patch reference for radeon regression fix (bsc#1195142)
- commit 3e139f1
- spi: mediatek: Avoid NULL pointer crash in interrupt
(git-fixes).
- spi: bcm-qspi: check for valid cs before applying chip select
(git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe
(git-fixes).
- tty: Add support for Brainboxes UC cards (git-fixes).
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(git-fixes).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
(git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks()
(git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
(git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and
cdev (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev
and cdev (git-fixes).
- Bluetooth: refactor malicious adv data check (git-fixes).
- commit 0420ac4
- Update
patches.suse/bonding-fix-null-dereference-in-bond_ipsec_add_sa.patch
(bsc#1176447 bsc#1195371 CVE-2022-0286).
Added CVE reference.
- commit e1eaedd
- net: bridge: vlan: fix memory leak in __allowed_ingress
(bsc#1176447).
- net: bridge: vlan: fix single net device option dumping
(bsc#1176447).
- net: sfp: fix high power modules without diagnostic monitoring
(bsc#1154353).
- net: bonding: fix bond_xmit_broadcast return value error bug
(bsc#1176447).
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- Revert "/net/mlx5e: Block offload of outer header csum for GRE
tunnel"/ (git-fixes).
- Revert "/net/mlx5e: Block offload of outer header csum for UDP
tunnels"/ (git-fixes).
- igc: Fix TX timestamp support for non-MSI-X platforms
(bsc#1160634).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW
steering (jsc#SLE-8464).
- vxlan: fix error return code in __vxlan_dev_create()
(bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- net/mlx5e: Protect encap route dev from concurrent release
(jsc#SLE-8464).
- mlxsw: Only advertise link modes supported by both driver and
device (bsc#1154488).
- commit 8d79e55
- Refresh patches.suse/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch.
Remove duplicated tag.
- commit 6c506e7
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of
overwriting (git-fixes).
- commit 644966c
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- drm/etnaviv: relax submit size limits (git-fixes).
- commit de0ae66
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for
USB_SPEED_SUPER_PLUS (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off
(git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue
(git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
(git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA
controller (git-fixes).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY
register (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links
transit to U0 (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files
(git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync
(git-fixes).
- serial: pl010: Drop CR register reset on set_termios
(git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice
(git-fixes).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
(git-fixes).
- regulator: qcom_smd: Align probe function with rpmh-regulator
(git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for
nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting
for i.MX6 (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
(git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling
(git-fixes).
- commit ceccaf4
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- i2c: i801: Don't silently correct invalid transfer size
(git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already
in use (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found
(git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values
(git-fixes).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- iwlwifi: fix leaks/bad data after failed firmware load
(git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
(git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands
(git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference
in hexium_attach() (git-fixes).
- media: igorplugusb: receiver overflow should be reported
(git-fixes).
- media: m920x: don't use stack on USB reads (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference
in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- commit a86fa77
- floppy: Add max size check for user space request (git-fixes).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
(git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
(git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before
registration (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga
Book X91F/L (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y &
CONFIG_DMA_API_DEBUG=y (git-fixes).
- commit d637736
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
(git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in
acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a
row (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers
(git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
(git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START
reply (git-fixes).
- commit b090e4d
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
(git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781
(git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
(git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
(git-fixes).
- ACPI: battery: Add the ThinkPad "/Not Charging"/ quirk
(git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
(git-fixes).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
(git-fixes).
- commit e06c812
- serial: stm32: fix software flow control transfer (git-fixes).
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset
property (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in
__pata_platform_probe() (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
(git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts
(git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- commit 34e1762
- Update patch reference for vgacon patch (CVE-2020-28097 bsc#1187723 jsc#SLE-23485)
- commit 589ca07
- video: hyperv_fb: Fix validation of screen resolution
(git-fixes).
- commit c92ca58
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 5e4e31e
- blacklist.conf: Add e1fbbd073137 prctl: allow to setup brk for et_dyn executables
- commit d38c68f
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- commit 2e27858
- RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes)
- commit 4f52905
- RDMA/core: Do not indicate device ready when device enablement fails (git-fixes)
- commit 8c078d4
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- commit b76b1bf
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- commit 6b9c3b4
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- commit 2d78782
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- commit 555e8b8
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- commit 6546545
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- commit 68f6d87
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- commit 64a081e
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- commit 1f8fac6
- RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (git-fixes)
- commit 09fe3b5
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes)
- commit e969537
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- commit 1d9fde7
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- commit 7b4149b
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- commit a2e5b72
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- commit 8117a96
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- commit 780f173
- update
- commit 8000467
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit 98c27cb
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- Delete
patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch.
which caused a regression (bsc#1194048).
- fix patches.kabi/revert-xfrm-xfrm_state_mtu-should-return-at-least-1280.patch
fixes the resulting KABI change
- Replace with an alternative fix for bsc#1185377
- commit ccdfbb9
- Refresh
patches.suse/ibmvnic-Allow-extra-failures-before-disabling.patch.
- Refresh patches.suse/ibmvnic-don-t-spin-in-tasklet.patch.
- Refresh patches.suse/ibmvnic-init-running_cap_crqs-early.patch.
- Refresh
patches.suse/ibmvnic-remove-unused-wait_capability.patch.
- commit 6439146
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1195267).
- commit 22e9600
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit b93c2a4
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- commit 552f664
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- commit bf95985
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- commit b8c892e
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- commit c13ff0b
- net/packet: rx_owner_map depends on pg_vec (bsc#1195184
CVE-2021-22600).
- commit ef975a8
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a
debugfs entry (bsc#1195183 ltc#193865).
- commit a3b42d2
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 74b4241
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- commit e978276
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- commit 0d3c7d0
- Update
patches.suse/usb-gadget-configfs-Fix-use-after-free-issue-with-ud.patch
(bsc#1193861 CVE-2021-39648).
updated references for a CVE that became known after the fix
had been applied for other reasons
- commit f7fa182
- Update
patches.suse/USB-gadget-detect-too-big-endpoint-0-requests.patch
(bsc#1193802 CVE-2021-39685).
Updated references to a CVE that became known after the fix had
been applied for other reasons
- commit eeaa33a
- crypto: qat - fix undetected PFVF timeout in ACK loop
(git-fixes).
- commit 3cc9984
- asix: fix wrong return value in asix_check_host_enable()
(git-fixes).
- commit 9e94c23
- net: mana: Add RX fencing (bsc#1193506).
- commit aa896c0
- net: mana: Add XDP support (bsc#1193506).
- commit d5e53a9
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- commit f4f411e
- net, xdp: Introduce xdp_prepare_buff utility routine
(bsc#1193506).
- commit aca9d96
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- commit 9770783
- ibmvnic: remove unused ->wait_capability (bsc#1195073
ltc#195713).
- ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: Allow extra failures before disabling (bsc#1195073
ltc#195713).
- commit e820667
- sched/fair: Fix detection of per-CPU kthreads waking a task
(git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- commit 8f3f43a
- blacklist.conf: !SMP configs are not supported
- commit c80ad41
- scripts/dtc: dtx_diff: remove broken example from help text
(git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: wacom: Reset expected and received contact counts at the
same time (git-fixes).
- HID: uhid: Fix worker destroying device without any protection
(git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms
(git-fixes).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- nfc: llcp: fix NULL error pointer dereference on sendmsg()
after failed bind() (git-fixes).
- commit 8163787
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- commit dad9348
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- commit f9364fe
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- commit 58912c3
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- blacklist.conf: test_stackinit module is not built
- commit 79fa675
- blacklist.conf: bug: clean up; compiler likely does the same optimization
- commit 0f2e872
- workqueue: Fix unbind_workers() VS wq_worker_running() race
(bsc#1195062).
- commit 4a6e4c5
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 84178b8
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 9eddfd3
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 34a8919
- kabi/severities: Add a kabi exception for drivers/tee/tee
According to the partner modules database, the structs of this driver
are not used by anything external so make a kABI exception for them.
Do that on purpose so that any external module using this fails to load
instead of causing a potential memory corruption due to a kabi
workaround which would use the same offset but for a different thing:
- struct dma_buf *dmabuf;
+ refcount_t refcount;
See upstream commit
dfd0743f1d9e ("/tee: handle lookup of shm with reference count 0"/)
- commit c1b7aec
- series.conf: refresh
- update upstream references and resort:
- patches.suse/powerpc-fadump-Fix-inaccurate-CPU-state-info-in-vmco.patch
- patches.suse/powerpc-handle-kdump-appropriately-with-crash_kexec_.patch
- patches.suse/powerpc-watchdog-Avoid-holding-wd_smp_lock-over-prin.patch
- patches.suse/powerpc-watchdog-Fix-missed-watchdog-reset-due-to-me.patch
- patches.suse/powerpc-watchdog-Fix-wd_smp_last_reset_tb-reporting.patch
- patches.suse/powerpc-watchdog-read-TB-close-to-where-it-is-used.patch
- patches.suse/powerpc-watchdog-tighten-non-atomic-read-modify-writ.patch
- commit 72b7db7
- series.conf: cleanup
- move to "/mainline soon"/ section:
- patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
- commit 07d55c3
- vfs: fs_context: fix up param length parsing in
legacy_parse_param (CVE-2022-0185 bsc#1194517).
- Rename and retag following upstream merge from:
patches.suse/vfs-Out-of-bounds-write-of-heap-buffer-in-fs_context-c.patch
to patches.suse/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch
- commit 33860f2
- sctp: account stream padding length for reconf chunk
(bsc#1194985 CVE-2022-0322).
- commit a6cab40
- Update config files.
- commit eae3c71
- net: allow retransmitting a TCP packet if original is still
in queue (bsc#1188605 bsc#1187428).
- commit 372a9a4
- moxart: fix potential use-after-free on remove path
(bsc#1194516).
- commit 3fae095
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- commit 4717473
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- powerpc/pseries/mobility: ignore ibm, platform-facilities
updates (bsc#1065729).
- commit b253330
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc: add interrupt_cond_local_irq_enable helper
(bsc#1065729).
- commit 65f660c
- tee: handle lookup of shm with reference count 0 (bsc#1193767
CVE-2021-44733).
- commit be75d82
- powerpc/64s: fix program check interrupt emergency stack path
(bsc#1156395).
- commit a3c26ed
- blacklist.conf: Add a2308836880b powerpc: Fix arch_stack_walk() to have
running function as first entry
The stacktrace interface in this kernel version does not provide the
parameters used to implement the fix.
- commit ee041a3
- fuse: Pass correct lend value to filemap_write_and_wait_range()
(bsc#1194953).
- commit d2355ea
- nvme-fabrics: ignore invalid fast_io_fail_tmo values
(git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-multipath: fix ANA state updates when a namespace is not
present (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in
nvmf_parse_options (git-fixes).
- commit 51e4a5d
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- commit 51a5c79
- tee: don't assign shm id for private shms (bsc#1193767
CVE-2021-44733).
- commit 9ab9ee2
- Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
(git-fixes bsc#1193660 ltc#195634).
- commit 11ac3f6
- blacklist.conf: Add 79ca6f74dae0 tpm: fix Atmel TPM crash caused by too frequent queries
Breaks kABI, there is no report of this problem affecting users, likely
broken old TPM firmware.
- commit 4ea9f96
- tee: remove linked list of struct tee_shm (bsc#1193767
CVE-2021-44733).
- commit a3c7739
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- commit 27c7aa0
- powerpc/perf: Fix PMU callbacks to clear pending PMI before
resetting an overflown PMC (bsc#1156395).
- commit 8bdce1e
- powerpc/prom_init: Fix improper check of prom_getprop()
(bsc#1065729).
- commit 954fa51
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
(git-fixes).
- dmaengine: at_xdmac: Fix lld view setting (git-fixes).
- dmaengine: at_xdmac: Fix concurrency over xfers_list
(git-fixes).
- dmaengine: at_xdmac: Print debug message after realeasing the
lock (git-fixes).
- dmaengine: at_xdmac: Don't start transactions at tx_submit level
(git-fixes).
- Documentation: dmaengine: Correctly describe dmatest with
channel unset (git-fixes).
- rpmsg: core: Clean up resources on announce_create failure
(git-fixes).
- ACPI: APD: Check for NULL pointer after calling devm_ioremap()
(git-fixes).
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- Input: ti_am335x_tsc - set ADCREFM for X configuration
(git-fixes).
- i3c: master: dw: check return of dw_i3c_master_get_free_pos()
(git-fixes).
- i3c: fix incorrect address slot lookup on 64-bit (git-fixes).
- commit 3d8614c
- powerpc/pseries/cpuhp: delete add/remove_by_count code
(bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- commit 9c04898
- Add cherry-picked IDs for qemu fw_cfg patches
- commit 8f947ad
- powerpc/perf: Fix data source encodings for L2.1 and L3.1
accesses (bsc#1065729).
- commit d096c51
- powerpc/xive: Add missing null check after calling kmalloc
(bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes).
- commit d9ea6bb
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
(git-fixes).
- commit fd3df8d
- tracing: Add test for user space strings when filtering on
string pointers (git-fixes).
- commit 9a09d69
- Update armv7hl config files.
- commit a54e64e
- dm writecache: fix performance degradation in ssd mode
(git-fixes).
- dm writecache: advance the number of arguments when reporting
max_age (git-fixes).
- commit e385922
- nvme-tcp: fix possible req->offset corruption (git-fixes).
- nvme-tcp: fix io_work priority inversion (git-fixes).
- nvme-tcp: don't update queue count when failing to set io queues
(git-fixes).
- nvme-tcp: pair send_mutex init with destroy (git-fixes).
- nvme-tcp: can't set sk_user_data without write_lock (git-fixes).
- nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes).
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
(git-fixes).
- nvme-tcp: check sgl supported by target (git-fixes).
- nvme-tcp: block BH in sk state_change sk callback (git-fixes).
- nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
(git-fixes).
- commit 0e83d53
- nvme-tcp: fix crash triggered with a dataless request submission
(git-fixes).
- nvme-tcp: pass multipage bvec to request iov_iter (git-fixes).
- nvme-tcp: get rid of unused helper function (git-fixes).
- nvme-tcp: fix wrong setting of request iov_iter (git-fixes).
- nvme-tcp: fix possible data corruption with bio merges
(git-fixes).
- commit 1412d58
- blacklist.conf: 3e2a56e6f639 ("/tracing: Have syscall trace events use trace_event_buffer_lock_reserve()"/)
Optimization only.
- commit 9d680b6
- dm writecache: add "/cleaner"/ and "/max_age"/ to Documentation
(git-fixes).
- dm writecache: flush origin device when writing and cache is
full (git-fixes).
- commit eeda715
- blacklist.conf: blacklist unnecessary commit
- commit 3eae3eb
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- nfsd: Fix nsfd startup race (again) (git-fixes).
- NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
(git-fixes).
- commit 53bf6fe
- blacklist.conf: 244a36e50da0 drm/vc4: kms: Wait for the commit before increasing our clock rate
- commit f34f06b
- Refresh
patches.suse/drm-amd-display-Set-plane-update-flags-for-all-plane.patch.
Alt-commit
- commit efcd4f5
- Refresh
patches.suse/drm-i915-fb-Fix-rounding-error-in-subsampled-plane-s.patch.
Alt-commit
- commit e0cab26
- blacklist.conf: 0c980a006d3f drm/vc4: kms: Wait for the commit before increasing our clock rate
- commit a752ba6
- drm/i915/fb: Fix rounding error in subsampled plane size
calculation (git-fixes).
- commit 559ebf7
- drm/amdgpu: revert "/Add autodump debugfs node for gpu reset v8"/
(git-fixes).
- commit 3dac018
- blacklist.conf: 93b713304188 drm/i915: Revert "/drm/i915/gem: Asynchronous cmdparser"/
- commit 41290de
- blacklist.conf: 5810323ba692 drm/amd/pm: Fix a bug communicating with the SMU (v5)
- commit 5594ee7
- tracing/uprobes: Check the return value of kstrdup() for
tu->filename (git-fixes).
- commit 9da2bcc
- blacklist.conf: c9d9fdbc108a drm/i915: Revert "/drm/i915/gem: Asynchronous cmdparser"/
- commit fcd19bb
- blacklist.conf: b601c16b7ba8 drm/vc4: crtc: Lookup the encoder from the register at boot
- commit 2647c26
- tracing: Fix check for trace_percpu_buffer validity in
get_trace_buf() (git-fixes).
- commit 15d2ff9
- selftests: KVM: Explicitly use movq to read xmm registers
(git-fixes).
- commit 28d1c00
- dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931).
- dmaengine: idxd: add module parameter to force disable of SVA
(bsc#1192931).
- commit 13e606d
- blacklist.conf: 5a184d959d5a drm/vc4: crtc: Fix vc4_get_crtc_encoder logic
- commit 3bf3f00
- blacklist.conf: c6883985d463 drm/vc4: crtc: Pass the drm_atomic_state to config_pv
- commit babde3e
- Revert patches.suse/block-simplify-set_init_blocksize.patch (bsc#1191929)
Upstream reverted 8dc932d3e8af ("/Revert "/block: simplify
set_init_blocksize"/ to regain lost performance"/). Drop the initial
patch and fixup conflicts.
- commit fca2173
- select: Fix indefinitely sleeping task in
poll_schedule_timeout() (bsc#1194027).
- commit 18b9c4e
- blacklist.conf: 2e4c6c1a9db5 drm/i915: Remove i915_request.lock requirement for execution callbacks
- commit a56a2e1
- usb: ftdi-elan: fix memory leak on device disconnect
(git-fixes).
- commit d92ffd0
- clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes).
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused()
after system enter shell (git-fixes).
- clk: Gemini: fix struct name in kernel-doc (git-fixes).
- clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1
(git-fixes).
- tty: serial: uartlite: allow 64 bit address (git-fixes).
- tty: serial: atmel: Call dma_async_issue_pending() (git-fixes).
- tty: serial: atmel: Check return code of dmaengine_submit()
(git-fixes).
- staging: rtl8192e: rtllib_module: fix error handle case in
alloc_rtllib() (git-fixes).
- staging: rtl8192e: return error code from rtllib_softmac_init()
(git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- commit 83ffd12
- misc: lattice-ecp3-config: Fix task hung when firmware load
failed (git-fixes).
- firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
(git-fixes).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate
entries (git-fixes).
- firmware: Update Kconfig help text for Google firmware
(git-fixes).
- uio: uio_dmem_genirq: Catch the Exception (git-fixes).
- dmaengine: pxa/mmp: stop referencing config->slave_id
(git-fixes).
- mailbox: hi3660: convert struct comments to kernel-doc notation
(git-fixes).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
(git-fixes).
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- commit 7a442ee
- char/mwave: Adjust io port register size (git-fixes).
- ASoC: fsl_asrc: refine the check of available clock divider
(git-fixes).
- ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes).
- ASoC: samsung: idma: Check of ioremap return value (git-fixes).
- ASoC: mediatek: Check for error clk pointer (git-fixes).
- ASoC: rt5663: Handle device_property_read_u32_array error codes
(git-fixes).
- ASoC: uniphier: drop selecting non-existing
SND_SOC_UNIPHIER_AIO_DMA (git-fixes).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus
Master after reboot from Windows (git-fixes).
- ALSA: usb-audio: Drop superfluous '0' in Presonus Studio
1810c's ID (git-fixes).
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
(git-fixes).
- commit 0e71106
- random: fix data race on crng init time (git-fixes).
- Refresh
patches.suse/0008-random-move-FIPS-continuous-test-to-output-functions.patch.
- commit 792475c
- ALSA: hda: Make proper use of timecounter (git-fixes).
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
(git-fixes).
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
(git-fixes).
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
(git-fixes).
- USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
- USB: Fix "/slab-out-of-bounds Write"/ bug in
usb_hcd_poll_rh_status (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- staging: wlan-ng: Avoid bitwise vs logical OR warning in
hfa384x_usb_throttlefn() (git-fixes).
- commit c91af43
- PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
(git-fixes).
- PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI
config space (git-fixes).
- PCI: xgene: Fix IB window setup (git-fixes).
- PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2
registers on emulated bridge (git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge
(git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
(git-fixes).
- PCI: mvebu: Do not modify PCI IO type bits in conf_write
(git-fixes).
- commit f746eae
- PCI: mvebu: Check for errors from pci_bridge_emul_init() call
(git-fixes).
- PCI: dwc: Do not remap invalid res (git-fixes).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
(git-fixes).
- drm/amdkfd: Check for null pointer after calling kmemdup
(git-fixes).
- drm/sun4i: dw-hdmi: Fix missing put_device() call in
sun8i_hdmi_phy_get (git-fixes).
- drm/atomic: Check new_crtc_state->active to determine if CRTC
needs disable in self refresh mode (git-fixes).
- mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes).
- Bluetooth: bfusb: fix division by zero in send path (git-fixes).
- drm/i915: Avoid bitwise vs logical OR warning in
snb_wm_latency_quirk() (git-fixes).
- commit 3526b61
- Move upstreamed patches into sorted section
- commit e663fe4
- Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120)
Moving this driver into the "/supported"/ package.
- commit 6f2da7c
- tpm: fix potential NULL pointer access in tpm_del_char_device
(git-fixes).
- tpm: add request_locality before write TPM_INT_ENABLE
(git-fixes).
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in
meson_spifc_probe (git-fixes).
- usb: mtu3: fix interval value for intr and isoc (git-fixes).
- commit c1e5df4
- selinux: fix potential memleak in selinux_add_opt() (git-fixes).
- pcmcia: fix setting of kthread task states (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region() (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region() (git-fixes).
- spi: spi-rspi: Drop redeclaring ret variable in
qspi_transfer_in() (git-fixes).
- regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes).
- mtd: rawnand: mpc5121: Remove unused variable in
ads5121_select_chip() (git-fixes).
- power: reset: ltc2952: Fix use of floating point literals
(git-fixes).
- rndis_host: support Hytera digital radios (git-fixes).
- commit 5c51144
- mmc: meson-mx-sdio: add IRQ check (git-fixes).
- mfd: intel-lpss: Fix too early PM enablement in the ACPI
- >probe() (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_init (git-fixes).
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
(git-fixes).
- crypto: stm32/cryp - fix lrw chaining mode (git-fixes).
- Documentation: refer to config RANDOMIZE_BASE for kernel
address-space randomization (git-fixes).
- mISDN: change function names to avoid conflicts (git-fixes).
- commit 6c1c0d0
- backlight: qcom-wled: Override default length with
qcom,enabled-strings (git-fixes).
- backlight: qcom-wled: Fix off-by-one maximum with default
num_strings (git-fixes).
- backlight: qcom-wled: Pass number of elements to read to
read_u32_array (git-fixes).
- backlight: qcom-wled: Validate enabled string indices in DT
(git-fixes).
- crypto: stm32/cryp - fix double pm exit (git-fixes).
- crypto: stm32/cryp - fix xts and race condition in crypto_engine
requests (git-fixes).
- crypto: qce - fix uaf on qce_ahash_register_one (git-fixes).
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
(git-fixes).
- atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes).
- commit 8421e32
- blacklist.conf: f28439db470c ("/tracing: Tag trace_percpu_buffer as a percpu pointer"/)
It fixes a sparse warning only.
- commit 3c1db23
- cgroup: cgroup.{procs,threads} factor out common parts
(bsc#1194302 CVE-2021-4197).
- commit 0d9ce26
- Revert "/net/mlx5: Add retry mechanism to the command entry
index allocation"/ (jsc#SLE-15172).
- net/mlx5: Set command entry semaphore up once got index free
(jsc#SLE-15172).
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
(bsc#1176447).
- iavf: Fix limit of total number of queues to active queues of VF
(git-fixes).
- i40e: Fix incorrect netdev's real number of RX/TX queues
(git-fixes).
- i40e: Fix for displaying message regarding NVM version
(git-fixes).
- i40e: fix use-after-free in i40e_sync_filters_subtask()
(git-fixes).
- i40e: Fix to not show opcode msg on unsuccessful VF MAC change
(git-fixes).
- sfc: The RX page_ring is optional (git-fixes).
- net: ena: Fix error handling when calculating max IO queues
number (bsc#1154492).
- net: ena: Fix wrong rx request id by resetting device
(git-fixes).
- net: ena: Fix undefined state when tx request id is out of
bounds (bsc#1154492).
- net/mlx5e: Fix wrong features assignment in case of error
(git-fixes).
- ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773).
- net/mlx5e: Wrap the tx reporter dump callback to extract the sq
(jsc#SLE-15172).
- net/mlx5: DR, Fix NULL vs IS_ERR checking in
dr_domain_init_resources (jsc#SLE-8464).
- sfc: falcon: Check null pointer of rx_queue->page_ring
(git-fixes).
- sfc: Check null pointer of rx_queue->page_ring (git-fixes).
- qlcnic: potential dereference null pointer of
rx_queue->page_ring (git-fixes).
- RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777).
- sfc_ef100: potential dereference of null pointer
(jsc#SLE-16683).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- igc: Fix typo in i225 LTR functions (jsc#SLE-13533).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igb: Fix removal of unicast MAC filters of VFs (git-fixes).
- flow_offload: return EOPNOTSUPP for the unsupported mpls action
type (bsc#1154353).
- net/sched: sch_ets: don't remove idle classes from the
round-robin list (bsc#1176774).
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
(jsc#SLE-14777).
- net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for
six 8-bit groups (bsc#1176447).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
(git-fixes).
- iavf: restore MSI state on reset (git-fixes).
- netfilter: nf_tables: initialize set before expression setup
(bsc#1194518 CVE-2021-46283).
- commit 472b838
- blacklist.conf: Blacklist 2fc428f6b7ca
- commit 19cda1c
- blacklist.conf: Blacklist b781d8db580c
- commit 062524a
- blacklist.conf: Blacklist 480d42dc001b
- commit 25e1570
- cgroup: Use open-time cgroup namespace for process migration
perm checks (bsc#1194302 CVE-2021-4197).
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
(bsc#1194302 CVE-2021-4197).
- cgroup: Use open-time credentials for process migraton perm
checks (bsc#1194302 CVE-2021-4197).
- commit 716e0d8
- patches.suse/ext4-Avoid-trim-error-on-fs-with-small-groups.patch: Update
tags
- commit 2f64a4f
- blacklist.conf: Blacklist 86399ea07109 and 81dedaf10c20
- commit c1c9a79
- udf: Fix crash after seekdir (bsc#1194592).
- commit 0c1ff08
- isofs: Fix out of bound access for corrupted isofs image
(bsc#1194591).
- commit 416efa6
- quota: correct error number in free_dqentry() (bsc#1194590).
- commit 6a7c013
- quota: check block number when reading the block in quota file
(bsc#1194589).
- commit a1f09c3
- pipe: increase minimum default pipe size to 2 pages
(bsc#1194587).
- commit e2fa7de
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
(bsc#1194586).
- commit b32b906
- blacklist.conf: Blacklist 7607c44c157d and 35e4c6c1a2fc
- commit 94191c1
- blk-cgroup: synchronize blkg creation against policy
deactivation (bsc#1194584).
- commit 2ff6aca
- ext4: fix lazy initialization next schedule time computation
in more granular unit (bsc#1194580).
- commit 5b27386
- fget: clarify and improve __fget_files() implementation
(bsc#1193727).
- commit 4b3242f
- vfs: Out-of-bounds write of heap buffer in fs_context.c
(CVE-2022-0185 bsc#1194517).
- commit 11341d2
- x86/platform/uv: Add more to secondary CPU kdump info
(bsc#1194493).
- commit 0c6f56d
- netdevsim: Zero-initialize memory for new map's value in
function nsim_bpf_map_alloc (bsc#1193927 CVE-2021-4135).
- commit 4b3887a
- Update patch references for NFC security fixes (CVE-2021-4202 bsc#1194529)
- commit 69a4a1d
- iwlwifi: mvm: Use div_s64 instead of do_div in
iwl_mvm_ftm_rtt_smoothing() (git-fixes).
- commit 51f4dbd
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
(git-fixes).
- commit 0c49000
- thermal/drivers/imx8mm: Enable ADC when enabling monitor
(git-fixes).
- PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment
(git-fixes).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore()
with interrupts enabled (git-fixes).
- mwifiex: Fix possible ABBA deadlock (git-fixes).
- wcn36xx: Release DMA channel descriptor allocations (git-fixes).
- wcn36xx: Indicate beacon not connection loss on
MISSED_BEACON_IND (git-fixes).
- media: hantro: Fix probe func error path (git-fixes).
- media: msi001: fix possible null-ptr-deref in msi001_probe()
(git-fixes).
- commit 945c228
- media: dw2102: Fix use after free (git-fixes).
- media: streamzap: remove unnecessary ir_raw_event_reset and
handle (git-fixes).
- media: si2157: Fix "/warm"/ tuner state detection (git-fixes).
- media: saa7146: mxb: Fix a NULL pointer dereference in
mxb_attach() (git-fixes).
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- media: uvcvideo: fix division by zero at stream start
(git-fixes).
- media: venus: core: Fix a resource leak in the error handling
path of 'venus_probe()' (git-fixes).
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file
is released (git-fixes).
- media: si470x-i2c: fix possible memory leak in
si470x_i2c_probe() (git-fixes).
- media: imx-pxp: Initialize the spinlock prior to using it
(git-fixes).
- commit 5761229
- media: rcar-csi2: Optimize the selection PHTW register
(git-fixes).
- media: rcar-csi2: Correct the selection of hsfreqrange
(git-fixes).
- media: i2c: imx274: fix trivial typo obainted/obtained
(git-fixes).
- media: i2c: imx274: fix trivial typo expsoure/exposure
(git-fixes).
- media: dib0700: fix undefined behavior in tuner shutdown
(git-fixes).
- media: dmxdev: fix UAF when dvb_register_device() fails
(git-fixes).
- media: stk1160: fix control-message timeouts (git-fixes).
- media: s2255: fix control-message timeouts (git-fixes).
- media: pvrusb2: fix control-message timeouts (git-fixes).
- media: em28xx: fix control-message timeouts (git-fixes).
- commit 46bba79
- iwlwifi: mvm: test roc running status bits before removing
the sta (git-fixes).
- iwlwifi: mvm: fix 32-bit build in FTM (git-fixes).
- media: cpia2: fix control-message timeouts (git-fixes).
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- media: redrat3: fix control-message timeouts (git-fixes).
- media: mceusb: fix control-message timeouts (git-fixes).
- media: aspeed: Update signal status immediately to ensure sane
hw state (git-fixes).
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- media: aspeed: fix mode-detect always time out at 2nd run
(git-fixes).
- gpu: host1x: Add back arm_iommu_detach_device() (git-fixes).
- commit a0fd0ab
- drm/msm/dpu: fix safe status debugfs file (git-fixes).
- drm/tegra: vic: Fix DMA API misuse (git-fixes).
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms() (git-fixes).
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode() (git-fixes).
- drm/bridge: ti-sn65dsi86: Set max register for regmap
(git-fixes).
- drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes).
- drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered up during
bind (git-fixes).
- drm/vc4: hdmi: Set a default HSM rate (git-fixes).
- commit a48eb6b
- Documentation: ACPI: Fix data node reference documentation
(git-fixes).
- dma_fence_array: Fix PENDING_ERROR leak in
dma_fence_array_signaled() (git-fixes).
- drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes).
- drm/rockchip: dsi: Fix unbalanced clock on probe error
(git-fixes).
- drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes).
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind
(git-fixes).
- drm/panel: innolux-p079zca: Delete panel on attach() failure
(git-fixes).
- drm/panel: kingdisplay-kd097d04: Delete panel on attach()
failure (git-fixes).
- drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes).
- drm/bridge: display-connector: fix an uninitialized pointer
in probe() (git-fixes).
- commit 5ae7d41
- device property: Fix documentation for
FWNODE_GRAPH_DEVICE_DISABLED (git-fixes).
- can: gs_usb: gs_can_start_xmit(): zero-initialize
hf->{flags,reserved} (git-fixes).
- can: xilinx_can: xcan_probe(): check for error irq (git-fixes).
- can: softing: softing_startstop(): fix set but not used variable
warning (git-fixes).
- can: softing_cs: softingcs_probe(): fix memleak on registration
failure (git-fixes).
- can: gs_usb: fix use of uninitialized variable, detach device
on reception of invalid USB data (git-fixes).
- Bluetooth: hci_bcm: Check for error irq (git-fixes).
- can: usb_8dev: remove unused member echo_skb from struct
usb_8dev_priv (git-fixes).
- clk: bcm-2835: Remove rounding up the dividers (git-fixes).
- clk: bcm-2835: Pick the closest clock rate (git-fixes).
- commit bd7a33a
- ACPI: scan: Create platform device for BCM4752 and LNV4752
ACPI nodes (git-fixes).
- Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes).
- Bluetooth: L2CAP: Fix using wrong mode (git-fixes).
- Bluetooth: btmtksdio: fix resume failure (git-fixes).
- Bluetooth: stop proccessing malicious adv data (git-fixes).
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets()
fails (git-fixes).
- Bluetooth: btusb: fix memory leak in
btusb_mtk_submit_wmt_recv_urb() (git-fixes).
- commit aa5f21e
- power: supply: core: Break capacity loop (git-fixes).
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
(git-fixes).
- mac80211: initialize variable have_higher_than_11mbit
(git-fixes).
- batman-adv: mcast: don't send link-local multicast to mcast
routers (git-fixes).
- Input: spaceball - fix parsing of movement data packets
(git-fixes).
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA
(bsc#1190256).
- Input: i8042 - add deferred probe support (bsc#1190256).
- platform/x86: apple-gmux: use resource_size() with res
(git-fixes).
- drm/mediatek: Check plane visibility in atomic_update
(git-fixes).
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
(git-fixes).
- ASoC: sunxi: fix a sound binding broken reference (git-fixes).
- commit 3be695f
- Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge
- commit daf9fb8
- debugfs: lockdown: Allow reading debugfs files that are not
world readable (bsc#1193328 ltc#195566).
- commit 8830882
- series.conf: cleanup
- move submitted patch to "/almost mainline"/ section
patches.suse/ext4-Avoid-trim-error-on-fs-with-small-groups.patch
- commit dc09b47
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- commit f67e52e
- powerpc/fadump: Fix inaccurate CPU state info in vmcore
generated with panic (bsc#1193901 ltc#194976).
- powerpc: handle kdump appropriately with
crash_kexec_post_notifiers option (bsc#1193901 ltc#194976).
- commit 8924f63
- USB: gadget: bRequestType is a bitfield, not a enum (git-fixes).
- usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
(git-fixes).
- commit b983cf3
- xhci: Fresco FL1100 controller should not have BROKEN_MSI
quirk set (git-fixes).
- usb: mtu3: set interval of FS intr and isoc endpoint
(git-fixes).
- usb: mtu3: fix list_head check warning (git-fixes).
- usb: mtu3: add memory barrier before set GPD's HWO (git-fixes).
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear
(git-fixes).
- USB: serial: option: add Telit FN990 compositions (git-fixes).
- USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes).
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
(git-fixes).
- usb: xhci: Extend support for runtime power management for
AMD's Yellow carp (git-fixes).
- usb: core: config: using bit mask instead of individual bits
(git-fixes).
- usb: core: config: fix validation of wMaxPacketValue entries
(git-fixes).
- USB: gadget: zero allocate endpoint 0 buffers (git-fixes).
- USB: gadget: detect too-big endpoint 0 requests (git-fixes).
- xhci: avoid race between disable slot command and host runtime
suspend (git-fixes).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from
runtime suspending (git-fixes).
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes).
- USB: chipidea: fix interrupt deadlock (git-fixes).
- USB: cdc-acm: fix break reporting (git-fixes).
- USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes
(git-fixes).
- usb: dwc2: check return value after calling
platform_get_resource() (git-fixes).
- Revert "/USB: xhci: fix U1/U2 handling for hardware with
XHCI_INTEL_HOST quirk set"/ (git-fixes).
- xhci: fix unsafe memory usage in xhci tracing (git-fixes).
- usb: gadget: composite: Allow bMaxPower=0 if self-powered
(git-fixes).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset
(git-fixes).
- usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression
(git-fixes).
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based
one (git-fixes).
- usb: dwc3: gadget: Reclaim extra TRBs after request completion
(git-fixes).
- usb: dwc3: ulpi: fix checkpatch warning (git-fixes).
- usb: dwc3: gadget: Continue to process pending requests
(git-fixes).
- commit c6091eb
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
(git-fixes).
- wcn36xx: handle connection loss indication (git-fixes).
- watchdog: Fix OMAP watchdog early handling (git-fixes).
- wcn36xx: Fix missing frame timestamp for beacon/probe-resp
(git-fixes).
- commit ac118b7
- spi: change clk_disable_unprepare to clk_unprepare (git-fixes).
- firmware: tegra: Fix error application of sizeof() to pointer
(git-fixes).
- serial: pl011: Add ACPI SBSA UART match id (git-fixes).
- thermal: core: Reset previous low and high trip during thermal
zone init (git-fixes).
- video: backlight: Drop maximum brightness override for
brightness zero (git-fixes).
- Revert "/PM: sleep: Do not assume that "/mem"/ is always present"/
(git-fixes).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(git-fixes).
- tty: synclink_gt: rename a conflicting function name
(git-fixes).
- shmem: shmem_writepage() split unlikely i915 THP (git-fixes).
- serial: tty: uartlite: fix console setup (git-fixes).
- tty: max310x: fix flexible_array.cocci warnings (git-fixes).
- slimbus: qcom: fix potential NULL dereference in
qcom_slim_prg_slew() (git-fixes).
- tty: serial: earlycon dependency (git-fixes).
- usermodehelper: reset umask to default before executing user
process (git-fixes).
- tty: serial: qcom_geni_serial: Drop __init from
qcom_geni_console_setup (git-fixes).
- string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
(git-fixes).
- commit a735650
- soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes).
- soc: fsl: dpaa2-console: free buffer before returning from
dpaa2_console_read (git-fixes).
- soc: fsl: dpio: use the combined functions to protect critical
zone (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with
raw_smp_processor_id (git-fixes).
- power: supply: max17042_battery: Clear status bits in interrupt
handler (git-fixes).
- soc: fsl: dpio: rename the enqueue descriptor variable
(git-fixes).
- soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes).
- pwm: mxs: Don't modify HW state in .probe() after the PWM chip
was registered (git-fixes).
- rtw88: wow: fix size access error of probe request (git-fixes).
- rtw88: wow: build wow function only if CONFIG_PM is on
(git-fixes).
- rtw88: use read_poll_timeout instead of fixed sleep (git-fixes).
- rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes).
- pwm: tiecap: Drop .free() callback (git-fixes).
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8
(git-fixes).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes).
- sata: nv: fix debug format string mismatch (git-fixes).
- commit df942c0
- pinctrl: stm32: consider the GPIO offset to expose all the
GPIO lines (git-fixes).
- pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes).
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue
after S3 deep (git-fixes).
- PM: sleep: Do not assume that "/mem"/ is always present
(git-fixes).
- pinctrl: stm32: use valid pin identifier in
stm32_pinctrl_resume() (git-fixes).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation
(git-fixes).
- pcnet32: Use pci_resource_len to validate PCI resource
(git-fixes).
- PM: runtime: Defer suspending suppliers (git-fixes).
- commit abf2572
- NFC: st21nfca: Fix memory leak in device probe and remove
(git-fixes).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
(git-fixes).
- nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes).
- PCI: cadence: Add cdns_plat_pcie_probe() missing return
(git-fixes).
- commit da0a149
- mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes).
- misc: fastrpc: fix improper packet size calculation (git-fixes).
- mtd: rawnand: fsmc: Fix timing computation (git-fixes).
- mtd: rawnand: fsmc: Take instruction delay into account
(git-fixes).
- mt76: mt7915: fix NULL pointer dereference in
mt7915_get_phy_mode (git-fixes).
- mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes).
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
(git-fixes).
- mt76: mt7915: fix an off-by-one bound check (git-fixes).
- mwifiex: Try waking the firmware until we get an interrupt
(git-fixes).
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset
standard tuning circuit (git-fixes).
- misc: fastrpc: Add missing lock before accessing find_vma()
(git-fixes).
- commit 55425ab
- Input: appletouch - initialize work before device registration
(git-fixes).
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
(git-fixes).
- Input: elantech - fix stack out of bound access in
elantech_change_report_id() (git-fixes).
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE
(git-fixes).
- mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes).
- mac80211: fix lookup when adding AddBA extension element
(git-fixes).
- mac80211: validate extended element ID is present (git-fixes).
- mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
(git-fixes).
- mac80211: send ADDBA requests using the tid/queue of the
aggregation session (git-fixes).
- mac80211: fix regression in SSN handling of addba tx
(git-fixes).
- mac80211: track only QoS data frames for admission control
(git-fixes).
- libata: add horkage for ASMedia 1092 (git-fixes).
- mac80211: do not access the IV when it was stripped (git-fixes).
- Input: max8925_onkey - don't mark comment as kernel-doc
(git-fixes).
- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
(git-fixes).
- iwlwifi: mvm: disable RX-diversity in powersave (git-fixes).
- iwlwifi: mvm: Fix scan channel flags settings (git-fixes).
- iwlwifi: fw: correctly limit to monitor dump (git-fixes).
- iwlwifi: mvm: fix access to BSS elements (git-fixes).
- iwlwifi: mvm: avoid static queue number aliasing (git-fixes).
- iwlwifi: pcie: free RBs during configure (git-fixes).
- mac80211: Fix monitor MTU limit so that A-MSDUs get through
(git-fixes).
- memblock: ensure there is no overflow in
memblock_overlaps_region() (git-fixes).
- kobject_uevent: remove warning in init_uevent_argv()
(git-fixes).
- memory: emif: Remove bogus debugfs error handling (git-fixes).
- kobject: Restore old behaviour of kobject_del(NULL) (git-fixes).
- lockdown: Allow unprivileged users to see lockdown status
(git-fixes).
- kmod: make request_module() return an error when autoloading
is disabled (git-fixes).
- commit 0f3480f
- iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes).
- iio: at91-sama5d2: Fix incorrect sign extension (git-fixes).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
(git-fixes).
- iio: ad7768-1: Call iio_trigger_notify_done() on error
(git-fixes).
- iio: itg3200: Call iio_trigger_notify_done() on error
(git-fixes).
- iio: dln2: Check return value of devm_iio_trigger_register()
(git-fixes).
- iio: trigger: Fix reference counting (git-fixes).
- iio: dln2-adc: Fix lockdep complaint (git-fixes).
- iio: mma8452: Fix trigger reference couting (git-fixes).
- iio: stk3310: Don't return error code in interrupt handler
(git-fixes).
- iio: kxsd9: Don't return error code in trigger handler
(git-fixes).
- iio: ltr501: Don't return error code in trigger handler
(git-fixes).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and
remove (git-fixes).
- commit 4c68be5
- i2c: validate user data in compat ioctl (git-fixes).
- i2c: rk3x: Handle a spurious start completion interrupt flag
(git-fixes).
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes).
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
(git-fixes).
- ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes).
- ieee802154: hwsim: Fix possible memory leak in
hwsim_subscribe_all_others (git-fixes).
- ieee802154: fix error return code in
ieee802154_llsec_getparams() (git-fixes).
- ieee802154: fix error return code in ieee802154_add_iface()
(git-fixes).
- commit 5d3590c
- hwmon: (lm90) Do not report 'busy' status bit as alarm
(git-fixes).
- hwmon: (lm90) Drop critical attribute support for MAX6654
(git-fixes).
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function
(git-fixes).
- HID: google: add eel USB id (git-fixes).
- HID: add USB_HID dependancy to hid-prodikeys (git-fixes).
- HID: add USB_HID dependancy to hid-chicony (git-fixes).
- HID: bigbenff: prevent null pointer dereference (git-fixes).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
(git-fixes).
- hwmon: (lm90) Add basic support for TI TMP461 (git-fixes).
- hwmon: (lm90) Introduce flag indicating extended temperature
support (git-fixes).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal
(git-fixes).
- hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes).
- commit 8903a1a
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver
(git-fixes).
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented
(git-fixes).
- firmware: arm_scmi: pm: Propagate return value to caller
(git-fixes).
- firmware_loader: fix pre-allocated buf built-in firmware use
(git-fixes).
- firmware: qcom_scm: Fix error retval in
__qcom_scm_is_call_available() (git-fixes).
- firmware: tegra: Reduce stack usage (git-fixes).
- firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()'
(git-fixes).
- staging: fbtft: Don't spam logs when probe is deferred
(git-fixes).
- staging: fbtft: Rectify GPIO handling (git-fixes).
- eeprom: idt_89hpesx: Restore printing the unsupported fwnode
name (git-fixes).
- eeprom: idt_89hpesx: Put fwnode in matching case during
- >probe() (git-fixes).
- staging: fieldbus: anybuss: jump to correct label in an error
path (git-fixes).
- staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent()
(git-fixes).
- commit 6208a26
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
(git-fixes).
- drm/ast: potential dereference of null pointer (git-fixes).
- drm/syncobj: Deal with signalled fences in
drm_syncobj_find_fence (git-fixes).
- drm/amd/display: add connector type check for CRC source set
(git-fixes).
- drm/amd/display: Fix for the no Audio bug with Tiled Displays
(git-fixes).
- drm/msm/dsi: set default num_data_lanes (git-fixes).
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for
PHY_SUN6I_MIPI_DPHY (git-fixes).
- drm/amd/display: dcn20_resource_construct reduce scope of FPU
enabled (git-fixes).
- drm/msm: prevent NULL dereference in
msm_gpu_crashstate_capture() (git-fixes).
- commit bdadc10
- drm/msm/mdp5: fix cursor-related warnings (git-fixes).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes).
- drm/amd/display: Update bounding box states (v2) (git-fixes).
- drm/amd/display: Update number of DCN3 clock states (git-fixes).
- drm/amdkfd: Account for SH/SE count when setting up cu masks
(git-fixes).
- drm/exynos: Always initialize mapping in
exynos_drm_register_dma() (git-fixes).
- drm/display: fix possible null-pointer dereference in
dcn10_set_clock() (git-fixes).
- drm/amd/display: fix incorrect CM/TF programming sequence in
dwb (git-fixes).
- drm/amd/display: fix missing writeback disablement if plane
is removed (git-fixes).
- drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660
(git-fixes).
- commit 792bcdc
- drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
(git-fixes).
- drm: xlnx: zynqmp: release reset to DP controller before
accessing DP registers (git-fixes).
- drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before
setting pixel clock (git-fixes).
- drm/amdgpu: Fix a printing message (git-fixes).
- drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes).
- drm/bridge: nwl-dsi: Avoid potential multiplication overflow
on 32-bit (git-fixes).
- drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET
(git-fixes).
- commit c849561
- dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes).
- dmaengine: bestcomm: fix system boot lockups (git-fixes).
- crypto: qat - fix reuse of completion variable (git-fixes).
- crypto: qat - handle both source of interrupt in VF ISR
(git-fixes).
- crypto: omap-sham - clear dma flags only after
omap_sham_update_dma_stop() (git-fixes).
- crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes).
- commit dc6c442
- ax25: NPD bug when detaching AX25 device (git-fixes).
- clk: Don't parent clks until the parent is fully registered
(git-fixes).
- clk: qcom: regmap-mux: fix parent clock lookup (git-fixes).
- can: kvaser_usb: get CAN clock frequency from device
(git-fixes).
- can: sja1000: fix use after free in ems_pcmcia_add_card()
(git-fixes).
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
(git-fixes).
- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
(git-fixes).
- crypto: qat - do not ignore errors from enable_vf2pf_comms()
(git-fixes).
- commit 56c7fe1
- ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s
(git-fixes).
- ASoC: meson: aiu: fifo: Add missing
dma_coerce_mask_and_coherent() (git-fixes).
- ASoC: codecs: wsa881x: fix return values from kcontrol put
(git-fixes).
- ASoC: codecs: wcd934x: return correct value from mixer put
(git-fixes).
- ASoC: codecs: wcd934x: handle channel mappping list correctly
(git-fixes).
- ASoC: qdsp6: q6routing: Fix return value from
msm_routing_put_audio_mixer (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes).
- ASoC: tegra: Fix wrong value type in DSPK (git-fixes).
- ASoC: tegra: Fix wrong value type in DMIC (git-fixes).
- ASoC: tegra: Fix wrong value type in I2S (git-fixes).
- ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes).
- ASoC: codecs: wcd934x: return error code correctly from
hw_params (git-fixes).
- ASoC: cs42l42: Correct configuring of switch inversion from
ts-inv (git-fixes).
- ASoC: soc-core: fix null-ptr-deref in
snd_soc_del_component_unlocked() (git-fixes).
- amd/display: downgrade validation failure log level (git-fixes).
- ASoC: cs42l42: Use device_property API instead of of_property
(git-fixes).
- ASoC: cs42l42: Disable regulators if probe fails (git-fixes).
- commit 4fe697d
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes).
- commit 02956db
- ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
(git-fixes).
- commit 9c729e6
- ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes).
- ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes).
- ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
(git-fixes).
- ALSA: jack: Check the return value of kstrdup() (git-fixes).
- ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897
platform (git-fixes).
- commit d2b626b
- fget: check that the fd still exists after getting a ref to it
(bsc#1193727 CVE-2021-4083).
- commit 9958eae
- ALSA: ctl: Fix copy of updated id with element read/write
(git-fixes).
- ALSA: pcm: oss: Handle missing errors in
snd_pcm_oss_change_params*() (git-fixes).
- ALSA: pcm: oss: Limit the period size to 16MB (git-fixes).
- ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes).
- ACPI: Add stubs for wakeup handler functions (git-fixes).
- ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes).
- ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
(git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
(git-fixes).
- ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers
(git-fixes).
- commit 5e82764
- btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149).
- commit 5719af8
- kprobes: Limit max data_size of the kretprobe instances
(bsc#1193669).
- commit c7a83f7
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- commit 9a89323
- blacklist.conf: Add 7ee285395b21 cgroup: Make rebind_subsystems() disable v2 controllers all at once
- commit 11abfa4
- blacklist.conf: Add 6ba34d3c7367 cgroup/cpuset: Fix violation of cpuset locking rule
- commit a116f42
- ipv6: use prandom_u32() for ID generation (CVE-2021-45485
bsc#1194094).
- commit ea9f5f6
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266).
- scsi: lpfc: Add additional debugfs support for CMF
(bsc#1194266).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver
cleanup (bsc#1194266).
- scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance
(bsc#1194266).
- scsi: lpfc: Change return code on I/Os received during link
bounce (bsc#1194266).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
(bsc#1194266).
- commit f7f7742
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch
Update meta data and move the patch into the sorted section.
- commit 9223d1e
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
(git-fixes).
- wireguard: receive: drop handshakes if queue lock is contended
(git-fixes).
- wireguard: receive: use ring buffer for incoming handshakes
(git-fixes).
- wireguard: device: reset peer src endpoint when netns exits
(git-fixes).
- wireguard: selftests: actually test for routing loops
(git-fixes).
- wireguard: selftests: increase default dmesg log size
(git-fixes).
- wireguard: allowedips: add missing __rcu annotation to satisfy
sparse (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in
qla_edif_app_getfcinfo() (git-fixes).
- scsi: qla2xxx: Fix mailbox direction flags in
qla2xxx_get_adapter_id() (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down
(git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- commit f28a9ca
- ipv6: use prandom_u32() for ID generation (CVE-2021-45485
bsc#1194094).
- commit 34edd9c
- inet: use bigger hash table for IP ID generation (CVE-2021-45486
bsc#1194087).
- commit 28e6987
- inet: use bigger hash table for IP ID generation (CVE-2021-45486
bsc#1194087).
- commit 1f316eb
- media: Revert "/media: uvcvideo: Set unique vdev name based in
type"/ (bsc#1193255).
- commit 6d6cdd3
- net: create netdev->dev_addr assignment helpers (git-fixes).
- commit 49be0aa
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1193993).
- commit 2c7711e
- Correct porting that occured from SP2:
patches.suse/bpf-Fix-toctou-on-read-only-map-s-constant-scalar-tracking.patch.
- commit 89dd21e
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- commit cd27ffb
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
- recordmcount.pl: look for jgnop instruction as well as bcrl
on s390 (bsc#1192267).
- Delete patches.suse/ftrace-recordmcount-binutils.patch.
- commit b7ea99b
- EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
- commit 24c4284
- Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge
- commit 6bd4e83
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
(bsc#1152489).
- commit 86f2e0e
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
(bsc#1152489).
- commit 653ca7c
- Update config files.
- commit 7b17171
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- bfq: Limit number of requests consumed by each cgroup
(bsc#1184318).
- bfq: Store full bitmap depth in bfq_data (bsc#1184318).
- bfq: Track number of allocated requests in bfq_entity
(bsc#1184318).
- block: Provide blk_mq_sched_get_icq() (bsc#1184318).
- commit b145381
- blacklist.conf: ef775a0e36c6 x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
- commit 77f7f56
- bpf, s390: Fix potential memory leak about jit_data (git-fixes).
- commit a96c419
- blacklist.conf: duplicate
- commit 21615d4
- bpf, x86: Fix "/no previous prototype"/ warning (git-fixes).
- commit 56004e0
- serial: 8250: Fix RTS modem control while in rs485 mode
(git-fixes).
- commit b2a12fa
- usb: gadget: u_ether: fix race in setting MAC address in setup
phase (git-fixes).
- commit e9c3803
- Refresh patches.suse/new-helper-lookup_positive_unlocked.patch.
Fix part of hunk removed by an earlier refresh.
(non-functional change)
- commit 74aed66
- handle KABI change in struct bpf_map (bsc#1192990
CVE-2021-4001).
- bpf: Fix toctou on read-only map's constant scalar tracking
(bsc#1192990 CVE-2021-4001).
- commit 38c062a
- xen/netback: don't queue unlimited number of packages
(CVE-2021-28715 XSA-392 bsc#1193442).
- commit e989a63
- xen/netback: fix rx queue stall detection (CVE-2021-28714
XSA-392 bsc#1193442).
- commit bee9756
- xen/console: harden hvc_xen against event channel storms
(CVE-2021-28713 XSA-391 bsc#1193440).
- commit fc934bd
- xen/netfront: harden netfront against event channel storms
(CVE-2021-28712 XSA-391 bsc#1193440).
- commit 0168f42
- xen/blkfront: harden blkfront against event channel storms
(CVE-2021-28711 XSA-391 bsc#1193440).
- commit 80dd44a
- fix patches metadata
- fix Patch-mainline:
- patches.suse/01-cifs-remove-redundant-initialization-of-variable-rc.patch
- patches.suse/03-cifs-update-internal-module-version-number.patch
- patches.suse/CIFS-Fix-bug-which-the-return-value-by-asynchronous-read-is-error.patch
- patches.suse/CIFS-Spelling-s-EACCESS-EACCES-.patch
- patches.suse/CIFS-Warn-less-noisily-on-default-mount.patch
- patches.suse/CIFS-check-new-file-size-when-extending-file-by-fallocate.patch
- patches.suse/Replace-HTTP-links-with-HTTPS-ones-CIFS.patch
- patches.suse/SMB3-Add-new-compression-flags.patch
- patches.suse/SMB3-Add-new-info-level-for-query-directory.patch
- patches.suse/SMB3-Additional-compression-structures.patch
- patches.suse/SMB3-Minor-cleanup-of-protocol-definitions.patch
- patches.suse/cifs-Allocate-encryption-header-through-kmalloc.patch
- patches.suse/cifs-Avoid-field-over-reading-memcpy-.patch
- patches.suse/cifs-Constify-static-struct-genl_ops.patch
- patches.suse/cifs-Do-not-leak-EDEADLK-to-dgetents64-for-STATUS_USER_SESSION_DELE.patch
- patches.suse/cifs-allow-unlock-flock-and-OFD-lock-across-fork.patch
- patches.suse/cifs-avoid-extra-calls-in-posix_info_parse.patch
- patches.suse/cifs-cifs_md4-convert-to-SPDX-identifier.patch
- patches.suse/cifs-cifspdu-h-Replace-zero-length-array-with-flexible-array-membe.patch
- patches.suse/cifs-clear-PF_MEMALLOC-before-exiting-demultiplex-thread.patch
- patches.suse/cifs-convert-list_for_each-to-entry-variant-in-cifs_debug-c.patch
- patches.suse/cifs-convert-list_for_each-to-entry-variant-in-smb2misc-c.patch
- patches.suse/cifs-create-a-MD4-module-and-switch-cifs-ko-to-use-it.patch
- patches.suse/cifs-create-sd-context-must-be-a-multiple-of-8.patch
- patches.suse/cifs-enable-extended-stats-by-default.patch
- patches.suse/cifs-fix-NULL-dereference-in-smb2_check_message-.patch
- patches.suse/cifs-fix-SMB1-error-path-in-cifs_get_file_info_unix.patch
- patches.suse/cifs-fix-a-memleak-with-modefromsid.patch
- patches.suse/cifs-fix-doc-warnings-in-cifs_dfs_ref-c.patch
- patches.suse/cifs-fix-incorrect-kernel-doc-comments.patch
- patches.suse/cifs-fix-ipv6-formating-in-cifs_ses_add_channel.patch
- patches.suse/cifs-fix-missing-spinlock-around-update-to-ses-status.patch
- patches.suse/cifs-fix-unneeded-null-check.patch
- patches.suse/cifs-fix-wrong-release-in-sess_alloc_buffer-failed-path.patch
- patches.suse/cifs-fork-arc4-and-create-a-separate-module-for-it-for-cifs-and-oth.patch
- patches.suse/cifs-have-cifs_fattr_to_inode-refuse-to-change-type-on-live-inode.patch
- patches.suse/cifs-have-mkdir-handle-race-with-another-client-sanely.patch
- patches.suse/cifs-improve-fallocate-emulation.patch
- patches.suse/cifs-missed-ref-counting-smb-session-in-find.patch
- patches.suse/cifs-missing-null-check-for-newinode-pointer.patch
- patches.suse/cifs-nosharesock-should-be-set-on-new-server.patch
- patches.suse/cifs-populate-server_hostname-for-extra-channels.patch
- patches.suse/cifs-remove-duplicated-prototype.patch
- patches.suse/cifs-remove-pathname-for-file-from-SPDX-header.patch
- patches.suse/cifs-remove-two-cases-where-rc-is-set-unnecessarily-in-sid_to_id.patch
- patches.suse/cifs-retry-lookup-and-readdir-when-EAGAIN-is-returned-.patch
- patches.suse/cifs-smb2pdu-h-Replace-zero-length-array-with-flexible-array-membe.patch
- patches.suse/cifs-smbd-Calculate-the-correct-maximum-packet-size-for-segmented-.patch
- patches.suse/cifs-smbd-Check-and-extend-sender-credits-in-interrupt-context.patch
- patches.suse/cifs-update-internal-version-number-0b03fe6d.patch
- patches.suse/cifs-use-SPDX-Licence-Identifier.patch
- patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch
- patches.suse/do_cifs_create-don-t-set-i_mode-of-something-we-had-not-created.patch
- patches.suse/fs-cifs-Initialize-filesystem-timestamp-ranges.patch
- patches.suse/fs-cifs-fix-gcc-warning-in-sid_to_id.patch
- patches.suse/linux-parser-h-add-include-guards.patch
- patches.suse/smb2-clarify-rc-initialization-in-smb2_reconnect.patch
- patches.suse/smb3-Avoid-Mid-pending-list-corruption.patch
- patches.suse/smb3-Call-cifs-reconnect-from-demultiplex-thread.patch
- patches.suse/smb3-Handle-error-case-during-offload-read-path.patch
- patches.suse/smb3-fix-posix-extensions-mount-option.patch
- patches.suse/smb3-fix-possible-access-to-uninitialized-pointer-to-DACL.patch
- patches.suse/smb3-fix-uninitialized-value-for-port-in-witness-protocol-move.patch
- patches.suse/smb3-prevent-races-updating-CurrentMid.patch
- patches.suse/smb3-use-SMB2_SIGNATURE_SIZE-define.patch
- patches.suse/smb311-remove-dead-code-for-non-compounded-posix-query-info.patch
- patches.suse/smbdirect-missing-rc-checks-while-waiting-for-rdma-events.patch
- patches.suse/vfs-don-t-parse-forbidden-flags.patch
- commit 9d51829
- hwmon: (k10temp) Remove residues of current and voltage
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Rework the temperature offset calculation
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139
jsc#ECO-3666).
- x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Remove support for displaying voltage and
current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Define SVI telemetry and current factors for
Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Create common functions and macros for Zen
CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) make some symbols static (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update driver documentation (jsc#SLE-17823
jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Reorganize and simplify temperature support
detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update documentation and add temp2_input info
(jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- commit 84d83f2
- kernel-obs-build: remove duplicated/unused parameters
lbs=0 - this parameters is just giving "/unused parameter"/ and it looks
like I can not find any version that implemented this.
rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it
alread loads the kernel module.
quiet and panic=1 will now be also always added by OBS, so we don't have
to set it here anymore.
- commit 972c692
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- ice: ignore dropped packets during init (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF
(git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- qede: validate non LSO skb length (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in
mlx4_en_try_alloc_resources() (git-fixes).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in
qlcnic_83xx_add_rings() (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353
bnc#1151927 5.3.9).
- igb: fix netpoll exit with traffic (git-fixes).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid
(git-fixes).
- iavf: Prevent changing static ITR values if adaptive moderation
is on (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- net/mlx5: Update error handler for UCTX and UMEM (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: don't clear a lock we don't hold (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered
yet (git-fixes).
- commit 03289fd
- Update
patches.suse/ring-buffer-Protect-ring_buffer_reset-from-reentrancy.patch
(CVE-2020-27825 bsc#1179960).
- commit dc9e1e4
- Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge
- commit 7a595e1
- ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- commit 34f6968
- ice: create scheduler aggregator node config and move VSIs
(bsc#1182404 CVE-2020-24504).
- commit c99471f
- blacklist.conf: Add commit ec2a29593c83
Not a fix per-se, and removes a logging feature we need.
- commit a11b223
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- Refresh patches.suse/tracing-save-normal-string-variables.patch.
- commit 38905d3
- tty: hvc: replace BUG_ON() with negative return value
(git-fixes).
- commit 7ffe7bd
- xen/netfront: don't trust the backend response data blindly
(git-fixes).
- commit da41a54
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- commit b0fca08
- xen/netfront: don't read data from request on the ring page
(git-fixes).
- commit 6ebcb04
- xen/netfront: read response from backend only once (git-fixes).
- commit fedf742
- xen/blkfront: don't trust the backend response data blindly
(git-fixes).
- commit 6a791ee
- xen/blkfront: don't take local copy of a request from the ring
page (git-fixes).
- commit 7bc0bc1
- xen/blkfront: read response from backend only once (git-fixes).
- commit 674c286
- xen: sync include/xen/interface/io/ring.h with Xen's newest
version (git-fixes).
- commit 0333f3c
- x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword,
and qword (bsc#1178134).
- commit d8e4de4
- xen/pvh: add missing prototype to header (git-fixes).
- commit 3762eb9
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- commit 0b2da73
- tracing: Add length protection to histogram string copies
(git-fixes).
- commit e386e69
- ring-buffer: Protect ring_buffer_reset() from reentrancy
(bsc#1179960).
- commit c5cf6b9
- elfcore: correct reference to CONFIG_UML (git-fixes).
- commit 2b36804
- blacklist.conf: ("/ARM: at91: pm: do not panic if ram controllers are not enabled"/)
- commit ef792af
- ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
- commit e2dd35b
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- commit c7eba50
- ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- commit 119681c
- ARM: 9155/1: fix early early_iounmap() (git-fixes)
- commit 70adb7b
- blacklist.conf: ("/ARM: dts: stm32: fix SAI sub nodes register range"/)
- commit e027ea9
- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- commit 48ea472
- ARM: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
- commit 41f0870
- arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- commit 0163af2
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- commit ec0a139
- blacklist.conf: ("/ARM: 9131/1: mm: Fix PXN process with LPAE feature"/)
- commit 93193ac
- ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- commit 8331a56
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- commit 47dc5e0
- ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
- commit 72d9e60
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- commit 8c43bfe
- ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- commit b68c97c
- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- commit 1f4fc66
- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- commit afd1b25
- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- commit f888650
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- commit 8a7bc09
- ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- commit 6cf3093
- ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- commit 51225a0
- ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- commit 47ca382
- ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- commit 7b83a15
- ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- commit 9c0ad71
- ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- commit 87f59d6
- ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- commit f2b1a59
- ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- commit 0950c36
- ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- commit 2c0a46d
- ARM: imx: add missing clk_disable_unprepare() (git-fixes)
- commit 7574099
- ARM: imx: add missing iounmap() (git-fixes)
- commit ba7a7f4
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- commit 0c3bad2
- ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- commit 9a36822
- ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- commit 510212d
- Revert "/- rpm/*build: use buildroot macro instead of env variable"/
buildroot macro is not being expanded inside a shell script. go
back to the environment variable usage. This reverts parts of
commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
(git-fixes).
- scsi: mpi3mr: Fix duplicate device entries when scanning
through sysfs (git-fixes).
- commit 571aab7
- kernel-obs-build: include the preferred kernel parameters
Currently the Open Build Service hardcodes the kernel boot parameters
globally. Recently functionality was added to control the parameters
by the kernel-obs-build package, so make use of that. parameters here
will overwrite what is used by OBS otherwise.
- commit a631240
- blacklist.conf: duplicate
- commit 9669784
- blacklist.conf: this is a feature, not a bug fix
- commit e867f95
- blacklist.conf: breaks kABI
- commit 8b90f7c
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
(git-fixes).
- commit 2b7a551
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158)
- commit bf246e6
- ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- commit cff82d0
- ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- commit a7ab48f
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- commit b28eb93
- ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- commit 4640950
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- commit 07a7105
- ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- commit fb3d156
- Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge
- commit fc7ecfa
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- commit 6f413fc
- smb3: add missing worker function for SMB3 change notify
(bsc#1164565).
- commit 7dfec0e
- cifs: clarify comment about timestamp granularity for old
servers (bsc#1192606).
- commit e302b8e
- cifs: add shutdown support (bsc#1192606).
- commit 45b0629
- fs/cifs: Fix resource leak (bsc#1192606).
- commit 435efab
- SMB3: incorrect file id in requests compounded with open
(bsc#1192606).
- commit 7138acd
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- commit 7179a79
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 243e364
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
(git-fixes).
- commit 57e2087
- net: linkwatch: fix failure to restore device state across
suspend/resume (bsc#1192511).
- commit da353d0
- usb: chipidea: ci_hdrc_imx: fix potential error pointer
dereference in probe (git-fixes).
- commit 9219d9f
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779,
bsc#1185726).
- commit dc924dc
- net: mana: Fix spelling mistake "/calledd"/ -> "/called"/
(jsc#SLE-18779, bsc#1185726).
- commit 171413e
- net: mana: Support hibernation and kexec (jsc#SLE-18779,
bsc#1185726).
- commit ab32809
- net: mana: Improve the HWC error handling (jsc#SLE-18779,
bsc#1185726).
- commit 0f23087
- net: mana: Fix the netdev_err()'s vPort argument in
mana_init_port() (jsc#SLE-18779, bsc#1185726).
- commit 0f3038d
- net: mana: Allow setting the number of queues while the NIC
is down (jsc#SLE-18779, bsc#1185726).
- commit 9e016ed
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779,
bsc#1185726).
- commit dc3817d
- kernel-obs-build: inform build service about virtio-serial
Inform the build worker code that this kernel supports virtio-serial,
which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
The RPM_BUILD_ROOT variable is considered deprecated over
a buildroot macro. future proof the spec files.
- commit e2f6026
- Bluetooth: btrtl: Refine the ic_id_table for clearer and more
regular (bsc#1193655).
- commit 5fc0c7f
- Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE
(bsc#1193655).
- commit d23fcbd
- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
(bsc#1193655).
- commit 74054a3
- Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE
(bsc#1193655).
- commit 976fe83
- Bluetooth: btusb: Add the new support ID for Realtek RTL8852A
(bsc#1193655).
- commit e2de704
- Bluetooth: btusb: btrtl: Add support for RTL8852A
(bsc#1193655).
Refresh
patches.suse/Bluetooth-Add-a-new-USB-ID-for-RTL8822CE.patch.
- commit 1f6a020
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- net: hns3: remove check VF uc mac exist when set by PF
(bsc#1154353).
- ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926).
- net: hns3: fix misuse vf id and vport id in some logs
(bsc#1154353).
- net: hns3: change affinity_mask to numa node range
(bsc#1154353).
- commit 5fbb3a3
- scsi: lpfc: Fix non-recovery of remote ports following an
unsolicited LOGO (bsc#1189126).
- commit 96fe76d
- blacklist.conf: add RK3399 build fixes
- commit c24ec31
- perf/x86/vlbr: Add c->flags to vlbr event constraints
(git-fixes).
- perf/x86/intel: Fix unchecked MSR access error caused by
VLBR_EVENT (git-fixes).
- commit 4672585
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
(bsc#1152489).
- commit b35a237
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
(git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
server (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
(git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
events (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- commit 3214492
- drm/msm/a6xx: Allocate enough space for GMU registers
(git-fixes).
- commit a2af3ce
- ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- commit cd23dfc
- ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
- commit 9fec7bf
- ARM: 9091/1: Revert "/mm: qsd8x50: Fix incorrect permission faults"/ (git-fixes)
- commit cc97587
- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- commit 9fd71ed
- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- commit e361720
- ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- commit 39de4e4
- ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- commit 2108be4
- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- commit 51106d9
- ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- commit 8a73a55
- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- commit 9dccbbe
- x86/entry: Add a fence for kernel entry SWAPGS in
paranoid_entry() (bsc#1178134).
- commit c461123
- blacklist.conf: ("/ARM: Qualify enabling of swiotlb_init()"/)
- commit 3a03503
- ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- commit c4443e6
- ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- commit 0989312
- ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- commit b1ce2e7
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- commit efd5a9f
- ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- commit 98458fd
- ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- commit 35f11a7
- ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- commit d659cd8
- ARM: 9071/1: uprobes: Don't hook on thumb instructions (git-fixes)
- commit 9bc79c0
- ARM: footbridge: fix PCI interrupt mapping (git-fixes)
- commit f0751f6
- ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- commit 76d939a
- ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- commit cf71c65
- ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- commit d08c1a8
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- commit 54e3c21
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- commit ff66c7e
- ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- commit f75be8b
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- commit 55a4d6f
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- commit 55c22ee
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- commit 0c032b5
- ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- commit 76998ea
- ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- commit 022b373
- ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- commit 99c5961
- ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- commit 41b7bae
- blacklist.conf: ("/ARM: s3c: fix fiq for clang IAS"/)
- commit 6ccea05
- ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- commit 9b80745
- ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- commit 8b86722
- ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- commit ec1774b
- ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- commit 9bd1841
- ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- commit 5590e0e
- ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- commit 750c3a4
- ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- commit 9b258e6
- ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- commit 3cf3bd7
- ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- commit dac825a
- ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
- commit ca1a6a8
- ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- commit ac20b20
- ARM: dts: at91: sama5d2: map securam as device (git-fixes)
- commit 5e0e26a
- ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- commit d32253c
- ARM: dts: turris-omnia: add SFP node (git-fixes)
- commit 264fa55
- ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
- commit 8c11719
- ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- commit 45dd6a7
- ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
- commit 8c11cde
- ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- commit bb3a041
- ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- commit 4b9245d
- ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- commit 24a6157
- ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- commit 0d31715
- ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- commit 6c723a3
- ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- commit 4c799c5
- ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- commit 8a89ac4
- ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- commit ed85b4a
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- commit 37f8e3a
- ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- commit eaab047
- ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- commit 478b5c3
- ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- commit 1c3142f
- ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- commit dc84d7f
- ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- commit 181dea6
- ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
- commit 43c7beb
- ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- commit 87a64a2
- arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- commit 58f3f8d
- usb: dwc2: hcd_queue: Fix use of floating point literal
(git-fixes).
- commit 9a72c31
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of
"/0"/ if no IRQ is available (git-fixes).
- commit b87f8ef
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- commit aae012d
- ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- commit 2016228
- ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- commit 1a093ea
- ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- commit 531deee
- ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- commit 88a897f
- ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- commit 87e604e
- ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- commit a152164
- ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- commit 6b97887
- Revert "/arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to (git-fixes)
- commit 5efc234
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- commit 3f47a53
- blacklist.conf: ("/ARM: dts: stm32: Enable thermal sensor support on stm32mp15xx-dhcor"/)
- commit c1ed2bb
- ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- commit 1123941
- blacklist.conf: Same fix was already added
- commit b659a50
- ARM: mvebu: drop pointless check for coherency_base (git-fixes)
- commit 8b93ab4
- ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- commit 441e98d
- ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- commit 5979072
- arm: dts: mt7623: add missing pause for switchport (git-fixes)
- commit 96b3f01
- ARM: dts: imx6sl: fix rng node (git-fixes)
- commit 39ee2e5
- blacklist.conf: ("/ARM: imx: Place "/Cortex-A/Cortex-M"/ comment in the correct location"/)
- commit 3f47f6f
- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- commit 18aa25f
- ARM: at91: pm: of_node_put() after its usage (git-fixes)
- commit 1722a9b
- ARM: samsung: don't build plat/pm-common for Exynos (git-fixes)
- commit 7b4ccbe
- ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- commit 7a7156c
- ARM: s3c24xx: fix missing system reset (git-fixes)
- commit e7eaa12
- ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes)
- commit 7cece2c
- kabi: hide changes to struct uv_info (git-fixes).
- commit 1dd17d6
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
(git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
(git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support
(git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- rt2x00: do not mark device gone on EPROTO errors during start
(git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of
"/0"/ if no IRQ is available (git-fixes).
- USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
- USB: serial: option: add Telit LE910S1 0x9200 composition
(git-fixes).
- ALSA: ctxfi: Fix out-of-range access (git-fixes).
- commit bab211f
- xhci: Fix commad ring abort, write all 64 bits to CRCR register
(bsc#1192569).
- commit 9d2b3aa
- tracing: Fix pid filtering when triggers are attached
(git-fixes).
- commit 8872e72
- blacklist.conf: 27ff768fa21c ("/tracing: Test the 'Do not trace this pid' case in create event"/)
Not applicable. SLE15-SP2 does not have no_pid_list.
- commit a013b01
- tracing: Check pid filtering when creating events (git-fixes).
- commit 44dc77e
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
(bsc#1192845 CVE-2021-43975).
- commit 6156c39
- s390/uv: fully validate the VMA before calling follow_page()
(git-fixes).
- commit 3c6388f
- s390: mm: Fix secure storage access exception handling
(git-fixes).
- commit 0d49ecf
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
(git-fixes).
- commit d4d7214
- xhci: Fix commad ring abort, write all 64 bits to CRCR register
(git-fixes).
- commit 39dcce2
- Move upstreamed USB fix into sorted section
- commit 8151472
- kABI: dm: fix deadlock when swapping to encrypted device
(bsc#1186332).
- md/raid10: Remove unnecessary rcu_dereference in
raid10_handle_discard (bsc#1192320).
- dm raid: remove unnecessary discard limits for raid0 and raid10
(bsc#1192320).
- md/raid10: improve discard request for far layout (bsc#1192320).
- md/raid10: improve raid10 discard request (bsc#1192320).
- md/raid10: pull the code that wait for blocked dev into one
function (bsc#1192320).
- md/raid10: extend r10bio devs to raid disks (bsc#1192320).
- md: add md_submit_discard_bio() for submitting discard bio
(bsc#1192320).
- dm: fix deadlock when swapping to encrypted device
(bsc#1186332).
- md/raid10: initialize r10_bio->read_slot before use
(bsc#1192320).
- commit 5a81276
- x86/mpx: Disable MPX for 32-bit userland (bsc#1193139).
- commit cdba19a
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349
ltc#195568).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349
ltc#195568).
- commit 718e27a
- xhci: Fix commad ring abort, write all 64 bits to CRCR register
(bsc#1192569).
- commit b70b7a9
- fuse: release pipe buf after last use (bsc#1193318).
- commit b7ec5ee
- Rename colliding patches before the next SLE15-SP2 -> SLE15-SP3 merge
- commit 99db4af
- rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306)
After usrmerge, vmlinux file is not named vmlinux-<version>, but simply
vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set.
So fix this by removing the dash...
- commit 83af88d
- Blacklist SCSI commit that breaks kABI (git-fixes)
- commit 43a023a
- series.conf: cleanup
- drop superfluous empty lines
- commit 72e63ac
- fix patch metadata
- fix Patch-mainline and drop duplicate References tag:
- patches.suse/hugetlbfs-flush-TLBs-correctly-after-huge_pmd_unshar.patch
- commit e2f354b
- fix patches metadata
- fix Patch-mainline:
- patches.suse/NFS-Don-t-set-NFS_INO_DATA_INVAL_DEFER-and-NFS_INO_I.patch
- patches.suse/NFS-Fix-deadlocks-in-nfs_scan_commit_list.patch
- patches.suse/NFS-Fix-up-commit-deadlocks.patch
- patches.suse/NFSv4-Fix-a-regression-in-nfs_set_open_stateid_locke.patch
- patches.suse/md-fix-a-lock-order-reversal-in-md_alloc.patch
- patches.suse/nfsd-don-t-alloc-under-spinlock-in-rpc_parse_scope_i.patch
- patches.suse/nfsd-fix-error-handling-of-register_pernet_subsys-in.patch
- patches.suse/nfsd4-Handle-the-NFSv4-READDIR-dircount-hint-being-z.patch
- patches.suse/pnfs-flexfiles-Fix-misplaced-barrier-in-nfs4_ff_layo.patch
- commit baf4f8d
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- commit 85cbd0e
- ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- commit 365e0a3
- ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- commit 653ed7e
- ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
- commit 6bfe2b5
- ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- commit 2da4f3c
- ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- commit 3bc0dcb
- ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- commit 9eeb7d3
- ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- commit d0779ee
- ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- commit de0d442
- ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- commit d1cc45c
- blacklist.conf: ("/ARM: dts: stm32: fix uart7_pins_a comments in stm32mp15-pinctrl"/)
Fix comment in a devicetree file.
- commit 4d3a412
- Update patches.suse/ixgbe-fix-large-MTU-request-from-VF.patch
(bsc#1192877 CVE-2021-33098).
Changed reference to CVE bug.
- commit 964f375
- blacklist.conf: ("/ARM: dts: sunxi: bananapi-m2-plus-v1.2: Add regulator supply to all"/)
Unsupported platform
- commit a16ce64
- blacklist.conf: ("/ARM: dts: renesas: Fix SD Card/eMMC interface device node names"/)
Cosmetic devicetree nodes name change
- commit 7ad6f49
- ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- commit b39464e
- blacklist.conf: ("/ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32mp15"/)
- commit ad658c1
- blacklist.conf: ("/ARM: uaccess: fix DACR mismatch with nested exceptions"/)
ARM cpus v3, v4, v4T, v5 are not supported
- commit 78b5a5d
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
(CVE-2021-43976 bsc#1192847).
- commit 1075cc3
- blacklist.conf: 85b6d24646e4 ("/shm: extend forced shm destroy to support objects from several IPC nses"/)
Unfortunately this breaks kABI and presents significant risk for
addressing a theoretical issue.
- commit e55a163
- ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- commit 8ec6f19
- ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- commit 6f5837f
- ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
- commit 3f5621e
- ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- commit 6c84d7b
- ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- commit 495045e
- ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- commit e76b97f
- ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- commit d5fa0dd
- ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- commit dc169bf
- ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- commit d09ddcf
- ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- commit b837795
- ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
- commit e9fee74
- ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
- commit 40b6417
- ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints (git-fixes)
- commit 8ad414c
- ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- commit 40f3f7f
- ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- commit 0fbc45e
- ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- commit f3253e8
- ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- commit c6689bd
- ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- commit d32973c
- ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- commit c712eb3
- ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- commit 8b361c5
- ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- commit 2acafcb
- ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- commit f5f5222
- ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- commit a210c92
- ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- commit 518acf3
- ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- commit ab8eba4
- ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- commit b7c7df8
- ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
- commit 9479804
- ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- commit 4c7d3d5
- Revert "/ARM: sti: Implement dummy L2 cache's write_sec"/ (git-fixes)
- commit 29d8881
- ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- commit 159db4e
- ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- commit dc96655
- ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- commit 240d4e7
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- commit 7258033
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- commit 64d852f
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- commit 8c6d859
- PM: hibernate: use correct mode for swsusp_close() (git-fixes).
- commit fef6f6f
- xhci: Fix USB 3.1 enumeration issues by increasing roothub
power-on-good delay (git-fixes).
- zram: off by one in read_block_state() (git-fixes).
- soc/tegra: Fix an error handling path in
tegra_powergate_power_up() (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error
in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- commit 4e28ede
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs()
fails (git-fixes).
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- PM: hibernate: Get block device exclusively in swsusp_check()
(git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
(git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- reset: socfpga: add empty driver allowing consumers to probe
(git-fixes).
- commit 864c87f
- mtd: core: don't remove debugfs directory if device is in use
(git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write
pointer (git-fixes).
- mwifiex: Properly initialize private structure on interface
type changes (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION
vif-type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver
(git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in
dibusb_read_eeprom_byte() (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- mmc: winbond: don't build on M68K (git-fixes).
- commit f93cc37
- media: rcar-csi2: Add checking to rcsi2_start_receiver()
(git-fixes).
- media: mceusb: return without resubmitting URB in case of
- EPROTO error (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog
receivers (git-fixes).
- media: imx: set a media_device bus_info string (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in
s5p_mfc_probe() (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: stm32: Potential NULL pointer dereference in
dcmi_irq_thread() (git-fixes).
- media: netup_unidvb: handle interrupt properly according to
the firmware (git-fixes).
- commit 0db8c1e
- drm/plane-helper: fix uninitialized variable reference
(git-fixes).
- Input: iforce - fix control-message timeout (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of
'xlr_i2c_probe()' (git-fixes).
- drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream
(git-fixes).
- lib/xz: Validate the value before assigning it to an enum
variable (git-fixes).
- lib/xz: Avoid overlapping memcpy() with invalid input with
in-place decompression (git-fixes).
- commit 40bd6e4
- dmaengine: dmaengine_desc_callback_valid(): Check for
`callback_result` (git-fixes).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy
Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart
C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330
quirk (v2) (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
(git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe()
(git-fixes).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3
(git-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
(git-fixes).
- commit 6b1a3ad
- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
(git-fixes).
- ALSA: synth: missing check for possible NULL after the call
to kstrdup (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- ALSA: timer: Unconditionally unlink slave instances, too
(git-fixes).
- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
(git-fixes).
- ALSA: timer: Fix use-after-free problem (git-fixes).
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference
in channel_detector_create() (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- Bluetooth: fix use-after-free error in lock_sock_nested()
(git-fixes).
- commit 3915ea5
- ASoC: topology: Add missing rwsem around snd_ctl_remove()
calls (git-fixes).
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
(git-fixes).
- PCI/MSI: Deal with devices lying about their MSI mask capability
(git-fixes).
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400
(git-fixes).
- ACPI: battery: Accept charges over the design capacity as full
(git-fixes).
- ACPICA: Avoid evaluating methods too early during system resume
(git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code
path (git-fixes).
- commit ce23462
- usb: typec: fusb302: Fix masking of comparator and bc_lvl
interrupts (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
(git-fixes).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541
(git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp
platform (git-fixes).
- usb: host: ohci-tmio: check return value after calling
platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling
platform_get_resource() (git-fixes).
- commit f36d57f
- NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
- Refresh
patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch.
- commit 176d8d4
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not
works on vga and dvi connectors (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
(git-fixes).
- platform/x86: hp_accel: Fix an error handling path in
'lis3lv02d_probe()' (git-fixes).
- NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
- NFC: reorganize the functions in nci_request (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in
st_lsm6dsx_set_odr() (git-fixes).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- commit 84fae0c
- ASoC: DAPM: Cover regression by kctl change notification fix
(git-fixes).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
(git-fixes).
- clk: imx: imx6ul: Move csi_sel mux to correct base register
(git-fixes).
- ASoC: nau8824: Add DMI quirk mechanism for active-high
jack-detect (git-fixes).
- ALSA: gus: fix null pointer dereference on pointer block
(git-fixes).
- ALSA: ISA: not for M68K (git-fixes).
- ASoC: SOF: Intel: hda-dai: fix potential locking issue
(git-fixes).
- ALSA: hda: hdac_ext_stream: fix potential locking issues
(git-fixes).
- ALSA: hda: hdac_stream: fix potential locking issue in
snd_hdac_stream_assign() (git-fixes).
- commit 970a05a
- Move upstreamed i8042 patch into sorted section
- commit c3e6588
- net/sched: sch_ets: don't peek at classes beyond 'nbands'
(bsc#1176774).
- mdio: aspeed: Fix "/Link is Down"/ issue (bsc#1176447).
- netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447).
- netfilter: ctnetlink: do not erase error code with EINVAL
(bsc#1176447).
- netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
(bsc#1176447).
- net/mlx5: E-Switch, return error if encap isn't supported
(jsc#SLE-15172).
- iavf: Fix for setting queues to 0 (jsc#SLE-12877).
- iavf: Fix return of set the new channel count (jsc#SLE-12877).
- ice: Remove toggling of antispoof for VF trusted promiscuous
mode (jsc#SLE-12878).
- ice: Fix VF true promiscuous mode (jsc#SLE-12878).
- ethtool: fix ethtool msg len calculation for pause stats
(jsc#SLE-15075).
- RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649).
- net: bridge: fix under estimation in br_get_linkxstats_size()
(bsc#1176447).
- commit ab96379
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus
(git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- swiotlb: Fix the type of index (git-fixes).
- commit 8842f17
- drm/amd/display: Set plane update flags for all planes in reset
(git-fixes).
- commit 55c8303
- drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
(git-fixes).
- commit 82083eb
- drm/nouveau/svm: Fix refcount leak bug and missing check
against null bug (git-fixes).
- commit 8795faa
- drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends
(git-fixes).
- commit 199d9e2
- powerpc/paravirt: correct preempt debug splat in
vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148
ltc#190702 git-fixes).
- powerpc: fix unbalanced node refcount in check_kvm_guest()
(jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- commit 62ae409
- powerpc/pseries: Move some PAPR paravirt functions to their own file
(bsc#1181148 ltc#190702 git-fixes).
- Refresh patches.suse/powerpc-Fix-build-error-in-paravirt.h.patch.
- Refresh patches.suse/powerpc-paravirt-Use-is_kvm_guest-in-vcpu_is_preempt.patch.
- commit 70c6628
- powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL
in power10 (jsc#SLE-13513 git-fixes).
- commit 2f92337
- iommu/mediatek: Fix out-of-range warning with clang (git-fixes).
- x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes).
- x86/sev: Fix stack type check in vc_switch_off_ist()
(git-fixes).
- powerpc/iommu: Report the correct most efficient DMA mask for
PCI devices (git-fixes).
- iommu/vt-d: Update the virtual command related registers
(git-fixes).
- firmware: qcom_scm: Mark string array const (git-fixes).
- x86/efi: Restore Firmware IDT before calling ExitBootServices()
(git-fixes).
- iommu/vt-d: Fix incomplete cache flush in
intel_pasid_tear_down_entry() (git-fixes).
- iommu/vt-d: Consolidate duplicate cache invaliation code
(git-fixes).
- commit 9d0f833
- block: Fix use-after-free issue accessing struct io_cq
(bsc#1193042).
- commit fba138d
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- igc: Remove phy->type checking (bsc#1193169).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- commit d98ae3f
- blacklist.conf: Add 78cc316e9583 bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
- commit 0433f83
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare
(bsc#1192946 CVE-2021-4002).
- commit 881e565
- tlb: mmu_gather: add tlb_flush_*_range APIs
- commit d3b54bc
- ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- commit 8a979c1
- vfs: don't parse forbidden flags (bsc#1192606).
- commit b4f81da
- cifs: update internal version number (bsc#1192606).
- commit 533a712
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- commit 78cfa97
- cifs: populate server_hostname for extra channels (bsc#1192606).
- commit e0e5007
- cifs: nosharesock should be set on new server (bsc#1192606).
- commit b2eb0d5
- cifs: introduce cifs_ses_mark_for_reconnect() helper
(bsc#1192606).
- commit fabb658
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- commit f988cac
- cifs: move debug print out of spinlock (bsc#1192606).
- commit 72a7576
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- commit 063d4ac
- Pass consistent param->type to fs_parse() (bsc#1192606).
[ ematsumiya:
- drop the case fs_param_is_fd
- leave .has_value in fs_parse_result so it doesn't break kabi
- still set .has_value in fs_parse() for real kabi compatibility
]
- commit 079697d
- cifs_debug: use %pd instead of messing with ->d_name
(bsc#1192606).
- commit 5879c56
- cifs: do not duplicate fscache cookie for secondary channels
(bsc#1192606).
- commit b392b26
- cifs: connect individual channel servers to primary channel
server (bsc#1192606).
- commit 6b9934f
- cifs: protect session channel fields with chan_lock
(bsc#1192606).
- commit cba50eb
- cifs: do not negotiate session if session already exists
(bsc#1192606).
- commit 37b3456
- smb3: do not setup the fscache_super_cookie until fsinfo
initialized (bsc#1192606).
- commit dc8e6c9
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- commit 7bd3c2c
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname
(bsc#1192606).
- commit 57f8572
- smb3: add additional null check in SMB311_posix_mkdir
(bsc#1192606).
- commit f7ca16b
- cifs: release lock earlier in dequeue_mid error case
(bsc#1192606).
- commit 6ed3f27
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- commit 7f013cc
- smb3: add additional null check in SMB2_open (bsc#1192606).
- commit 5aa4789
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- commit edaf472
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- commit 1b9729f
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- commit 977ff65
- smb3: do not error on fsync when readonly (bsc#1192606).
- commit a53c076
- cifs: for compound requests, use open handle if possible
(bsc#1192606).
- commit 523067d
- cifs: set a minimum of 120s for next dns resolution
(bsc#1192606).
- commit 4683b0e
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- commit 25eec6a
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- commit 5c260fb
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- commit 8cc2716
- cifs: fix print of hdr_flags in dfscache_proc_show()
(bsc#1192606, jsc#SLE-20042).
- commit d8767b8
- cifs: send workstation name during ntlmssp session setup
(bsc#1192606).
- commit 191b330
- cifs: nosharesock should not share socket with future sessions
(bsc#1192606).
- commit f8381d3
- smb3: add dynamic trace points for socket connection
(bsc#1192606).
- commit af7190b
- cifs: Move SMB2_Create definitions to the shared area
(bsc#1192606).
- commit c39b2e7
- cifs: Move more definitions into the shared area (bsc#1192606).
- commit 46ad0a8
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common
area (bsc#1192606).
- commit 471ec2c
- cifs: Create a new shared file holding smb2 pdu definitions
(bsc#1192606).
- commit 666d060
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- commit 3f1b011
- cifs: To match file servers, make sure the server hostname
matches (bsc#1192606).
- commit 3d59b5a
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1192606).
- commit 4a5b3cf
- smb3: correct server pointer dereferencing check to be more
consistent (bsc#1192606).
- commit cf76bd0
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- commit f6eec49
- cifs: fix a sign extension bug (bsc#1192606).
- commit c1600fb
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- commit ae1bb97
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- commit 7154307
- cifs: properly invalidate cached root handle when closing it
(bsc#1192606).
- commit 90012c3
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- commit f1d3f93
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- Add to supported.conf:
fs/smbfs_common/cifs_arc4
fs/smbfs_common/cifs_md4
- Update configs to add CONFIG_SMBFS_COMMON=m.
- commit 8eb0a93
- cifs: update FSCTL definitions (bsc#1192606).
- commit fe93d4e
- cifs: Do not leak EDEADLK to dgetents64 for
STATUS_USER_SESSION_DELETED (bsc#1192606).
- commit 13a1d4e
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- commit 0b7db2c
- cifs: create a MD4 module and switch cifs.ko to use it
(bsc#1192606).
- commit 5c0b1ab
- cifs: fork arc4 and create a separate module for it for cifs
and other users (bsc#1192606).
- commit 08b687d
- smb3: fix posix extensions mount option (bsc#1192606).
- commit 447f6db
- cifs: fix wrong release in sess_alloc_buffer() failed path
(bsc#1192606).
- commit def0bcb
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- commit 096d6a1
- cifs: add missing parsing of backupuid (bsc#1192606).
- commit 36915d3
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- commit 81628e1
- SMB3: fix readpage for large swap cache (bsc#1192606).
- commit 50e1259
- cifs: fix fallocate when trying to allocate a hole
(bsc#1192606).
- commit 39a73fc
- CIFS: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- commit d18ffe8
- CIFS: Clarify SMB1 code for POSIX Create (bsc#1192606).
- commit 5b09e6b
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- commit 870c80c
- cifs: only write 64kb at a time when fallocating a small region
of a file (bsc#1192606).
- commit dfb364b
- cifs: do not share tcp sessions of dfs connections
(bsc#1185902).
- commit 7ce02ee
- SMB3.1.1: fix mount failure to some servers when compression
enabled (bsc#1192606).
- commit a8dda65
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- commit 4b0d839
- cifs: fix missing null session check in mount (bsc#1192606).
- commit 92a9403
- cifs: handle reconnect of tcon when there is no cached dfs
referral (bsc#1192606).
- commit 4ce8b06
- cifs: fix the out of range assignment to bit fields in
parse_server_interfaces (bsc#1192606).
- commit 42c8dc1
- cifs: Do not use the original cruid when following DFS links
for multiuser mounts (bsc#1192606).
- commit 70bcc44
- cifs: use the expiry output of dns_query to schedule next
resolution (bsc#1192606).
- commit ea7928e
- cifs: update internal version number (bsc#1192606).
- commit bf989a2
- cifs: prevent NULL deref in cifs_compose_mount_options()
(bsc#1185902).
- commit ad0c70e
- SMB3.1.1: Add support for negotiating signing algorithm
(bsc#1192606).
- commit f88f74e
- cifs: use helpers when parsing uid/gid mount options and
validate them (bsc#1192606).
- commit 98e7d9d
- CIFS: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- commit 44c5e82
- CIFS: Clarify SMB1 code for rename open file (bsc#1192606).
- commit 5a31de1
- CIFS: Clarify SMB1 code for delete (bsc#1192606).
- commit a09e98c
- CIFS: Clarify SMB1 code for SetFileSize (bsc#1192606).
- commit 7d84b0d
- smb3: fix typo in header file (bsc#1192606).
- commit eec60ea
- CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- commit 1df5f2f
- CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- commit 7f112a3
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- commit b93dd21
- cifs: make locking consistent around the server session status
(bsc#1192606).
- commit 7dc9081
- smb3: prevent races updating CurrentMid (bsc#1192606).
- commit caed321
- cifs: fix missing spinlock around update to ses->status
(bsc#1192606).
- commit fae1702
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit 72034e4
- smb3: fix possible access to uninitialized pointer to DACL
(bsc#1192606).
- commit 29f7d0b
- cifs: missing null check for newinode pointer (bsc#1192606).
- commit d21103a
- cifs: remove two cases where rc is set unnecessarily in
sid_to_id (bsc#1192606).
- commit 08acf32
- SMB3: Add new info level for query directory (bsc#1192606).
- commit 83500f7
- cifs: fix NULL dereference in smb2_check_message()
(bsc#1192606).
- commit ee58187
- smbdirect: missing rc checks while waiting for rdma events
(bsc#1192606).
- commit d6f86c9
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- commit befb9f9
- smb311: remove dead code for non compounded posix query info
(bsc#1192606).
- commit eb8a15a
- cifs: fix SMB1 error path in cifs_get_file_info_unix
(bsc#1192606).
- commit bdcf5b5
- smb3: fix uninitialized value for port in witness protocol move
(bsc#1192606).
- commit b99ff72
- cifs: fix unneeded null check (bsc#1192606).
- commit 4e78f5e
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- commit fe025f6
- cifs: convert list_for_each to entry variant in cifs_debug.c
(bsc#1192606).
- commit 8d27424
- cifs: convert list_for_each to entry variant in smb2misc.c
(bsc#1192606).
- commit bf17685
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- commit df5a926
- cifs: retry lookup and readdir when EAGAIN is returned
(bsc#1192606).
- commit 503d9f4
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit 93ab561
- cifs: enable extended stats by default (bsc#1192606).
- commit 31058c0
- cifs: missed ref-counting smb session in find (bsc#1192606).
- commit 036df29
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit 06c9b3f
- cifs: set a minimum of 2 minutes for refreshing dfs cache
(bsc#1185902).
- commit 89e70a9
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 1725c18
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 7cb133a
- cifs: keep referral server sessions alive (bsc#1185902).
- commit 0f9891c
- cifs: get rid of @noreq param in __dfs_cache_find()
(bsc#1185902).
- commit 8c17775
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit 5403cd0
- cifs: improve fallocate emulation (bsc#1192606).
- commit 69387e0
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- commit ed7aa17
- cifs: remove redundant initialization of variable rc
(bsc#1192606).
- commit 1db8433
- cifs: Constify static struct genl_ops (bsc#1192606).
- commit 8c8e6b1
- cifs: Remove unused inline function is_sysvol_or_netlogon()
(bsc#1185902).
- commit f81891f
- cifs: remove duplicated prototype (bsc#1192606).
- commit e27f304
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- commit 231f6f1
- cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
- commit 1e18e17
- cifs: fix string declarations and assignments in tracepoints
(bsc#1192606).
- commit 5159f90
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0
(bsc#1192606).
- commit f561ad9
- cifs: Fix inconsistent indenting (bsc#1192606).
- commit c386cb1
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- commit 845634d
- smb3: if max_channels set to more than one channel request
multichannel (bsc#1192606).
- commit 93e55f7
- smb3: do not attempt multichannel to server which does not
support it (bsc#1192606).
- commit e1b5be8
- smb3: when mounting with multichannel include it in requested
capabilities (bsc#1192606).
- commit b03c460
- cifs: fix regression when mounting shares with prefix paths
(bsc#1192606).
- commit 59233de
- cifs: use echo_interval even when connection not ready
(bsc#1192606).
- commit 15fd173
- cifs: detect dead connections only when echoes are enabled
(bsc#1192606).
- commit 5c84eeb
- smb3.1.1: allow dumping keys for multiuser mounts (bsc#1192606).
- commit 79c8410
- smb3.1.1: allow dumping GCM256 keys to improve debugging of
encrypted shares (bsc#1192606).
- commit b4fea5b
- smb3.1.1: enable negotiating stronger encryption by default
(bsc#1192606).
- commit 9da00b7
- cifs: update internal version number (bsc#1192606).
- commit 13bc2c5
- smb3: add rasize mount parameter to improve readahead
performance (bsc#1192606).
- commit 30ebb66
- smb3: limit noisy error (bsc#1192606).
- commit 91e0ede
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- commit 8a2920f
- cifs: remove unnecessary copies of tcon->crfid.fid
(bsc#1192606).
- commit 0b30781
- cifs: Return correct error code from smb2_get_enc_key
(git-fixes).
- commit 846705c
- cifs: fix out-of-bound memory access when calling smb3_notify()
at mount point (bsc#1192606).
- commit 0a3285f
- smb2: fix use-after-free in smb2_ioctl_query_info()
(bsc#1192606).
- commit 63f6c5e
- cifs: export supported mount options via new mount_params
/proc file (bsc#1192606).
- commit 2dd1c61
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- commit a2f6e3b
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- commit a1c2b3d
- cifs: make fs_context error logging wrapper (bsc#1192606).
- commit 3b6af06
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- commit ef118dc
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- commit ece4ddb
- cifs: check the timestamp for the cached dirent when deciding
on revalidate (bsc#1192606).
- commit aecc2fc
- cifs: pass the dentry instead of the inode down to the
revalidation check functions (bsc#1192606).
- commit c93ddc7
- cifs: add a timestamp to track when the lease of the cached
dir was taken (bsc#1192606).
- commit 3ac8e19
- cifs: add a function to get a cached dir based on its dentry
(bsc#1192606).
- commit 24027a5
- cifs: Grab a reference for the dentry of the cached directory
during the lifetime of the cache (bsc#1192606).
- commit 91b960b
- cifs: store a pointer to the root dentry in cifs_sb_info once
we have completed mounting the share (bsc#1192606).
- commit 8a598fa
- cifs: rename the *_shroot* functions to *_cached_dir*
(bsc#1192606).
- commit 2a8dae4
- cifs: pass a path to open_shroot and check if it is the root
or not (bsc#1192606).
- commit 234424b
- cifs: move the check for nohandlecache into open_shroot
(bsc#1192606).
- commit 99d7c2e
- cifs: switch build_path_from_dentry() to using dentry_path_raw()
(bsc#1192606).
- commit fc6b596
- cifs: allocate buffer in the caller of build_path_from_dentry()
(bsc#1192606).
- commit 97679cd
- cifs: make build_path_from_dentry() return const char *
(bsc#1192606).
- commit ef657be
- cifs: constify pathname arguments in a bunch of helpers
(bsc#1192606).
- commit b93cc52
- cifs: constify path argument of ->make_node() (bsc#1192606).
- commit 03fcdf4
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit 90470dc
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit ca5d72c
- SMB3: update structures for new compression protocol definitions
(bsc#1192606).
- commit 4a8461d
- cifs: remove old dead code (bsc#1192606).
- commit 97b63df
- cifs: cifspdu.h: Replace one-element array with flexible-array
member (bsc#1192606).
- commit 4c15bf6
- fs: cifs: Remove repeated struct declaration (bsc#1192606).
- commit 8e0ef67
- cifs: simplify SWN code with dummy funcs instead of ifdefs
(bsc#1192606).
- commit 619dc86
- smb3: update protocol header definitions based to include new
flags (bsc#1192606).
- commit 31de2ad
- cifs: correct comments explaining internal semaphore usage in
the module (bsc#1192606).
- commit 8016b0d
- cifs: Remove useless variable (bsc#1192606).
- commit 4da0037
- cifs: Fix spelling of 'security' (bsc#1192606).
- commit 7f34541
- cifs: escape spaces in share names (bsc#1192606).
- commit f9411a4
- fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
- commit c4877c5
- cifs: On cifs_reconnect, resolve the hostname again
(bsc#1192606).
- commit 0f5ba1b
- smb3: fix cached file size problems in duplicate extents
(reflink) (bsc#1192606).
- commit db5895f
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- commit fa1d6ea
- cifs: revalidate mapping when we open files for SMB1 POSIX
(bsc#1192606).
- Refresh
patches.suse/cifs-have-cifs_fattr_to_inode-refuse-to-change-type-on-live-inode.patch.
- commit 2e4453d
- cifs: Fix chmod with modefromsid when an older ACE already
exists (bsc#1192606).
- commit 589d547
- cifs: Adjust key sizes and key generation routines for AES256
encryption (bsc#1192606).
- commit 5dbb25b
- cifs: fix allocation size on newly created files (bsc#1192606).
- commit 4d93c82
- cifs: warn and fail if trying to use rootfs without the config
option (bsc#1192606).
- commit f552b34
- fs/cifs/: fix misspellings using codespell tool (bsc#1192606).
- commit 2ea6114
- cifs: Fix preauth hash corruption (git-fixes).
- commit 7416f5d
- cifs: update new ACE pointer after populate_new_aces
(bsc#1192606).
- commit 0529102
- cifs: have cifs_fattr_to_inode() refuse to change type on live
inode (bsc#1192606).
- commit b158f7d
- cifs: have ->mkdir() handle race with another client sanely
(bsc#1192606).
- commit 6b82284
- do_cifs_create(): don't set ->i_mode of something we had not
created (bsc#1192606).
- commit a0ecf85
- cifs: do not send close in compound create+close requests
(bsc#1181507).
- commit 11e6f22
- cifs: return proper error code in statfs(2) (bsc#1181507).
- commit 4fc8874
- cifs: change noisy error message to FYI (bsc#1181507).
- commit 3406540
- cifs: print MIDs in decimal notation (bsc#1181507).
- commit c8f2cd7
- cifs: ask for more credit on async read/write code paths
(bsc#1192606).
- commit 636078f
- cifs: fix credit accounting for extra channel (bsc#1192606).
- commit c477df8
- cifs: update internal version number (bsc#1192606).
- commit b82f71c
- cifs: use discard iterator to discard unneeded network data
more efficiently (bsc#1192606).
- commit 34ea556
- cifs: introduce helper for finding referral server
(bsc#1181710).
- commit 78e0bf2
- cifs: check all path components in resolved dfs target
(bsc#1181710).
- commit daad3a2
- cifs: fix DFS failover (bsc#1192606).
- commit 9182fbd
- cifs: fix nodfs mount option (bsc#1181710).
- commit 415546c
- cifs: fix handling of escaped ',' in the password mount argument
(bsc#1192606).
- commit f2b417d
- cifs: Add new parameter "/acregmax"/ for distinct file and
directory metadata timeout (bsc#1192606).
- commit 958622c
- cifs: convert revalidate of directories to using directory
metadata cache timeout (bsc#1192606).
- commit 1f13b2c
- cifs: Add new mount parameter "/acdirmax"/ to allow caching
directory metadata (bsc#1192606).
- commit c620fbe
- cifs: If a corrupted DACL is returned by the server, bail out
(bsc#1192606).
- commit 0f619ca
- cifs: minor simplification to smb2_is_network_name_deleted
(bsc#1192606).
- commit 5c19466
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
- commit 4148056
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c
(bsc#1192606).
- commit 473d37a
- cifs: Change SIDs in ACEs while transferring file ownership
(bsc#1192606).
- commit 8bda691
- cifs: Retain old ACEs when converting between mode bits and ACL
(bsc#1192606).
- commit 47d65ee
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- commit 34f7d02
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData
(bsc#1192606).
- commit 3c6d03e
- cifs: change confusing field serverName (to ip_addr)
(bsc#1192606).
- commit ac396a8
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- commit b7f9076
- cifs: Reformat DebugData and index connections by conn_id
(bsc#1192606).
- commit 4020fb6
- cifs: Identify a connection by a conn_id (bsc#1192606).
- commit 35d50c8
- cifs: Fix in error types returned for out-of-credit situations
(bsc#1192606).
- commit 4143c6a
- cifs: New optype for session operations (bsc#1181507).
- commit 171fe4d
- cifs: fix trivial typo (bsc#1192606).
- commit ab49627
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or
greater requested (bsc#1192606).
- commit bda03f6
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting
cifs_sb->prepath (bsc#1192606).
- commit 61e03e7
- cifs: In the new mount api we get the full devname as source=
(bsc#1192606).
- commit 280bd9e
- cifs: do not disable noperm if multiuser mount option is not
provided (bsc#1192606).
- commit e136d3e
- cifs: fix dfs-links (bsc#1192606).
- commit 7cc0083
- cifs: report error instead of invalid when revalidating a
dentry fails (bsc#1177440).
- commit ae9593c
- smb3: fix crediting for compounding when only one request in
flight (bsc#1181507).
- commit ea94504
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- commit fc2901f
- cifs: fix dfs domain referrals (bsc#1192606).
- commit 4f2e59b
- cifs: returning mount parm processing errors correctly
(bsc#1192606).
- commit fc19610
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- commit 9ca4904
- cifs: ignore auto and noauto options if given (bsc#1192606).
- commit a69545d
- cifs: do not fail __smb_send_rqst if non-fatal signals are
pending (git-fixes).
- commit c375e6f
- fs/cifs: Simplify bool comparison (bsc#1192606).
- commit 4959fe1
- fs/cifs: Assign boolean values to a bool variable (bsc#1192606).
- commit 8043a9e
- cifs: style: replace one-element array with flexible-array
(bsc#1192606).
- commit ddf3e41
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- commit 67852c0
- fs: cifs: remove unneeded variable in smb3_fs_context_dup
(bsc#1192606).
- commit fb653f6
- cifs: fix interrupted close commands (git-fixes).
- commit f7a7f46
- cifs: check pointer before freeing (bsc#1183534).
- commit 29af08c
- Add SMB 2 support for getting and setting SACLs (bsc#1192606).
- commit dca2a26
- SMB3: Add support for getting and setting SACLs (bsc#1192606).
- commit e9596e1
- cifs: Avoid error pointer dereference (bsc#1192606).
- commit e31fad7
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- commit 952b9c2
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- commit 3671d77
- cifs: Delete a stray unlock in cifs_swn_reconnect()
(bsc#1192606).
- commit 81836d3
- cifs: update internal module version number (bsc#1192606).
- commit a3d9dc5
- cifs: Fix support for remount when not changing rsize/wsize
(bsc#1192606).
- commit 6310efa
- cifs: handle "/guest"/ mount parameter (bsc#1192606).
- commit 041cbf9
- cifs: correct four aliased mount parms to allow use of previous
names (bsc#1192606).
- commit 25edec0
- cifs: Tracepoints and logs for tracing credit changes
(bsc#1181507).
- commit 9012fa5
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- commit 36ab890
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- commit ef43e93
- cifs: Fix some error pointers handling detected by static
checker (bsc#1192606).
- commit 53cb7da
- smb3: remind users that witness protocol is experimental
(bsc#1192606).
- commit e734508
- cifs: update super_operations to show_devname (bsc#1192606).
- commit 24c46d7
- cifs: fix uninitialized variable in smb3_fs_context_parse_param
(bsc#1192606).
- commit f9ee21b
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- commit c3245ce
- cifs: move update of flags into a separate function
(bsc#1192606).
- commit 0d92778
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- commit b64f601
- cifs: do not allow changing posix_paths during remount
(bsc#1192606).
- commit 9e6223d
- cifs: uncomplicate printing the iocharset parameter
(bsc#1192606).
- commit e7f6359
- cifs: don't create a temp nls in cifs_setup_ipc (bsc#1192606).
- commit 5345972
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- commit edc5b35
- cifs: we do not allow changing username/password/unc/... during
remount (bsc#1192606).
- commit 5a0ec9d
- cifs: add initial reconfigure support (bsc#1192606).
- commit 1b949af
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- commit 60ffa4e
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c
(bsc#1192606).
- commit 9c231c6
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- commit 75497fa
- cifs: Handle witness client move notification (bsc#1192606).
- commit 472f96f
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- commit bf63550
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb
(bsc#1192606).
- commit fdf44d3
- cifs: remove some minor warnings pointed out by kernel test
robot (bsc#1192606).
- commit 9008f06
- cifs: remove various function description warnings
(bsc#1192606).
- commit d30d530
- cifs: Simplify reconnect code when dfs upcall is enabled
(bsc#1192606).
- commit c156ee7
- cifs: Send witness register messages to userspace daemon in
echo task (bsc#1192606).
- commit ac7fc2c
- cifs: Add witness information to debug data dump (bsc#1192606).
- commit 66d50bc
- cifs: Set witness notification handler for messages from
userspace daemon (bsc#1192606).
- commit 302ad1a
- cifs: Send witness register and unregister commands to userspace
daemon (bsc#1192606).
- commit b44003d
- cifs: minor updates to Kconfig (bsc#1192606).
- commit 5d17515
- cifs: add witness mount option and data structs (bsc#1192606).
- commit 501bdfb
- cifs: Register generic netlink family (bsc#1192606).
Update configs with CONFIG_SWN_UPCALL unset.
- commit 163e9ea
- objtool: Support Clang non-section symbols in ORC generation
(bsc#1169514).
- blacklist.conf updated (backported commit removed)
- commit 1709279
- elfcore: fix building with clang (bsc#1169514).
- commit 00fb734
- constraints: Build aarch64 on recent ARMv8.1 builders.
Request asimdrdm feature which is available only on recent ARMv8.1 CPUs.
This should prevent scheduling the kernel on an older slower builder.
- commit 60fc53f
- drm/nouveau: clean up all clients on device removal
(CVE-2020-27820 bsc#1179599).
- drm/nouveau: Add a dedicated mutex for the clients list
(CVE-2020-27820 bsc#1179599).
- drm/nouveau: use drm_dev_unplug() during device removal
(CVE-2020-27820 bsc#1179599).
- commit c130f04
- drm/nouveau: clean up all clients on device removal
(CVE-2020-27820 bsc#1179599).
- drm/nouveau: Add a dedicated mutex for the clients list
(CVE-2020-27820 bsc#1179599).
- drm/nouveau: use drm_dev_unplug() during device removal
(CVE-2020-27820 bsc#1179599).
- commit 52c5fe2
- cifs: cleanup misc.c (bsc#1192606).
- commit d5aed73
- cifs: minor kernel style fixes for comments (bsc#1192606).
- commit 56d2f6d
- cifs: Make extract_sharename function public (bsc#1192606).
- commit 958ba69
- cifs: Make extract_hostname function public (bsc#1192606).
- commit 1e0579d
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- commit d382da4
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- commit ea2f54b
- cifs: remove the devname argument to cifs_compose_mount_options
(bsc#1192606).
- commit 7690451
- cifs: switch to new mount api (bsc#1192606).
- commit 3a872f9
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- commit 48f0a0e
- cifs: move the enum for cifs parameters into fs_context.h
(bsc#1192606).
- commit 28a15fc
- cifs: rename dup_vol to smb3_fs_context_dup and move it into
fs_context.c (bsc#1192606).
- commit 74c4d04
- cifs: rename smb_vol as smb3_fs_context and move it to
fs_context.h (bsc#1192606).
- commit cfae22b
- SMB3.1.1: do not log warning message if server doesn't populate
salt (bsc#1192606).
- commit 52317ed
- SMB3.1.1: update comments clarifying SPNEGO info in negprot
response (bsc#1192606).
- commit 92662cf
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- commit a44e471
- cifs: Fix unix perm bits to cifsacl conversion for "/other"/
bits (bsc#1192606).
- commit c0e0d2e
- SMB3.1.1: remove confusing mount warning when no SPNEGO info
on negprot rsp (bsc#1192606).
- commit 644e3af
- SMB3: avoid confusing warning message on mount to Azure
(bsc#1192606).
- commit 255c5fa
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- commit 2f2540d
- cifs: refactor create_sd_buf() and and avoid corrupting the
buffer (bsc#1192606).
- commit 5e73e71
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- commit b49338b
- smb3: set COMPOUND_FID to FileID field of subsequent compound
request (bsc#1192606).
- commit f4b5ad9
- cifs: fix potential use-after-free in cifs_echo_request()
(bsc#1139944).
- commit 98843ac
- cifs: allow syscalls to be restarted in __smb_send_rqst()
(bsc#1176956).
- commit 1b00be4
- smb3: Handle error case during offload read path (bsc#1192606).
- commit 65b8bfd
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- commit baea6c6
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- commit a61a83b
- cifs: fix a memleak with modefromsid (bsc#1192606).
- commit a599e96
- cifs: update internal module version number (bsc#1192606).
- commit 72d7f82
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- commit c3d6868
- smb3: remove two unused variables (bsc#1192606).
- commit def88ae
- smb3: add support for stat of WSL reparse points for special
file types (bsc#1192606).
- commit 479bed9
- SMB3: add support for recognizing WSL reparse tags
(bsc#1192606).
- commit a651550
- cifs: remove bogus debug code (bsc#1179427).
- commit a82be88
- smb3.1.1: fix typo in compression flag (bsc#1192606).
- commit 4a64be3
- cifs: move smb version mount options into fs_context.c
(bsc#1192606).
- commit adb0785
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- commit 8c53b27
- cifs: move security mount options into fs_context.ch
(bsc#1192606).
- commit a9ada64
- cifs: add files to host new mount api (bsc#1192606).
- commit a0ef4da
- linux/parser.h: add include guards (bsc#1192606).
- commit f3801c4
- smb3: do not try to cache root directory if dir leases not
supported (bsc#1192606).
- commit 8218366
- smb3: fix stat when special device file and mounted with
modefromsid (bsc#1192606).
- commit a8ab74d
- cifs: Print the address and port we are connecting to in
generic_ip_connect() (bsc#1192606).
- commit 27567b1
- SMB3: Resolve data corruption of TCP server info fields
(bsc#1192606).
- commit e9bf4a1
- cifs: make const array static, makes object smaller
(bsc#1192606).
- commit b7f99c8
- SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1192606).
- commit 330caf7
- smb3: add dynamic trace point to trace when credits obtained
(bsc#1181507).
- commit 58e9f6b
- smb3.1.1: do not fail if no encryption required but server
doesn't support it (bsc#1192606).
- commit c7bf6a1
- cifs: Return the error from crypt_message when enc/dec key
not found (bsc#1179426).
- commit b1cdf8b
- smb3.1.1: set gcm256 when requested (bsc#1192606).
- commit e9b39d5
- smb3.1.1: rename nonces used for GCM and CCM encryption
(bsc#1192606).
- commit 255717e
- smb3.1.1: print warning if server does not support requested
encryption type (bsc#1192606).
- commit 1fe18d9
- smb3.1.1: add new module load parm enable_gcm_256 (bsc#1192606).
- commit 9039e9b
- smb3.1.1: add new module load parm require_gcm_256
(bsc#1192606).
- commit 7a312a4
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- commit 2c16fbc
- SMB3.1.1: add defines for new signing negotiate context
(bsc#1192606).
- commit 4d3ef02
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- commit 49f54f5
- Handle STATUS_IO_TIMEOUT gracefully (bsc#1192606).
- commit 6bbd363
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- commit 6d2e8b4
- cifs: return cached_fid from open_shroot (bsc#1192606).
- commit e7b74da
- update structure definitions from updated protocol documentation
(bsc#1192606).
- commit f34e9c8
- smb3: add defines for new crypto algorithms (bsc#1192606).
- commit c5a3bf6
- Convert trailing spaces and periods in path components
(bsc#1179424).
- commit ac355fa
- cifs: Fix incomplete memory allocation on setxattr path
(bsc#1179211).
- commit 239bcd9
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- commit eacaaaa
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- commit d3716bf
- SMB3: Fix mkdir when idsfromsid configured on mount
(bsc#1192606).
- commit 5bdbc43
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- commit efd5364
- cifs: Fix an error pointer dereference in cifs_mount()
(bsc#1178270).
- commit 7505e01
- cifs: document and cleanup dfs mount (bsc#1178270).
- commit 19e0536
- cifs: only update prefix path of DFS links in
cifs_tree_connect() (bsc#1178270).
- commit a0c2fcb
- cifs: fix double free error on share and prefix (bsc#1178270).
- commit c41144c
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect
(bsc#1178270).
- commit b9d9b79
- cifs: handle empty list of targets in cifs_reconnect()
(bsc#1178270).
- commit d696d71
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- commit 6d8fd3f
- cifs: reduce number of referral requests in DFS link lookups
(bsc#1178270).
- commit 7c62723
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into
cifs_tree_connect() (bsc#1178270).
- commit 6b8c9d8
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- commit dd3314a
- cifs: delete duplicated words in header files (bsc#1192606).
- commit 8115708
- cifs: Remove the superfluous break (bsc#1192606).
- commit 9953c3c
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
(bsc#1192606).
- commit 851bcd7
- cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
- commit 0b09946
- cifs: remove unused variable 'server' (bsc#1192606).
- commit 3c682cd
- smb3: warn on confusing error scenario with sec=krb5
(bsc#1176548).
- commit 42a38ce
- cifs: Fix leak when handling lease break for cached root fid
(bsc#1176242).
- commit 677fd80
- Revert "/cifs: Fix the target file was deleted when rename
failed."/ (bsc#1192606).
- commit e18cfc5
- cifs: update internal module version number (bsc#1192606).
- commit d61ab33
- cifs: fix reference leak for tlink (bsc#1192606).
- commit 82e17a7
- smb3: fix unneeded error message on change notify (bsc#1192606).
- commit e66ce2d
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- commit 332eb71
- smb3: fix access denied on change notify request to some servers
(bsc#1192606).
- commit fd93797
- Replace HTTP links with HTTPS ones: CIFS (bsc#1192606).
- commit 0d6db48
- cifs: prevent truncation from long to int in
wait_for_free_credits (bsc#1192606).
- commit 9a0fb61
- cifs: Fix the target file was deleted when rename failed
(bsc#1192606).
- commit db55866
- SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- commit 9a7a8a4
- SMB3: Honor 'handletimeout' flag for multiuser mounts
(bsc#1176558).
- commit b1e041c
- SMB3: Honor lease disabling for multiuser mounts (git-fixes).
- commit 82468cf
- SMB3: Honor persistent/resilient handle flags for multiuser
mounts (bsc#1176546).
- commit 22a7ca5
- SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- commit a18cbde
- cifs: Display local UID details for SMB sessions in DebugData
(bsc#1192606).
- commit 7f9fa20
- cifs: misc: Use array_size() in if-statement controlling
expression (bsc#1192606).
- commit c02caf9
- cifs: update ctime and mtime during truncate (bsc#1192606).
- commit 694deaf
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- commit 6c60807
- cifs/smb3: Fix data inconsistent when zero file range
(bsc#1176536).
- commit 0f9acaa
- cifs: Fix double add page to memcg when cifs_readpages
(bsc#1192606).
- commit 03bbe2c
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- commit 4b170cc
- smb3: Add debug message for new file creation with idsfromsid
mount option (bsc#1192606).
- commit 348bed4
- cifs: fix chown and chgrp when idsfromsid mount option enabled
(bsc#1192606).
- commit b7dd38c
- smb3: allow uid and gid owners to be set on create with
idsfromsid mount option (bsc#1192606).
- commit e88def1
- smb311: Add tracepoints for new compound posix query info
(bsc#1192606).
- commit 7f1ddf2
- smb311: add support for using info level for posix extensions
query (bsc#1192606).
- commit 6cb7e86
- smb311: Add support for lookup with posix extensions query info
(bsc#1192606).
- commit 93c3e0d
- smb311: Add support for SMB311 query info (non-compounded)
(bsc#1192606).
- commit beec08d
- SMB311: Add support for query info using posix extensions
(level 100) (bsc#1192606).
- commit e684a25
- smb3: add indatalen that can be a non-zero value to calculation
of credit charge in smb2 ioctl (bsc#1192606).
- commit 7df3cc5
- smb3: fix typo in mount options displayed in /proc/mounts
(bsc#1192606).
- commit a44953f
- cifs: Add get_security_type_str function to return sec type
(bsc#1192606).
- commit 9a47f84
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- commit 68aff9c
- cifs: update internal module version number (bsc#1192606).
- commit 9b30c03
- cifs: multichannel: try to rebind when reconnecting a channel
(bsc#1192606).
- commit c678b8e
- cifs: multichannel: use pointer for binding channel
(bsc#1192606).
- commit b739f0c
- smb3: remove static checker warning (bsc#1192606).
- commit 2f6dcf6
- cifs: multichannel: move channel selection above transport layer
(bsc#1192606).
- commit 7fd3164
- cifs: multichannel: always zero struct cifs_io_parms
(bsc#1192606).
- commit 33f2e0b
- cifs: dump Security Type info in DebugData (bsc#1192606).
- commit cf57493
- smb3: fix incorrect number of credits when ioctl
MaxOutputResponse > 64K (bsc#1192606).
- commit f5551f2
- smb3: default to minimum of two channels when multichannel
specified (bsc#1192606).
- commit 8393a97
- cifs: multichannel: move channel selection in function
(bsc#1192606).
- commit 8a917e2
- cifs: fix minor typos in comments and log messages
(bsc#1192606).
- commit 83af8a3
- smb3: minor update to compression header definitions
(bsc#1192606).
- commit 8ac2325
- cifs: minor fix to two debug messages (bsc#1192606).
- commit fda6c8f
- cifs: Standardize logging output (bsc#1192606).
- commit 6ffb916
- smb3: Add new parm "/nodelete"/ (bsc#1192606).
- commit 48827ed
- cifs: move some variables off the stack in smb2_ioctl_query_info
(bsc#1192606).
- commit 3f017a7
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- commit 019bba7
- cifs: get rid of unused parameter in reconn_setup_dfs_targets()
(bsc#1178270).
- commit 38ee91e
- cifs: handle hostnames that resolve to same ip in failover
(bsc#1178270).
- commit 88fab96
- cifs: set up next DFS target before generic_ip_connect()
(bsc#1178270).
- commit ce3313b
- cifs: remove redundant initialization of variable rc
(bsc#1192606).
- commit a99ffdf
- cifs: handle "/nolease"/ option for vers=1.0 (bsc#1192606).
- commit c8cf7e4
- cifs: fix leaked reference on requeued write (bsc#1178270).
- commit 9bb24bb
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- commit ebcae90
- CIFS: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- commit 6cdaae9
- cifs: fix uninitialised lease_key in open_shroot()
(bsc#1178270).
- commit 3bdd1ac
- cifs: ensure correct super block for DFS reconnect
(bsc#1178270).
- commit 96f5629
- cifs: do not share tcons with DFS (bsc#1178270).
- commit 6edb20b
- cifs: minor update to comments around the cifs_tcp_ses_lock
mutex (bsc#1192606).
- commit 2eefc78
- cifs: protect updating server->dstaddr with a spinlock
(bsc#1192606).
- commit db4e78a
- smb3: remove overly noisy debug line in signing errors
(bsc#1192606).
- commit 96949dd
- cifs: improve read performance for page size 64KB & cache=strict
& vers=2.1+ (bsc#1192606).
- commit 7ce6d90
- cifs: dump the session id and keys also for SMB2 sessions
(bsc#1192606).
- commit 529d063
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- commit 30375b2
- smb3: change noisy error message to FYI (bsc#1192606).
- commit 40ae9dd
- smb3: smbdirect support can be configured by default
(bsc#1192606).
- commit d407091
- cifs: smbd: Do not schedule work to send immediate packet on
every receive (bsc#1192606).
- commit 11e7325
- cifs: smbd: Properly process errors on ib_post_send
(bsc#1192606).
- commit 6c30aa6
- cifs: Allocate crypto structures on the fly for calculating
signatures of incoming packets (bsc#1192606).
- commit 7ebc087
- cifs: smbd: Update receive credits before sending and deal
with credits roll back on failure before sending (bsc#1192606).
- commit 86c6e08
- cifs: smbd: Check send queue size before posting a send
(bsc#1192606).
- commit 4855370
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- commit d555442
- cifs: ignore cached share root handle closing errors
(bsc#1166780).
- commit 8f24623
- cifs: update internal module version number (bsc#1192606).
- commit 8e1f984
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- commit 653cd97
- cifs: smbd: Check and extend sender credits in interrupt context
(bsc#1192606).
- commit 2815e1e
- cifs: smbd: Calculate the correct maximum packet size for
segmented SMBDirect send/receive (bsc#1192606).
- commit a92a6da
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- commit 5b1d684
- CIFS: Fix bug which the return value by asynchronous read is
error (bsc#1192606).
- commit 7103595
- CIFS: check new file size when extending file by fallocate
(bsc#1192606).
- commit 58a2d12
- SMB3: Minor cleanup of protocol definitions (bsc#1192606).
- commit 9179120
- SMB3: Additional compression structures (bsc#1192606).
- commit fe495f9
- SMB3: Add new compression flags (bsc#1192606).
- commit 5fd5331
- cifs: smb2pdu.h: Replace zero-length array with flexible-array
member (bsc#1192606).
- commit f748972
- cifs: clear PF_MEMALLOC before exiting demultiplex thread
(bsc#1192606).
- commit 33f8f3c
- cifs: cifspdu.h: Replace zero-length array with flexible-array
member (bsc#1192606).
- commit 54c058d
- CIFS: Warn less noisily on default mount (bsc#1192606).
- commit a036f2e
- fs/cifs: fix gcc warning in sid_to_id (bsc#1192606).
- commit 9fe6f6a
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- commit 0278ba9
- cifs: do d_move in rename (bsc#1164565).
- commit ed82a5d
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- commit 6b9d249
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- commit 33c50f7
- cifs: add smb2 POSIX info level (bsc#1164565).
- commit cca3e07
- cifs: rename posix create rsp (bsc#1164565).
- commit a064158
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- commit 2ba6d1f
- smb3: fix performance regression with setting mtime
(bsc#1164565).
- commit 3668670
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon()
(bsc#1164565).
- commit 1a26833
- cifs: use mod_delayed_work() for &server->reconnect if already
queued (bsc#1164565).
- commit 1ab6a0b
- cifs: call wake_up(&server->response_q) inside of
cifs_reconnect() (bsc#1164565).
- commit 40269bd
- cifs: handle prefix paths in reconnect (bsc#1164565).
- commit 10c4f8a
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- commit 1cff7a8
- CIFS: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- commit f71b1ad
- CIFS: Increment num_remote_opens stats counter even in case
of smb2_query_dir_first (bsc#1192606).
- commit 16345c6
- cifs: potential unintitliazed error code in cifs_getattr()
(bsc#1164565).
- commit 55c9aef
- cifs_atomic_open(): fix double-put on late allocation failure
(bsc#1192606).
- commit 3d21ff7
- cifs: Use #define in cifs_dbg (bsc#1164565).
- commit da56dd2
- cifs: fix rename() by ensuring source handle opened with DELETE
bit (bsc#1164565).
- commit 33621ff
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- commit 9180deb
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- commit 008b33b
- cifs: don't leak -EAGAIN for stat() during reconnect
(bsc#1164565).
- commit bdfa052
- cifs: make sure we do not overflow the max EA buffer size
(bsc#1164565).
- commit c57bd80
- cifs: enable change notification for SMB2.1 dialect
(bsc#1164565).
- commit 9752774
- cifs: Fix mode output in debugging statements (bsc#1164565).
- commit 504f756
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- commit cb0115f
- smb3: Add defines for new information level, FileIdInformation
(bsc#1164565).
- commit caf0941
- smb3: print warning once if posix context returned on open
(bsc#1164565).
- commit 4cfe779
- smb3: add one more dynamic tracepoint missing from strict
fsync path (bsc#1164565).
- commit 88bc35f
- cifs: fix mode bits from dir listing when mounted with
modefromsid (bsc#1164565).
- commit 7a45b49
- cifs: fix channel signing (bsc#1192606).
- commit 59b8e3d
- cifs: add SMB3 change notification support (bsc#1164565).
- commit 7130f9d
- cifs: make multichannel warning more visible (bsc#1192606).
- commit 5fb729d
- cifs: fix soft mounts hanging in the reconnect code
(bsc#1164565).
- commit 1f74108
- cifs: Add tracepoints for errors on flush or fsync
(bsc#1164565).
- commit fe49ca1
- cifs: log warning message (once) if out of disk space
(bsc#1164565).
- commit 1d44a00
- cifs: fail i/o on soft mounts if sessionsetup errors out
(bsc#1164565).
- commit 859352d
- smb3: fix problem with null cifs super block with previous patch
(bsc#1164565).
- commit 8ccd7a6
- SMB3: Backup intent flag missing from some more ops
(bsc#1164565).
- commit 169d11b
- cifs: update internal module version number (bsc#1192606).
- commit 2f1471a
- cifs: fix soft mounts hanging in the reconnect code
(bsc#1164565).
- commit aa72889
- CIFS: Fix task struct use-after-free on reconnect (bsc#1164565).
- commit a434312
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- commit e3ec0b0
- cifs: add support for fallocate mode 0 for non-sparse files
(bsc#1164565).
- commit eb8cb0d
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- commit 6dce4a8
- smb3: fix default permissions on new files when mounting with
modefromsid (bsc#1164565).
- commit d99904b
- CIFS: Add support for setting owner info, dos attributes,
and create time (bsc#1164565).
- commit ba6078d
- cifs: remove set but not used variable 'server' (bsc#1164565).
- commit 70b1352
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd()
(bsc#1164565).
- commit 22830d8
- cifs: Fix mount options set in automount (bsc#1164565).
- commit 945658c
- cifs: fix unitialized variable poential problem with network
I/O cache lock patch (bsc#1164565).
- commit 406db0c
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- commit 05ed047
- cifs: Avoid doing network I/O while holding cache lock
(bsc#1164565).
- commit 543a9e2
- cifs: Fix potential deadlock when updating vol in
cifs_reconnect() (bsc#1164565).
- commit a483c39
- cifs: Merge is_path_valid() into get_normalized_path()
(bsc#1164565).
- commit 8a35879
- cifs: Introduce helpers for finding TCP connection
(bsc#1164565).
- commit fa139d5
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- commit 2f2f4a7
- cifs: Clean up DFS referral cache (bsc#1164565).
- commit 51716b8
- cifs: Don't use iov_iter::type directly (bsc#1192606).
- commit 99ff3cb
- cifs: set correct max-buffer-size for smb2_ioctl_init()
(bsc#1164565).
- commit 36a4575
- cifs: use compounding for open and first query-dir for readdir()
(bsc#1164565).
- commit 5aa504c
- cifs: create a helper function to parse the query-directory
response buffer (bsc#1164565).
- commit d4a4c74
- cifs: prepare SMB2_query_directory to be used with compounding
(bsc#1164565).
- commit c711000
- fs/cifs/cifssmb.c: use true,false for bool variable
(bsc#1164565).
- commit b823a48
- fs/cifs/smb2ops.c: use true,false for bool variable
(bsc#1164565).
- commit a954e48
- cifs: Optimize readdir on reparse points (bsc#1164565).
- commit 1fdbe42
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- commit b69e620
- CIFS: Close cached root handle only if it has a lease
(bsc#1164565).
- commit 205ef7d
- SMB3: Fix crash in SMB2_open_init due to uninitialized field
in compounding path (bsc#1164565).
- commit b133190
- smb3: fix refcount underflow warning on unmount when no
directory leases (bsc#1164565).
- commit 5f56751
- smb3: improve check for when we send the security descriptor
context on create (bsc#1164565).
- commit 6279123
- smb3: fix mode passed in on create for modetosid mount option
(bsc#1164565).
- commit 1e7da56
- cifs: fix possible uninitialized access and race on iface_list
(bsc#1192606).
- commit 0ce4d56
- cifs: Fix lookup of SMB connections on multichannel
(bsc#1192606).
- commit 1313fae
- smb3: query attributes on file close (bsc#1164565).
- commit fe40478
- smb3: remove unused flag passed into close functions
(bsc#1164565).
- commit 1e514e4
- cifs: remove redundant assignment to pointer pneg_ctxt
(bsc#1164565).
- commit d63715e
- fs: cifs: Fix atime update check vs mtime (bsc#1164565).
- commit ff2d5e0
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
(bnc#1151927 5.3.16).
- commit 68282cc
- CIFS: fix a white space issue in cifs_get_inode_info()
(bsc#1164565).
- commit a22deab
- cifs: update internal module version number (bsc#1192606).
- commit 58d90ea
- cifs: Always update signing key of first channel (bsc#1192606).
- commit 523db5e
- cifs: Fix retrieval of DFS referrals in cifs_mount()
(bsc#1164565).
- commit bf98d60
- cifs: Fix potential softlockups while refreshing DFS cache
(bsc#1164565).
- commit 496859d
- cifs: Fix lookup of root ses in DFS referral cache
(bsc#1164565).
- commit c6ec1d6
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- commit fe9df9f
- cifs: dump channel info in DebugData (bsc#1192606).
- commit 109f68a
- smb3: dump in_send and num_waiters stats counters by default
(bsc#1164565).
- commit ec9651f
- cifs: try harder to open new channels (bsc#1192606).
- commit 8f7594a
- CIFS: Properly process SMB3 lease breaks (bsc#1164565).
- commit 5f1ee05
- cifs: move cifsFileInfo_put logic into a work-queue
(bsc#1154355).
- commit 4b84358
- cifs: try opening channels after mounting (bsc#1192606).
- commit 7ecaefa
- CIFS: refactor cifs_get_inode_info() (bsc#1164565).
- commit 72479e8
- cifs: switch servers depending on binding state (bsc#1192606).
- commit 95bf7f5
- cifs: add server param (bsc#1192606).
- commit dcbb33e
- cifs: add multichannel mount options and data structs
(bsc#1192606).
- commit ae40994
- cifs: sort interface list by speed (bsc#1192606).
- commit f0d024f
- CIFS: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927
5.3.16).
- commit 654d9b1
- cifs: don't use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- commit e8d163b
- cifs: smbd: Return -EAGAIN when transport is reconnecting
(bsc#1164565).
- commit 28c2c04
- cifs: smbd: Only queue work for error recovery on memory
registration (bsc#1164565).
- commit 0b460af
- smb3: add debug messages for closing unmatched open
(bsc#1164565).
- commit 2aad8aa
- CIFS: Do not miss cancelled OPEN responses (bsc#1164565).
- commit e35eb8b
- CIFS: Fix NULL pointer dereference in mid callback
(bsc#1164565).
- commit 6a3a4b5
- CIFS: Close open handle after interrupted close (bsc#1164565).
- commit c8dcdd8
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
(bsc#1164565).
- commit 8009a80
- smb3: remove confusing dmesg when mounting with encryption
("/seal"/) (bsc#1164565).
- commit c585be8
- cifs: close the shared root handle on tree disconnect
(bsc#1164565).
- commit bb6bb3e
- CIFS: Return directly after a failed build_path_from_dentry()
in cifs_do_create() (bsc#1164565).
- commit 72b533b
- CIFS: Use common error handling code in smb2_ioctl_query_info()
(bsc#1164565).
- commit 0b398b0
- CIFS: Use memdup_user() rather than duplicating its
implementation (bsc#1164565).
- commit 8316a15
- cifs: smbd: Return -ECONNABORTED when trasnport is not in
connected state (bsc#1164565).
- commit 5c1a956
- cifs: smbd: Add messages on RDMA session destroy and
reconnection (bsc#1164565).
- commit ce32d46
- cifs: smbd: Return -EINVAL when the number of iovs exceeds
SMBDIRECT_MAX_SGE (bsc#1164565).
- commit 8f155a8
- cifs: smbd: Invalidate and deregister memory registration on
re-send for direct I/O (bsc#1164565).
- commit 234140e
- cifs: Don't display RDMA transport on reconnect (bsc#1164565).
- commit 79c3b5f
- CIFS: remove set but not used variables 'cinode' and 'netfid'
(bsc#1164565).
- commit 49cc01f
- cifs: add support for flock (bsc#1164565).
- commit 4e82f42
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- commit 127bb53
- cifs: rename a variable in SendReceive() (bsc#1164565).
- commit 1caac54
- Refresh patches.suse/new-helper-lookup_positive_unlocked.patch.
- commit 1ce8b59
- SMB3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- commit 4676d9a
- fix memory leak in large read decrypt offload (bsc#1164565).
- commit 9bed06e
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
(bnc#1151927 5.3.10).
- commit ac7c450
- CIFS: Fix use after free of file info structures (bnc#1151927
5.3.8).
- commit d1e3c57
- CIFS: Fix retry mid list corruption on reconnects (bnc#1151927
5.3.10).
- commit 78aed6f
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- commit 021eb3e
- CIFS: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- commit 89d7e6b
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set
(bnc#1151927 5.3.7).
- commit 0986381
- CIFS: Force revalidate inode when dentry is stale (bnc#1151927
5.3.7).
- commit de4eccf
- smb3: Fix regression in time handling (bsc#1164565).
- commit af70e1f
- smb3: remove noisy debug message and minor cleanup
(bsc#1164565).
- commit 44410f6
- CIFS: Gracefully handle QueryInfo errors during open
(bnc#1151927 5.3.7).
- commit 8cf17da
- cifs: use cifsInodeInfo->open_file_lock while iterating to
avoid a panic (bnc#1151927 5.3.7).
- commit 301cd11
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927
5.3.9).
- commit 5cc4a16
- smb3: cleanup some recent endian errors spotted by updated
sparse (bsc#1164565).
- commit 5ac1698
- CIFS: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927
5.3.4).
- commit 54958fe
- smb3: missing ACL related flags (bsc#1164565).
- commit 123c8cb
- smb3: pass mode bits into create calls (bsc#1164565).
- commit 5e8a919
- smb3: Add missing reparse tags (bsc#1164565).
- commit 71d2662
- CIFS: fix max ea value size (bnc#1151927 5.3.4).
- commit 93132b5
- fs/cifs/sess.c: Remove set but not used variable 'capabilities'
(bsc#1164565).
- commit 68a4d1f
- fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
- commit e039394
- smb3: fix leak in "/open on server"/ perf counter (bnc#1151927
5.3.4).
- commit 0a489c3
- smb3: allow decryption keys to be dumped by admin for debugging
(bsc#1164565).
- commit 37fd44f
- cifs: update internal module version number (bsc#1192606).
- commit cb133a9
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- commit 0bd807b
- smb3: fix potential null dereference in decrypt offload
(bsc#1164565).
- commit 4d9d9ba
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- commit ba484ab
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- commit be51a36
- smb3: improve handling of share deleted (and share recreated)
(bsc#1154355).
- commit 4f3941c
- smb3: display max smb3 requests in flight at any one time
(bsc#1164565).
- commit fa51523
- smb3: only offload decryption of read responses if multiple
requests (bsc#1164565).
- commit de45f83
- cifs: add a helper to find an existing readable handle to a file
(bsc#1154355).
- commit e6e9bae
- smb3: enable offload of decryption of large reads via mount
option (bsc#1164565).
- commit 811e003
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- commit acc6de4
- cifs: add a debug macro that prints /servershare for errors
(bsc#1164565).
- commit 44608d8
- smb3: fix signing verification of large reads (bsc#1154355).
- commit 2edd1f7
- smb3: allow skipping signature verification for perf sensitive
configurations (bsc#1164565).
- commit 77fb855
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- commit 5855d7c
- smb3: log warning if CSC policy conflicts with cache mount
option (bsc#1164565).
- commit e6c8d3b
- smb3: add mount option to allow RW caching of share accessed
by only 1 client (bsc#1164565).
- commit 1a97c9d
- smb3: add some more descriptive messages about share when
mounting cache=ro (bsc#1164565).
- commit a329bf6
- smb3: add mount option to allow forced caching of read only
share (bsc#1164565).
- commit 570c245
- cifs: fix dereference on ses before it is null checked
(bsc#1164565).
- commit e681ba1
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- commit f81d1da
- cifs: use existing handle for compound_op(OP_SET_INFO) when
possible (bsc#1154355).
- commit 0670e76
- cifs: create a helper to find a writeable handle by path name
(bsc#1154355).
- commit 3782e0b
- cifs: remove set but not used variables (bsc#1164565).
- commit d27b1f6
- smb3: Incorrect size for netname negotiate context
(bsc#1154355).
- commit 32948a7
- cifs: remove unused variable (bsc#1164565).
- commit abf35ec
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- commit 2cafd7e
- smb3: add missing flag definitions (bsc#1164565).
- commit dbb4ef0
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- commit 1d94923
- cifs: prepare SMB2_Flush to be usable in compounds
(bsc#1154355).
- commit d232426
- cifs: allow chmod to set mode bits using special sid
(bsc#1164565).
- commit 6fac0bf
- cifs: get mode bits from special sid on stat (bsc#1164565).
- commit e5063fd
- fs: cifs: cifsssmb: remove redundant assignment to variable ret
(bsc#1164565).
- commit 83c42b2
- cifs: fix a comment for the timeouts when sending echos
(bsc#1164565).
- commit cad02ec
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- commit ef56e2e
- Delete patches that are going to be re-backported (bsc#1192606)
Some of the patches being deleted by this commit might be too
different and/or change too much context for the upcoming backports.
- commit a49f5dc
- nfsd: don't alloc under spinlock in rpc_parse_scope_id
(git-fixes).
- NFSv4: Fix a regression in nfs_set_open_stateid_locked()
(git-fixes).
- NFS: Fix up commit deadlocks (git-fixes).
- NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in
nfs4_ff_layout_prepare_ds (git-fixes).
- NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA
(git-fixes).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
(git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in
init_nfsd() (git-fixes).
- md: fix a lock order reversal in md_alloc (git-fixes).
- commit 5402eef
- blacklist.conf: assorted updates
- commit f4e87cf
- ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
- commit 30d7221
- ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
- commit 7a45d65
- ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
- commit 90f607e
- ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
- commit b68047e
- ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
- commit 4868ca3
- ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
- commit cadf9ee
- ARM: 8970/1: decompressor: increase tag size (git-fixes).
- commit 5432f4f
- ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
- commit b947156
- ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
- commit 392503b
- ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
- commit f9adba4
- ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
- commit f034a63
- ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
- commit be4c8ea
- ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
- commit 9915cbc
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting
(bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541
ltc#192129).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and
smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access
(bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory
ordering race (bsc#1187541 ltc#192129).
- commit 06565ea
- ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
- commit 82fabab
- ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
- commit c0216c8
- ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
- commit 15a7e62
- ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
- commit 183cef6
- ARM: at91: pm: use proper master clock register offset (git-fixes)
- commit 5d631c5
- ARM: dts: oxnas: Fix clear-mask property (git-fixes)
- commit a81f0cc
- ARM: dts: N900: fix onenand timings (git-fixes).
- commit 327315a
- ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
- commit 2c192e1
- ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
- commit 6a2702e
- ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
- commit 6bbda66
- arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
- commit 9bd08fd
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
- commit cdccd6b
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
- commit 1458ce0
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
- commit 799550f
- ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
- commit 6341187
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
- commit 0c57682
- ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
- commit fe91a98
- ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
- commit bb0fd16
- ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
- commit cef9cbd
- i40e: Fix display error code in dmesg (git-fixes).
- i40e: Fix creation of first queue by omitting it if is not
power of two (git-fixes).
- i40e: Fix warning message and call stack during rmmod i40e
driver (git-fixes).
- i40e: Fix changing previously set num_queue_pairs for PFs
(git-fixes).
- i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
- i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing
VF reset (git-fixes).
- iavf: validate pointers (git-fixes).
- iavf: prevent accidental free of filter structure (git-fixes).
- iavf: Fix failure to exit out from last all-multicast mode
(git-fixes).
- iavf: free q_vectors before queues in iavf_disable_vf
(git-fixes).
- iavf: check for null in iavf_fix_features (git-fixes).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off
(jsc#SLE-8372 bsc#1153275).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- cxgb4: fix eeprom len when diagnostics not implemented
(git-fixes).
- bonding: Fix a use-after-free problem when
bond_sysfs_slave_add() failed (git-fixes).
- net: delete redundant function declaration (git-fixes).
- gve: Track RX buffer allocation failures (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Do lazy cleanup in TX path (git-fixes).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Switch to use napi_complete_done (git-fixes).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- ice: Delete always true check of PF pointer (git-fixes).
- commit 9d613c4
- Update config for dwmac-intel network driver
- commit 04c47bf
- Delete patches.suse/Fix-breakage-of-swap-over-NFS.patch.
A recent patch:
patches.suse/NFS-move-generic_write_checks-call-from-nfs_file_dir.patch
provides a better solution.
- commit 5504e09
- SUNRPC/xprt: async tasks mustn't block waiting for memory
(bsc#1191876).
- SUNRPC: remove scheduling boost for "/SWAPPER"/ tasks
(bsc#1191876).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC
(bsc#1191876).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
(bsc#1191876).
- SUNRPC/auth: async tasks mustn't block waiting for memory
(bsc#1191876).
- NFS: move generic_write_checks() call from
nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- NFS: do not take i_rwsem for swap IO (bsc#1191876).
- MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- commit 6bfb39b
- scsi: qla2xxx: Turn off target reset during issue_lip
(git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- commit 769bef9
- Mark commit as not needed (git-fixes)
- commit 50aa08a
- btrfs: fix fsync failure and transaction abort after writes
to prealloc extents (bsc#1193002).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting
checksums (bsc#1193002).
- btrfs: make checksum item extension more efficient
(bsc#1193002).
- commit 6b9cd09
- btrfs: fix lost inode on log replay after mix of fsync, rename
and inode eviction (bsc#1192998).
- btrfs: fix race causing unnecessary inode logging during link
and rename (bsc#1192998).
- commit 08101d8
- net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691).
- commit 3717dbe
- net: stmmac: add EHL PSE0 & PSE1 1Gbps PCI info and PCI ID
(bsc#1192691).
- commit af3665c
- net: stmmac: create dwmac-intel.c to contain all Intel platform
(bsc#1192691).
- commit eea520f
- net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691).
- commit 5d3261b
- net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID
(bsc#1192691).
- commit 61964c0
- net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID
(bsc#1192691).
- commit 22bb342
- net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID
(bsc#1192691).
- commit a9fc2ef
- blacklist.conf: not necessary in our configurations
- commit f07d2c6
- net: hso: fix muxed tty registration (git-fixes).
- commit a80f2e2
- net: asix: fix uninit value bugs (git-fixes).
- commit 174a7de
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32
(git-fixes).
- commit 2d685be
- net: pegasus: fix uninit-value in get_interrupt_interval
(git-fixes).
- commit c9a9fec
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- commit 99b7e37
- net: hso: fix control-request directions (git-fixes).
- commit 8af2026
- kernel-source.spec: install-kernel-tools also required on 15.4
- commit 6cefb55
- Update kabi files.
- update from second November 2021 maintenance update submission (commit 9a413cc7eb56)
- commit 5dfdd88
- series.conf: cleanup
- move mainline backports from subsystem sections to sorted section
- patches.suse/mm-fix-mremap-not-considering-huge-pmd-devmap.patch
- patches.suse/block-floppy-fix-contended-case-in-floppy_queue_rq.patch
- patches.suse/PCI-IOV-Mark-VFs-as-not-implementing-PCI_COMMAND_MEM.patch
No effect on expanded tree.
- commit 32c4263
- fix patches metadata
- explicitly mark patches not intended for upstreaming
- patches.kabi/libnvdimm-cover-up-nd_region-changes.patch
- patches.suse/Input-Fix-memory-leak-in-psxpad_spi_probe.patch
- patches.suse/Revert-nvme-allow-64-bit-results-in-passthru-command.patch
- patches.suse/cdrom-turn-off-autoclose-by-default.patch
- patches.suse/io_uring-ensure-req-submit-is-copied-when-req-is-def.patch
- patches.suse/pstore_disable_efi_backend_by_default.patch
- patches.suse/s390-export-symbols-for-crash-kmp.patch
- patches.suse/supported-flag-modverdir
- patches.suse/btrfs-btrfs-use-the-new-VFS-super_block_dev.patch
- patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch
- commit 55eb2b8
- series.conf: whitespace and comment cleanup
No effect on expanded tree.
- commit 1a56fa4
- series.conf: cleanup
- update upstream references and move into sorted section:
- patches.suse/Bluetooth-sco-Fix-lock_sock-blockage-by-memcpy_from_.patch
- patches.suse/crypto_ccp-fix_resource_leaks_in_ccp_run_aes_gcm_cmd.patch
- patches.suse/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch
- patches.suse/scsi-ibmvfc-Fix-invalid-state-machine-BUG_ON.patch
- move "/never"/ patches into subsystem sections:
- patches.suse/locking-rwsem-Disable-reader-optimistic-spinning.patch
- patches.suse/sched-fair-Enable-SIS_AVG_CPU-by-default.patch
No effect on expanded tree.
- commit b5c6c7d
- blacklist.conf: 70a9ac36ffd8 ("/f2fs: fix up f2fs_lookup tracepoints"/)
CONFIG_F2FS_FS is not set anywhere.
- commit d108418
- tracing/histogram: Do not copy the fixed-size char array field
over the field size (git-fixes).
- commit 824b1b8
- xen/privcmd: fix error handling in mmap-resource processing
(git-fixes).
- commit 2fc8146
- crypto: pcrypt - Delay write to padata->info (git-fixes).
- commit 7c0ca4f
- blacklist.conf: 172f7ba9772c ("/ftrace: Make ftrace_profile_pages_init static"/)
A cosmetic fix.
- commit eabceca
- tracing: use %ps format string to print symbols (git-fixes).
- commit a21f67c
- xen/x86: fix PV trap handling on secondary processors
(git-fixes).
- commit 22a3e31
- blacklist.conf: feature, not bugfix and brealks kABI
- commit 1a7a720
- swiotlb-xen: avoid double free (git-fixes).
- commit 04818d4
- r8152: limit the RX buffer size of RTL8153A for USB 2.0
(git-fixes).
- commit 9e81786
- config: refresh BPF configs (jsc#SLE-22574)
The SUSE-commit 9a413cc7eb56 ("/config: disable unprivileged BPF by default
(jsc#SLE-22573)"/) inherited from SLE15-SP2 puts the BPF config into the wrong
place due to SLE15-SP3 additionally backported b24abcff918a ("/bpf, kconfig: Add
consolidated menu entry for bpf with core options"/), and leads to duplicate
CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config.
Also, disable unprivileged BPF for armv7hl, which did not inherit the config
change from SLE15-SP2.
- commit c0c727b
- x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
- commit a899c9e
- blacklist.conf: add 40fdea0284bb208, which depends on 8480ed9c2bbd56
- commit b7c2958
- config: disable unprivileged BPF by default (jsc#SLE-22573)
Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
when the config option is missing, but does not update our kernel configs
used for build. Update also these to make sure unprivileged BPF is really
disabled by default.
- commit 9a413cc
- e1000e: Separate TGP board type from SPT (bsc#1192874).
- commit 836207b
- Input: elantench - fix misreporting trackpoint coordinates
(bsc#1192918).
- commit af3fd37
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- commit 4bfee1a
- blacklist.conf: Add 04f8ef5643bc cgroup: Fix memory leak caused by missing cgroup_bpf_offline
- commit d046894
- fix patch metadata
- fix Patch-mainline:
- patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
- commit 7ca7de6
- fix patches metadata
- fix Patch-mainline:
- patches.suse/scsi-core-Fix-spelling-in-a-source-code-comment
- patches.suse/scsi-csiostor-Uninitialized-data-in-csio_ln_vnp_read_cbfn
- patches.suse/scsi-dc395-Fix-error-case-unwinding
- patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-memory-leak-due-to-probe-defer
- commit 2c768e7
- btrfs: update comments for chunk allocation -ENOSPC cases
(bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree
modifications (bsc#1192896).
- btrfs: block-group: Rework documentation of check_system_chunk
function (bsc#1192896).
- commit 20b2047
- fix patches metadata
- fix Patch-mainline:
- patches.suse/ipv4-make-exception-cache-less-predictible.patch
- patches.suse/ipv6-make-exception-cache-less-predictible.patch
- patches.suse/qtnfmac-fix-potential-spectre-vulnerabilities.patch
- commit 5c2e4e8
- fix patches metadata
- fix Patch-mainline:
- patches.suse/edac-sb_edac-fix-top-of-high-memory-value-for-broadwell-haswell.patch
- patches.suse/x86-sme-use-define-use_early_pgtable_l5-in-mem_encrypt_identity-c.patch
- commit fd7ddeb
- blacklist.conf: Add 8520e224f547 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
- commit 04918fc
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- commit 2b13f6d
- blacklist.conf: 5c9d706f6133 ("/bpf: Fix BPF_LSM kconfig symbol dependency"/)
Not needed since 30897832d8b9 ("/bpf: Allow local storage to be used from LSM
programs"/) is not backported.
- commit 22dfc3c
- Eradicate Patch-mainline: No
The pre-commit check can reject this deprecated tag then.
- Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch.
- Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev.
- Refresh patches.suse/intel_idle-Disable-ACPI-_CST-on-Haswell.patch
- Eradicate Patch-mainline: No
The pre-commit check can reject this deprecated tag then.
- Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch.
- Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev.
- commit 6fb97e5
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
(bsc#1192473).
- commit b39e9ef
- Update
patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch
(bsc#1155518 bsc#1192045 CVE-2021-0941).
- commit 5daf798
- Update
patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch
(bsc#1155518 bsc#1192045 CVE-2021-0941).
- commit 33fb6b6
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- commit 5952a38
- drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).
- commit 29d7f7a
- Update config files: pull BPF configs together
- commit 86a3134
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Add kconfig knob for disabling unpriv bpf
by default (jsc#SLE-22573)
- Update config files: Add
CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit cb7628d
- dm ioctl: fix out of bounds array access when no devices
(CVE-2021-31916 bsc#1192781).
- commit 49351dc
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).
- commit 7b9dddf
- bpf: Fix BPF_JIT kconfig symbol dependency
(git-fixes jsc#SLE-22574).
- bpf: Add kconfig knob for disabling unpriv bpf
by default (jsc#SLE-22574)
- Update config files: Add
CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- bpf, kconfig: Add consolidated menu entry for bpf with core
options (jsc#SLE-22574).
- commit 5bd323f
- patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
- commit 75a41c2
- patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- commit 406dc3d
- patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- commit cb34e92
- patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- commit 09f1f4d
- patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
- commit 6a0e897
- patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- commit 2c18cb4
- patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- commit 913e901
- patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- commit 173dc9b
- blacklist.conf: printk/workqueue: very hard to hit; works well with lockless
ringuffer; but it might cause wrong timestamps or even lost messages
on 5.3 where using par-CPU buffers (bsc#1192750)
- commit 63c8c7f
- printk/console: Allow to disable console output by using
console="/"/ or console=null (bsc#1192753).
- commit 4f99186
- printk: handle blank console arguments passed in (bsc#1192753).
- commit db08758
- ALSA: hda: fix general protection fault in azx_runtime_idle
(git-fixes).
- ALSA: hda: Free card instance properly at probe errors
(git-fixes).
- commit 57f0538
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink
(bsc#1192375).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table
(bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- commit 561c434
- Move upstreamed sound fix into sorted section
- commit b52485e
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown
skb (git-fixes).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
code and avoid a leak (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
(git-fixes).
- net: dsa: felix: re-enable TX flow control in
ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- commit 4fdc3dd
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
docker together (bsc#1192745).
- commit bc3e5c2
- blacklist.conf: add mscc driver fixes
- commit 109b7ec
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- commit a133bf4
- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)
- commit d4705fe
- blacklist.conf: changes device names, kABI massacre
- commit 68b0003
- fuse: fix page stealing (bsc#1192718).
- commit 5c46aef
- ipv4: make exception cache less predictible (bsc#1191790,
CVE-2021-20322).
- ipv6: make exception cache less predictible (bsc#1191790,
CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
(bsc#1191790, CVE-2021-20322).
- ipv6: use siphash in rt6_exception_hash() (bsc#1191790,
CVE-2021-20322).
- commit 191e9b3
- Revert "/x86/kvm: fix vcpu-id indexed array sizes"/ (git-fixes).
- commit 918d1fd
- Delete patches.kabi/kabi-fix-after-kvm-vcpu-id-array-fix.patch, as
the patch causing its introduction is being reverted.
- commit 2e03b9d
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
(git-fixes).
- commit bb35029
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- commit 94628c1
- xen: Fix implicit type conversion (git-fixes).
- commit 89e345e
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in
mem_encrypt_identity.c (bsc#1152489).
- commit 60c8f9c
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
(git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
(git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of
qla2x00_process_els() (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
(git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
(git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
(git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe()
(git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: be2iscsi: Fix an error handling path in
beiscsi_dev_probe() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
(git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
(git-fixes).
- Revert "/scsi: ufs: fix a missing check of
devm_reset_control_get"/ (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel
EHL (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed
(git-fixes).
- commit c10ecb2
- supported.conf: add pwm-rockchip
References: jsc#SLE-22615
- commit 1a3be5a
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
(bsc#1152489).
- commit e920f56
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(git-fixes).
- commit 8d9df1e
- s390/pci: fix zpci_zdev_put() on reserve (git-fixes).
- commit 5f2d7a4
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
(git-fixes).
- s390/pci: fix use after free of zpci_dev (git-fixes).
- net/smc: Correct smc link connection counter in case of smc
client (git-fixes).
- s390/dasd: fix use after free in dasd path handling (git-fixes).
- s390/topology: clear thread/group maps for offline cpus
(git-fixes).
- commit 4287499
- Fix problem with missing installkernel on Tumbleweed.
- commit 2ed6686
- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
(bsc#1191628 bsc#1192549).
dir_cookie is a pointer to the cookie in older kernels,
not the cookie itself.
- commit ee8ec20
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273
ltc#194629).
- ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629).
- commit 99d6daa
- Revert "/ibmvnic: check failover_pending in login response"/
(bsc#1190523 ltc#194510).
- ibmvnic: check failover_pending in login response (bsc#1190523
ltc#194510).
- commit ac4c874
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
(bsc#1191961 CVE-2021-34981).
- commit a4ff591
- Update kabi files.
- commit 6361848
- Revert "/r8152: adjust the settings about MAC clock speed down
for RTL8153"/ (git-fixes).
- commit 541bc3e
- r8152: don't enable U1U2 with USB_SPEED_HIGH for RTL8153B
(git-fixes).
- commit e20d73d
- r8152: Disable PLA MCU clock speed down (git-fixes).
- Refresh patches.suse/r8152-disable-test-IO-for-RTL8153B.patch.
- commit 9b878a2
- r8152: disable U2P3 for RTL8153B (git-fixes).
- commit d6c58f7
- r8152: reset flow control patch when linking on for RTL8153B
(git-fixes).
- commit 7f46ee2
- r8152: fix runtime resume for linking change (git-fixes).
- commit 0ff2979
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock
Gen 2 (git-fixes).
- commit d73c455
- r8152: add a helper function about setting EEE (git-fixes).
- commit 5f95fd2
- r8152: divide the tx and rx bottom functions (git-fixes).
- Refresh
patches.suse/r8152-Re-order-napi_disable-in-rtl8152_close.patch.
- Refresh
patches.suse/r8152-avoid-to-call-napi_disable-twice.patch.
- commit 248b976
- r8152: saving the settings of EEE (git-fixes).
- commit 7c0dac3
- r8152: use alloc_pages for rx buffer (git-fixes).
- commit 3304002
- r8152: replace array with linking list for rx information
(git-fixes).
- commit b5a7bd7
- r8152: separate the rx buffer size (git-fixes).
- commit 4176c6f
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM
request (git-fixes).
- commit 3af49ca
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- commit 11f64ca
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- commit fa10b1f
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- commit 49a0bf8
- blacklist.conf: build warning only
- commit 389a467
- kabi/severities: update kabi list
- commit 5cf2719
- bpf: Fix potential race in tail call compatibility check
(git-fixes).
- commit 6fdd9c7
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- commit c3f4c78
- exfat: handle wrong stream entry size in exfat_readdir()
(git-fixes).
- exfat: fix erroneous discard when clear cluster bit
(git-fixes).
- commit 366e900
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- Refresh
patches.suse/exfat-fix-use-of-uninitialized-spinlock-on-error-path.patch.
- exfat: properly set s_time_gran (bsc#1192328).
- commit 832525a
- Drop two USB patches that are reverted by stable 5.4.158
Deleted:
patches.suse/usb-core-hcd-Add-support-for-deferring-roothub-regis.patch
patches.suse/xhci-Set-HCD-flag-to-defer-primary-roothub-registrat.patch
blacklist.conf: updated
- commit 10f1374
- serial: xilinx_uartps: Fix race condition causing stuck TX
(git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list
of bound devices (git-fixes).
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- commit b954450
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register
error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in
set_soc_threshold (git-fixes).
- =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?=
=?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when
no rsns (git-fixes).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- Revert "/platform/x86: i2c-multi-instantiate: Don't create
platform device for INT3515 ACPI nodes"/ (git-fixes).
- commit 0f3a4f1
- PCI: uniphier: Serialize INTx masking/unmasking and fix the
bit operation (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
(git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
(git-fixes).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb
(git-fixes).
- HID: u2fzero: clarify error check and length calculations
(git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable()
(git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset()
(git-fixes).
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- commit 92991a1
- auxdisplay: ht16k33: Fix frame buffer device blanking
(git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty
string (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active
(git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state
(git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Do not clear status bits of masked interrupts
(git-fixes).
- PCI: aardvark: Don't spam about PIO Response Status (git-fixes).
- commit 3e5c258
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table
(git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
(git-fixes).
- commit b23c22d
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- commit 5f3b3d8
- ocfs2: fix data corruption on truncate (bsc#1190795).
- commit 4b0d91a
- ftrace: Fix scripts/recordmcount.pl due to new binutils
(bsc#1192267).
- commit f07ed1b
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set()
(bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function
(bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate
functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS
(bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- commit a38114a
- series.conf: refresh
- update upstream references and resort
- patches.suse/scsi-lpfc-Adjust-bytes-received-vales-during-cmf-tim.patch
- patches.suse/scsi-lpfc-Allow-PLOGI-retry-if-previous-PLOGI-was-ab.patch
- patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch
- patches.suse/scsi-lpfc-Correct-sysfs-reporting-of-loop-support-af.patch
- patches.suse/scsi-lpfc-Don-t-release-final-kref-on-Fport-node-whi.patch
- patches.suse/scsi-lpfc-Don-t-remove-ndlp-on-PRLI-errors-in-P2P-mo.patch
- patches.suse/scsi-lpfc-Fix-EEH-support-for-NVMe-I-O.patch
- patches.suse/scsi-lpfc-Fix-FCP-I-O-flush-functionality-for-TMF-ro.patch
- patches.suse/scsi-lpfc-Fix-I-O-block-after-enabling-managed-conge.patch
- patches.suse/scsi-lpfc-Fix-NVMe-I-O-failover-to-non-optimized-pat.patch
- patches.suse/scsi-lpfc-Fix-hang-on-unload-due-to-stuck-fport-node.patch
- patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
- patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
- patches.suse/scsi-lpfc-Fix-premature-rpi-release-for-unsolicited-.patch
- patches.suse/scsi-lpfc-Fix-rediscovery-of-tape-device-after-LIP.patch
- patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
- patches.suse/scsi-lpfc-Improve-PBDE-checks-during-SGL-processing.patch
- patches.suse/scsi-lpfc-Revert-LOG_TRACE_EVENT-back-to-LOG_INIT-pr.patch
- patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.2.patch
- patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch
- patches.suse/scsi-lpfc-Wait-for-successful-restart-of-SLI3-adapte.patch
- patches.suse/scsi-lpfc-Zero-CGN-stats-only-during-initial-driver-.patch
- patches.suse/scsi-qla2xxx-Add-support-for-mailbox-passthru.patch
- patches.suse/scsi-qla2xxx-Call-process_response_queue-in-Tx-path.patch
- patches.suse/scsi-qla2xxx-Check-for-firmware-capability-before-cr.patch
- patches.suse/scsi-qla2xxx-Display-16G-only-as-supported-speeds-fo.patch
- patches.suse/scsi-qla2xxx-Fix-crash-in-NVMe-abort-path.patch
- patches.suse/scsi-qla2xxx-Fix-kernel-crash-when-accessing-port_sp.patch
- patches.suse/scsi-qla2xxx-Fix-use-after-free-in-eh_abort-path.patch
- patches.suse/scsi-qla2xxx-Move-heartbeat-handling-from-DPC-thread.patch
- patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-poin.patch
- patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.100-k.patch
- patches.suse/scsi-qla2xxx-edif-Use-link-event-to-wake-up-app.patch
No effect on expanded tree.
- commit 69f2186
- Refresh
patches.suse/ibmvnic-Consolidate-code-in-replenish_rx_pool.patch.
- Refresh
patches.suse/ibmvnic-Fix-up-some-comments-and-messages.patch.
- Refresh patches.suse/ibmvnic-Reuse-LTB-when-possible.patch.
- Refresh patches.suse/ibmvnic-Reuse-rx-pools-when-possible.patch.
- Refresh patches.suse/ibmvnic-Reuse-tx-pools-when-possible.patch.
- Refresh patches.suse/ibmvnic-Use-bitmap-for-LTB-map_ids.patch.
- Refresh
patches.suse/ibmvnic-Use-rename-local-vars-in-init_rx_pools.patch.
- Refresh
patches.suse/ibmvnic-Use-rename-local-vars-in-init_tx_pools.patch.
- Refresh
patches.suse/ibmvnic-init_tx_pools-move-loop-invariant-code.patch.
Metadata update
- commit 62eb415
- README.BRANCH: Add Oscar Salvador as SLE15-SP3 maintainer
- commit 8e13353
- Update patch reference for ISDN fix (CVE-2021-43389 bsc#1191958)
- commit b343e2f
- EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh
(bsc#1192288).
- commit a0f44db
- Update
patches.suse/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch
(bsc#1188601 CVE-2021-37159).
Added bsc and CVE numbers
- commit e17f2ff
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- commit 659ddc7
- ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
(git-fixes).
- ASoC: SOF: topology: do not power down primary core during
topology removal (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
- ALSA: hda: Use position buffer for SKL+ again (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
(git-fixes).
- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
(git-fixes).
- commit a82ebfb
- memory: fsl_ifc: fix leak of irq and nand_irq in
fsl_ifc_ctrl_probe (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv
(git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns
EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Don't set defaults for volatile registers
(git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
(git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
(git-fixes).
- commit 7e1e84d
- Update patch reference for AMDGPU fix (bsc#1180749)
- commit 6ea4cbc
- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
- drm/amdgpu/display: add quirk handling for stutter mode
(git-fixes).
- drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
- drm/msm: potential error pointer dereference in init()
(git-fixes).
- drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
- PM: sleep: Do not let "/syscore"/ devices runtime-suspend during
system transitions (git-fixes).
- iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
(git-fixes).
- mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
- mt76: mt7915: fix possible infinite loop release semaphore
(git-fixes).
- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
(git-fixes).
- ath10k: sdio: Add missing BH locking around napi_schdule()
(git-fixes).
- commit a012b20
- regulator: dt-bindings: samsung,s5m8767: correct
s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if
GPIO DVS is disabled (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove
function (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in
jmb38x_ms_alloc_host() (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is
not configured (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow
(git-fixes).
- tpm: Check for integer overflow in tpm2_map_response_body()
(git-fixes).
- commit d39cbe5
- media: dvb-frontends: mn88443x: Handle errors of
clk_prepare_enable() (git-fixes).
- media: em28xx: Don't use ops->suspend if it is NULL (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer
(git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path
of 'mtk_vpu_probe()' (git-fixes).
- commit db843c8
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension
of lm25066_coeff (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame
(git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison
imgu_css_fw_init (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error
handling path (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- commit cc194ed
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass
two's complement (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register()
(git-fixes).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- commit 4c5043d
- mwifiex: fix division by zero in fw download path (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect
(git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
(git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling
(git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330
(git-fixes).
- commit e68a671
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- libertas: Fix possible memory leak in probe and disconnect
(git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
(git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
(git-fixes).
- commit 58db500
- ath6kl: fix division by zero in send path (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp
(git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id()
(git-fixes).
- commit 276cbd3
- Input: i8042 - Add quirk for Fujitsu Lifebook T725
(bsc#1191980).
- commit 9545e5e
- x86/msi: Force affinity setup before startup (bsc#1152489).
- Refresh
patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- commit a7cad27
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- commit f2c4d71
- xfs: don't allow log writes if the data device is readonly
(bsc#1192229).
- commit 67ee0ba
- series.conf: refresh
- update upstream references and resort:
- patches.suse/ibmvnic-Consolidate-code-in-replenish_rx_pool.patch
- patches.suse/ibmvnic-Fix-up-some-comments-and-messages.patch
- patches.suse/ibmvnic-Reuse-LTB-when-possible.patch
- patches.suse/ibmvnic-Reuse-rx-pools-when-possible.patch
- patches.suse/ibmvnic-Reuse-tx-pools-when-possible.patch
- patches.suse/ibmvnic-Use-bitmap-for-LTB-map_ids.patch
- patches.suse/ibmvnic-Use-rename-local-vars-in-init_rx_pools.patch
- patches.suse/ibmvnic-Use-rename-local-vars-in-init_tx_pools.patch
- patches.suse/ibmvnic-init_tx_pools-move-loop-invariant-code.patch
- commit 35d2ed0
- Update kabi files.
- update from November 2021 maintenance update submission (commit fb4a33cb1752)
- commit 24b46c0
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- commit 305e50a
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- commit e709b2b
- gpio/rockchip: fetch deferred output settings on probe
(bsc#1192217).
- pinctrl/rockchip: add a queue for deferred pin output settings
on probe (bsc#1192217).
- gpio/rockchip: fix get_direction value handling (bsc#1192217).
- gpio/rockchip: extended debounce support is only available on v2
(bsc#1192217).
- pinctrl/rockchip: drop the gpio related codes (bsc#1192217).
- gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type
(bsc#1192217).
- gpio/rockchip: support next version gpio controller
(bsc#1192217).
- gpio/rockchip: use struct rockchip_gpio_regs for gpio controller
(bsc#1192217).
- gpio/rockchip: add driver for rockchip gpio (bsc#1192217).
- pinctrl/rockchip: add pinctrl device to gpio bank struct
(bsc#1192217).
- pinctrl/rockchip: separate struct rockchip_pin_bank to a head
file (bsc#1192217).
- pinctrl/rockchip: always enable clock for gpio controller
(bsc#1192217).
- pinctrl: rockchip: do coding style for mux route struct
(bsc#1192217).
- pinctrl: rockchip: add support for rk3568 (bsc#1192217).
- pinctrl: rockchip: make driver be tristate module (bsc#1192217).
- pinctrl: rockchip: clear int status when driver probed
(bsc#1192217).
- pinctrl: rockchip: create irq mapping in gpio_to_irq
(bsc#1192217).
- pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
(bsc#1192217).
- pinctrl: rockchip: Replace HTTP links with HTTPS ones
(bsc#1192217).
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc
misdemeanours (bsc#1192217).
- pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation
fails (bsc#1192217).
- pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).
- commit de4b584
- nvme-pci: set min_align_mask (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
(bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- commit 63c0e38
- driver core: add a min_align_mask field to struct
device_dma_parameters (bsc#1191851).
- commit cb95969
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE
(bsc#1133021).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
(bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- commit ef66201
- blacklist.conf: ed65df63a39a ("/tracing: Have all levels of checks prevent recursion"/)
It fixes a corner case, which should be rare. The patch changes a public
header file and even if the API should not be used externally, there is
always a risk.
- commit 80def7c
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
(bsc#1152489).
- commit 96ee990
- netfilter: conntrack: collect all entries in one cycle
(bsc#1173604).
- commit c4117de
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment don't include
all headers (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
(bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU
(bsc#1191241).
- commit c74316d
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- Refresh
patches.suse/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch.
- commit 0eae9b5
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode
(bsc#1156395).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0
when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- commit 2ce76cc
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(fate#322438 bsc#1085030 git-fixes).
- commit 3106974
- powerpc/64s: Remove irq mask workaround in
accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- commit 5f2cf7e
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- commit 1702f6b
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
(bsc#1065729).
- commit 4a60f84
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- commit c4ecd47
- mmc: vub300: fix control-message timeouts (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value
(git-fixes).
- commit 15296ab
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
(bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- commit ea0ad63
- kABI workaround for cfg80211 mgmt_registration_lock changes
(git-fixes).
- commit 85ca292
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- commit 38a77a6
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
(git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit()
(git-fixes).
- commit 1fb45c2
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(git-fixes).
- commit c406ead
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
(git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- ionic: don't remove netdev->dev_addr when syncing uc list
(bsc#1167773).
- iavf: fix double unlock of crit_lock (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- gve: report 64bit tx_bytes counter from
gve_handle_report_stats() (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- net: bridge: use nla_total_size_64bit() in
br_get_linkxstats_size() (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(git-fixes).
- qed: rdma - don't wait for resources under hw error recovery
flow (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- qed: Handle management FW error (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- i40e: Fix ATR queue selection (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 64e7f77
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type
has garbage value (bsc#1176447).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter
(jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- RDMA/cma: Do not change route.addr.src_addr.ss_family
(bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1181147).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- bnxt_en: make bnxt_free_skbs() safe to call after
bnxt_free_mem() (jsc#SLE-16649).
- ice: Only lock to update netdev dev_addr (git-fixes).
- net/sched: ets: fix crash when flipping from 'strict' to
'quantum' (bsc#1176774).
- net/mlx5e: RX, Avoid possible data corruption when relaxed
ordering and LRO combined (jsc#SLE-15172).
- commit 016bdb7
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
(CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
bsc#1188563).
- commit e419503
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
This reverts commit 3aa0c01fad38360cc9cd840d49bdfdc565e2e718.
With the backport of the upstream fix for bsc#1183405 race, this workaround
is no longer needed.
- commit 282cec9
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
lockless qdisc (bsc#1183405).
- commit 60ecee5
- powerpc/idle: Don't corrupt back chain when going idle
(bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056).
- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return
0 if it went to guest (bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056).
- KVM: PPC: Book3S HV: Fix stack handling in
idle_kvm_start_guest() (bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056).
- powerpc64/idle: Fix SP offsets when saving GPRs (bko#206669
bsc#1174585 bsc#1192107 CVE-2021-43056).
- commit 90745c9
- Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958)
- commit b1524c3
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit fc21d20
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit 3a9d8cd
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset
(git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment
(git-fixes).
- commit 26182ff
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating
inodes (bsc#1190642).
- commit 4a5d10a
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks
read (git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies()
(git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with
ALC3254 (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision
5560 laptop (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid
batching (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and
SRAM types (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and
SRAM types (git-fixes).
- ASoC: fsl_spdif: register platform component before registering
cpu dai (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
(git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module
(git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
(git-fixes).
- ASoC: Intel: update sof_pcm512x quirks (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move "/Platform Clock"/ routes to
the maps for the matching in-/output (git-fixes).
- ASoC: atmel: ATMEL drivers don't need HAS_DMA (git-fixes).
- commit 6765039
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to
ERROR_ACTIVE state notification (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- lan78xx: select CRC32 (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- audit: fix possible null-pointer dereference in
audit_filter_rules (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS
G551JW (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid
ambiguity (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- commit 2657409
- xfs: fix I_DONTCACHE (bsc#1192074).
- commit c29b8dd
- Delete
patches.suse/e1000e-Do-not-take-care-about-recovery-NVM-checksum.patch.
Drop patch to avoid regressions until real fix is available (bsc#1191663)
- commit e7e000a
- blacklist.conf: irrelevant
- commit 4c2a4eb
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 8800f76
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
(git-fixes).
- commit 2947d1e
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
bsc#1190067).
- commit 9eabc0c
- Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 2adc0e5
- cipso,calipso: resolve a number of problems with the DOI
refcounts (CVE-2021-33033 bsc#1186109).
- commit 499c5a0
- ceph: fix handling of "/meta"/ errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut
down when mounting (bsc#1192040).
- commit 329e544
- kabi: hide return value type change of sctp_af::from_addr_param
(CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
(CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
bsc#1188563).
- commit 9f59a3f
- Update
patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
references (add CVE-2021-3715 bsc#1190349).
- commit bd39990
- Revert "/sched/fair: Add ancestors of unthrottled undecayed cfs_rq"/
The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
reverted as part of short-term solution of bsc#1191343.
This reverts commit d8d828e03d4f1e436c3580616c7b53db38e38dcb.
- commit c6395e4
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 9bccba9
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
ltc#194757).
- commit 38f073b
- Added 3 SCSI-iscsi git-fix commits
- commit 2073942
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
(git-fixes).
- Refresh
patches.suse/scsi-iscsi-verify-lengths-on-passthrough-pdus.
- commit 6addc19
- scsi: target: Fix the pgr/alua_support_store functions
(git-fixes).
- commit 5bcb387
- scsi: mpi3mr: Fix error return code in mpi3mr_init_ioc() (git-fixes)
Also refreshed scsi-mpi3mr-Set-up-IRQs-in-resume-path, since this
commit changed the context.
- commit 0352f63
- USB: serial: option: add Quectel EC200S-CN module support
(git-fixes).
- commit e1df2bf
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- commit b42181b
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- commit cff3cf9
- USB: serial: option: add Telit LE910Cx composition 0x1204
(git-fixes).
- commit 3ccad62
- xhci: Enable trust tx length quirk for Fresco FL11 USB
controller (git-fixes).
- commit 55acfbd
- xhci: Fix command ring pointer corruption while aborting a
command (git-fixes).
- commit bf02a9c
- Input: xpad - add support for another USB ID of Nacon GC-100
(git-fixes).
- commit eba25ff
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- commit f4b9433
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr()
(git-fixes).
- commit 0eebf69
- x86/sev: Return an error on a returned non-zero
SW_EXITINFO1[31:0] (bsc#1178134).
- commit 3b2a96a
- media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit fab3d4f
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- commit 8c6d0b8
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- commit ac3ffc2
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit c40c7ae
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit eee3b41
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit da61791
- gpio: pca953x: Improve bias setting (git-fixes).
- spi: spi-nxp-fspi: don't depend on a specific node name erratum
workaround (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
(git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- commit c393393
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in
ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
(git-fixes).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device
IDs (git-fixes).
- HID: apple: Fix logical maximum and usage maximum of Magic
Keyboard JIS (git-fixes).
- commit 372fd90
- pata_legacy: fix a couple uninitialized variable bugs
(git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error
(git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- commit 1a13895
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
Newer distros have capability to decompress zstd, which
provides a 2-5% better compression ratio at very similar
cpu overhead. Plus this tests the zstd codepaths now as well.
- commit 3d53a5b
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
For building in OBS, we always build inside a virtual machine
that gets a new, freshly created scratch filesystem image. So
we do not need to handle fscks because that ain't gonna happen,
as well as not we do not need to handle microcode update in the
initrd as these only can be run on the host system anyway. We
can also strip and hardlink as an additional optimisation that
should not significantly hurt.
- commit c72c6fc
- nvme-pci: Fix abort command id (git-fixes).
- nvme: add command id quirk for apple controllers (git-fixes).
- commit 210cebb
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
Backporting notes:
* context changes
- commit dbfac3c
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
Backporting notes:
* context changes in panfrost_job_irq_handler()
- commit 78a582b
- drm/i915: Fix syncmap memory leak (bsc#1152489)
Backporting notes:
* context changes in intel_timeline_fini()
- commit d5e337e
- blacklist.conf: Append 'drm/i915/overlay: Fix active retire callback alignment'
- commit c6cc973
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 2ae68ea
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 2d2e1e0
- fix patch metadata
- fix Patch-mainline:
- patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
- commit b7dfcc7
- NFS: Do uncached readdir when we're seeking a cookie in an
empty page cache (bsc#1191628).
- commit 5ca83d3
- Update patches.suse/bpf-Fix-ringbuf-helper-function-compatibility.patch
(git-fixes, bsc#1191645, CVE-2021-34866).
Update references.
- commit 3bcb18d
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat
ioctl (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on
the Lenovo 13s Gen2 (git-fixes).
- commit f5dfccc
- NFC: digital: fix possible memory leak in
digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in
digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- commit aada78f
- netfilter: Drop fragmented ndisc packets assembled in netfilter
(git-fixes).
- commit e526835
- net: ipv6: Discard next-hop MTU less than minimum link MTU
(bsc#1191241).
- commit ba09279
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
(bsc#1185762).
- nvme-fc: avoid race between time out and tear down
(bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- commit 4afdc63
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- commit c7eb218
- acpi/arm64: fix next_platform_timer() section mismatch error
(git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time
(git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size
attributes (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after
assign_windows (git-fixes).
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell
XPS 15 (git-fixes).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table
is incorrect (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- commit 0673e50
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 901c621
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
call (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
SSD (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- commit 4915e73
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- commit aaf0697
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
(bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
(bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
(bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
(bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
(bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
(bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
(bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
(bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- commit c17f95e
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
The semantic changed in an incompatible way so invoking the macro now
causes a build failure.
- commit 3e55f55
- powerpc/feature-fixups: use a semicolon rather than a comma
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit c85e1c6
- powerpc/lib/feature-fixups: Use PPC_RAW_xxx() macros
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- Refresh patches.suse/powerpc-Don-t-use-struct-ppc_inst-to-reference-instr.patch.
- powerpc/ppc-opcode: Add PPC_RAW_MFSPR() (bsc#1188983
CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit 5a3ede4
- powerpc/opcodes: Add shorter macros for registers for use
with PPC_RAW_xx() (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- commit 6a14724
- powerpc/signal: Use PPC_RAW_xx() macros (bsc#1188983
CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/asm: Add some opcodes in asm/ppc-opcode.h for PPC32 eBPF
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit 66c500d
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- commit 040f020
- IPv6: reply ICMP error if the first fragment don't include
all headers (bsc#1191241).
- commit abf80f6
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
(bsc#1191241).
- commit b3ab292
- powerpc: Don't use 'struct ppc_inst' to reference instruction
location (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Don't use struct 'ppc_inst' for
runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr()
static (jsc#SLE-13847 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
(jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction
(jsc#SLE-13847 git-fixes).
- commit 5729394
- powerpc/bpf: Emit stf barrier instruction sequences
for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/bpf: Emit stf barrier instruction sequences
for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit 3f6738b
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- commit 09be9b3
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting
(git-fixes).
- commit b5d0357
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
from run_smbios_call (git-fixes).
- commit a539d65
- x86/resctrl: Free the ctrlval arrays when
domain_setup_mon_state() fails (bsc#1152489).
- commit dba5675
- can: xilinx_can: handle failure cases of pm_runtime_get_sync
(git-fixes).
- commit 82f6db6
- blacklist.conf: feature, not a fix
- commit fd65896
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- commit 5487063
- can: peak_usb: fix use after free bugs (git-fixes).
- commit 3ad9b4d
- can: dev: can_restart: fix use after free bug (git-fixes).
- commit 0943ca2
- can: ti_hecc: ti_hecc_probe(): add missed
clk_disable_unprepare() in error path (git-fixes).
- commit 2fec0e3
- Update patch reference for soc fix (CVE-2021-42252 bsc#1190479)
- commit f05067d
- blacklist.conf: requires newer USB PD version than we have
- commit a8bbe8f
- blacklist.conf: needs newer USB PD than we have
- commit d0d6a50
- Update kabi files.
- commit a156da7
- USB: cdc-acm: fix minor-number release (git-fixes).
- commit 477b833
- USB: cdc-acm: clean up probe error labels (git-fixes).
- commit 576c313
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit fab5572
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit 08dc820
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge()
(bsc#1191456).
- commit 7832c25
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
(git-fixes).
- commit b332e18
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines
(jsc#SLE-12936 git-fixes).
- commit 825316d
- tpm: ibmvtpm: Avoid error message when process gets signal
while waiting (bsc#1065729).
- commit 1910f07
- powerpc/numa: Update cpu_cpu_map on CPU online/offline
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
ltc#190257 git-fixes).
- Refresh patches.suse/powerpc-cacheinfo-Lookup-cache-by-dt-node-and-thread.patch.
- Revert "/powerpc/topology: Update topology_core_cpumask"/
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- Refresh patches.suse/powerpc-cacheinfo-Lookup-cache-by-dt-node-and-thread.patch
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- commit 6f6565a
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
ltc#194498 git-fixes).
- commit 6c29f54
- cpuidle: pseries: Mark pseries_idle_proble() as __init
(jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- commit 319f0f3
- xfs: fix up non-directory creation in SGID directories
(bsc#1190006 CVE-2018-13405).
- commit f5a61c4
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- commit 7385144
- xfs: ensure that the inode uid/gid match values match the
icdinode ones (bsc#1190006).
- commit 0ddcc0f
- xfs: merge the projid fields in struct xfs_icdinode
(bsc#1190006).
- commit 3a30ff3
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- commit aede7cc
- Revert "/sched/fair: Correctly insert cfs_rq's to list on unthrottle
(git-fixes)"/ (bsc#1191343, bsc#1191238)
The commit a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list
on unthrottle"/) causes more severe problems than the problem it aims to
solve (corrupting cfs_rq leaf list vs insufficient fairness). While both
need to be solved eventually, revert the commit until non-breaking
solution is found.
Blacklist the commit as well, to prevent a regression via git-fixes.
This reverts commit 1732b9ba91b4b7a0822e98bd910feefbcb5424dc.
- commit b8c1ddd
- Revert "/sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes)."/
The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
reverted as part of short-term solution of bsc#1191343.
This reverts commit f3a38fbebab3f88070c129511f99a896f5532f7e.
- commit 4f925fc
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
(jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(jsc#SLE-18120).
- commit fc7fb17
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- commit 549a3d8
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume
(jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection
of VD I/O timeout (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging
(jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe
drives (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook
(jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks
(jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook
(jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller
(jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing
(jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair
(jsc#SLE-18120).
- commit 259660e
- blk: Fix lock inversion between ioc lock and bfqd lock
(bsc#1191456).
- commit adb5e59
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- commit 0d474e5
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit cd60ce3
- blacklist.conf: Blacklist 889c05cc5834
- commit ea30b1a
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- Update config files (enabling tthe driver as a module)
- commit 3c0fd36
- blacklist.conf: Blacklist 6961fed42014
- commit b6fb7af
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- commit a4f24d0
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- commit 34735be
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 449ab75
- ext4: report correct st_size for encrypted symlinks
(bsc#1191449).
- commit 3669a7f
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
(bsc#1191317, CVE-2021-41864).
- commit d4466f5
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- ALSA: hda: intel: Allow repeatedly probing on codec
configuration errors (bsc#1190801).
- commit 27f79df
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo
Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops
(git-fixes).
- ASoC: dapm: use component prefix when checking widget names
(git-fixes).
- commit 9bf3e05
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- commit a4c3be7
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- HID: u2fzero: ignore incomplete packets without data
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(git-fixes).
- net: hso: add failure handler for add_net_device (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device
(git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling
(git-fixes).
- commit 51aaf55
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig
(jsc#SLE-18120).
- Update config files.
- commit 54f9bad
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu
is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when
fails (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- commit b4b8a3b
- Update kabi files.
- update from October 2021 maintenance update submission (commit c909dd500033)
- commit d500b18
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
- net: 6pack: fix slab-out-of-bounds in decode_data
(CVE-2021-42008 bsc#1191315).
- commit b0db75a
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
(jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
(bsc#1185302).
- Refresh
patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
(bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 71f9eaf
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
(bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 53a5b9c
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- Delete
patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
flags (bsc#1065729).
- commit f3110f1
- drm/i915/rkl: Remove require_force_probe protection
(bsc#1189257).
- commit 94530db
- apparmor: remove duplicate macro list_entry_is_head()
(git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
(git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
(git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
(git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
(git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
(git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
(git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
(git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
registration (git-fixes).
- Refresh
patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
(git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
(git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
(git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
possible uninitialized-variable access in
amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
(git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
(git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
(git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
(git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
(git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
(git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
(git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
(git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
(git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
(git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
(git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
(git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
(git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
(git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
(git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
(git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
(git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
(git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
ath9k modules have some exported symbols for the common helpers
and the recent fixes broke kABI of those. They are specific to
ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
(CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Refresh
patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch.
- commit 7f69543
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
(bsc#1190746 bsc#1191172).
cache.group_info (aka cache.cred) was not properly initialized when
- >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
(bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition
(bsc#1171688 bsc#1174003 bsc#1190576).
- commit 3952cc0
- Update config files.
- commit 48075c9
- fix patch metadata
- fix Patch-mainline:
- patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
- patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
- patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
- patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- cpuidle: pseries: Do not cap the CEDE0 latency in
fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes
jsc#SLE-18128).
- commit cfe4b84
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1152489).
- commit 1efaf04
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- commit 54b59b3
- Refresh
patches.suse/drm-amd-display-Initialize-attribute-for-hdcp_srm-sy.patch.
Added Alt-commit for duplicate
- commit 86167e7
- drm/ast: Fix missing conversions to managed API (git-fixes).
- commit cab6852
- Refresh patches.suse/drm-i915-Fix-crash-in-auto_retire.patch.
Added Alt-commit for duplicate
- commit 334db42
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- commit ed3952b
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- commit 4e7e865
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- Refresh
patches.suse/drm-amdgpu-Init-GFX10_ADDR_CONFIG-for-VCN-v3-in-DPG-.patch.
Added Alt-commit for duplicate
- commit fa028bf
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
(bsc#1188067).
- Refresh
patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
Refresh the metad data and sort into correct position:
patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
(CVE-2021-3752 bsc#1190023).
- commit 6b966b4
- Update
patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
(CVE-2021-3752 bsc#1190023).
- commit 65458cc
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- commit 8e058be
- Restore kabi after NFS: pass cred explicitly for access tests
(bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
(bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
(bsc#1190746).
- commit 907996a
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(git-fixes).
- commit 931b672
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (git-fixes).
- commit 6bec20e
- drm/i915: Allow the sysadmin to override security mitigations
(git-fixes).
- commit c1eb827
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1152489).
- commit 15eb225
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- commit c909dd5
- enetc: Fix uninitialized struct dim_sample field usage
(git-fixes).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config
(git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch
use-cases (git-fixes).
- optee: Fix memory leak when failing to register shm pages
(git-fixes).
- commit 1758b20
- powerpc: fix function annotations to avoid section mismatch
warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
These changes depend on a suse-module-tools update which has not reached
SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
unsatisfiable dependency of resulting binary packages.
Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
(bsc#1190717).
- commit 0a89f09
- x86/alternatives: Teach text_poke_bp() to emulate instructions
(bsc#1190561).
- Refresh
patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit 1c9f1df
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("/rpm: Abolish scritplet templating (bsc#1189841)."/)
- commit e082fbf
- mm/swap: consider max pages in iomap_swapfile_add_extent
(bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
(bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
(bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
(bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
(bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
(bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
(bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
(bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
(bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
(bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
(git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
(bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
(bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
(bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
(bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
(bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
(bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
(bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
(bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
(bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
Refresh and update:
- patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
(bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
(bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
- patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
(bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
(bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
(bsc#1188651).
- commit e701c22
- bnxt_en: Fix asic.rev in devlink dev info command
(jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup
(jsc#SLE-13208).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- net/mlx5: Fix missing return value in
mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: drop useless check of PCI driver data validity
(bsc#1167773).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- igc: Use num_tx_queues when iterating over tx_ring queue
(jsc#SLE-13533).
- ice: do not abort devlink info if board identifier can't be
found (jsc#SLE-12878).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- ice: don't remove netdev->dev_addr from uc sync list
(git-fixes).
- bareudp: Fix invalid read beyond skb's linear data
(jsc#SLE-15172).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added
to it recently (jsc#SLE-15175).
- commit 3dc7052
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
(bsc#1173746).
- devlink: Break parameter notification sequence to be
before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- e1000e: Do not take care about recovery NVM checksum
(jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
(bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
(git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
(git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
(git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
(git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
(git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- powerpc/numa: Consider the max NUMA node for migratable LPAR
(bsc#1190544 ltc#194520).
- commit ea0d9bb
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
(git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase
(git-fixes).
- drm/msm/mdp4: refactor HW revision detection into
read_mdp_hw_revision (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove()
(git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID
(git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- commit 6612614
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
(git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
(git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
(git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
(git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
(git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
(git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
(bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
(git-fixes).
- commit c432b6b
- nvme: only call synchronize_srcu when clearing current path
(bsc#1188067).
- nvme-tcp: Do not reset transport on data digest errors
(bsc#1188418).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- commit 359f763
- phy: tegra: xusb: Fix dangling pointer on probe failure
(git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- commit b7afa19
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the
dest IP (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's
optstring (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map
(git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install'
(git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore
(git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog
load command (bsc#1177028).
- selftests/bpf: Define string const as global for
test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang
change (git-fixes).
- commit 37bd48e
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- commit 561fbd8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
(bsc#1190358).
The script part for base package case is completely separate from the
part for subpackages. Remove the part for subpackages from the base
package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
(bsc#1190358).
Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- EDAC/mce_amd: Do not load edac_mce_amd module on guests
(bsc#1190138).
- commit 2d1891d
- rpm: Abolish scritplet templating (bsc#1189841).
Outsource kernel-binary and KMP scriptlets to suse-module-tools.
This allows fixing bugs in the scriptlets as well as defining initrd
regeneration policy independent of the kernel packages.
- commit 940cfb4
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
suse-release has arbitrary values in staging, we can't use it for
dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- rpm: fix kmp install path
- commit 22ec560
- Align s390 NVME target options with other architectures
(bsc#1188404, jsc#SLE-22494).
CONFIG_NVME_TARGET=m
CONFIG_NVME_TARGET_PASSTHRU=y
CONFIG_NVME_TARGET_LOOP=m
CONFIG_NVME_TARGET_RDMA=m
CONFIG_NVME_TARGET_FC=m
CONFIG_NVME_TARGET_FCLOOP=m
CONFIG_NVME_TARGET_TCP=m
- commit 5b2b9f6
- Add dtb-microchip
- commit c797107
- block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes).
- dm crypt: document encrypted keyring key option (git-fixes).
- commit 58565f2
- bluetooth: eliminate the potential race condition when removing
the HCI controller (bsc#1184611 CVE-2021-32399).
- commit b57a022
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit b1b6d4b
- keyutils
-
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
- update to 1.6.3:
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow "/keyctl supports"/ to retrieve raw capability data.
* Allow "/keyctl id"/ to turn a symbolic key ID into a numeric ID.
* Allow "/keyctl new_session"/ to name the keyring.
* Allow "/keyctl add/padd/etc."/ to take hex-encoded data.
* Add "/keyctl watch*"/ to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
- prepare usrmerge (boo#1029961)
- updated to 1.6
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
to shortcut the ring0 bootstrap cycle by also using krb5-mini.
- add upstream signing key and verify source signature
- updated to 1.5.11 (bsc#1113013)
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
- kmod
-
- Ensure that kmod and packages linking to libkmod provide same features
(bsc#1193430).
- Enable ZSTD on 15.3 as well (boo#1192104).
- Only test ZSTD in testsuite on releases where it is available.
- Enable ZSTD on 15.4 (jsc#SLE-21256).
- krb5
-
- Update to 1.19.2; (jsc#SLE-23329);
* Fix a denial of service attack against the KDC encrypted challenge
code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
- Changes from 1.19.1
* Fix a linking issue with Samba.
* Better support multiple pkinit_identities values by checking whether
certificates can be loaded for each value.
- Changes from 1.19
Administrator experience
* When a client keytab is present, the GSSAPI krb5 mech will refresh
credentials even if the current credentials were acquired manually.
* It is now harder to accidentally delete the K/M entry from a KDB.
Developer experience
* gss_acquire_cred_from() now supports the "/password"/ and "/verify"/
options, allowing credentials to be acquired via password and
verified using a keytab key.
* When an application accepts a GSS security context, the new
GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
both provided matching channel bindings.
* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
to identify the desired client principal by certificate.
* PKINIT certauth modules can now cause the hw-authent flag to be set
in issued tickets.
* The krb5_init_creds_step() API will now issue the same password
expiration warnings as krb5_get_init_creds_password().
Protocol evolution
* Added client and KDC support for Microsoft's Resource-Based Constrained
Delegation, which allows cross-realm S4U2Proxy requests. A third-party
database module is required for KDC support.
* kadmin/admin is now the preferred server principal name for kadmin
connections, and the host-based form is no longer created by default.
The client will still try the host-based form as a fallback.
* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
extension, which causes channel bindings to be required for the
initiator if the acceptor provided them. The client will send this
option if the client_aware_gss_bindings profile option is set.
User experience
* kinit will now issue a warning if the des3-cbc-sha1 encryption type is
used in the reply. This encryption type will be deprecated and removed
in future releases.
* Added kvno flags --out-cache, --no-store, and --cached-only
(inspired by Heimdal's kgetcred).
- Changes from 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
and unloaded while libkrb5support remains loaded.
- Changes from 1.18.2
* Fix a SPNEGO regression where an acceptor using the default credential
would improperly filter mechanisms, causing a negotiation failure.
* Fix a bug where the KDC would fail to issue tickets if the local krbtgt
principal's first key has a single-DES enctype.
* Add stub functions to allow old versions of OpenSSL libcrypto to link
against libkrb5.
* Fix a NegoEx bug where the client name and delegated credential might
not be reported.
- Changes from 1.18.1
* Fix a crash when qualifying short hostnames when the system has
no primary DNS domain.
* Fix a regression when an application imports "/service@"/ as a GSS
host-based name for its acceptor credential handle.
* Fix KDC enforcement of auth indicators when they are modified by
the KDB module.
* Fix removal of require_auth string attributes when the LDAP KDB
module is used.
* Fix a compile error when building with musl libc on Linux.
* Fix a compile error when building with gcc 4.x.
* Change the KDC constrained delegation precedence order for consistency
with Windows KDCs.
- Changes from 1.18
Administrator experience:
* Remove support for single-DES encryption types.
* Change the replay cache format to be more efficient and robust.
Replay cache filenames using the new format end with "/.rcache2"/
by default.
* setuid programs will automatically ignore environment variables
that normally affect krb5 API functions, even if the caller does
not use krb5_init_secure_context().
* Add an "/enforce_ok_as_delegate"/ krb5.conf relation to disable
credential forwarding during GSSAPI authentication unless the KDC
sets the ok-as-delegate bit in the service ticket.
* Use the permitted_enctypes krb5.conf setting as the default value
for default_tkt_enctypes and default_tgs_enctypes.
Developer experience:
* Implement krb5_cc_remove_cred() for all credential cache types.
* Add the krb5_pac_get_client_info() API to get the client account
name from a PAC.
Protocol evolution:
* Add KDC support for S4U2Self requests where the user is identified
by X.509 certificate. (Requires support for certificate lookup from
a third-party KDB module.)
* Remove support for an old ("/draft 9"/) variant of PKINIT.
* Add support for Microsoft NegoEx. (Requires one or more third-party
GSS modules implementing NegoEx mechanisms.)
User experience:
* Add support for "/dns_canonicalize_hostname=fallback"/, causing
host-based principal names to be tried first without DNS
canonicalization, and again with DNS canonicalization if the
un-canonicalized server is not found.
* Expand single-component hostnames in host-based principal names
when DNS canonicalization is not used, adding the system's first DNS
search path as a suffix. Add a "/qualify_shortname"/ krb5.conf relation
to override this suffix or disable expansion.
* Honor the transited-policy-checked ticket flag on application servers,
eliminating the requirement to configure capaths on servers in some
scenarios.
Code quality:
* The libkrb5 serialization code (used to export and import krb5 GSS
security contexts) has been simplified and made type-safe.
* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
messages has been revised to conform to current coding practices.
* The test suite has been modified to work with macOS System Integrity
Protection enabled.
* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support
can always be tested.
- Changes from 1.17.1
* Fix a bug preventing "/addprinc -randkey -kvno"/ from working in kadmin.
* Fix a bug preventing time skew correction from working when a KCM
credential cache is used.
- Changes from 1.17:
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "/kdb5_util dump"/ will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Code quality:
* Python test scripts now use Python 3.
* Python test scripts now display markers in verbose output, making it
easier to find where a failure occurred within the scripts.
* The Windows build system has been simplified and updated to work
with more recent versions of Visual Studio. A large volume of
unused Windows-specific code has been removed. Visual Studio 2013
or later is now required.
- Replace old $RPM_* shell vars
- Removal of SuSEfirewall2 service since SuSEfirewall2 has been replaced
by firewalld
- Remove cruft to support distributions older than SLE 12
- Use macros where applicable
- Switch to pkgconfig style dependencies
- Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d
notation: libexecdir is likely changing away from /usr/lib to
/usr/libexec
- Build with full Cyrus SASL support. Negotiating SASL credentials with
an EXTERNAL bind mechanism requires interaction. Kerberos provides its
own interaction function that skips all interaction, thus preventing the
mechanism from working.
- Removed patches:
* 0007-krb5-1.12-ksu-path.patch
* 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch
* 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch
- Renamed patches:
* 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch
* 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch
* 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch
* 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch
* 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch =>
0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- ldb
-
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
changes for ldb-2.4.4.
+ CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
+ CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
+ CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
+ Fix build problems, waf produces incorrect names for python
extensions; (bso#15071);
- Update to version 2.4.2
+ Fix for CVE-2021-3670, ensure that the LDB request has not
timed out during filter processing as the LDAP server
MaxQueryDuration is otherwise not honoured (bsc#1198397).
- Modify packaging to allow parallel installation with libldb1
(bsc#1192684):
+ Private libraries are installed in %{_libdir}/ldb2/
+ Modules are installed in %{_libdir}/ldb2/modules
- Update to version 2.4.1; (jsc#SLE-23329);
- Release 2.4.1
+ Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message; (bso#14845);
+ Fix memory handling in ldb.msg_diff; (bso#14836);
+ Corrected python docstrings
- Release 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
- Drop obsolete patch CVE-2020-25718-lib-Add-hex_byte-to-replace.h.patch
- Drop obsolete patch ldb-cve-2020-25718.patch
- Add ldb-cve-2020-25718.patch &
CVE-2020-25718-lib-Add-hex_byte-to-replace.h.patch to backport all
changes from ldb-2.4.1.
+ CVE-2020-25718: samba: An RODC can issue (forge) administrator
tickets to other servers; (bsc#1192246); (bso#14558)
+ CVE-2021-3738: samba: crash in dsdb stack;
(bsc#1192215);(bso#14848)
- Release ldb 2.2.2
+ Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message;(bso#14845).
+ Fix memory handling in ldb.msg_diff
Corrected python docstrings;(bso#14836)
+ Backport bronze bit fixes, tests, and selftest improvements;
(bso#14881).
- less
-
- Add missing runtime dependency on which, which is used by lessopen.sh.
Fix bsc#1190552.
- libassuan
-
- update to 2.5.5:
* Fix a crash in the logging code
* Upgrade autoconf
- update to 2.5.4:
* Fix some minor build annoyances
- Update to 2.5.3:
* Add a timeout for writing to a SOCKS5 proxy.
* Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
* configure.ac: Bump LT version to C8/A8/R2
* include libassuan.pc in the spec file
- libcbor
-
- do not build manual page for 15sp4, it does not succeed
[bsc#1197743]
- added sources
+ libcbor.1
- libgcrypt
-
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
- libgpg-error
-
- Drop --with-pic (no effect with --disable-static).
- update to 1.42:
* Improve cross-compiling support
* Improve $libdir determination by gpgrt-config
* Support --disable-thread by gen-lock-obj.sh
* Interface changes relative to the 1.40 release
GPG_ERR_SOURCE_TPM2D
- update to 1.41:
* Fixes another glitch in the "/ignore"/ meta command.
* Fixes two typos in the German translation.
* New function gpgrt_access.
* Make "/ignore"/ meta command work correctly in the option parser.
* Interface changes relative to the 1.39 release:
gpgrt_access NEW.
- Update to 1.39:
* "/gpg-error --lib-version"/ works again.
* New function gpgrt_fcancel as alternative to gpgrt_close. This
function avoid flushing out buffered data and also tries to delete
a newly created file.
* Update the gnupg project keyring
* Interface changes relative to the 1.38 release:
- gpgrt_fcancel: NEW.
- Update to 1.38:
* New option parser features to implement system wide
configuration files
* New functions to build file names
* New function to help reallocating arrays
* Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
gawk5.patch
- Update to 1.37
Release-info: https://dev.gnupg.org/T4772
* Fixes a build problems when using Gawk 5.0 [#4459]
* Improves cross-compiling support. [#4643]
* New error codes to map SQLite primary error codes.
* Now uses poll(2) instead of select(2) in gpgrt_poll if possible.
* Fixes a bug in gpgrt_close. [#4698]
* Fixes a few minor portability bugs.
* New interfaces in this release:
GPG_ERR_NO_KEYBOXD GPG_ERR_KEYBOXD GPG_ERR_NO_SERVICE
GPG_ERR_SERVICE GPG_ERR_SQL_OK GPG_ERR_SQL_ERROR
GPG_ERR_SQL_INTERNAL GPG_ERR_SQL_PERM GPG_ERR_SQL_ABORT
GPG_ERR_SQL_BUSY GPG_ERR_SQL_LOCKED GPG_ERR_SQL_NOMEM
GPG_ERR_SQL_READONLY GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR
GPG_ERR_SQL_CORRUPT GPG_ERR_SQL_NOTFOUND GPG_ERR_SQL_FULL
GPG_ERR_SQL_CANTOPEN GPG_ERR_SQL_PROTOCOL GPG_ERR_SQL_EMPTY
GPG_ERR_SQL_SCHEMA GPG_ERR_SQL_TOOBIG GPG_ERR_SQL_CONSTRAINT
GPG_ERR_SQL_MISMATCH GPG_ERR_SQL_MISUSE GPG_ERR_SQL_NOLFS
GPG_ERR_SQL_AUTH GPG_ERR_SQL_FORMAT GPG_ERR_SQL_RANGE
GPG_ERR_SQL_NOTADB GPG_ERR_SQL_NOTICE GPG_ERR_SQL_WARNING
GPG_ERR_SQL_ROW GPG_ERR_SQL_DONE
- Remove patch fixed upstream.
* gawk5.patch
- Add patch to fix buidling with gawk 5.0 and newer:
* gawk5.patch
- Update to 1.36:
* Two new error codes to better support PIV cards
* Support armv7a-unknown-linux-gnueabihf
- Update to 1.35:
* Distribute the correct gpgrt-config
- update to 1.34:
* Support for riscv32
* New API to allow emergency cleanup after internal fatal errors
* Minor bug and portability fixes
- update to 1.33:
* New unified config script gpgrt-config
* The log functions now sanitize strings printed with the "/%s"/
format specifier
* New fprintf style function to apply a custom filter for string
arguments
* New function to compare version strings
- Update to 1.32:
* Fixes a problem with gpgrt_fflush and gpgrt_fopencookie
* Fixes a problem with the C11 header stdnoreturn.h
- Fix %install_info_delete usage:
* It has to be performed in %preun not in %postun.
* See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
- update to 1.31:
* Fixes for platforms other than GNU/Linux
* New translation for Spanish
- update to 1.30:
* fixes for platforms other than GNU/Linux
* Use %license (boo#1082318)
- libksba
-
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- libpsl
-
- fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4
- added patches
https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56
+ libpsl-fix-test-data.patch
- libseccomp
-
- check if we have NR_openat2, avoid using its definition when not
(bsc#1196825)
Added seccomp-openat2.patch
- buildrequire python-rpm-macros
- reenable python bindings at least for the distro default python3
package:
- adds make-python-build.patch
- Update to release 2.5.3
* Update the syscall table for Linux v5.15
* Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
* Document that seccomp_rule_add() may return -EACCES
- Skip 11-basic-basic_errors test on qemu linux-user emulation
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
- update to 2.5.1:
* Fix a bug where seccomp_load() could only be called once
* Change the notification fd handling to only request a notification fd if
* the filter has a _NOTIFY action
* Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
* Clarify the maintainers' GPG keys
- remove testsuite-riscv64-missing-syscalls.patch
- Do not rely on gperf: pass GPERF=/bin/true to configure and
remove gperf BuildRequires. The syscalls.perf file it would
generate is part of the tarball already.
- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on
riscv64
- Ignore failure of tests/52-basic-load on qemu linux-user emulation
- Update to release 2.5.0
* Add support for the seccomp user notifications, see the
seccomp_notify_alloc(3), seccomp_notify_receive(3),
seccomp_notify_respond(3) manpages for more information
* Add support for new filter optimization approaches, including a balanced
tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
more information
* Add support for the 64-bit RISC-V architecture
* Performance improvements when adding new rules to a filter thanks to the
use of internal shadow transactions and improved syscall lookup tables
* Properly document the libseccomp API return values and include them in the
stable API promise
* Improvements to the s390 and s390x multiplexed syscall handling
* Multiple fixes and improvements to the libseccomp manpages
* Moved from manually maintained syscall tables to an automatically generated
syscall table in CSV format
* Update the syscall tables to Linux v5.8.0-rc5
* Python bindings and build now default to Python 3.x
* Improvements to the tests have boosted code coverage to over 93%
- libseccomp.keyring: replaced by Paul Moore <pmoore@redhat.com> key.
- Update to release 2.4.3
* Add list of authorized release signatures to README.md
* Fix multiplexing issue with s390/s390x shm* syscalls
* Remove the static flag from libseccomp tools compilation
* Add define for __SNR_ppoll
* Fix potential memory leak identified by clang in the
scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
SNR_ppoll.patch (merged)
- Add patch to fix ntpsec and others build (accidental drop of symbols):
* SNR_ppoll.patch
- Tests are passing on all architectures
- Backport patch to fix test on aarch64:
* libseccomp-fix_aarch64-test.patch
- Update to release 2.4.2
* Add support for io-uring related system calls
- libsolv
-
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
[bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
- libstorage-ng
-
- prefer file system over empty MS-DOS partition table (bsc#1186823)
- 4.3.109
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
- add 0001-fix-parms.r_addr-memory-leak.patch
- check for nullpointer in check_address (bsc#1198176)
update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- add option to enforce connection via protocol version 2 first
(bsc#1196647)
add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libxml2
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- Security fix: [bsc#1199132, CVE-2022-29824]
* Integer overflow leading to out-of-bounds write in buf.c
(xmlBuf*) and tree.c (xmlBuffer*)
* Add libxml2-CVE-2022-29824.patch
- Security fix: [bsc#1196490, CVE-2022-23308]
* Use-after-free of ID and IDREF attributes.
* Add libxml2-CVE-2022-23308.patch
* Add libxml2-CVE-2021-3541.patch
- libyajl
-
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
- libyui
-
- Fixed crash in NCurses online update when retracted packages
are present (bsc#1191130)
- 4.1.5
- libzypp
-
- Resolver: Fix missing --[no]-recommends initialization in
update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
an old Notcurses++ package which happens to be present in the
buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
c++11. In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
since 15.1 (bsc#1189282)
- version 17.31.1 (22)
- Add PoolItem::statusReinit to reset the status it's initial
state in the ResPool (might help bsc#1199895)
This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
(bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
This commit removes the MediaNetwork tech preview and all related
code. First reason for this is that MediaNetwork was just meant
as a way to test the new CURL based downloader and second: since
the Provide API is going to completely replace the current media
backend it would be extra work to ensure that changes on the
Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
- appdata plugin: Pass path to the repodata/ directory inside the
cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
solvable. May happen if (wrong arch) solvables were removed
at the beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
(fixes #388)
- version 17.30.1 (22)
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
- Public header files on older distros must use c++11
(bsc#1194597)
- Fix exception handling when reading or writing credentials
(bsc#1194898)
- version 17.29.3 (22)
- Fix Legacy include (bsc#1194597)
- version 17.29.2 (22)
- Fix broken install path for parser compat headers (fixes #372,
bsc#1194597)
- RepoManager: remember exec errors in exception history
(bsc#1193007)
- version 17.29.1 (22)
- Use the default zypp.conf settings if no zypp.conf exists
(bsc#1193488)
- Fix wrong encoding of iso: URL components (bsc#954813)
- Handle armv8l as armv7hl compatible userland.
- Introduce zypp-curl a sublibrary for CURL related code.
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set.
- Save all signatures associated with a public key in its
PublicKeyData.
- version 17.29.0 (22)
- Disable logger in the child after fork (bsc#1192436)
- version 17.28.8 (22)
- Check log writer before accessing it (fixes #355, bsc#1192337)
- Save locks: Update an existing locks changed comment string.
- Allow uname-r format in purge kernels keepspec (fixes
openSUSE/zypper#418)
- version 17.28.7 (22)
- Zypper should keep cached files if transaction is aborted
(bsc#1190356)
Singletrans mode currently does not keep files around if the
transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
(bsc#1191324)
Especially in a VM iterating over all possible fd's to close open
ones right before a exec() slows down zypper unnecessarily. This
patch uses /proc/self/fd to iterate over open fd's in case rlimit
is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
plugin: (bsc#1191286)
- version 17.28.6 (22)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
(bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
If environment variables are unhandy one may enable the desired
techpreview in zypp.conf as well:
[main]
techpreview.ZYPP_SINGLE_RPMTRANS=1
techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
involved (bsc#1187760)
This covers the case where not the packages itself would change
its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
(bsc#1187224)
Rpm by default only shows the short key ID when checking the
signature of a package fails. This patch reads the signatures
from the RPM headers and replaces she short IDs with the key
fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
This patch adds a experimental commit strategy that runs all
operations in a single rpm transaction, speeding up the execution
a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
(bsc#1187738)
There recently was a change in the kernel package naming scheme
in regards to rc kernels. Since kernel upstream uses characters
in the version that are not allowed in rpm versions a "/-rc"/ was
previously replaced with "/.rc"/ which broke sorting by version, to
fix this issue it was replaced with "/~rc"/, which unfortunately
broke the purge-kernels logic. This patch makes sure purge-kernel
does apply the same conversion.
- version 17.28.0 (22)
- logrotate
-
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
* enforce stricter parsing to avoid CVE-2021-3864
* Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
* Added patch logrotate-dont_warn_on_size=_syntax.patch
- lvm2
-
- udev: create symlinks and watch even in suspended state (bsc#1195231)
+ bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
- starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905)
+ bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
- LVM vgimportclone on hardware snapshot does not work (bsc#1193181)
+ bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch
- vgextend crash when extending VG with missing PV (bsc#1191019)
+ bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
- mailx
-
- Add patch mailx-12.5-systemd.patch to add description how to avoid
bugs like bsc#1192916 -- mailx does not send mails unless run via
strace or in verbose mode
- fix-sendmail-name.patch: fix name argument when calling
/usr/sbin/sendmail [bsc#1180355].
- Updates to mailx-12.5-openssl-1.1.0f.patch
* If the openssl RNG is already
seeded (on linux it always is) skip snake-oil reeseeding from
file. Update man page accordingly.
* Update man page with information that ssl2 and ssl3 are
not only deprecated but currently unavailable and that
tls1 forces TLS 1.0 but not later versions.
* RAND_EGD is also unavailable, not just unused.
* set SSL_OP_NO_TICKET, many servers accept session
tickets, but almost never rotate them properly, TLS 1.3
session tickets are not affected by this flag.
* When using client certificates, check if the cert and key
match each other.
- Remove redundant %clean section.
- Replace old $RPM_* shell vars by macros.
- man-pages
-
- install kernel_lockdown.7 man page [bsc#1185534]
- added sources
+ kernel_lockdown.7
- mozilla-nspr
-
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- update to version 4.34
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
- update to 4.33:
* fixes to build system and export of private symbols
- mozilla-nss
-
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Enable nss-fips-drbg-libjitter.patch now that we have a patched
libjitter to build with (bsc#1202870).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
entropy. This is disabled until we can avoid the inline assembler
in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- update to NSS 3.79.1 (bsc#1202645)
* bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1759794 - protect SFTKSlot needLogin with slotLock.
* bmo#1760998 - avoid data race on primary password change.
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
rest of the DSA ciphers, keeping signature verification only
(bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI.
- Remove upstreamed patches:
* nss-fips-version-indicators.patch
* nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
- bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- bmo#1766907 - Update mercurial in clang-format docker image.
- bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- bmo#1764788 - Correct invalid record inner and outer content type alerts.
- bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
bmo#1763120 - Add ECH Grease Support to tstclnt
bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
* Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
(bmo#1767590)
- Update nss-fips-constructor-self-tests.patch to scan
LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
test certificate creation and disables the library checksum
validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
makes the PBKDF known answer test compliant with NIST SP800-132.
- Mozilla NSS 3.68.3 (bsc#1197903)
This release improves the stability of NSS when used in a multi-threaded
environment. In particular, it fixes memory safety violations that
can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
We presume that with enough effort these memory safety violations are exploitable.
* Remove token member from NSSSlot struct (bmo#1756271).
* Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
(bmo#1755555).
* Check return value of PK11Slot_GetNSSToken (bmo#1370866).
- Mozilla NSS 3.68.2 (bsc#1193845)
* mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
(bmo#966856)
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
from list of FIPS approved algorithms.
- Mozilla NSS 3.68.1
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
nss-bsc1193170.patch
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
Most of the relevant changes are already upstream since NSS 3.60.
- ncurses
-
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
CVE-2021-39537: ncurses: heap-based buffer overflow in
_nc_captoinfo in captoinfo.c
- nfs-utils
-
- Add 0023-cache.c-removed-a-couple-warning.patch
Fix compilation with new glibc (SLE15-SP4)
(bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
Ensure "/sloppy"/ is added correctly for newer kernels. Particularly
required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
(boo#1197297)
- Add 0020-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- numactl
-
- Update to version 2.0.14.20.g4ee5e0c:
* Fix system call numbers on s390x
* numactl.c: fixed debug verify for --preferred option
* numactl.c: Fixed description for the usage of numactl
- Update to version 2.0.14.17.g498385e:
* numactl.c: fix use after free
* sysfs.c: prevent mem leak in sysfs_node_read()
* sysfs.c: don't leak fd if fail in sysfs_read()
* shm.c: fix memleak in verify_shm()
* shm.c: fix memleak in dump_shm()
* fix description for numa_node_size64 in man as well
* fix numa_node_size definition in manpage numa.3
* link with -latomic if needed
* libnuma: make numa_police_memory() free of race
* numademo: Use first two nodes instead of node 0 and 1
- Enhance _service magic
- Enable automake
- update to 2.0.14 (SLE-17217):
- open-iscsi
-
- Modify SPEC file so systemd unit files are mode 644 (not 755)
(bsc#1200570)
- For Tumbleweed, moved logrotate files from user-specific
directory /etc/logrotate.d to vendor-specific
/usr/etc/logrotate.d
(for Stefan Schubert <schubi@suse.com>)
- Set initiatorname in %post (at end of install), for cases
where root is read-only at startup time (bsc#1198457)
- Update to latest upstream, including:
* Added 'distclean' to Makefile targets
* Ensure Makefile '.PHONY' targets set up correctly
* fix an iscsid logout bug generating a false error
and cleanup logout error messages
- Updated to latest upstream version, tagged 2.1.7. Changes
included:
* updated/fixed test script
* updated build system
* several bug fixes, including one for bsc#1199264
- Updated to latest upstream, including bug fixes and cleanups.
Changes included:
* add handling name/value pairs for firmware login (bsc#1196113),
including man page update for same
* Fix bug where some package parts were installed using
DESTDIR twice
* general build cleanup (in prep for removing DB files from
/etc/iscsi some day soon)
Also, now delivering a "/package config"/ file for libopeniscsiusr.
- Update to latest upstream, including test cleanup, minor
bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
bug fixes and cleanups. See the Changelog for more details.
- Merged latest upstream. Mostly cleanup, but includes a fix for
iscsi-init.service when trying to write to the root volume too
early (bsc#1192568), as well as an upstream fix for possible
deadlock when dealing with sysfs.
- Fix the usr-merge changes (bsc#1192013). This includes catching
all the places that /sbin was still used directly, as well as
making the SPEC file build using /usr/sbin for openSUSE but
still use /sbin for SLE, for now.
- Fix possible systemd cycle by adding an "/obsoletes"/ for
the old libopeniscsiusr for older versions.
- Update to latest from upstream, fixing:
* Moving the executables from /sbin to /usr/sbin (bsc#1191054)
* Remove default dependencies from iscsi-init.service
(bsc#1187190)
- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
these changes not already present:
* Handle IPv6 interfaces correctly. (bsc#1187958)
* Handle qedi correctly in NPAR mode (bsc#1187958)
* Update iscsiadm man page (bsc#1187958)
* Update iface.example for ipv6
* Change iscsi IP type from defines to enum.
* Handle recv() returning 0 in iscsid_response()
- Merged latest upstream, which includes:
* iscsid: set PR_SET_IO_FLUSHER (bsc#1188869)
- openldap2
-
- bsc#1198341 - Prevent memory reuse which may lead to instability
* 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
* 0242-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1191157 - Correct version specification in ppolicy to allow
submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
* 0239-ITS-9422-Update-for-TLS-v1.3.patch
* 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
* 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their
related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- openssh
-
- Add openssh-do-not-send-empty-message.patch: Prevent empty
messages from being sent. This avoids a superfluous new line
(bsc#1192439).
- Add openssh-CVE-2021-28041-agent-double-free.patch (bsc#1183137,
CVE-2021-28041), from upstream.
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
(bsc#1190975, CVE-2021-41617), backported from upstream by
Ali Abdallah.
- openssl-1_1
-
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
* Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
- Encrypt the sixteen bytes that were unencrypted in some circumstances
on 32-bit x86 platforms.
* [bsc#1201099, CVE-2022-2097]
* added openssl-CVE-2022-2097.patch
- Added openssl-1_1-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
* Openssl failed tests because of expired certificates.
* bsc#1185637
* Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
- Security Fix: [bsc#1196877, CVE-2022-0778]
* Infinite loop in BN_mod_sqrt() reachable when parsing certificates
* Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
* PAC pointer authentication signs the return address against the
value of the stack pointer, to prevent stack overrun exploits
from corrupting the control flow. The Poly1305 armv8 code got
this wrong, resulting in crashes on PAC capable hardware.
* Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
* Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
- Add RSA_get0_pss_params() accessor that is used by nodejs16
and provide openssl-has-RSA_get0_pss_params, fixes bsc#1192489.
* Add patch rsa-pss.patch, provided by Adam Majer, amajer@suse.com
- Previously added patch interferes with FIPS validation.
* Removed openssl-1.1.1-fips_list_ciphers.patch
- p11-kit
-
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
Added p11-kit-CVE-2020-29362.patch:
- 0001-common-Use-reallocarray-instead-of-realloc-as-approp.patch
0001-Check-for-arithmetic-overflows-before-allocating.patch
0001-Follow-up-to-arithmetic-overflow-fix.patch:
Fixed multiple integer overflows in rpc code (bsc#1180064
CVE-2020-29361)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993,
0001-trust-Support-CKA_NSS_-SERVER-EMAIL-_DISTRUST_AFTER.patch)
- add bcond to spec file to enable debug easily
- pam
-
- Update pam_motd to the most current version. This fixes various issues
and adds support for mot.d directories [jsc#PED-1712].
* Added: pam-ped1712-pam_motd-directory-feature.patch
- Do not include obsolete libselinux header files flask.h and
av_permissions.h.
[bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch]
- Between allocating the variable "/ai"/ and free'ing them, there are
two "/return NO"/ were we don't free this variable. This patch
inserts freaddrinfo() calls before the "/return NO;"/s.
[bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
The variable is needed by systemd and others.
[bsc#1196093, macros.pam]
- Corrected a bad directive file which resulted in
the "/securetty"/ file to be installed as "/macros.pam"/.
[pam.spec]
- Added tmpfiles for pam to set up directory for pam_faillock.
[pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
Cleanup in pam.spec:
* Replaced all references to ${_lib}/security in pam.spec by
%{_pam_moduledir}
* Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
[bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
[jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- pciutils
-
- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
(bsc#1192862)
- pcre
-
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
* bsc#1199232
* CVE-2022-1586
* Fixes unicode property matching issue
- pcre 8.45 (the final release)
* Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
* Small patch to pcreposix.c to set the erroroffset field to -1 immediately
after a successful compile, instead of at the start of matching to avoid a
sanitizer complaint (regexec is supposed to be thread safe).
* Check the size of the number after (?C as it is read, in order to avoid
integer overflow. (bsc#1172974, CVE-2020-14155)
* Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
in pcretest.
- pcre 8.43
* In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
negative class with no characters less than 0x100 followed by a positive class
with only characters less than 0x100, the first class was incorrectly being
auto-possessified, causing incorrect match failures.
* If the only branch in a conditional subpattern was anchored, the whole
subpattern was treated as anchored, when it should not have been, since the
assumed empty second branch cannot be anchored. Demonstrated by test patterns
such as /(?(1)^())b/ or /(?(?=^))b/.
* Fix subject buffer overread in JIT when UTF is disabled and X or R has
a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
(bsc#1172973 CVE-2019-20838)
* If a pattern started with a subroutine call that had a quantifier with a
minimum of zero, an incorrect "/match must start with this character"/ could be
recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
be the first character of a match.
- pcre 8.42
* If a backreference with a minimum repeat count of zero was first in a
pattern, apart from assertions, an incorrect first matching character could be
recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
as the first character of a match.
* Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.
* When matching using the the REG_STARTEND feature of the POSIX API with a
non-zero starting offset, unset capturing groups with lower numbers than a
group that did capture something were not being correctly returned as "/unset"/
(that is, with offset values of -1).
* Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
containing multi-code-unit characters caused bad behaviour and possibly a
crash. This issue was fixed for other kinds of repeat in release 8.37 by change
38, but repeating character classes were overlooked.
- pcre2
-
- Added pcre2-bsc1199235-CVE-2022-1587.patch
* CVE-2022-1587 / bsc#1199235
* Fix out-of-bounds read due to bug in recursions
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch
* CVE-2019-20454 / bsc#1164384
* Fix crash when X is used in non-UTF mode on certain inputs.
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f
- https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9
- Added pcre2-10.31-bsc1199232-unicode-property-matching.patch
* bsc#1199232 / CVE-2022-1586
* Fixes unicode property matching issue
- perl
-
- fix File::Path rmtree/remove_tree race condition
[bnc#1047178] [CVE-2017-6512]
new patch: perl-file_path_rmtree_fchmod.diff
- Stabilize Socket::VERSION comparisons [bnc#1193489]
new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
(bsc#1198197)
- 0.938
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
jsc#SLE-18271).
- 0.937
- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936
- merge gh#openSUSE/perl-bootloader#135
- fix typo in update-bootloader
- 0.935
- perl-XML-LibXML
-
- (bsc#1197798) FTBFS: compile against latest version available of
libxml in SP4 so perl-XML-LibXSLT compiles cleanly.
- permissions
-
* Revert "/drop ping capabilities in favor of ICMP_PROTO sockets"/. Older
SLE-15 versions don't properly support this feature yet (bsc#1204137)
- Update to version 20181225:
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20181225:
* chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20181225:
* setuid bit for cockpit session binary (bsc#1169614)
- Update to version 20181225:
* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
- Update to version 20181225:
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- CVE-2021-4034: fixed a local privilege escalation in pkexec (bsc#1194568)
added CVE-2021-4034-pkexec-fix.patch
- procps
-
- Add the patches
* procps-3.3.17-library-bsc1181475.patch
* procps-3.3.17-top-bsc1181475.patch
which are backports of current newlib tree to solve bug bsc#1181475
* 'free' command reports misleading "/used"/ value
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
- psmisc
-
* Add a fallback if the system call name_to_handle_at() is
not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
* Replace the synchronizing over pipes of the sub process for the
stat(2) system call with mutex and conditions from pthreads(7)
(bsc#1194172)
- Add patch psmisc-22.21-statx.patch
* Use statx(2) or SYS_statx system call to replace the stat(2)
system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- python-Babel
-
- Add CVE-2021-42771-rel-path-traversal.patch fixing
CVE-2021-42771 by cleaning locale identifiers before loading
from file (bsc#1185768).
- python-M2Crypto
-
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- python-PyJWT
-
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
CVE-2022-29217 (bsc#1199756), which disallows use of blocked
pubkeys (heavily modified from upstream).
- python-boto3
-
- Update to version 1.23.4 (bsc#1199716)
* api-change:``gamesparks``: [``botocore``] This release adds an optional DeploymentResult field in
the responses of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests APIs.
* enhancement:StreamingBody: [``botocore``] Allow StreamingBody to be used as a context manager
* api-change:``lookoutmetrics``: [``botocore``] In this release we added SnsFormat to
SNSConfiguration to support human readable alert.
- from version 1.23.3
* api-change:``greengrassv2``: [``botocore``] This release adds the new DeleteDeployment API
operation that you can use to delete deployment resources. This release also adds support for
discontinued AWS-provided components, so AWS can communicate when a component has any issues that
you should consider before you deploy it.
* api-change:``quicksight``: [``botocore``] API UpdatePublicSharingSettings enables IAM admins to
enable/disable account level setting for public access of dashboards. When enabled,
owners/co-owners for dashboards can enable public access on their dashboards. These dashboards can
only be accessed through share link or embedding.
* api-change:``appmesh``: [``botocore``] This release updates the existing Create and Update APIs
for meshes and virtual nodes by adding a new IP preference field. This new IP preference field can
be used to control the IP versions being used with the mesh and allows for IPv6 support within App
Mesh.
* api-change:``batch``: [``botocore``] Documentation updates for AWS Batch.
* api-change:``iotevents-data``: [``botocore``] Introducing new API for deleting detectors:
BatchDeleteDetector.
* api-change:``transfer``: [``botocore``] AWS Transfer Family now supports SetStat server
configuration option, which provides the ability to ignore SetStat command issued by file transfer
clients, enabling customers to upload files without any errors.
- from version 1.23.2
* api-change:``kms``: [``botocore``] Add HMAC best practice tip, annual rotation of AWS managed
keys.
* api-change:``glue``: [``botocore``] This release adds a new optional parameter called
codeGenNodeConfiguration to CRUD job APIs that allows users to manage visual jobs via APIs. The
updated CreateJob and UpdateJob will create jobs that can be viewed in Glue Studio as a visual
graph. GetJob can be used to get codeGenNodeConfiguration.
- Remove unnecessary version constraint for python3-pytest in BuildRequires
- Update BuildRequires and Requires from setup.py
- Update to version 1.23.1
* api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
Amazon Elastic Container Service, Amazon Route 53, AWS Elastic Disaster Recovery, AWS Backup in
addition to the existing supported Services. This release also supports Terraform file input from
S3 and scheduling daily assessments
* api-change:``servicecatalog``: [``botocore``] Updated the descriptions for the
ListAcceptedPortfolioShares API description and the PortfolioShareType parameters.
* api-change:``discovery``: [``botocore``] Add Migration Evaluator Collector details to the
GetDiscoverySummary API response
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``workspaces-web``: [``botocore``] Amazon WorkSpaces Web now supports Administrator
timeout control
* api-change:``rekognition``: [``botocore``] Documentation updates for Amazon Rekognition.
* api-change:``cloudfront``: [``botocore``] Introduced a new error
(TooLongCSPInResponseHeadersPolicy) that is returned when the value of the Content-Security-Policy
header in a response headers policy exceeds the maximum allowed length.
- from version 1.23.0
* feature:Loaders: [``botocore``] Support for loading gzip compressed model files.
* api-change:``grafana``: [``botocore``] This release adds APIs for creating and deleting API keys
in an Amazon Managed Grafana workspace.
- from version 1.22.13
* api-change:``ivschat``: [``botocore``] Documentation-only updates for IVS Chat API Reference.
* api-change:``lambda``: [``botocore``] Lambda releases NodeJs 16 managed runtime to be available
in all commercial regions.
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
Jira. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-jira.html
* api-change:``transfer``: [``botocore``] AWS Transfer Family now accepts ECDSA keys for server
host keys
* api-change:``iot``: [``botocore``] Documentation update for China region ListMetricValues for IoT
* api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
600 to 850 characters.
* api-change:``finspace-data``: [``botocore``] We've now deprecated CreateSnapshot permission for
creating a data view, instead use CreateDataView permission.
* api-change:``lightsail``: [``botocore``] This release adds support to include inactive database
bundles in the response of the GetRelationalDatabaseBundles request.
* api-change:``outposts``: [``botocore``] Documentation updates for AWS Outposts.
* api-change:``ec2``: [``botocore``] This release introduces a target type Gateway Load Balancer
Endpoint for mirrored traffic. Customers can now specify GatewayLoadBalancerEndpoint option during
the creation of a traffic mirror target.
* api-change:``ssm-incidents``: [``botocore``] Adding support for dynamic SSM Runbook parameter
values. Updating validation pattern for engagements. Adding ConflictException to
UpdateReplicationSet API contract.
- from version 1.22.12
* api-change:``secretsmanager``: [``botocore``] Doc only update for Secrets Manager that fixes
several customer-reported issues.
* api-change:``ec2``: [``botocore``] This release updates AWS PrivateLink APIs to support IPv6 for
PrivateLink Services and Endpoints of type 'Interface'.
- Update BuildRequires and Requires from setup.py
- Update to version 1.22.11
* api-change:``migration-hub-refactor-spaces``: [``botocore``] AWS Migration Hub Refactor Spaces
documentation only update to fix a formatting issue.
* api-change:``ec2``: [``botocore``] Added support for using NitroTPM and UEFI Secure Boot on EC2
instances.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``compute-optimizer``: [``botocore``] Documentation updates for Compute Optimizer
* api-change:``eks``: [``botocore``] Adds BOTTLEROCKET_ARM_64_NVIDIA and BOTTLEROCKET_x86_64_NVIDIA
AMI types to EKS managed nodegroups
- from version 1.22.10
* api-change:``evidently``: [``botocore``] Add detail message inside GetExperimentResults API
response to indicate experiment result availability
* api-change:``ssm-contacts``: [``botocore``] Fixed an error in the DescribeEngagement example for
AWS Incident Manager.
* api-change:``cloudcontrol``: [``botocore``] SDK release for Cloud Control API to include
paginators for Python SDK.
- from version 1.22.9
* api-change:``rds``: [``botocore``] Various documentation improvements.
* api-change:``redshift``: [``botocore``] Introduces new field 'LoadSampleData' in CreateCluster
operation. Customers can now specify 'LoadSampleData' option during creation of a cluster, which
results in loading of sample data in the cluster that is created.
* api-change:``ec2``: [``botocore``] Add new state values for IPAMs, IPAM Scopes, and IPAM Pools.
* api-change:``mediapackage``: [``botocore``] This release adds Dvb Dash 2014 as an available
profile option for Dash Origin Endpoints.
* api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub API reference
* api-change:``location``: [``botocore``] Amazon Location Service now includes a MaxResults
parameter for ListGeofences requests.
- from version 1.22.8
* api-change:``ec2``: [``botocore``] Amazon EC2 I4i instances are powered by 3rd generation Intel
Xeon Scalable processors and feature up to 30 TB of local AWS Nitro SSD storage
* api-change:``kendra``: [``botocore``] AWS Kendra now supports hierarchical facets for a query.
For more information, see https://docs.aws.amazon.com/kendra/latest/dg/filtering.html
* api-change:``iot``: [``botocore``] AWS IoT Jobs now allows you to create up to 100,000 active
continuous and snapshot jobs by using concurrency control.
* api-change:``datasync``: [``botocore``] AWS DataSync now supports a new ObjectTags Task API
option that can be used to control whether Object Tags are transferred.
- from version 1.22.7
* api-change:``ssm``: [``botocore``] This release adds the TargetMaps parameter in SSM State
Manager API.
* api-change:``backup``: [``botocore``] Adds support to 2 new filters about job complete time for 3
list jobs APIs in AWS Backup
* api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
* api-change:``iotsecuretunneling``: [``botocore``] This release introduces a new API
RotateTunnelAccessToken that allow revoking the existing tokens and generate new tokens
- from version 1.22.6
* api-change:``ec2``: [``botocore``] Adds support for allocating Dedicated Hosts on AWS Outposts.
The AllocateHosts API now accepts an OutpostArn request parameter, and the DescribeHosts API now
includes an OutpostArn response parameter.
* api-change:``s3``: [``botocore``] Documentation only update for doc bug fixes for the S3 API docs.
* api-change:``kinesisvideo``: [``botocore``] Add support for multiple image feature related APIs
for configuring image generation and notification of a video stream. Add "/GET_IMAGES"/ to the list
of supported API names for the GetDataEndpoint API.
* api-change:``sagemaker``: [``botocore``] SageMaker Autopilot adds new metrics for all candidate
models generated by Autopilot experiments; RStudio on SageMaker now allows users to bring your own
development environment in a custom image.
* api-change:``kinesis-video-archived-media``: [``botocore``] Add support for GetImages API for
retrieving images from a video stream
- from version 1.22.5
* api-change:``organizations``: [``botocore``] This release adds the INVALID_PAYMENT_INSTRUMENT as
a fail reason and an error message.
* api-change:``synthetics``: [``botocore``] CloudWatch Synthetics has introduced a new feature to
provide customers with an option to delete the underlying resources that Synthetics canary creates
when the user chooses to delete the canary.
* api-change:``outposts``: [``botocore``] This release adds a new API called ListAssets to the
Outposts SDK, which lists the hardware assets in an Outpost.
- from version 1.22.4
* api-change:``rds``: [``botocore``] Feature - Adds support for Internet Protocol Version 6 (IPv6)
on RDS database instances.
* api-change:``codeguru-reviewer``: [``botocore``] Amazon CodeGuru Reviewer now supports
suppressing recommendations from being generated on specific files and directories.
* api-change:``ssm``: [``botocore``] Update the StartChangeRequestExecution, adding TargetMaps to
the Runbook parameter
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK nows supports creation
of Dolby Vision profile 8.1, the ability to generate black frames of video, and introduces
audio-only DASH and CMAF support.
* api-change:``wafv2``: [``botocore``] You can now inspect all request headers and all cookies. You
can now specify how to handle oversize body contents in your rules that inspect the body.
- from version 1.22.3
* api-change:``auditmanager``: [``botocore``] This release adds documentation updates for Audit
Manager. We provided examples of how to use the Custom_ prefix for the keywordValue attribute. We
also provided more details about the DeleteAssessmentReport operation.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall adds support for stateful
threat signature AWS managed rule groups.
* api-change:``ec2``: [``botocore``] This release adds support to query the public key and creation
date of EC2 Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when
creating a new key pair.
* api-change:``braket``: [``botocore``] This release enables Braket Hybrid Jobs with Embedded
Simulators to have multiple instances.
* api-change:``guardduty``: [``botocore``] Documentation update for API description.
* api-change:``connect``: [``botocore``] This release introduces an API for changing the current
agent status of a user in Connect.
- from version 1.22.2
* api-change:``rekognition``: [``botocore``] This release adds support to configure
stream-processor resources for label detections on streaming-videos. UpateStreamProcessor API is
also launched with this release, which could be used to update an existing stream-processor.
* api-change:``cloudtrail``: [``botocore``] Increases the retention period maximum to 2557 days.
Deprecates unused fields of the ListEventDataStores API response. Updates documentation.
* api-change:``lookoutequipment``: [``botocore``] This release adds the following new features: 1)
Introduces an option for automatic schema creation 2) Now allows for Ingestion of data containing
most common errors and allows automatic data cleaning 3) Introduces new API ListSensorStatistics
that gives further information about the ingested data
* api-change:``iotwireless``: [``botocore``] Add list support for event configurations, allow to
get and update event configurations by resource type, support LoRaWAN events; Make
NetworkAnalyzerConfiguration as a resource, add List, Create, Delete API support; Add FCntStart
attribute support for ABP WirelessDevice.
* api-change:``amplify``: [``botocore``] Documentation only update to support the Amplify GitHub
App feature launch
* api-change:``chime-sdk-media-pipelines``: [``botocore``] For Amazon Chime SDK meetings, the
Amazon Chime Media Pipelines SDK allows builders to capture audio, video, and content share
streams. You can also capture meeting events, live transcripts, and data messages. The pipelines
save the artifacts to an Amazon S3 bucket that you designate.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for custom
validation dataset and validation ratio through the CreateAutoMLJob and DescribeAutoMLJob APIs.
- Update BuildRequires and Requires from setup.py
- Update to version 1.22.1
* api-change:``lightsail``: [``botocore``] This release adds support for Lightsail load balancer
HTTP to HTTPS redirect and TLS policy configuration.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts customer KMS
key ID for encryption of endpoints and compilation outputs created during inference recommendation.
* api-change:``pricing``: [``botocore``] Documentation updates for Price List API
* api-change:``glue``: [``botocore``] This release adds documentation for the APIs to create, read,
delete, list, and batch read of AWS Glue custom patterns, and for Lake Formation configuration
settings in the AWS Glue crawler.
* api-change:``cloudfront``: [``botocore``] CloudFront now supports the Server-Timing header in
HTTP responses sent from CloudFront. You can use this header to view metrics that help you gain
insights about the behavior and performance of CloudFront. To use this header, enable it in a
response headers policy.
* api-change:``ivschat``: [``botocore``] Adds new APIs for IVS Chat, a feature for building
interactive chat experiences alongside an IVS broadcast.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now enables customers to use
a customer managed AWS KMS key for the encryption of their firewall resources.
- from version 1.22.0
* api-change:``gamelift``: [``botocore``] Documentation updates for Amazon GameLift.
* api-change:``mq``: [``botocore``] This release adds the CRITICAL_ACTION_REQUIRED broker state and
the ActionRequired API property. CRITICAL_ACTION_REQUIRED informs you when your broker is degraded.
ActionRequired provides you with a code which you can use to find instructions in the Developer
Guide on how to resolve the issue.
* feature:IMDS: [``botocore``] Added resiliency mechanisms to IMDS Credential Fetcher
* api-change:``securityhub``: [``botocore``] Security Hub now lets you opt-out of auto-enabling the
defaults standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security
Hub's integration with AWS Organizations.
* api-change:``connect``: [``botocore``] This release adds SearchUsers API which can be used to
search for users with a Connect Instance
* api-change:``rds-data``: [``botocore``] Support to receive SQL query results in the form of a
simplified JSON string. This enables developers using the new JSON string format to more easily
convert it to an object using popular JSON string parsing libraries.
- from version 1.21.46
* api-change:``chime-sdk-meetings``: [``botocore``] Include additional exceptions types.
* api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for a deleted
NAT Gateway until it reaches the deleted state.
- from version 1.21.45
* api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
a trigger event list for classifying and grouping recommendations.
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``iottwinmaker``: [``botocore``] General availability (GA) for AWS IoT TwinMaker. For
more information, see https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``mediatailor``: [``botocore``] This release introduces tiered channels and adds
support for live sources. Customers using a STANDARD channel can now create programs using live
sources.
* api-change:``storagegateway``: [``botocore``] This release adds support for minimum of 5
character length virtual tape barcodes.
* api-change:``lookoutmetrics``: [``botocore``] Added DetectMetricSetConfig API for detecting
configuration required for creating metric set from provided S3 data source.
* api-change:``iotsitewise``: [``botocore``] This release adds 3 new batch data query APIs :
BatchGetAssetPropertyValue, BatchGetAssetPropertyValueHistory and BatchGetAssetPropertyAggregates
* api-change:``glue``: [``botocore``] This release adds APIs to create, read, delete, list, and
batch read of Glue custom entity types
- from version 1.21.44
* api-change:``macie2``: [``botocore``] Sensitive data findings in Amazon Macie now indicate how
Macie found the sensitive data that produced a finding (originType).
* api-change:``rds``: [``botocore``] Added a new cluster-level attribute to set the capacity range
for Aurora Serverless v2 instances.
* api-change:``mgn``: [``botocore``] Removed required annotation from input fields in Describe
operations requests. Added quotaValue to ServiceQuotaExceededException
* api-change:``connect``: [``botocore``] This release adds APIs to search, claim, release, list,
update, and describe phone numbers. You can also use them to associate and disassociate contact
flows to phone numbers.
- from version 1.21.43
* api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
information from documents using the Queries feature within Analyze Document API
* api-change:``worklink``: [``botocore``] Amazon WorkLink is no longer supported. This will be
removed in a future version of the SDK.
* api-change:``ssm``: [``botocore``] Added offset support for specifying the number of days to wait
after the date and time specified by a CRON expression when creating SSM association.
* api-change:``autoscaling``: [``botocore``] EC2 Auto Scaling now adds default instance warm-up
times for all scaling activities, health check replacements, and other replacement events in the
Auto Scaling instance lifecycle.
* api-change:``personalize``: [``botocore``] Adding StartRecommender and StopRecommender APIs for
Personalize.
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
Quip. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-quip.html
* api-change:``polly``: [``botocore``] Amazon Polly adds new Austrian German voice - Hannah. Hannah
is available as Neural voice only.
* api-change:``transfer``: [``botocore``] This release contains corrected HomeDirectoryMappings
examples for several API functions: CreateAccess, UpdateAccess, CreateUser, and UpdateUser,.
* api-change:``kms``: [``botocore``] Adds support for KMS keys and APIs that generate and verify
HMAC codes
* api-change:``redshift``: [``botocore``] Introduces new fields for LogDestinationType and
LogExports on EnableLogging requests and Enable/Disable/DescribeLogging responses. Customers can
now select CloudWatch Logs as a destination for their Audit Logs.
- from version 1.21.42
* api-change:``lightsail``: [``botocore``] This release adds support to describe the
synchronization status of the account-level block public access feature for your Amazon Lightsail
buckets.
* api-change:``rds``: [``botocore``] Removes Amazon RDS on VMware with the deletion of APIs related
to Custom Availability Zones and Media installation
* api-change:``athena``: [``botocore``] This release adds subfields, ErrorMessage, Retryable, to
the AthenaError response object in the GetQueryExecution API when a query fails.
- from version 1.21.41
* api-change:``batch``: [``botocore``] Enables configuration updates for compute environments with
BEST_FIT_PROGRESSIVE and SPOT_CAPACITY_OPTIMIZED allocation strategies.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``appstream``: [``botocore``] Includes updates for create and update fleet APIs to
manage the session scripts locations for Elastic fleets.
* api-change:``glue``: [``botocore``] Auto Scaling for Glue version 3.0 and later jobs to
dynamically scale compute resources. This SDK change provides customers with the auto-scaled DPU
usage
* api-change:``appflow``: [``botocore``] Enables users to pass custom token URL parameters for
Oauth2 authentication during create connector profile
- from version 1.21.40
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``fsx``: [``botocore``] This release adds support for deploying FSx for ONTAP file
systems in a single Availability Zone.
- from version 1.21.39
* api-change:``ec2``: [``botocore``] X2idn and X2iedn instances are powered by 3rd generation Intel
Xeon Scalable processors with an all-core turbo frequency up to 3.5 GHzAmazon EC2. C6a instances
are powered by 3rd generation AMD EPYC processors.
* api-change:``devops-guru``: [``botocore``] This release adds new APIs DeleteInsight to deletes
the insight along with the associated anomalies, events and recommendations.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1)
ListEntities API now supports search using ExternalId. 2) BatchPutPropertyValue and
GetPropertyValueHistory API now allows users to represent time in sub-second level precisions.
- from version 1.21.38
* api-change:``amplifyuibuilder``: [``botocore``] In this release, we have added the ability to
bind events to component level actions.
* api-change:``apprunner``: [``botocore``] This release adds tracing for App Runner services with
X-Ray using AWS Distro for OpenTelemetry. New APIs: CreateObservabilityConfiguration,
DescribeObservabilityConfiguration, ListObservabilityConfigurations, and
DeleteObservabilityConfiguration. Updated APIs: CreateService and UpdateService.
* api-change:``workspaces``: [``botocore``] Added API support that allows customers to create
GPU-enabled WorkSpaces using EC2 G4dn instances.
- from version 1.21.37
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported
formats, and improved filter support for processing 444/RGB content.
* api-change:``wafv2``: [``botocore``] Add a new CurrentDefaultVersion field to
ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each
ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
* api-change:``mediapackage-vod``: [``botocore``] This release adds ScteMarkersSource as an
available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source
the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35
markers from the segments.
- from version 1.21.36
* api-change:``apigateway``: [``botocore``] ApiGateway CLI command get-usage now includes
usagePlanId, startDate, and endDate fields in the output to match documentation.
* api-change:``personalize``: [``botocore``] This release provides tagging support in AWS
Personalize.
* api-change:``pi``: [``botocore``] Adds support for DocumentDB to the Performance Insights API.
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``docdb``: [``botocore``] Added support to enable/disable performance insights when
creating or modifying db instances
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Notebook Instances now supports G5
instance types
- from version 1.21.35
* bugfix:Proxy: [``botocore``] Fix failure case for IP proxy addresses using TLS-in-TLS.
`boto/botocore#2652 <https://github.com/boto/botocore/pull/2652>`__
* api-change:``config``: [``botocore``] Add resourceType enums for AWS::EMR::SecurityConfiguration
and AWS::SageMaker::CodeRepository
* api-change:``panorama``: [``botocore``] Added Brand field to device listings.
* api-change:``lambda``: [``botocore``] This release adds new APIs for creating and managing Lambda
Function URLs and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can
use Function URLs to create built-in HTTPS endpoints on their functions.
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for Box.
For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
- from version 1.21.34
* api-change:``securityhub``: [``botocore``] Added additional ASFF details for RdsSecurityGroup
AutoScalingGroup, ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
* api-change:``fsx``: [``botocore``] Provide customers more visibility into file system status by
adding new "/Misconfigured Unavailable"/ status for Amazon FSx for Windows File Server.
* api-change:``s3control``: [``botocore``] Documentation-only update for doc bug fixes for the S3
Control API docs.
* api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for OpenZFS
locations.
- from version 1.21.33
* api-change:``iot``: [``botocore``] AWS IoT - AWS IoT Device Defender adds support to list metric
datapoints collected for IoT devices through the ListMetricValues API
* api-change:``servicecatalog``: [``botocore``] This release adds ProvisioningArtifictOutputKeys to
DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates
ProvisioningArtifactOutputs.
* api-change:``sms``: [``botocore``] Revised product update notice for SMS console deprecation.
* api-change:``proton``: [``botocore``] SDK release to support tagging for AWS Proton Repository
resource
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.13.8
- Update BuildRequires and Requires from setup.py
- Update to version 1.21.32
* api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the
specified Amazon Connect instance.
- from version 1.21.31
* api-change:``cloudcontrol``: [``botocore``] SDK release for Cloud Control API in Amazon Web
Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia)
Region, operated by NWCD
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] Amazon Pinpoint now offers a version 2.0
suite of SMS and voice APIs, providing increased control over sending and configuration. This
release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
* api-change:``workspaces``: [``botocore``] Added APIs that allow you to customize the logo, login
message, and help links in the WorkSpaces client login page. To learn more, visit
https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
* api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API
"/ListRoutingControls"/ to list routing control states using the highly reliable Route 53 ARC data
plane endpoints.
* api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to support
ORC as an input format.
* api-change:``auditmanager``: [``botocore``] This release adds documentation updates for Audit
Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or
deregisters a delegated administrator.
* api-change:``grafana``: [``botocore``] This release adds tagging support to the Managed Grafana
service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field
tags to support tagging while calling CreateWorkspace.
- from version 1.21.30
* api-change:``iot-data``: [``botocore``] Update the default AWS IoT Core Data Plane endpoint from
VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules
to grant you access to data-ats.iot.[region].amazonaws.com or
data-ats.iot.[region].amazonaws.com.cn.
* api-change:``ec2``: [``botocore``] This release simplifies the auto-recovery configuration
process enabling customers to set the recovery behavior to disabled or default
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of
third-party policies that can use either the centralized or distributed deployment models.
* api-change:``fsx``: [``botocore``] This release adds support for modifying throughput capacity
for FSx for ONTAP file systems.
* api-change:``iot``: [``botocore``] Doc only update for IoT that fixes customer-reported issues.
- from version 1.21.29
* api-change:``organizations``: [``botocore``] This release provides the new CloseAccount API that
enables principals in the management account to close any member account within an organization.
- from version 1.21.28
* api-change:``medialive``: [``botocore``] This release adds support for selecting a maintenance
window.
* api-change:``acm-pca``: [``botocore``] Updating service name entities
- from version 1.21.27
* api-change:``ec2``: [``botocore``] This is release adds support for Amazon VPC Reachability
Analyzer to analyze path through a Transit Gateway.
* api-change:``ssm``: [``botocore``] This Patch Manager release supports creating, updating, and
deleting Patch Baselines for Rocky Linux OS.
* api-change:``batch``: [``botocore``] Bug Fix: Fixed a bug where shapes were marked as unboxed and
were not serialized and sent over the wire, causing an API error from the service.
- from version 1.21.26
* api-change:``lambda``: [``botocore``] Adds support for increased ephemeral storage (/tmp) up to
10GB for Lambda functions. Customers can now provision up to 10 GB of ephemeral storage per
function instance, a 20x increase over the previous limit of 512 MB.
* api-change:``config``: [``botocore``] Added new APIs GetCustomRulePolicy and
GetOrganizationCustomRulePolicy, and updated existing APIs PutConfigRule, DescribeConfigRule,
DescribeConfigRuleEvaluationStatus, PutOrganizationConfigRule, DescribeConfigRule to support a new
feature for building AWS Config rules with AWS CloudFormation Guard
* api-change:``transcribe``: [``botocore``] This release adds an additional parameter for
subtitling with Amazon Transcribe batch jobs: outputStartIndex.
- from version 1.21.25
* api-change:``redshift``: [``botocore``] This release adds a new [--encrypted | --no-encrypted]
field in restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a
cluster encrypted with AWS Managed Key or their own KMS key.
* api-change:``ebs``: [``botocore``] Increased the maximum supported value for the Timeout
parameter of the StartSnapshot API from 60 minutes to 4320 minutes. Changed the HTTP error code
for ConflictException from 503 to 409.
* api-change:``gamesparks``: [``botocore``] Released the preview of Amazon GameSparks, a fully
managed AWS service that provides a multi-service backend for game developers.
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family to describe
how to remove an associated workflow from a server.
* api-change:``auditmanager``: [``botocore``] This release updates 1 API parameter, the SnsArn
attribute. The character length and regex pattern for the SnsArn attribute have been updated, which
enables you to deselect an SNS topic when using the UpdateSettings operation.
* api-change:``ssm``: [``botocore``] Update AddTagsToResource, ListTagsForResource, and
RemoveTagsFromResource APIs to reflect the support for tagging Automation resources. Includes other
minor documentation updates.
- from version 1.21.24
* api-change:``location``: [``botocore``] Amazon Location Service now includes a MaxResults
parameter for GetDevicePositionHistory requests.
* api-change:``polly``: [``botocore``] Amazon Polly adds new Catalan voice - Arlet. Arlet is
available as Neural voice only.
* api-change:``lakeformation``: [``botocore``] The release fixes the incorrect permissions called
out in the documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet
release fixes the corresponding SDK and documentation.
* api-change:``ecs``: [``botocore``] Documentation only update to address tickets
* api-change:``ce``: [``botocore``] Added three new APIs to support tagging and resource-level
authorization on Cost Explorer resources: TagResource, UntagResource, ListTagsForResource. Added
optional parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and
CreateAnomalyMonitor APIs to support Tag On Create.
- from version 1.21.23
* api-change:``ram``: [``botocore``] Document improvements to the RAM API operations and parameter
descriptions.
* api-change:``ecr``: [``botocore``] This release includes a fix in the DescribeImageScanFindings
paginated output.
* api-change:``quicksight``: [``botocore``] AWS QuickSight Service Features - Expand public API
support for group management.
* api-change:``chime-sdk-meetings``: [``botocore``] Add support for media replication to link
multiple WebRTC media sessions together to reach larger and global audiences. Participants
connected to a replica session can be granted access to join the primary session and can switch
sessions with their existing WebRTC connection
* api-change:``mediaconnect``: [``botocore``] This release adds support for selecting a maintenance
window.
- from version 1.21.22
* enhancement:jmespath: [``botocore``] Add env markers to get working version of jmespath for
python 3.6
* api-change:``glue``: [``botocore``] Added 9 new APIs for AWS Glue Interactive Sessions:
ListSessions, StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement,
ListStatements, CancelStatement
- from version 1.21.21
* enhancement:Dependency: [``botocore``] Added support for jmespath 1.0
* api-change:``amplifybackend``: [``botocore``] Adding the ability to customize Cognito
verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding
deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
* api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
Authority (CA) now supports customizable certificate subject names and extensions.
* api-change:``ssm-incidents``: [``botocore``] Removed incorrect validation pattern for
IncidentRecordSource.invokedBy
* enhancement:Dependency: Added support for jmespath 1.0
* api-change:``billingconductor``: [``botocore``] This is the initial SDK release for AWS Billing
Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize
your billing data to match your desired business structure.
* api-change:``s3outposts``: [``botocore``] S3 on Outposts is releasing a new API,
ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared
by Resource Access Manager (RAM).
- from version 1.21.20
* api-change:``robomaker``: [``botocore``] This release deprecates ROS, Ubuntu and Gazbeo from
RoboMaker Simulation Service Software Suites in favor of user-supplied containers and Relaxed
Software Suites.
* api-change:``dataexchange``: [``botocore``] This feature enables data providers to use the
RevokeRevision operation to revoke subscriber access to a given revision. Subscribers are unable to
interact with assets within a revoked revision.
* api-change:``ec2``: [``botocore``] Adds the Cascade parameter to the DeleteIpam API. Customers
can use this parameter to automatically delete their IPAM, including non-default scopes, pools,
cidrs, and allocations. There mustn't be any pools provisioned in the default public scope to use
this parameter.
* api-change:``cognito-idp``: [``botocore``] Updated EmailConfigurationType and
SmsConfigurationType to reflect that you can now choose Amazon SES and Amazon SNS resources in the
same Region.
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt extra to 0.13.5
* api-change:``location``: [``botocore``] New HERE style "/VectorHereExplore"/ and
"/VectorHereExploreTruck"/.
* api-change:``ecs``: [``botocore``] Documentation only update to address tickets
* api-change:``keyspaces``: [``botocore``] Fixing formatting issues in CLI and SDK documentation
* api-change:``rds``: [``botocore``] Various documentation improvements
- from version 1.21.19
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
Slack. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
* api-change:``timestream-query``: [``botocore``] Amazon Timestream Scheduled Queries now support
Timestamp datatype in a multi-measure record.
* enhancement:Stubber: [``botocore``] Added support for modeled exception fields when adding errors
to a client stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``config``: [``botocore``] Add resourceType enums for AWS::ECR::PublicRepository and
AWS::EC2::LaunchTemplate
- from version 1.21.18
* api-change:``outposts``: [``botocore``] This release adds address filters for listSites
* api-change:``lambda``: [``botocore``] Adds PrincipalOrgID support to AddPermission API. Customers
can use it to manage permissions to lambda functions at AWS Organizations level.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
* api-change:``connect``: [``botocore``] This release adds support for enabling Rich Messaging when
starting a new chat session via the StartChatContact API. Rich Messaging enables the following
formatting options: bold, italics, hyperlinks, bulleted lists, and numbered lists.
* api-change:``chime``: [``botocore``] Chime VoiceConnector Logging APIs will now support
MediaMetricLogs. Also CreateMeetingDialOut now returns AccessDeniedException.
- from version 1.21.17
* api-change:``transcribe``: [``botocore``] Documentation fix for API
`StartMedicalTranscriptionJobRequest`, now showing min sample rate as 16khz
* api-change:``transfer``: [``botocore``] Adding more descriptive error types for managed workflows
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
- from version 1.21.16
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports extracting the sentiment
associated with entities such as brands, products and services from text documents.
- from version 1.21.15
* api-change:``eks``: [``botocore``] Introducing a new enum for NodeGroup error code:
Ec2SubnetMissingIpv6Assignment
* api-change:``keyspaces``: [``botocore``] Adding link to CloudTrail section in Amazon Keyspaces
Developer Guide
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same
interval as the video and audio in HLS packages.
- from version 1.21.14
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Transcribe language
identification feature to the StartMeetingTranscription API.
* api-change:``ecs``: [``botocore``] Amazon ECS UpdateService API now supports additional
parameters: loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
* api-change:``migration-hub-refactor-spaces``: [``botocore``] AWS Migration Hub Refactor Spaces
documentation update.
- from version 1.21.13
* api-change:``synthetics``: [``botocore``] Allow custom handler function.
* api-change:``transfer``: [``botocore``] Add waiters for server online and offline.
* api-change:``devops-guru``: [``botocore``] Amazon DevOps Guru now integrates with Amazon CodeGuru
Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps
Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can
enable this feature with UpdateEventSourcesConfig.
* api-change:``macie``: [``botocore``] Amazon Macie Classic (macie) has been discontinued and is no
longer available. A new Amazon Macie (macie2) is now available with significant design improvements
and additional features.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``connect``: [``botocore``] This release updates the *InstanceStorageConfig APIs so
they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to
enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time
contact analysis segments will be published.
- from version 1.21.12
* api-change:``greengrassv2``: [``botocore``] Doc only update that clarifies Create Deployment
section.
* api-change:``fsx``: [``botocore``] This release adds support for data repository associations to
use root ("//"/) as the file system path
* api-change:``kendra``: [``botocore``] Amazon Kendra now suggests spell corrections for a query.
For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
* api-change:``appflow``: [``botocore``] Launching Amazon AppFlow Marketo as a destination
connector SDK.
* api-change:``timestream-query``: [``botocore``] Documentation only update for SDK and CLI
- from version 1.21.11
* api-change:``gamelift``: [``botocore``] Minor updates to address errors.
* api-change:``cloudtrail``: [``botocore``] Add bytesScanned field into responses of DescribeQuery
and GetQueryResults.
* api-change:``athena``: [``botocore``] This release adds support for S3 Object Ownership by
allowing the S3 bucket owner full control canned ACL to be set when Athena writes query results to
S3 buckets.
* api-change:``keyspaces``: [``botocore``] This release adds support for data definition language
(DDL) operations
* api-change:``ecr``: [``botocore``] This release adds support for tracking images
lastRecordedPullTime.
- Update BuildRequires and Requires from setup.py
- Update to version 1.21.10
* api-change:``mediapackage``: [``botocore``] This release adds Hybridcast as an available profile
option for Dash Origin Endpoints.
* api-change:``rds``: [``botocore``] Documentation updates for Multi-AZ DB clusters.
* api-change:``mgn``: [``botocore``] Add support for GP3 and IO2 volume types. Add bootMode to
LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
* api-change:``kafkaconnect``: [``botocore``] Adds operation for custom plugin deletion
(DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and
DescribeConnector responses to return errors from asynchronous resource creation.
- from version 1.21.9
* api-change:``finspace-data``: [``botocore``] Add new APIs for managing Users and Permission
Groups.
* api-change:``amplify``: [``botocore``] Add repositoryCloneMethod field for hosting an Amplify
app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
* api-change:``fsx``: [``botocore``] This release adds support for the following FSx for OpenZFS
features: snapshot lifecycle transition messages, force flag for deleting file systems with child
resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
* api-change:``fis``: [``botocore``] This release adds logging support for AWS Fault Injection
Simulator experiments. Experiment templates can now be configured to send experiment activity logs
to Amazon CloudWatch Logs or to an S3 bucket.
* api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API option to
enable overriding safety rules to allow routing control state updates.
* api-change:``amplifyuibuilder``: [``botocore``] We are adding the ability to configure workflows
and actions for components.
* api-change:``athena``: [``botocore``] This release adds support for updating an existing named
query.
* api-change:``ec2``: [``botocore``] This release adds support for new AMI property
'lastLaunchedTime'
* api-change:``servicecatalog-appregistry``: [``botocore``] AppRegistry is deprecating Application
and Attribute-Group Name update feature. In this release, we are marking the name attributes for
Update APIs as deprecated to give a heads up to our customers.
- from version 1.21.8
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``panorama``: [``botocore``] Added NTP server configuration parameter to
ProvisionDevice operation. Added alternate software fields to DescribeDevice response
- from version 1.21.7
* api-change:``route53``: [``botocore``] SDK doc update for Route 53 to update some parameters with
new information.
* api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to merge job
outputs into a max number of files for S3 File output type.
* api-change:``transfer``: [``botocore``] Support automatic pagination when listing AWS Transfer
Family resources.
* api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations adds support for new
integrity checking capabilities in Amazon S3.
* api-change:``s3``: [``botocore``] This release adds support for new integrity checking
capabilities in Amazon S3. You can choose from four supported checksum algorithms for data
integrity checking on your upload and download requests. In addition, AWS SDK can automatically
calculate a checksum as it streams data into S3
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of AWS
Network Firewall policies with either centralized or distributed deployment models. This release
also adds support for custom endpoint configuration, where you can choose which Availability Zones
to create firewall endpoints in.
* api-change:``lightsail``: [``botocore``] This release adds support to delete and create Lightsail
default key pairs that you can use with Lightsail instances.
* api-change:``autoscaling``: [``botocore``] You can now hibernate instances in a warm pool to stop
instances without deleting their RAM contents. You can now also return instances to the warm pool
on scale in, instead of always terminating capacity that you will need later.
- from version 1.21.6
* api-change:``transfer``: [``botocore``] The file input selection feature provides the ability to
use either the originally uploaded file or the output file from the previous workflow step,
enabling customers to make multiple copies of the original file while keeping the source file
intact for file archival.
* api-change:``lambda``: [``botocore``] Lambda releases .NET 6 managed runtime to be available in
all commercial regions.
* api-change:``textract``: [``botocore``] Added support for merged cells and column header for
table response.
- from version 1.21.5
* api-change:``translate``: [``botocore``] This release enables customers to use translation
settings for formality customization in their synchronous translation output.
* api-change:``wafv2``: [``botocore``] Updated descriptions for logging configuration.
* api-change:``apprunner``: [``botocore``] AWS App Runner adds a Java platform (Corretto 8,
Corretto 11 runtimes) and a Node.js 14 runtime.
- from version 1.21.4
* api-change:``imagebuilder``: [``botocore``] This release adds support to enable faster launching
for Windows AMIs created by EC2 Image Builder.
* api-change:``customer-profiles``: [``botocore``] This release introduces apis
CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These
apis are used to manage and view integration workflows.
* api-change:``dynamodb``: [``botocore``] DynamoDB ExecuteStatement API now supports Limit as a
request parameter to specify the maximum number of items to evaluate. If specified, the service
will process up to the Limit and the results will include a LastEvaluatedKey value to continue the
read in a subsequent operation.
- from version 1.21.3
* api-change:``transfer``: [``botocore``] Properties for Transfer Family used with SFTP, FTP, and
FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user
authenticates onto a server using one of the previously mentioned protocols.
* api-change:``gamelift``: [``botocore``] Increase string list limit from 10 to 100.
* api-change:``budgets``: [``botocore``] This change introduces
DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified
account
- from version 1.21.2
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``redshift``: [``botocore``] SDK release for Cross region datasharing and cost-control
for cross region datasharing
* api-change:``evidently``: [``botocore``] Add support for filtering list of experiments and
launches by status
* api-change:``backup``: [``botocore``] AWS Backup add new S3_BACKUP_OBJECT_FAILED and
S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
- from version 1.21.1
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``budgets``: [``botocore``] Adds support for auto-adjusting budgets, a new budget
method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a
budget limit baseline using a historical lookback average or current period forecast.
* api-change:``ce``: [``botocore``] AWS Cost Anomaly Detection now supports SNS FIFO topic
subscribers.
* api-change:``glue``: [``botocore``] Support for optimistic locking in UpdateTable
* api-change:``ssm``: [``botocore``] Assorted ticket fixes and updates for AWS Systems Manager.
- Update BuildRequires and Requires from setup.py
- actually does not require python-mock for build
- Update to version 1.21.0
* api-change:``appflow``: [``botocore``] Launching Amazon AppFlow SAP as a destination connector
SDK.
* feature:Parser: [``botocore``] Adding support for parsing int/long types in rest-json response
headers.
* api-change:``rds``: [``botocore``] Adds support for determining which Aurora PostgreSQL versions
support Babelfish.
* api-change:``athena``: [``botocore``] This release adds a subfield, ErrorType, to the AthenaError
response object in the GetQueryExecution API when a query fails.
- from version 1.20.54
* api-change:``ssm``: [``botocore``] Documentation updates for AWS Systems Manager.
- from version 1.20.53
* api-change:``cloudformation``: [``botocore``] This SDK release adds AWS CloudFormation Hooks
HandlerErrorCodes
* api-change:``lookoutvision``: [``botocore``] This release makes CompilerOptions in Lookout for
Vision's StartModelPackagingJob's Configuration object optional.
* api-change:``pinpoint``: [``botocore``] This SDK release adds a new paramater creation date for
GetApp and GetApps Api call
* api-change:``sns``: [``botocore``] Customer requested typo fix in API documentation.
* api-change:``wafv2``: [``botocore``] Adds support for AWS WAF Fraud Control account takeover
prevention (ATP), with configuration options for the new managed rule group
AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile
apps.
- from version 1.20.52
* api-change:``cloudformation``: [``botocore``] This SDK release is for the feature launch of AWS
CloudFormation Hooks.
- from version 1.20.51
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
Amazon FSx. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
* api-change:``apprunner``: [``botocore``] This release adds support for App Runner to route
outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector,
DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService,
DescribeService, and UpdateService.
* api-change:``s3control``: [``botocore``] This release adds support for S3 Batch Replication.
Batch Replication lets you replicate existing objects, already replicated objects to new
destinations, and objects that previously failed to replicate. Customers will receive object-level
visibility of progress and a detailed completion report.
* api-change:``sagemaker``: [``botocore``] Autopilot now generates an additional report with
information on the performance of the best model, such as a Confusion matrix and Area under the
receiver operating characteristic (AUC-ROC). The path to the report can be found in
CandidateArtifactLocations.
- from version 1.20.50
* api-change:``auditmanager``: [``botocore``] This release updates 3 API parameters.
UpdateAssessmentFrameworkControlSet now requires the controls attribute, and
CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework
now has a minimum length constraint for the controlSets attribute.
* api-change:``synthetics``: [``botocore``] Adding names parameters to the Describe APIs.
* api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support SSM Automation
* api-change:``events``: [``botocore``] Update events client to latest version
* enhancement:Lambda Request Header: [``botocore``] Adding request header for Lambda recursion
detection.
- from version 1.20.49
* api-change:``athena``: [``botocore``] You can now optionally specify the account ID that you
expect to be the owner of your query results output location bucket in Athena. If the account ID of
the query results bucket owner does not match the specified account ID, attempts to output to the
bucket will fail with an S3 permissions error.
* api-change:``rds``: [``botocore``] updates for RDS Custom for Oracle 12.1 support
* api-change:``lakeformation``: [``botocore``] Add support for calling Update Table Objects without
a TransactionId.
- from version 1.20.48
* api-change:``ec2``: [``botocore``] adds support for AMIs in Recycle Bin
* api-change:``robomaker``: [``botocore``] The release deprecates the use various APIs of RoboMaker
Deployment Service in favor of AWS IoT GreenGrass v2.0.
* api-change:``meteringmarketplace``: [``botocore``] Add CustomerAWSAccountId to ResolveCustomer
API response and increase UsageAllocation limit to 2500.
* api-change:``rbin``: [``botocore``] Add EC2 Image recycle bin support.
- from version 1.20.47
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``personalize``: [``botocore``] Adding minRecommendationRequestsPerSecond attribute to
recommender APIs.
* enhancement:Request headers: [``botocore``] Adding request headers with retry information.
* api-change:``appflow``: [``botocore``] Launching Amazon AppFlow Custom Connector SDK.
* api-change:``dynamodb``: [``botocore``] Documentation update for DynamoDB Java SDK.
* api-change:``iot``: [``botocore``] This release adds support for configuring AWS IoT logging
level per client ID, source IP, or principal ID.
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports sharing and importing
custom trained models from one AWS account to another within the same region.
* api-change:``ce``: [``botocore``] Doc-only update for Cost Explorer API that adds
INVOICING_ENTITY dimensions
* api-change:``fis``: [``botocore``] Added GetTargetResourceType and ListTargetResourceTypesAPI
actions. These actions return additional details about resource types and parameters that can be
targeted by FIS actions. Added a parameters field for the targets that can be specified in
experiment templates.
* api-change:``es``: [``botocore``] Allows customers to get progress updates for blue/green
deployments
* api-change:``glue``: [``botocore``] Launch Protobuf support for AWS Glue Schema Registry
* api-change:``elasticache``: [``botocore``] Documentation update for AWS ElastiCache
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.46
* api-change:``appconfigdata``: [``botocore``] Documentation updates for AWS AppConfig Data.
* api-change:``athena``: [``botocore``] This release adds a field, AthenaError, to the
GetQueryExecution response object when a query fails.
* api-change:``appconfig``: [``botocore``] Documentation updates for AWS AppConfig
* api-change:``cognito-idp``: [``botocore``] Doc updates for Cognito user pools API Reference.
* api-change:``secretsmanager``: [``botocore``] Feature are ready to release on Jan 28th
* api-change:``sagemaker``: [``botocore``] This release added a new NNA accelerator compilation
support for Sagemaker Neo.
- from version 1.20.45
* api-change:``ec2``: [``botocore``] X2ezn instances are powered by Intel Cascade Lake CPUs that
deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
* api-change:``kafka``: [``botocore``] Amazon MSK has updated the CreateCluster and
UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and
broker volume updates.
* api-change:``connect``: [``botocore``] This release adds support for configuring a custom chat
duration when starting a new chat session via the StartChatContact API. The default value for chat
duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable
value is 7 days (10,080 minutes).
* api-change:``amplify``: [``botocore``] Doc only update to the description of basicauthcredentials
to describe the required encoding and format.
* api-change:``opensearch``: [``botocore``] Allows customers to get progress updates for blue/green
deployments
- from version 1.20.44
* api-change:``frauddetector``: [``botocore``] Added new APIs for viewing past predictions and
obtaining prediction metadata including prediction explanations: ListEventPredictions and
GetEventPredictionMetadata
* api-change:``ebs``: [``botocore``] Documentation updates for Amazon EBS Direct APIs.
* api-change:``codeguru-reviewer``: [``botocore``] Added failure state and adjusted timeout in
waiter
* api-change:``securityhub``: [``botocore``] Adding top level Sample boolean field
* api-change:``sagemaker``: [``botocore``] API changes relating to Fail steps in model building
pipeline and add PipelineExecutionFailureReason in PipelineExecutionSummary.
- from version 1.20.43
* api-change:``fsx``: [``botocore``] This release adds support for growing SSD storage capacity and
growing/shrinking SSD IOPS for FSx for ONTAP file systems.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``connect``: [``botocore``] This release adds support for custom vocabularies to be
used with Contact Lens. Custom vocabularies improve transcription accuracy for one or more specific
words.
* api-change:``guardduty``: [``botocore``] Amazon GuardDuty expands threat detection coverage to
protect Amazon Elastic Kubernetes Service (EKS) workloads.
- from version 1.20.42
* api-change:``route53-recovery-readiness``: [``botocore``] Updated documentation for Route53
Recovery Readiness APIs.
- from version 1.20.41
* enhancement:Exceptions: [``botocore``] ProxyConnectionError previously provided the full proxy
URL. User info will now be appropriately masked if needed.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
4K AV1 output resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML
metadata files, and the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
* api-change:``transcribe``: [``botocore``] Add support for granular PIIEntityTypes when using
Batch ContentRedaction.
- Update to version 1.20.40
* api-change:``guardduty``: [``botocore``] Amazon GuardDuty findings now include
remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
* api-change:``connect``: [``botocore``] This release adds tagging support for UserHierarchyGroups
resource.
* api-change:``mediatailor``: [``botocore``] This release adds support for multiple Segment
Delivery Configurations. Users can provide a list of names and URLs when creating or editing a
source location. When retrieving content, users can send a header to choose which URL should be
used to serve content.
* api-change:``fis``: [``botocore``] Added action startTime and action endTime timestamp fields to
the ExperimentAction object
* api-change:``ec2``: [``botocore``] C6i, M6i and R6i instances are powered by a third-generation
Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
- from version 1.20.39
* api-change:``macie2``: [``botocore``] This release of the Amazon Macie API introduces stricter
validation of requests to create custom data identifiers.
* api-change:``ec2-instance-connect``: [``botocore``] Adds support for ED25519 keys.
PushSSHPublicKey Availability Zone parameter is now optional. Adds EC2InstanceStateInvalidException
for instances that are not running. This was previously a service exception, so this may require
updating your code to handle this new exception.
- from version 1.20.38
* api-change:``ivs``: [``botocore``] This release adds support for the new Thumbnail Configuration
property for Recording Configurations. For more information see
https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
* api-change:``storagegateway``: [``botocore``] Documentation update for adding bandwidth
throttling support for S3 File Gateways.
* api-change:``location``: [``botocore``] This release adds the CalculateRouteMatrix API which
calculates routes for the provided departure and destination positions. The release also deprecates
the use of pricing plan across all verticals.
* api-change:``cloudtrail``: [``botocore``] This release fixes a documentation bug in the
description for the readOnly field selector in advanced event selectors. The description now
clarifies that users omit the readOnly field selector to select both Read and Write management
events.
* api-change:``ec2``: [``botocore``] Add support for AWS Client VPN client login banner and session
timeout.
- from version 1.20.37
* enhancement:Configuration: [``botocore``] Adding support for `defaults_mode` configuration. The
`defaults_mode` will be used to determine how certain default configuration options are resolved in
the SDK.
- from version 1.20.36
* api-change:``config``: [``botocore``] Update ResourceType enum with values for CodeDeploy, EC2
and Kinesis resources
* api-change:``application-insights``: [``botocore``] Application Insights support for Active
Directory and SharePoint
* api-change:``honeycode``: [``botocore``] Added read and write api support for multi-select
picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
* api-change:``ram``: [``botocore``] This release adds the ListPermissionVersions API which lists
the versions for a given permission.
* api-change:``lookoutmetrics``: [``botocore``] This release adds a new DeactivateAnomalyDetector
API operation.
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.35
* api-change:``pinpoint``: [``botocore``] Adds JourneyChannelSettings to WriteJourneyRequest
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports validation for Launch
Profiles. Launch Profiles now report static validation results after create/update to detect errors
in network or active directory configuration.
* api-change:``glue``: [``botocore``] This SDK release adds support to pass run properties when
starting a workflow run
* api-change:``ssm``: [``botocore``] AWS Systems Manager adds category support for DescribeDocument
API
* api-change:``elasticache``: [``botocore``] AWS ElastiCache for Redis has added a new Engine Log
LogType in LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for
Redis clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
- from version 1.20.34
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``honeycode``: [``botocore``] Honeycode is releasing new APIs to allow user to create,
delete and list tags on resources.
* api-change:``ec2``: [``botocore``] Hpc6a instances are powered by a third-generation AMD EPYC
processors (Milan) delivering all-core turbo frequency of 3.4 GHz
* api-change:``fms``: [``botocore``] Shield Advanced policies for Amazon CloudFront resources now
support automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData
ManagedServiceData is now 8192 characters, instead of 4096.
* api-change:``pi``: [``botocore``] This release adds three Performance Insights APIs. Use
ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata,
and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in
DescribeDimensionKeys retrieves per-SQL metrics.
- from version 1.20.33
* api-change:``finspace-data``: [``botocore``] Documentation updates for FinSpace.
* api-change:``rds``: [``botocore``] This release adds the db-proxy event type to support
subscribing to RDS Proxy events.
* api-change:``ce``: [``botocore``] Doc only update for Cost Explorer API that fixes missing
clarifications for MatchOptions definitions
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports advanced query language and
query-less search.
* api-change:``workspaces``: [``botocore``] Introducing new APIs for Workspaces audio optimization
with Amazon Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns,
UpdateConnectClientAddIn and DeleteConnectClientAddIn.
* api-change:``iotevents-data``: [``botocore``] This release provides documentation updates for
Timer.timestamp in the IoT Events API Reference Guide.
* api-change:``ec2``: [``botocore``] EC2 Capacity Reservations now supports RHEL instance platforms
(RHEL with SQL Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL
with HA, RHEL with HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
- from version 1.20.32
* api-change:``ec2``: [``botocore``] New feature: Updated EC2 API to support faster launching for
Windows images. Optimized images are pre-provisioned, using snapshots to launch instances up to 65%
faster.
* api-change:``compute-optimizer``: [``botocore``] Adds support for new Compute Optimizer
capability that makes it easier for customers to optimize their EC2 instances by leveraging
multiple CPU architectures.
* api-change:``lookoutmetrics``: [``botocore``] This release adds FailureType in the response of
DescribeAnomalyDetector.
* api-change:``databrew``: [``botocore``] This SDK release adds support for specifying a Bucket
Owner for an S3 location.
* api-change:``transcribe``: [``botocore``] Documentation updates for Amazon Transcribe.
- from version 1.20.31
* api-change:``medialive``: [``botocore``] This release adds support for selecting the Program Date
Time (PDT) Clock source algorithm for HLS outputs.
- from version 1.20.30
* api-change:``ec2``: [``botocore``] This release introduces On-Demand Capacity Reservation support
for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates
for Amazon EC2.
* api-change:``mediatailor``: [``botocore``] This release adds support for filler slate when
updating MediaTailor channels that use the linear playback mode.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds support for Fine Grained
Access Control for existing domains running Elasticsearch version 6.7 and above
* api-change:``iotwireless``: [``botocore``] Downlink Queue Management feature provides APIs for
customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN.
Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued
messages and let more urgent messages go through.
* api-change:``es``: [``botocore``] Amazon OpenSearch Service adds support for Fine Grained Access
Control for existing domains running Elasticsearch version 6.7 and above
* api-change:``mwaa``: [``botocore``] This release adds a "/Source"/ field that provides the
initiator of an update, such as due to an automated patch from AWS or due to modification via
Console or API.
* api-change:``appsync``: [``botocore``] AppSync: AWS AppSync now supports configurable batching
sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
- from version 1.20.29
* api-change:``cloudtrail``: [``botocore``] This release adds support for CloudTrail Lake, a new
feature that lets you run SQL-based queries on events that you have aggregated into event data
stores. New APIs have been added for creating and managing event data stores, and creating,
running, and managing queries in CloudTrail Lake.
* api-change:``iot``: [``botocore``] This release adds an automatic retry mechanism for AWS IoT
Jobs. You can now define a maximum number of retries for each Job rollout, along with the criteria
to trigger the retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
* api-change:``ec2``: [``botocore``] This release adds a new API called
ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer
responsibility of their VPC Endpoint connections.
* api-change:``snowball``: [``botocore``] Updating validation rules for interfaces used in the
Snowball API to tighten security of service.
* api-change:``lakeformation``: [``botocore``] Add new APIs for 3rd Party Support for Lake Formation
* api-change:``appstream``: [``botocore``] Includes APIs for App Entitlement management regarding
entitlement and entitled application association.
* api-change:``eks``: [``botocore``] Amazon EKS now supports running applications using IPv6
address space
* api-change:``quicksight``: [``botocore``] Multiple Doc-only updates for Amazon QuickSight.
* api-change:``ecs``: [``botocore``] Documentation update for ticket fixes.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
ml.g5 instance types.
* api-change:``glue``: [``botocore``] Add Delta Lake target support for Glue Crawler and 3rd Party
Support for Lake Formation
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.28
* api-change:``rekognition``: [``botocore``] This release introduces a new field
IndexFacesModelVersion, which is the version of the face detect and storage model that was used
when indexing the face vector.
* api-change:``s3``: [``botocore``] Minor doc-based updates based on feedback bugs received.
* enhancement:JSONFileCache: [``botocore``] Add support for __delitem__ in JSONFileCache
* api-change:``s3control``: [``botocore``] Documentation updates for the renaming of Glacier to
Glacier Flexible Retrieval.
- from version 1.20.27
* api-change:``sagemaker``: [``botocore``] The release allows users to pass pipeline definitions as
Amazon S3 locations and control the pipeline execution concurrency using ParallelismConfiguration.
It also adds support of EMR jobs as pipeline steps.
* api-change:``rds``: [``botocore``] Multiple doc-only updates for Relational Database Service (RDS)
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added strength
levels to the Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
* api-change:``greengrassv2``: [``botocore``] This release adds the API operations to manage the
Greengrass role associated with your account and to manage the core device connectivity
information. Greengrass V2 customers can now depend solely on Greengrass V2 SDK for all the API
operations needed to manage their fleets.
* api-change:``detective``: [``botocore``] Added and updated API operations to support the
Detective integration with AWS Organizations. New actions are used to manage the delegated
administrator account and the integration configuration.
- from version 1.20.26
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for users to upload files
during a streaming session using NICE DCV native client or browser.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports updating
message attributes via channel flows
* api-change:``imagebuilder``: [``botocore``] Added a note to infrastructure configuration actions
and data types concerning delivery of Image Builder event messages to encrypted SNS topics. The key
that's used to encrypt the SNS topic must reside in the account that Image Builder runs under.
* api-change:``workmail``: [``botocore``] This release allows customers to change their email
monitoring configuration in Amazon WorkMail.
* api-change:``transfer``: [``botocore``] Property for Transfer Family used with the FTPS protocol.
TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the
control and data connection for an FTPS session.
* api-change:``lookoutmetrics``: [``botocore``] This release adds support for Causal Relationships.
Added new ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
* api-change:``mediaconnect``: [``botocore``] You can now use the Fujitsu-QoS protocol for your
MediaConnect sources and outputs to transport content to and from Fujitsu devices.
* api-change:``qldb``: [``botocore``] Amazon QLDB now supports journal exports in JSON and Ion
Binary formats. This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
- from version 1.20.25
* api-change:``customer-profiles``: [``botocore``] This release adds an optional parameter,
ObjectTypeNames to the PutIntegration API to support multiple object types per integration option.
Besides, this release introduces Standard Order Objects which contain data from third party systems
and each order object belongs to a specific profile.
* api-change:``sagemaker``: [``botocore``] This release adds a new ContentType field in
AutoMLChannel for SageMaker CreateAutoMLJob InputDataConfig.
* api-change:``forecast``: [``botocore``] Adds ForecastDimensions field to the
DescribeAutoPredictorResponse
* api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for
AutoScalingGroup, LaunchConfiguration, and S3 buckets.
* api-change:``location``: [``botocore``] Making PricingPlan optional as part of create resource
API.
* api-change:``redshift``: [``botocore``] This release adds API support for managed Redshift
datashares. Customers can now interact with a Redshift datashare that is managed by a different
service, such as AWS Data Exchange.
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``devops-guru``: [``botocore``] Adds Tags support to
DescribeOrganizationResourceCollectionHealth
* api-change:``imagebuilder``: [``botocore``] This release adds support for importing and exporting
VM Images as part of the Image Creation workflow via EC2 VM Import/Export.
* api-change:``datasync``: [``botocore``] AWS DataSync now supports FSx Lustre Locations.
* api-change:``finspace-data``: [``botocore``] Make dataset description optional and allow s3
export for dataviews
- Update BuildRequires and Requires from setup.py
- Update to version 1.20.24
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.20.23
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``network-firewall``: [``botocore``] This release adds support for managed rule groups.
* api-change:``route53-recovery-control-config``: [``botocore``] This release adds tagging supports
to Route53 Recovery Control Configuration. New APIs: TagResource, UntagResource and
ListTagsForResource. Updates: add optional field `tags` to support tagging while calling
CreateCluster, CreateControlPanel and CreateSafetyRule.
* api-change:``ec2``: [``botocore``] Adds waiters support for internet gateways.
* api-change:``sms``: [``botocore``] This release adds SMS discontinuation information to the API
and CLI references.
* api-change:``route53domains``: [``botocore``] Amazon Route 53 domain registration APIs now
support filtering and sorting in the ListDomains API, deleting a domain by using the DeleteDomain
API and getting domain pricing information by using the ListPrices API.
* api-change:``savingsplans``: [``botocore``] Adds the ability to specify Savings Plans hourly
commitments using five digits after the decimal point.
- from version 1.20.22
* api-change:``lookoutvision``: [``botocore``] This release adds new APIs for packaging an Amazon
Lookout for Vision model as an AWS IoT Greengrass component.
* api-change:``sagemaker``: [``botocore``] This release added a new Ambarella device(amba_cv2)
compilation support for Sagemaker Neo.
* api-change:``comprehendmedical``: [``botocore``] This release adds a new set of APIs (synchronous
and batch) to support the SNOMED-CT ontology.
* api-change:``health``: [``botocore``] Documentation updates for AWS Health
* api-change:``logs``: [``botocore``] This release adds AWS Organizations support as condition key
in destination policy for cross account Subscriptions in CloudWatch Logs.
* api-change:``outposts``: [``botocore``] This release adds the UpdateOutpost API.
* api-change:``support``: [``botocore``] Documentation updates for AWS Support.
* api-change:``iot``: [``botocore``] This release allows customer to enable caching of custom
authorizer on HTTP protocol for clients that use persistent or Keep-Alive connection in order to
reduce the number of Lambda invocations.
- from version 1.20.21
* api-change:``location``: [``botocore``] This release adds support for Accuracy position
filtering, position metadata and autocomplete for addresses and points of interest based on partial
or misspelled free-form text.
* api-change:``appsync``: [``botocore``] AWS AppSync now supports custom domain names, allowing you
to associate a domain name that you own with an AppSync API in your account.
* api-change:``route53``: [``botocore``] Add PriorRequestNotComplete exception to
UpdateHostedZoneComment API
- from version 1.20.20
* api-change:``rekognition``: [``botocore``] This release added new KnownGender types for Celebrity
Recognition.
- from version 1.20.19
* api-change:``ram``: [``botocore``] This release adds the ability to use the new
ResourceRegionScope parameter on List operations that return lists of resources or resource types.
This new parameter filters the results by letting you differentiate between global or regional
resource types.
* api-change:``networkmanager``: [``botocore``] This release adds API support for AWS Cloud WAN.
* api-change:``amplifyuibuilder``: [``botocore``] This release introduces the actions and data
types for the new Amplify UI Builder API. The Amplify UI Builder API provides a programmatic
interface for creating and configuring user interface (UI) component libraries and themes for use
in Amplify applications.
- from version 1.20.18
* api-change:``sagemaker``: [``botocore``] This release enables - 1/ Inference endpoint
configuration recommendations and ability to run custom load tests to meet performance needs. 2/
Deploy serverless inference endpoints. 3/ Query, filter and retrieve end-to-end ML lineage graph,
and incorporate model quality/bias detection in ML workflow.
* api-change:``kendra``: [``botocore``] Experience Builder allows customers to build search
applications without writing code. Analytics Dashboard provides quality and usability metrics for
Kendra indexes. Custom Document Enrichment allows customers to build a custom ingestion pipeline to
pre-process documents and generate metadata.
* api-change:``directconnect``: [``botocore``] Adds SiteLink support to private and transit virtual
interfaces. SiteLink is a new Direct Connect feature that allows routing between Direct Connect
points of presence.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``ec2``: [``botocore``] This release adds support for Amazon VPC IP Address Manager
(IPAM), which enables you to plan, track, and monitor IP addresses for your workloads. This release
also adds support for VPC Network Access Analyzer, which enables you to analyze network access to
resources in your Virtual Private Clouds.
* api-change:``shield``: [``botocore``] This release adds API support for Automatic Application
Layer DDoS Mitigation for AWS Shield Advanced. Customers can now enable automatic DDoS mitigation
in count or block mode for layer 7 protected resources.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``devops-guru``: [``botocore``] DevOps Guru now provides detailed, database-specific
analyses of performance issues and recommends corrective actions for Amazon Aurora database
instances with Performance Insights turned on. You can also use AWS tags to choose which resources
to analyze and define your applications.
* api-change:``dynamodb``: [``botocore``] Add support for Table Classes and introduce the Standard
Infrequent Access table class.
- from version 1.20.17
* api-change:``s3``: [``botocore``] Introduce Amazon S3 Glacier Instant Retrieval storage class and
a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it.
* api-change:``backup-gateway``: [``botocore``] Initial release of AWS Backup gateway which enables
you to centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads
using AWS Backup.
* api-change:``iot``: [``botocore``] Added the ability to enable/disable IoT Fleet Indexing for
Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
* api-change:``ec2``: [``botocore``] This release adds support for Is4gen and Im4gn instances. This
release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network
interfaces, which are logical networking components that connect an EC2 instance to your
on-premises network.
* api-change:``outposts``: [``botocore``] This release adds the SupportedHardwareType parameter to
CreateOutpost.
* api-change:``storagegateway``: [``botocore``] Added gateway type VTL_SNOW. Added new SNOWBALL
HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to
serve as an identifier for the HostEnvironment on which the gateway is running.
* api-change:``kinesis``: [``botocore``] Amazon Kinesis Data Streams now supports on demand streams.
* api-change:``glue``: [``botocore``] Support for DataLake transactions
* api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer now supports policy
validation for resource policies attached to S3 buckets and access points. You can run additional
policy checks by specifying the S3 resource type you want to attach to your resource policy.
* api-change:``lakeformation``: [``botocore``] This release adds support for row and cell-based
access control in Lake Formation. It also adds support for Lake Formation Governed Tables, which
support ACID transactions and automatic storage optimizations.
* api-change:``kafka``: [``botocore``] This release adds three new V2 APIs. CreateClusterV2 for
creating both provisioned and serverless clusters. DescribeClusterV2 for getting information about
provisioned and serverless clusters and ListClustersV2 for listing all clusters (both provisioned
and serverless) in your account.
* api-change:``redshift-data``: [``botocore``] Data API now supports serverless queries.
* api-change:``snowball``: [``botocore``] Tapeball is to integrate tape gateway onto snowball, it
enables customer to transfer local data on the tape to snowball,and then ingest the data into tape
gateway on the cloud.
* api-change:``workspaces-web``: [``botocore``] This is the initial SDK release for Amazon
WorkSpaces Web. Amazon WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver
secure web-based workloads and software-as-a-service (SaaS) application access to users within
existing web browsers.
* api-change:``iottwinmaker``: [``botocore``] AWS IoT TwinMaker makes it faster and easier to
create, visualize and monitor digital twins of real-world systems like buildings, factories and
industrial equipment to optimize operations. Learn more:
https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)
* api-change:``fsx``: [``botocore``] This release adds support for the FSx for OpenZFS file system
type, FSx for Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file
systems with Amazon S3 data repository associations and automatic export policies.
- from version 1.20.16
* api-change:``s3``: [``botocore``] Amazon S3 Event Notifications adds Amazon EventBridge as a
destination and supports additional event types. The PutBucketNotificationConfiguration API can now
skip validation of Amazon SQS, Amazon SNS and AWS Lambda destinations.
* api-change:``wellarchitected``: [``botocore``] This update provides support for Well-Architected
API users to use custom lens features.
* api-change:``rum``: [``botocore``] This is the first public release of CloudWatch RUM
* api-change:``rbin``: [``botocore``] This release adds support for Recycle Bin.
* api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise now supports retention configuration
for the hot tier storage.
* api-change:``compute-optimizer``: [``botocore``] Adds support for the enhanced infrastructure
metrics paid feature. Also adds support for two new sets of resource efficiency metrics, including
savings opportunity metrics and performance improvement opportunity metrics.
* api-change:``ecr``: [``botocore``] This release adds supports for pull through cache rules and
enhanced scanning.
* api-change:``evidently``: [``botocore``] Introducing Amazon CloudWatch Evidently. This is the
first public release of Amazon CloudWatch Evidently.
* api-change:``inspector2``: [``botocore``] This release adds support for the new Amazon Inspector
API. The new Amazon Inspector can automatically discover and scan Amazon EC2 instances and Amazon
ECR container images for software vulnerabilities and unintended network exposure, and report
centralized findings across multiple AWS accounts.
* api-change:``ssm``: [``botocore``] Added two new attributes to DescribeInstanceInformation called
SourceId and SourceType along with new string filters SourceIds and SourceTypes to filter instance
records.
* api-change:``ec2``: [``botocore``] This release adds support for G5g and M6a instances. This
release also adds support for Amazon EBS Snapshots Archive, a feature that enables you to archive
your EBS snapshots; and Recycle Bin, a feature that enables you to protect your EBS snapshots
against accidental deletion.
* api-change:``dataexchange``: [``botocore``] This release enables providers and subscribers to use
Data Set, Job, and Asset operations to work with API assets from Amazon API Gateway. In addition,
this release enables subscribers to use the SendApiAsset operation to invoke a provider's Amazon
API Gateway API that they are entitled to.
- from version 1.20.15
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This is the initial SDK release for
AWS Migration Hub Refactor Spaces
* api-change:``textract``: [``botocore``] This release adds support for synchronously analyzing
identity documents through a new API: AnalyzeID
* api-change:``personalize-runtime``: [``botocore``] This release adds inference support for
Recommenders.
* api-change:``personalize``: [``botocore``] This release adds API support for Recommenders and
BatchSegmentJobs.
- from version 1.20.14
* api-change:``autoscaling``: [``botocore``] Documentation updates for Amazon EC2 Auto Scaling.
* api-change:``mgn``: [``botocore``] Application Migration Service now supports an additional
replication method that does not require agent installation on each source server. This option is
available for source servers running on VMware vCenter versions 6.7 and 7.0.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``iotdeviceadvisor``: [``botocore``] Documentation update for Device Advisor
GetEndpoint API
* api-change:``pinpoint``: [``botocore``] Added a One-Time Password (OTP) management feature. You
can use the Amazon Pinpoint API to generate OTP codes and send them to your users as SMS messages.
Your apps can then call the API to verify the OTP codes that your users input
* api-change:``outposts``: [``botocore``] This release adds new APIs for working with Outpost sites
and orders.
- from version 1.20.13
* api-change:``timestream-query``: [``botocore``] Releasing Amazon Timestream Scheduled Queries. It
makes real-time analytics more performant and cost-effective for customers by calculating and
storing frequently accessed aggregates, and other computations, typically used in operational
dashboards, business reports, and other analytics applications
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``proton``: [``botocore``] This release adds APIs for getting the outputs and
provisioned stacks for Environments, Pipelines, and ServiceInstances. You can now add tags to
EnvironmentAccountConnections. It also adds APIs for working with PR-based provisioning. Also, it
adds APIs for syncing templates with a git repository.
* api-change:``translate``: [``botocore``] This release enables customers to use translation
settings to mask profane words and phrases in their translation output.
* api-change:``lambda``: [``botocore``] Remove Lambda function url apis
* api-change:``imagebuilder``: [``botocore``] This release adds support for sharing AMIs with
Organizations within an EC2 Image Builder Distribution Configuration.
* api-change:``customer-profiles``: [``botocore``] This release introduces a new auto-merging
feature for profile matching. The auto-merging configurations can be set via CreateDomain API or
UpdateDomain API. You can use GetIdentityResolutionJob API and ListIdentityResolutionJobs API to
fetch job status.
* api-change:``autoscaling``: [``botocore``] Customers can now configure predictive scaling
policies to proactively scale EC2 Auto Scaling groups based on any CloudWatch metrics that more
accurately represent the load on the group than the four predefined metrics. They can also use math
expressions to further customize the metrics.
* api-change:``timestream-write``: [``botocore``] This release adds support for multi-measure
records and magnetic store writes. Multi-measure records allow customers to store multiple measures
in a single table row. Magnetic store writes enable customers to write late arrival data (data with
timestamp in the past) directly into the magnetic store.
* api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise now accepts data streams that aren't
associated with any asset properties. You can organize data by updating data stream associations.
- from version 1.20.12
* api-change:``redshift``: [``botocore``] This release adds support for reserved node exchange with
restore/resize
* api-change:``elasticache``: [``botocore``] Adding support for r6gd instances for Redis with data
tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted, the
least recently used data is automatically tiered to solid state drives for cost-effective capacity
scaling with minimal performance impact.
* api-change:``opensearch``: [``botocore``] This release adds an optional parameter dry-run for the
UpdateDomainConfig API to perform basic validation checks, and detect the deployment type that will
be required for the configuration change, without actually applying the change.
* api-change:``backup``: [``botocore``] This release adds new opt-in settings for advanced features
for DynamoDB backups
* api-change:``iot``: [``botocore``] This release introduces a new feature, Managed Job Template,
for AWS IoT Jobs Service. Customers can now use service provided managed job templates to easily
create jobs for supported standard job actions.
* api-change:``iotwireless``: [``botocore``] Two new APIs, GetNetworkAnalyzerConfiguration and
UpdateNetworkAnalyzerConfiguration, are added for the newly released Network Analyzer feature which
enables customers to view real-time frame information and logs from LoRaWAN devices and gateways.
* api-change:``workspaces``: [``botocore``] Documentation updates for Amazon WorkSpaces
* api-change:``s3``: [``botocore``] Introduce two new Filters to S3 Lifecycle configurations -
ObjectSizeGreaterThan and ObjectSizeLessThan. Introduce a new way to trigger actions on noncurrent
versions by providing the number of newer noncurrent versions along with noncurrent days.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
* api-change:``ec2``: [``botocore``] This release adds a new parameter ipv6Native to the allow
creation of IPv6-only subnets using the CreateSubnet operation, and the operation
ModifySubnetAttribute includes new parameters to modify subnet attributes to use resource-based
naming and enable DNS resolutions for Private DNS name.
* api-change:``sqs``: [``botocore``] Amazon SQS adds a new queue attribute, SqsManagedSseEnabled,
which enables server-side queue encryption using SQS owned encryption keys.
* api-change:``ecs``: [``botocore``] Documentation update for ARM support on Amazon ECS.
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``finspace-data``: [``botocore``] Update documentation for createChangeset API.
* api-change:``dynamodb``: [``botocore``] DynamoDB PartiQL now supports ReturnConsumedCapacity,
which returns capacity units consumed by PartiQL APIs if the request specified
returnConsumedCapacity parameter. PartiQL APIs include ExecuteStatement, BatchExecuteStatement, and
ExecuteTransaction.
* api-change:``lambda``: [``botocore``] Release Lambda event source filtering for SQS, Kinesis
Streams, and DynamoDB Streams.
* api-change:``iotdeviceadvisor``: [``botocore``] This release introduces a new feature for Device
Advisor: ability to execute multiple test suites in parallel for given customer account. You can
use GetEndpoint API to get the device-level test endpoint and call StartSuiteRun with
"/parallelRun=true"/ to run suites in parallel.
* api-change:``rds``: [``botocore``] Adds support for Multi-AZ DB clusters for RDS for MySQL and
RDS for PostgreSQL.
- from version 1.20.11
* api-change:``connect``: [``botocore``] This release adds support for UpdateContactFlowMetadata,
DeleteContactFlow and module APIs. For details, see the Release Notes in the Amazon Connect
Administrator Guide.
* api-change:``dms``: [``botocore``] Added new S3 endpoint settings to allow to convert the current
UTC time into a specified time zone when a date partition folder is created. Using with
'DatePartitionedEnabled'.
* api-change:``es``: [``botocore``] This release adds an optional parameter dry-run for the
UpdateElasticsearchDomainConfig API to perform basic validation checks, and detect the deployment
type that will be required for the configuration change, without actually applying the change.
* api-change:``ssm``: [``botocore``] Adds new parameter to CreateActivation API . This parameter is
for "/internal use only"/.
* api-change:``chime-sdk-meetings``: [``botocore``] Added new APIs for enabling Echo Reduction with
Voice Focus.
* api-change:``eks``: [``botocore``] Adding missing exceptions to RegisterCluster operation
* api-change:``quicksight``: [``botocore``] Add support for Exasol data source, 1 click enterprise
embedding and email customization.
* api-change:``cloudformation``: [``botocore``] This release include SDK changes for the feature
launch of Stack Import to Service Managed StackSet.
* api-change:``rds``: [``botocore``] Adds local backup support to Amazon RDS on AWS Outposts.
* api-change:``braket``: [``botocore``] This release adds support for Amazon Braket Hybrid Jobs.
* api-change:``s3control``: [``botocore``] Added Amazon CloudWatch publishing option for S3 Storage
Lens metrics.
* api-change:``finspace-data``: [``botocore``] Add new APIs for managing Datasets, Changesets, and
Dataviews.
- from version 1.20.10
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``cloudformation``: [``botocore``] The StackSets ManagedExecution feature will allow
concurrency for non-conflicting StackSet operations and queuing the StackSet operations that
conflict at a given time for later execution.
* api-change:``redshift``: [``botocore``] Added support of default IAM role for CreateCluster,
RestoreFromClusterSnapshot and ModifyClusterIamRoles APIs
* api-change:``lambda``: [``botocore``] Add support for Lambda Function URLs. Customers can use
Function URLs to create built-in HTTPS endpoints on their functions.
* api-change:``appstream``: [``botocore``] Includes APIs for managing resources for Elastic fleets:
applications, app blocks, and application-fleet associations.
* api-change:``medialive``: [``botocore``] This release adds support for specifying a SCTE-35 PID
on input. MediaLive now supports SCTE-35 PID selection on inputs containing one or more active
SCTE-35 PIDs.
* api-change:``batch``: [``botocore``] Documentation updates for AWS Batch.
* api-change:``application-insights``: [``botocore``] Application Insights now supports monitoring
for HANA
- from version 1.20.9
* api-change:``ivs``: [``botocore``] Add APIs for retrieving stream session information and support
for filtering live streams by health. For more information, see
https://docs.aws.amazon.com/ivs/latest/userguide/stream-health.html
* api-change:``lambda``: [``botocore``] Added support for CLIENT_CERTIFICATE_TLS_AUTH and
SERVER_ROOT_CA_CERTIFICATE as SourceAccessType for MSK and Kafka event source mappings.
* api-change:``chime``: [``botocore``] Adds new Transcribe API parameters to
StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
partial results stabilization, and custom language models.
* api-change:``chime-sdk-meetings``: [``botocore``] Adds new Transcribe API parameters to
StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
partial results stabilization, and custom language models.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
Manager: Dashboard views. You can now view insights data for your active assessments, and quickly
identify non-compliant evidence that needs to be remediated.
* api-change:``databrew``: [``botocore``] This SDK release adds the following new features: 1) PII
detection in profile jobs, 2) Data quality rules, enabling validation of data quality in profile
jobs, 3) SQL query-based datasets for Amazon Redshift and Snowflake data sources, and 4) Connecting
DataBrew datasets with Amazon AppFlow flows.
* api-change:``redshift-data``: [``botocore``] Rolling back Data API serverless features until
dependencies are live.
* api-change:``kafka``: [``botocore``] Amazon MSK has added a new API that allows you to update the
connectivity settings for an existing cluster to enable public accessibility.
* api-change:``forecast``: [``botocore``] NEW CreateExplanability API that helps you understand how
attributes such as price, promotion, etc. contributes to your forecasted values; NEW
CreateAutoPredictor API that trains up to 40% more accurate forecasting model, saves up to 50% of
retraining time, and provides model level explainability.
* api-change:``appconfig``: [``botocore``] Add Type to support feature flag configuration profiles
- from version 1.20.8
* api-change:``appconfigdata``: [``botocore``] AWS AppConfig Data is a new service that allows you
to retrieve configuration deployed by AWS AppConfig. See the AppConfig user guide for more details
on getting started. https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html
* api-change:``drs``: [``botocore``] Introducing AWS Elastic Disaster Recovery (AWS DRS), a new
service that minimizes downtime and data loss with fast, reliable recovery of on-premises and
cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway.
* api-change:``sns``: [``botocore``] Amazon SNS introduces the PublishBatch API, which enables
customers to publish up to 10 messages per API request. The new API is valid for Standard and FIFO
topics.
* api-change:``redshift-data``: [``botocore``] Data API now supports serverless requests.
* api-change:``amplifybackend``: [``botocore``] New APIs to support the Amplify Storage category.
Add and manage file storage in your Amplify app backend.
- from version 1.20.7
* api-change:``location``: [``botocore``] This release adds the support for Relevance, Distance,
Time Zone, Language and Interpolated Address for Geocoding and Reverse Geocoding.
* api-change:``cloudtrail``: [``botocore``] CloudTrail Insights now supports ApiErrorRateInsight,
which enables customers to identify unusual activity in their AWS account based on API error codes
and their rate.
- from version 1.20.6
* api-change:``migrationhubstrategy``: [``botocore``] AWS SDK for Migration Hub Strategy
Recommendations. It includes APIs to start the portfolio assessment, import portfolio data for
assessment, and to retrieve recommendations. For more information, see the AWS Migration Hub
documentation at https://docs.aws.amazon.com/migrationhub/index.html
* api-change:``ec2``: [``botocore``] Adds a new VPC Subnet attribute "/EnableDns64."/ When enabled on
IPv6 Subnets, the Amazon-Provided DNS Resolver returns synthetic IPv6 addresses for IPv4-only
destinations.
* api-change:``wafv2``: [``botocore``] Your options for logging web ACL traffic now include Amazon
CloudWatch Logs log groups and Amazon S3 buckets.
* api-change:``dms``: [``botocore``] Add Settings in JSON format for the source GCP MySQL endpoint
* api-change:``ssm``: [``botocore``] Adds support for Session Reason and Max Session Duration for
Systems Manager Session Manager.
* api-change:``appstream``: [``botocore``] This release includes support for images of AmazonLinux2
platform type.
* api-change:``eks``: [``botocore``] Adding Tags support to Cluster Registrations.
* api-change:``transfer``: [``botocore``] AWS Transfer Family now supports integrating a custom
identity provider using AWS Lambda
- from version 1.20.5
* api-change:``ec2``: [``botocore``] C6i instances are powered by a third-generation Intel Xeon
Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature
up to 8 NVIDIA A10G Tensor Core GPUs and second generation AMD EPYC processors.
* api-change:``ssm``: [``botocore``] This Patch Manager release supports creating Patch Baselines
for RaspberryPi OS (formerly Raspbian)
* api-change:``devops-guru``: [``botocore``] Add support for cross account APIs.
* api-change:``connect``: [``botocore``] This release adds APIs for creating and managing scheduled
tasks. Additionally, adds APIs to describe and update a contact and list associated references.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added automatic
modes for GOP configuration and added the ability to ingest screen recordings generated by Safari
on MacOS 12 Monterey.
- from version 1.20.4
* api-change:``dynamodb``: [``botocore``] Updated Help section for "/dynamodb
update-contributor-insights"/ API
* api-change:``ec2``: [``botocore``] This release provides an additional route target for the VPC
route table.
* api-change:``translate``: [``botocore``] This release enables customers to import
Multi-Directional Custom Terminology and use Multi-Directional Custom Terminology in both real-time
translation and asynchronous batch translation.
- from version 1.20.3
* api-change:``backup``: [``botocore``] AWS Backup SDK provides new options when scheduling
backups: select supported services and resources that are assigned to a particular tag, linked to a
combination of tags, or can be identified by a partial tag value, and exclude resources from their
assignments.
* api-change:``ecs``: [``botocore``] This release adds support for container instance health.
* api-change:``resiliencehub``: [``botocore``] Initial release of AWS Resilience Hub, a managed
service that enables you to define, validate, and track the resilience of your applications on AWS
- from version 1.20.2
* api-change:``batch``: [``botocore``] Adds support for scheduling policy APIs.
* api-change:``health``: [``botocore``] Documentation updates for AWS Health.
* api-change:``greengrassv2``: [``botocore``] This release adds support for Greengrass core devices
running Windows. You can now specify name of a Windows user to run a component.
- from version 1.20.1
* bugfix:urllib3: [``botocore``] Fix NO_OP_TICKET import bug in older versions of urllib3
- from version 1.20.0
* feature:EndpointResolver: [``botocore``] Adding support for resolving modeled FIPS and Dualstack
endpoints.
* feature:``six``: [``botocore``] Updated vendored version of ``six`` from 1.10.0 to 1.16.0
* api-change:``sagemaker``: [``botocore``] SageMaker CreateEndpoint and UpdateEndpoint APIs now
support additional deployment configuration to manage traffic shifting options and automatic
rollback monitoring. DescribeEndpoint now shows new in-progress deployment details with stage
status.
* api-change:``chime-sdk-meetings``: [``botocore``] Updated format validation for ids and regions.
* api-change:``wafv2``: [``botocore``] You can now configure rules to run a CAPTCHA check against
web requests and, as needed, send a CAPTCHA challenge to the client.
* api-change:``ec2``: [``botocore``] This release adds internal validation on the
GatewayAssociationState field
- from version 1.19.12
* api-change:``ec2``: [``botocore``] DescribeInstances now returns customer-owned IP addresses for
instances running on an AWS Outpost.
* api-change:``translate``: [``botocore``] This release enable customers to use their own KMS keys
to encrypt output files when they submit a batch transform job.
* api-change:``resourcegroupstaggingapi``: [``botocore``] Documentation updates and improvements.
- from version 1.19.11
* api-change:``chime-sdk-meetings``: [``botocore``] The Amazon Chime SDK Meetings APIs allow
software developers to create meetings and attendees for interactive audio, video, screen and
content sharing in custom meeting applications which use the Amazon Chime SDK.
* api-change:``sagemaker``: [``botocore``] ListDevices and DescribeDevice now show Edge Manager
agent version.
* api-change:``connect``: [``botocore``] This release adds CRUD operation support for Security
profile resource in Amazon Connect
* api-change:``iotwireless``: [``botocore``] Adding APIs for the FUOTA (firmware update over the
air) and multicast for LoRaWAN devices and APIs to support event notification opt-in feature for
Sidewalk related events. A few existing APIs need to be modified for this new feature.
* api-change:``ec2``: [``botocore``] This release adds a new instance replacement strategy for EC2
Fleet, Spot Fleet. Now you can select an action to perform when your instance gets a rebalance
notification. EC2 Fleet, Spot Fleet can launch a replacement then terminate the instance that
received notification after a termination delay
- from version 1.19.10
* api-change:``finspace``: [``botocore``] Adds superuser and data-bundle parameters to
CreateEnvironment API
* api-change:``connectparticipant``: [``botocore``] This release adds a new boolean attribute -
Connect Participant - to the CreateParticipantConnection API, which can be used to mark the
participant as connected.
* api-change:``datasync``: [``botocore``] AWS DataSync now supports Hadoop Distributed File System
(HDFS) Locations
* api-change:``macie2``: [``botocore``] This release adds support for specifying the severity of
findings that a custom data identifier produces, based on the number of occurrences of text that
matches the detection criteria.
- from version 1.19.9
* api-change:``cloudfront``: [``botocore``] CloudFront now supports response headers policies to
add HTTP headers to the responses that CloudFront sends to viewers. You can use these policies to
add CORS headers, control browser caching, and more, without modifying your origin or writing any
code.
* api-change:``connect``: [``botocore``] Amazon Connect Chat now supports real-time message
streaming.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for users to stop and
start streaming sessions.
- from version 1.19.8
* api-change:``rekognition``: [``botocore``] This Amazon Rekognition Custom Labels release
introduces the management of datasets with projects
* api-change:``networkmanager``: [``botocore``] This release adds API support to aggregate
resources, routes, and telemetry data across a Global Network.
* api-change:``lightsail``: [``botocore``] This release adds support to enable access logging for
buckets in the Lightsail object storage service.
* api-change:``neptune``: [``botocore``] Adds support for major version upgrades to ModifyDbCluster
API
- from version 1.19.7
* api-change:``transcribe``: [``botocore``] Transcribe and Transcribe Call Analytics now support
automatic language identification along with custom vocabulary, vocabulary filter, custom language
model and PII redaction.
* api-change:``application-insights``: [``botocore``] Added Monitoring support for SQL Server
Failover Cluster Instance. Additionally, added a new API to allow one-click monitoring of
containers resources.
* api-change:``rekognition``: [``botocore``] This release added new attributes to Rekognition Video
GetCelebrityRecognition API operations.
* api-change:``connect``: [``botocore``] Amazon Connect Chat now supports real-time message
streaming.
* api-change:``ec2``: [``botocore``] Support added for AMI sharing with organizations and
organizational units in ModifyImageAttribute API
- Update BuildRequires and Requires from setup.py
- Update to version 1.19.6
* api-change:``gamelift``: [``botocore``] Added support for Arm-based AWS
Graviton2 instances, such as M6g, C6g, and R6g.
* api-change:``ecs``: [``botocore``] Amazon ECS now supports running Fargate
tasks on Windows Operating Systems Families which includes Windows Server
2019 Core and Windows Server 2019 Full.
* api-change:``sagemaker``: [``botocore``] This release adds support for
RStudio on SageMaker.
* api-change:``connectparticipant``: [``botocore``] This release adds a new
boolean attribute - Connect Participant - to the CreateParticipantConnection
API, which can be used to mark the participant as connected.
* api-change:``ec2``: [``botocore``] Added new read-only DenyAllIGWTraffic
network interface attribute. Added support for DL1 24xlarge instances
powered by Habana Gaudi Accelerators for deep learning model training
workloads
* api-change:``ssm-incidents``: [``botocore``] Updating documentation, adding
new field to ConflictException to indicate earliest retry timestamp for some
operations, increase maximum length of nextToken fields
- from version 1.19.5
* api-change:``autoscaling``: [``botocore``] This release adds support for
attribute-based instance type selection, a new EC2 Auto Scaling feature
that lets customers express their instance requirements as a set of attributes,
such as vCPU, memory, and storage.
* api-change:``ec2``: [``botocore``] This release adds: attribute-based instance
type selection for EC2 Fleet, Spot Fleet, a feature that lets customers express
instance requirements as attributes like vCPU, memory, and storage; and Spot
placement score, a feature that helps customers identify an optimal location
to run Spot workloads.
* enhancement:Session: Added `get_partition_for_region` to lookup partition for
a given region_name
* api-change:``eks``: [``botocore``] EKS managed node groups now support
BOTTLEROCKET_x86_64 and BOTTLEROCKET_ARM_64 AMI types.
* api-change:``sagemaker``: [``botocore``] This release allows customers to
describe one or more versioned model packages through BatchDescribeModelPackage,
update project via UpdateProject, modify and read customer metadata properties
using Create, Update and Describe ModelPackage and enables cross account
registration of model packages.
* enhancement:Session: [``botocore``] Added `get_partition_for_region` allowing
partition lookup by region name.
* api-change:``textract``: [``botocore``] This release adds support for asynchronously
analyzing invoice and receipt documents through two new APIs: StartExpenseAnalysis
and GetExpenseAnalysis
* enchancement:``s3``: TransferConfig now supports the `max_bandwidth` argument.
- from version 1.19.4
* api-change:``emr-containers``: [``botocore``] This feature enables auto-generation
of certificate to secure the managed-endpoint and removes the need for customer
provided certificate-arn during managed-endpoint setup.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports
push notifications through Amazon Pinpoint
* api-change:``chime-sdk-identity``: [``botocore``] The Amazon Chime SDK now supports
push notifications through Amazon Pinpoint
- from version 1.19.3
* api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Custom,
which is a new RDS management type that gives you full access to your database and
operating system.
For more information, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-custom.html
* api-change:``auditmanager``: [``botocore``] This release introduces a new feature for
Audit Manager: Custom framework sharing. You can now share your custom frameworks with
another AWS account, or replicate them into another AWS Region under your own account.
* api-change:``ec2``: [``botocore``] This release adds support to create a VPN Connection
that is not attached to a Gateway at the time of creation. Use this to create VPNs
associated with Core Networks, or modify your VPN and attach a gateway using the modify
API after creation.
* api-change:``route53resolver``: [``botocore``] New API for ResolverConfig, which allows
autodefined rules for reverse DNS resolution to be disabled for a VPC
- from version 1.19.2
* api-change:``quicksight``: [``botocore``] Added QSearchBar option for
GenerateEmbedUrlForRegisteredUser ExperienceConfiguration to support
Q search bar embedding
* api-change:``auditmanager``: [``botocore``] This release introduces character restrictions
for ControlSet names. We updated regex patterns for the following attributes: ControlSet,
CreateAssessmentFrameworkControlSet, and UpdateAssessmentFrameworkControlSet.
* api-change:``chime``: [``botocore``] Chime VoiceConnector and VoiceConnectorGroup
APIs will now return an ARN.
- from version 1.19.1
* api-change:``connect``: [``botocore``] Released Amazon Connect hours of operation API
for general availability (GA). This API also supports AWS CloudFormation. For more
information, see Amazon Connect Resource Type Reference in the AWS CloudFormation
User Guide.
- from version 1.19.0
* api-change:``appflow``: [``botocore``] Feature to add support for JSON-L format
for S3 as a source.
* api-change:``mediapackage-vod``: [``botocore``] MediaPackage passes through digital
video broadcasting (DVB) subtitles into the output.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added
support for specifying caption time delta in milliseconds and the ability to apply
color range legalization to source content other than AVC video.
* api-change:``mediapackage``: [``botocore``] When enabled, MediaPackage passes through
digital video broadcasting (DVB) subtitles into the output.
* api-change:``panorama``: [``botocore``] General availability for AWS Panorama. AWS
SDK for Panorama includes APIs to manage your devices and nodes, and deploy computer
vision applications to the edge. For more information, see the AWS Panorama
documentation at http://docs.aws.amazon.com/panorama
* feature:Serialization: [``botocore``] rest-json serialization defaults
aligned across AWS SDKs
* api-change:``directconnect``: [``botocore``] This release adds 4 new APIS,
which needs to be public able
* api-change:``securityhub``: [``botocore``] Added support for cross-Region finding
aggregation, which replicates findings from linked Regions to a single aggregation
Region. Added operations to view, enable, update, and delete the finding aggregation.
- from version 1.18.65
* api-change:``dataexchange``: [``botocore``] This release adds support for our public
preview of AWS Data Exchange for Amazon Redshift. This enables data providers to list
products including AWS Data Exchange datashares for Amazon Redshift, giving subscribers
read-only access to provider data in Amazon Redshift.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now allows
developers to execute business logic on in-flight messages before they are delivered
to members of a messaging channel with channel flows.
- from version 1.18.64
* api-change:``quicksight``: [``botocore``] AWS QuickSight Service Features - Add IP
Restriction UI and public APIs support.
* enchancement:AWSCRT: [``botocore``] Upgrade awscrt extra to 0.12.5
* api-change:``ivs``: [``botocore``] Bug fix: remove unsupported maxResults and
nextToken pagination parameters from ListTagsForResource
- from version 1.18.63
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``glue``: [``botocore``] Enable S3 event base crawler API.
- from version 1.18.62
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling now supports
filtering describe Auto Scaling groups API using tags
* api-change:``sagemaker``: [``botocore``] This release updates the provisioning
artifact ID to an optional parameter in CreateProject API. The provisioning
artifact ID defaults to the latest provisioning artifact ID of the product
if you don't provide one.
* api-change:``robomaker``: [``botocore``] Adding support to GPU simulation jobs
as well as non-ROS simulation jobs.
- from version 1.18.61
* api-change:``config``: [``botocore``] Adding Config support for AWS::OpenSearch::Domain
* api-change:``ec2``: [``botocore``] This release adds support for additional
VPC Flow Logs delivery options to S3, such as Apache Parquet formatted files,
Hourly partitions and Hive-compatible S3 prefixes
* api-change:``storagegateway``: [``botocore``] Adding support for Audit Logs
on NFS shares and Force Closing Files on SMB shares.
* api-change:``workmail``: [``botocore``] This release adds APIs for adding,
removing and retrieving details of mail domains
* api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.13
in Kinesis Data Analytics. Changed the required status of some Update properties
to better fit the corresponding Create properties.
- from version 1.18.60
* api-change:``cloudsearch``: [``botocore``] Adds an additional validation exception
for Amazon CloudSearch configuration APIs for better error handling.
* api-change:``ecs``: [``botocore``] Documentation only update to address tickets.
* api-change:``mediatailor``: [``botocore``] MediaTailor now supports ad prefetching.
* api-change:``ec2``: [``botocore``] EncryptionSupport for InstanceStorageInfo added
to DescribeInstanceTypes API
- from version 1.18.59
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* bugfix:Signing: [``botocore``] SigV4QueryAuth and CrtSigV4QueryAuth now properly
respect AWSRequest.params while signing boto/botocore (#2521)
* api-change:``medialive``: [``botocore``] This release adds support for Transport
Stream files as an input type to MediaLive encoders.
* api-change:``ec2``: [``botocore``] Documentation update for Amazon EC2.
* api-change:``frauddetector``: [``botocore``] New model type: Transaction Fraud
Insights, which is optimized for online transaction fraud. Stored Events, which
allows customers to send and store data directly within Amazon Fraud Detector.
Batch Import, which allows customers to upload a CSV file of historic event
data for processing and storage
- from version 1.18.58
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``securityhub``: [``botocore``] Added new resource details objects to
ASFF, including resources for WAF rate-based rules, EC2 VPC endpoints, ECR repositories,
EKS clusters, X-Ray encryption, and OpenSearch domains. Added additional details for
CloudFront distributions, CodeBuild projects, ELB V2 load balancers, and S3 buckets.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert has added the
ability to set account policies which control access restrictions for HTTP, HTTPS,
and S3 content sources.
* api-change:``ec2``: [``botocore``] This release removes a requirement for filters
on SearchLocalGatewayRoutes operations.
- from version 1.18.57
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports indexing and
querying documents in different languages.
* api-change:``grafana``: [``botocore``] Initial release of the SDK for Amazon
Managed Grafana API.
* api-change:``firehose``: [``botocore``] Allow support for Amazon Opensearch
Service(successor to Amazon Elasticsearch Service) as a Kinesis Data Firehose
delivery destination.
* api-change:``backup``: [``botocore``] Launch of AWS Backup Vault Lock, which protects
your backups from malicious and accidental actions, works with existing backup policies,
and helps you meet compliance requirements.
* api-change:``schemas``: [``botocore``] Removing unused request/response objects.
* api-change:``chime``: [``botocore``] This release enables customers to configure
Chime MediaCapturePipeline via API.
- from version 1.18.56
* api-change:``sagemaker``: [``botocore``] This release adds a new TrainingInputMode
FastFile for SageMaker Training APIs.
* api-change:``amplifybackend``: [``botocore``] Adding a new field 'AmplifyFeatureFlags'
to the response of the GetBackend operation. It will return a stringified version of
the cli.json file for the given Amplify project.
* api-change:``fsx``: [``botocore``] This release adds support for Lustre 2.12 to FSx for Lustre.
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports integration with AWS SSO
- from version 1.18.55
* api-change:``workmail``: [``botocore``] This release allows customers to change their
inbound DMARC settings in Amazon WorkMail.
* api-change:``location``: [``botocore``] Add support for PositionFiltering.
* api-change:``application-autoscaling``: [``botocore``] With this release, Application
Auto Scaling adds support for Amazon Neptune. Customers can now automatically add or
remove Read Replicas of their Neptune clusters to keep the average CPU Utilization at
the target value specified by the customers.
* api-change:``ec2``: [``botocore``] Released Capacity Reservation Fleet, a feature of
Amazon EC2 Capacity Reservations, which provides a way to manage reserved capacity
across instance types.
For more information: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-fleets.html
* api-change:``glue``: [``botocore``] This release adds tag as an input of CreateConnection
* api-change:``backup``: [``botocore``] AWS Backup Audit Manager framework report.
- from version 1.18.54
* api-change:``codebuild``: [``botocore``] CodeBuild now allows you to select how batch
build statuses are sent to the source provider for a project.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``kms``: [``botocore``] Added SDK examples for ConnectCustomKeyStore,
CreateCustomKeyStore, CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores,
DisconnectCustomKeyStore, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext,
GetPublicKey, ReplicateKey, Sign, UpdateCustomKeyStore and Verify APIs
- from version 1.18.53
* api-change:``synthetics``: [``botocore``] CloudWatch Synthetics now enables customers
to choose a customer managed AWS KMS key or an Amazon S3-managed key instead of an
AWS managed key (default) for the encryption of artifacts that the canary stores
in Amazon S3. CloudWatch Synthetics also supports artifact S3 location updation now.
* api-change:``ssm``: [``botocore``] When "/AutoApprovable"/ is true for a Change Template,
then specifying --auto-approve (boolean) in Start-Change-Request-Execution will create
a change request that bypasses approver review. (except for change calendar restrictions)
* api-change:``apprunner``: [``botocore``] This release contains several minor bug fixes.
- from version 1.18.52
* api-change:``network-firewall``: [``botocore``] This release adds support for strict
ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated
in the exact order in which you provide them.
* api-change:``dataexchange``: [``botocore``] This release enables subscribers to set up
automatic exports of newly published revisions using the new EventAction API.
* api-change:``workmail``: [``botocore``] This release adds support for mobile device
access overrides management in Amazon WorkMail.
* api-change:``account``: [``botocore``] This release of the Account Management API enables
customers to manage the alternate contacts for their AWS accounts.
For more information, see https://docs.aws.amazon.com/accounts/latest/reference/accounts-welcome.html
* api-change:``workspaces``: [``botocore``] Added CreateUpdatedWorkspaceImage API to update
WorkSpace images with latest software and drivers. Updated DescribeWorkspaceImages API to
display if there are updates available for WorkSpace images.
* api-change:``cloudcontrol``: [``botocore``] Initial release of the SDK for AWS Cloud Control API
* api-change:``macie2``: [``botocore``] Amazon S3 bucket metadata now indicates whether an
error or a bucket's permissions settings prevented Amazon Macie from retrieving data about
the bucket or the bucket's objects.
- from version 1.18.51
* api-change:``lambda``: [``botocore``] Adds support for Lambda functions powered by AWS Graviton2
processors. Customers can now select the CPU architecture for their functions.
* api-change:``sesv2``: [``botocore``] This release includes the ability to use 2048 bits RSA key
pairs for DKIM in SES, either with Easy DKIM or Bring Your Own DKIM.
* api-change:``amp``: [``botocore``] This release adds alert manager and rule group namespace APIs
- from version 1.18.50
* api-change:``transfer``: [``botocore``] Added changes for managed workflows feature APIs.
* api-change:``imagebuilder``: [``botocore``] Fix description for AmiDistributionConfiguration
Name property, which actually refers to the output AMI name. Also updated for consistent
terminology to use "/base"/ image, and another update to fix description text.
- from version 1.18.49
* api-change:``appintegrations``: [``botocore``] The Amazon AppIntegrations service enables you
to configure and reuse connections to external applications.
* api-change:``wisdom``: [``botocore``] Released Amazon Connect Wisdom, a feature of Amazon Connect,
which provides real-time recommendations and search functionality in general availability (GA).
For more information, see https://docs.aws.amazon.com/wisdom/latest/APIReference/Welcome.html.
* api-change:``pinpoint``: [``botocore``] Added support for journey with contact center activity
* api-change:``voice-id``: [``botocore``] Released the Amazon Voice ID SDK, for usage with the
Amazon Connect Voice ID feature released for Amazon Connect.
* api-change:``connect``: [``botocore``] This release updates a set of APIs: CreateIntegrationAssociation,
ListIntegrationAssociations, CreateUseCase, and StartOutboundVoiceContact. You can use it to create
integrations with Amazon Pinpoint for the Amazon Connect Campaigns use case, Amazon Connect Voice ID,
and Amazon Connect Wisdom.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- from version 1.18.48
* api-change:``license-manager``: [``botocore``] AWS License Manager now allows customers to get
the LicenseArn in the Checkout API Response.
* api-change:``ec2``: [``botocore``] DescribeInstances now returns Platform Details, Usage Operation,
and Usage Operation Update Time.
- from version 1.18.47
* api-change:``mediaconvert``: [``botocore``] This release adds style and positioning support for
caption or subtitle burn-in from rich text sources such as TTML. This release also introduces
configurable image-based trick play track generation.
* api-change:``appsync``: [``botocore``] Documented the new OpenSearchServiceDataSourceConfig data
type. Added deprecation notes to the ElasticsearchDataSourceConfig data type.
* api-change:``ssm``: [``botocore``] Added cutoff behavior support for preventing new task invocations
from starting when the maintenance window cutoff time is reached.
- from version 1.18.46
* api-change:``imagebuilder``: [``botocore``] This feature adds support for specifying GP3 volume
throughput and configuring instance metadata options for instances launched by EC2 Image Builder.
* api-change:``wafv2``: [``botocore``] Added the regex match rule statement, for matching web requests
against a single regular expression.
* api-change:``mediatailor``: [``botocore``] This release adds support to configure logs
for playback configuration.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``iam``: [``botocore``] Added changes to OIDC API about not using port
numbers in the URL.
* api-change:``license-manager``: [``botocore``] AWS License Manager now allows customers to change
their Windows Server or SQL license types from Bring-Your-Own-License (BYOL) to License Included
or vice-versa (using the customer's media).
* api-change:``mediapackage-vod``: [``botocore``] MediaPackage VOD will now return the current
processing statuses of an asset's endpoints. The status can be QUEUED, PROCESSING, PLAYABLE,
or FAILED.
- from version 1.18.45
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports versioning of custom
models, improved training with ONE_DOC_PER_FILE text documents for custom entity recognition,
ability to provide specific test sets during training, and live migration to new model endpoints.
* api-change:``iot``: [``botocore``] This release adds support for verifying, viewing and filtering
AWS IoT Device Defender detect violations with four verification states.
* api-change:``ecr``: [``botocore``] This release adds additional support for repository replication
* api-change:``ec2``: [``botocore``] This update adds support for downloading configuration templates
using new APIs (GetVpnConnectionDeviceTypes and GetVpnConnectionDeviceSampleConfiguration) and
Internet Key Exchange version 2 (IKEv2) parameters for many popular CGW devices.
- from version 1.18.44
* api-change:``opensearch``: [``botocore``] This release adds an optional parameter in the
ListDomainNames API to filter domains based on the engine type (OpenSearch/Elasticsearch).
* api-change:``es``: [``botocore``] This release adds an optional parameter in the ListDomainNames API
to filter domains based on the engine type (OpenSearch/Elasticsearch).
* api-change:``dms``: [``botocore``] Optional flag force-planned-failover added to
reboot-replication-instance API call. This flag can be used to test a planned failover
scenario used during some maintenance operations.
- from version 1.18.43
* api-change:``kafkaconnect``: [``botocore``] This is the initial SDK release for Amazon
Managed Streaming for Apache Kafka Connect (MSK Connect).
* api-change:``macie2``: [``botocore``] This release adds support for specifying which
managed data identifiers are used by a classification job, and retrieving a list of
managed data identifiers that are available.
* api-change:``robomaker``: [``botocore``] Adding support to create container based
Robot and Simulation applications by introducing an environment field
* api-change:``s3``: [``botocore``] Add support for access point arn filtering in
S3 CW Request Metrics
* api-change:``transcribe``: [``botocore``] This release adds support for subtitling
with Amazon Transcribe batch jobs.
* api-change:``sagemaker``: [``botocore``] Add API for users to retry a failed pipeline
execution or resume a stopped one.
* api-change:``pinpoint``: [``botocore``] This SDK release adds a new feature for
Pinpoint campaigns, in-app messaging.
- from versionm 1.18.42
* api-change:``sagemaker``: [``botocore``] This release adds support for "/Project Search"/
* api-change:``ec2``: [``botocore``] This release adds support for vt1 3xlarge, 6xlarge
and 24xlarge instances powered by Xilinx Alveo U30 Media Accelerators for video
transcoding workloads
* api-change:``wafv2``: [``botocore``] This release adds support for including rate
based rules in a rule group.
* api-change:``chime``: [``botocore``] Adds support for SipHeaders parameter for
CreateSipMediaApplicationCall.
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now allows you to train
and run PDF and Word documents for custom entity recognition. With PDF and Word formats,
you can extract information from documents containing headers, lists and tables.
- from version 1.18.41
* api-change:``iot``: [``botocore``] AWS IoT Rules Engine adds OpenSearch action. The
OpenSearch rule action lets you stream data from IoT sensors and applications to Amazon
OpenSearch Service which is a successor to Amazon Elasticsearch Service.
* api-change:``ec2``: [``botocore``] Adds support for T3 instances on Amazon EC2 Dedicated Hosts.
* enhancement:Tagged Unions: [``botocore``] Introducing support for the `union` trait
on structures in request and response objects.
- from version 1.18.40
* api-change:``cloudformation``: [``botocore``] Doc only update for CloudFormation that
fixes several customer-reported issues.
* api-change:``rds``: [``botocore``] This release adds support for providing a custom timeout
value for finding a scaling point during autoscaling in Aurora Serverless v1.
* api-change:``ecr``: [``botocore``] This release updates terminology around KMS keys.
* api-change:``sagemaker``: [``botocore``] This release adds support for
"/Lifecycle Configurations"/ to SageMaker Studio
* api-change:``transcribe``: [``botocore``] This release adds an API option for
startTranscriptionJob and startMedicalTranscriptionJob that allows the user to
specify encryption context key value pairs for batch jobs.
* api-change:``quicksight``: [``botocore``] Add new data source type for Amazon
OpenSearch (successor to Amazon ElasticSearch).
- from version 1.18.39
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``codeguru-reviewer``: [``botocore``] The Amazon CodeGuru Reviewer API
now includes the RuleMetadata data object and a Severity attribute on a
RecommendationSummary object. A RuleMetadata object contains information about a
rule that generates a recommendation. Severity indicates how severe the issue
associated with a recommendation is.
* api-change:``lookoutequipment``: [``botocore``] Added OffCondition parameter to CreateModel API
- from version 1.18.38
* api-change:``opensearch``: [``botocore``] Updated Configuration APIs for Amazon
OpenSearch Service (successor to Amazon Elasticsearch Service)
* api-change:``ram``: [``botocore``] A minor text-only update that fixes several
customer issues.
* api-change:``kafka``: [``botocore``] Amazon MSK has added a new API that allows
you to update the encrypting and authentication settings for an existing cluster.
- from version 1.18.37
* api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
* api-change:``amp``: [``botocore``] This release adds tagging support for
Amazon Managed Service for Prometheus workspace.
* api-change:``forecast``: [``botocore``] Predictor creation now supports selecting
an accuracy metric to optimize in AutoML and hyperparameter optimization. This
release adds additional accuracy metrics for predictors - AverageWeightedQuantileLoss,
MAPE and MASE.
* api-change:``xray``: [``botocore``] Updated references to AWS KMS keys and customer
managed keys to reflect current terminology.
* api-change:``ssm-contacts``: [``botocore``] Added SDK examples for SSM-Contacts.
* api-change:``mediapackage``: [``botocore``] SPEKE v2 support for live CMAF packaging
type. SPEKE v2 is an upgrade to the existing SPEKE API to support multiple encryption
keys, it supports live DASH currently.
* api-change:``eks``: [``botocore``] Adding RegisterCluster and DeregisterCluster operations,
to support connecting external clusters to EKS.
- from version 1.18.36
* api-change:``chime-sdk-identity``: [``botocore``] Documentation updates for Chime
* api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime
* api-change:``outposts``: [``botocore``] This release adds a new API CreateOrder.
* api-change:``frauddetector``: [``botocore``] Enhanced GetEventPrediction API response
to include risk scores from imported SageMaker models
* api-change:``codeguru-reviewer``: [``botocore``] Added support for CodeInconsistencies
detectors
- from version 1.18.35
* api-change:``acm-pca``: [``botocore``] Private Certificate Authority Service now allows
customers to enable an online certificate status protocol (OCSP) responder service on
their private certificate authorities. Customers can also optionally configure a custom
CNAME for their OCSP responder.
* api-change:``s3control``: [``botocore``] S3 Multi-Region Access Points provide a single
global endpoint to access a data set that spans multiple S3 buckets in different AWS Regions.
* api-change:``accessanalyzer``: [``botocore``] Updates service API, documentation, and
paginators to support multi-region access points from Amazon S3.
* api-change:``schemas``: [``botocore``] This update include the support for Schema Discoverer
to discover the events sent to the bus from another account. The feature will be enabled by
default when discoverer is created or updated but can also be opt-in or opt-out by specifying
the value for crossAccount.
* api-change:``securityhub``: [``botocore``] New ASFF Resources: AwsAutoScalingLaunchConfiguration,
AwsEc2VpnConnection, AwsEcrContainerImage. Added KeyRotationStatus to AwsKmsKey. Added
AccessControlList, BucketLoggingConfiguration,BucketNotificationConfiguration and
BucketNotificationConfiguration to AwsS3Bucket.
* enhancement:s3: [``botocore``] Added support for S3 Multi-Region Access Points
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``transfer``: [``botocore``] AWS Transfer Family introduces Managed Workflows
for creating, executing, monitoring, and standardizing post file transfer processing
* api-change:``ebs``: [``botocore``] Documentation updates for Amazon EBS direct APIs.
* api-change:``quicksight``: [``botocore``] This release adds support for referencing parent
datasets as sources in a child dataset.
* api-change:``fsx``: [``botocore``] Announcing Amazon FSx for NetApp ONTAP, a new service
that provides fully managed shared storage in the AWS Cloud with the data access and
management capabilities of ONTAP.
* enhancement:Signers: [``botocore``] Added support for Sigv4a Signing Algorithm
* api-change:``lex-models``: [``botocore``] Lex now supports Korean (ko-KR) locale.
- from version 1.18.34
* api-change:``ec2``: [``botocore``] Added LaunchTemplate support for the IMDS IPv6 endpoint
* api-change:``cloudtrail``: [``botocore``] Documentation updates for CloudTrail
* api-change:``mediatailor``: [``botocore``] This release adds support for wall
clock programs in LINEAR channels.
* api-change:``config``: [``botocore``] Documentation updates for config
* api-change:``servicecatalog-appregistry``: [``botocore``] Introduction of
GetAssociatedResource API and GetApplication response extension for Resource
Groups support.
- Switch tests from nose to pytest
- Update BuildRequires and Requires from setup.py
- Update to version 1.18.33
* sync python-botocore dependency with setup.py
* api-change:``iot``: [``botocore``] Added
Create/Update/Delete/Describe/List APIs for a new IoT resource named
FleetMetric. Added a new Fleet Indexing query API named
GetBucketsAggregation. Added a new field named DisconnectedReason in
Fleet Indexing query response. Updated their related documentations.
* api-change:``polly``: [``botocore``] Amazon Polly adds new South
African English voice - Ayanda. Ayanda is available as Neural voice
only.
* api-change:``compute-optimizer``: [``botocore``] Documentation
updates for Compute Optimizer
* api-change:``sqs``: [``botocore``] Amazon SQS adds a new queue
attribute, RedriveAllowPolicy, which includes the dead-letter queue
redrive permission parameters. It defines which source queues can
specify dead-letter queues as a JSON object.
* api-change:``memorydb``: [``botocore``] Documentation updates for
MemoryDB
- from version 1.18.32
* api-change:``codebuild``: [``botocore``] Documentation updates for
CodeBuild
* api-change:``firehose``: [``botocore``] This release adds the
Dynamic Partitioning feature to Kinesis Data Firehose service for S3
destinations.
* api-change:``kms``: [``botocore``] This release has changes to KMS
nomenclature to remove the word master from both the "/Customer master
key"/ and "/CMK"/ abbreviation and replace those naming conventions with
"/KMS key"/.
* api-change:``cloudformation``: [``botocore``] AWS CloudFormation
allows you to iteratively develop your applications when failures are
encountered without rolling back successfully provisioned resources.
By specifying stack failure options, you can troubleshoot resources in
a CREATE_FAILED or UPDATE_FAILED status.
- from version 1.18.31
* api-change:``s3``: [``botocore``] Documentation updates for Amazon
S3.
* api-change:``emr``: [``botocore``] Update emr client to latest
version
* api-change:``ec2``: [``botocore``] This release adds the BootMode
flag to the ImportImage API and showing the detected BootMode of an
ImportImage task.
- from version 1.18.30
* api-change:``transcribe``: [``botocore``] This release adds support
for batch transcription in six new languages - Afrikaans, Danish,
Mandarin Chinese (Taiwan), New Zealand English, South African English,
and Thai.
* api-change:``rekognition``: [``botocore``] This release added new
attributes to Rekognition RecognizeCelebities and GetCelebrityInfo API
operations.
* api-change:``ec2``: [``botocore``] Support added for resizing VPC
prefix lists
* api-change:``compute-optimizer``: [``botocore``] Adds support for 1)
the AWS Graviton (AWS_ARM64) recommendation preference for Amazon EC2
instance and Auto Scaling group recommendations, and 2) the ability to
get the enrollment statuses for all member accounts of an
organization.
- from version 1.18.29
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports
triggering resource cleanup workflow when account or resource goes out
of policy scope for AWS WAF, Security group, AWS Network Firewall, and
Amazon Route 53 Resolver DNS Firewall policies.
* api-change:``ec2``: [``botocore``] Support added for IMDS IPv6
endpoint
* api-change:``datasync``: [``botocore``] Added include filters to
CreateTask and UpdateTask, and added exclude filters to
StartTaskExecution, giving customers more granular control over how
DataSync transfers files, folders, and objects.
* api-change:``events``: [``botocore``] AWS CWEvents adds an enum of
EXTERNAL for EcsParameters LaunchType for PutTargets API
- from version 1.18.28
* api-change:``mediaconvert``: [``botocore``] AWS Elemental
MediaConvert SDK has added MBAFF encoding support for AVC video and
the ability to pass encryption context from the job settings to S3.
* api-change:``polly``: [``botocore``] Amazon Polly adds new New
Zealand English voice - Aria. Aria is available as Neural voice only.
* api-change:``transcribe``: [``botocore``] This release adds support
for feature tagging with Amazon Transcribe batch jobs.
* api-change:``ssm``: [``botocore``] Updated Parameter Store property
for logging improvements.
* api-change:``iot-data``: [``botocore``] Updated Publish with support
for new Retain flag and added two new API operations:
GetRetainedMessage, ListRetainedMessages.
- from version 1.18.27
* api-change:``dms``: [``botocore``] Amazon AWS DMS service now
support Redis target endpoint migration. Now S3 endpoint setting is
capable to setup features which are used to be configurable only in
extract connection attributes.
* api-change:``frauddetector``: [``botocore``] Updated an element of
the DescribeModelVersion API response (LogitMetrics -> logOddsMetrics)
for clarity. Added new exceptions to several APIs to protect against
unlikely scenarios.
* api-change:``iotsitewise``: [``botocore``] Documentation updates for
AWS IoT SiteWise
* api-change:``dlm``: [``botocore``] Added AMI deprecation support for
Amazon Data Lifecycle Manager EBS-backed AMI policies.
* api-change:``glue``: [``botocore``] Add support for Custom
Blueprints
* api-change:``apigateway``: [``botocore``] Adding some of the pending
releases (1) Adding WAF Filter to GatewayResponseType enum (2)
Ensuring consistent error model for all operations (3) Add missing BRE
to GetVpcLink operation
* api-change:``backup``: [``botocore``] AWS Backup - Features:
Evaluate your backup activity and generate audit reports.
- from version 1.18.26
* api-change:``eks``: [``botocore``] Adds support for EKS add-ons
"/preserve"/ flag, which allows customers to maintain software on their
EKS clusters after removing it from EKS add-ons management.
* api-change:``comprehend``: [``botocore``] Add tagging support for
Comprehend async inference job.
* api-change:``robomaker``: [``botocore``] Documentation updates for
RoboMaker
* api-change:``ec2``: [``botocore``] encryptionInTransitSupported
added to DescribeInstanceTypes API
- from version 1.18.25
* api-change:``ec2``: [``botocore``] The ImportImage API now supports
the ability to create AMIs with AWS-managed licenses for Microsoft SQL
Server for both Windows and Linux.
* api-change:``memorydb``: [``botocore``] AWS MemoryDB SDK now
supports all APIs for newly launched MemoryDB service.
* api-change:``application-autoscaling``: [``botocore``] This release
extends Application Auto Scaling support for replication group of
Amazon ElastiCache Redis clusters. Auto Scaling monitors and
automatically expands node group count and number of replicas per node
group when a critical usage threshold is met or according to customer-
defined schedule.
* api-change:``appflow``: [``botocore``] This release adds support for
SAPOData connector and extends Veeva connector for document
extraction.
- from version 1.18.24
* api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
make the build results for your build projects available to the public
without requiring access to an AWS account.
* api-change:``route53``: [``botocore``] Documentation updates for
route53
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-
runtime client to latest version
* api-change:``route53resolver``: [``botocore``] Documentation updates
for Route 53 Resolver
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now
supports Asynchronous Inference endpoints. Adds PlatformIdentifier
field that allows Notebook Instance creation with different platform
selections. Increases the maximum number of containers in multi-
container endpoints to 15. Adds more instance types to InstanceType
field.
- from version 1.18.23
* api-change:``cloud9``: [``botocore``] Added DryRun parameter to
CreateEnvironmentEC2 API. Added ManagedCredentialsActions parameter to
UpdateEnvironment API
* api-change:``ec2``: [``botocore``] This release adds support for EC2
ED25519 key pairs for authentication
* api-change:``clouddirectory``: [``botocore``] Documentation updates
for clouddirectory
* api-change:``ce``: [``botocore``] This release is a new feature for
Cost Categories: Split charge rules. Split charge rules enable you to
allocate shared costs between your cost category values.
* api-change:``logs``: [``botocore``] Documentation-only update for
CloudWatch Logs
- from version 1.18.22
* api-change:``iotsitewise``: [``botocore``] AWS IoT SiteWise added
query window for the interpolation interval. AWS IoT SiteWise computes
each interpolated value by using data points from the timestamp of
each interval minus the window to the timestamp of each interval plus
the window.
* api-change:``s3``: [``botocore``] Documentation updates for Amazon
S3
* api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
select how batch build statuses are sent to the source provider for a
project.
* api-change:``ds``: [``botocore``] This release adds support for
describing client authentication settings.
* api-change:``config``: [``botocore``] Update ResourceType enum with
values for Backup Plan, Selection, Vault, RecoveryPoint; ECS Cluster,
Service, TaskDefinition; EFS AccessPoint, FileSystem; EKS Cluster; ECR
Repository resources
* api-change:``license-manager``: [``botocore``] AWS License Manager
now allows end users to call CheckoutLicense API using new
CheckoutType PERPETUAL. Perpetual checkouts allow sellers to check out
a quantity of entitlements to be drawn down for consumption.
- from version 1.18.21
* api-change:``quicksight``: [``botocore``] Documentation updates for
QuickSight.
* api-change:``emr``: [``botocore``] Update emr client to latest
version
* api-change:``customer-profiles``: [``botocore``] This release
introduces Standard Profile Objects, namely Asset and Case which
contain values populated by data from third party systems and belong
to a specific profile. This release adds an optional parameter,
ObjectFilter to the ListProfileObjects API in order to search for
these Standard Objects.
* api-change:``elasticache``: [``botocore``] This release adds
ReplicationGroupCreateTime field to ReplicationGroup which indicates
the UTC time when ElastiCache ReplicationGroup is created
- from version 1.18.20
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot
adds new metrics for all candidate models generated by Autopilot
experiments.
* api-change:``apigatewayv2``: [``botocore``] Adding support for ACM
imported or private CA certificates for mTLS enabled domain names
* api-change:``apigateway``: [``botocore``] Adding support for ACM
imported or private CA certificates for mTLS enabled domain names
* api-change:``databrew``: [``botocore``] This SDK release adds
support for the output of a recipe job results to Tableau Hyper
format.
* api-change:``lambda``: [``botocore``] Lambda Python 3.9 runtime
launch
- from version 1.18.19
* api-change:``snow-device-management``: [``botocore``] AWS Snow
Family customers can remotely monitor and operate their connected AWS
Snowcone devices.
* api-change:``ecs``: [``botocore``] Documentation updates for ECS.
* api-change:``nimble``: [``botocore``] Add new attribute 'ownedBy' in
Streaming Session APIs. 'ownedBy' represents the AWS SSO Identity
Store User ID of the owner of the Streaming Session resource.
* api-change:``codebuild``: [``botocore``] CodeBuild now allows you to
make the build results for your build projects available to the public
without requiring access to an AWS account.
* api-change:``ebs``: [``botocore``] Documentation updates for Amazon
EBS direct APIs.
* api-change:``route53``: [``botocore``] Documentation updates for
route53
- from version 1.18.18
* api-change:``chime``: [``botocore``] Add support for "/auto"/ in
Region field of StartMeetingTranscription API request.
* enchancement:Client: [``botocore``] Improve client performance by
caching _alias_event_name on EventAliaser
- from version 1.18.17
* api-change:``wafv2``: [``botocore``] This release adds APIs to
support versioning feature of AWS WAF Managed rule groups
* api-change:``rekognition``: [``botocore``] This release adds support
for four new types of segments (opening credits, content segments,
slates, and studio logos), improved accuracy for credits and shot
detection and new filters to control black frame detection.
* api-change:``ssm``: [``botocore``] Documentation updates for AWS
Systems Manager.
- from version 1.18.16
* api-change:``synthetics``: [``botocore``] Documentation updates for
Visual Monitoring feature and other doc ticket fixes.
* api-change:``chime-sdk-identity``: [``botocore``] The Amazon Chime
SDK Identity APIs allow software developers to create and manage
unique instances of their messaging applications.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime
SDK Messaging APIs allow software developers to send and receive
messages in custom messaging applications.
* api-change:``connect``: [``botocore``] This release adds support for
agent status and hours of operation. For details, see the Release
Notes in the Amazon Connect Administrator Guide.
* api-change:``lightsail``: [``botocore``] This release adds support
to track when a bucket access key was last used.
* api-change:``athena``: [``botocore``] Documentation updates for
Athena.
- from version 1.18.15
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models
client to latest version
* api-change:``autoscaling``: [``botocore``] EC2 Auto Scaling adds
configuration checks and Launch Template validation to Instance
Refresh.
- from version 1.18.14
* api-change:``rds``: [``botocore``] This release adds
AutomaticRestartTime to the DescribeDBInstances and DescribeDBClusters
operations. AutomaticRestartTime indicates the time when a stopped DB
instance or DB cluster is restarted automatically.
* api-change:``imagebuilder``: [``botocore``] Updated list actions to
include a list of valid filters that can be used in the request.
* api-change:``transcribe``: [``botocore``] This release adds support
for call analytics (batch) within Amazon Transcribe.
* api-change:``events``: [``botocore``] Update events client to latest
version
* api-change:``ssm-incidents``: [``botocore``] Documentation updates
for Incident Manager.
- from version 1.18.13
* api-change:``redshift``: [``botocore``] API support for Redshift
Data Sharing feature.
* api-change:``iotsitewise``: [``botocore``] My AWS Service
(placeholder) - This release introduces custom Intervals and offset
for tumbling window in metric for AWS IoT SiteWise.
* api-change:``glue``: [``botocore``] Add
ConcurrentModificationException to create-table, delete-table, create-
database, update-database, delete-database
* api-change:``mediaconvert``: [``botocore``] AWS Elemental
MediaConvert SDK has added control over the passthrough of XDS
captions metadata to outputs.
* api-change:``proton``: [``botocore``] Docs only add idempotent
create apis
- from version 1.18.12
* api-change:``ssm-contacts``: [``botocore``] Added new attribute in
AcceptCode API. AcceptCodeValidation takes in two values - ENFORCE,
IGNORE. ENFORCE forces validation of accept code and IGNORE ignores it
which is also the default behavior; Corrected TagKeyList length from
200 to 50
* api-change:``greengrassv2``: [``botocore``] This release adds
support for component system resource limits and idempotent Create
operations. You can now specify the maximum amount of CPU and memory
resources that each component can use.
- from version 1.18.11
* api-change:``appsync``: [``botocore``] AWS AppSync now supports a
new authorization mode allowing you to define your own authorization
logic using an AWS Lambda function.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest
version
* api-change:``secretsmanager``: [``botocore``] Add support for
KmsKeyIds in the ListSecretVersionIds API response
* api-change:``sagemaker``: [``botocore``] API changes with respect to
Lambda steps in model building pipelines. Adds several waiters to
async Sagemaker Image APIs. Add more instance types to AppInstanceType
field
- from version 1.18.10
* api-change:``savingsplans``: [``botocore``] Documentation update for
valid Savings Plans offering ID pattern
* api-change:``ec2``: [``botocore``] This release adds support for
G4ad xlarge and 2xlarge instances powered by AMD Radeon Pro V520 GPUs
and AMD 2nd Generation EPYC processors
* api-change:``chime``: [``botocore``] Adds support for live
transcription of meetings with Amazon Transcribe and Amazon Transcribe
Medical. The new APIs, StartMeetingTranscription and
StopMeetingTranscription, control the generation of user-attributed
transcriptions sent to meeting clients via Amazon Chime SDK data
messages.
* api-change:``iotsitewise``: [``botocore``] Added support for AWS IoT
SiteWise Edge. You can now create an AWS IoT SiteWise gateway that
runs on AWS IoT Greengrass V2. With the gateway, you can collect
local server and equipment data, process the data, and export the
selected data from the edge to the AWS Cloud.
* api-change:``iot``: [``botocore``] Increase maximum credential
duration of role alias to 12 hours.
- from version 1.18.9
* api-change:``sso-admin``: [``botocore``] Documentation updates for
arn:aws:trebuchet:::service:v1:03a2216d-1cda-4696-9ece-1387cb6f6952
* api-change:``cloudformation``: [``botocore``] SDK update to support
Importing existing Stacks to new/existing Self Managed StackSet -
Stack Import feature.
- from version 1.18.8
* api-change:``route53``: [``botocore``] This release adds support for
the RECOVERY_CONTROL health check type to be used in conjunction with
Route53 Application Recovery Controller.
* api-change:``iotwireless``: [``botocore``] Add
SidewalkManufacturingSn as an identifier to allow Customer to query
WirelessDevice, in the response, AmazonId is added in the case that
Sidewalk device is return.
* api-change:``route53-recovery-control-config``: [``botocore``]
Amazon Route 53 Application Recovery Controller's routing control -
Routing Control Configuration APIs help you create and delete
clusters, control panels, routing controls and safety rules. State
changes (On/Off) of routing controls are not part of configuration
APIs.
* api-change:``route53-recovery-readiness``: [``botocore``] Amazon
Route 53 Application Recovery Controller's readiness check capability
continually monitors resource quotas, capacity, and network routing
policies to ensure that the recovery environment is scaled and
configured to take over when needed.
* api-change:``quicksight``: [``botocore``] Add support to use row-
level security with tags when embedding dashboards for users not
provisioned in QuickSight
* api-change:``iotanalytics``: [``botocore``] IoT Analytics now
supports creating a dataset resource with IoT SiteWise
MultiLayerStorage data stores, enabling customers to query industrial
data within the service. This release includes adding JOIN
functionality for customers to query multiple data sources in a
dataset.
* api-change:``shield``: [``botocore``] Change name of DDoS Response
Team (DRT) to Shield Response Team (SRT)
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models
client to latest version
* api-change:``redshift-data``: [``botocore``] Added structures to
support new Data API operation BatchExecuteStatement, used to execute
multiple SQL statements within a single transaction.
* api-change:``route53-recovery-cluster``: [``botocore``] Amazon Route
53 Application Recovery Controller's routing control - Routing Control
Data Plane APIs help you update the state (On/Off) of the routing
controls to reroute traffic across application replicas in a 100%
available manner.
* api-change:``batch``: [``botocore``] Add support for ListJob filters
- Disables Py 2 build for SLE 15
+ Py 2 is considered legacy with limited support. Should not have been
built or released for Py 2. This was a mistake.
- Update to version 1.18.7 (bsc#1189649)
* api-change:``s3control``: [``botocore``] S3 Access Point aliases can be used
anywhere you use S3 bucket names to access data in S3
* api-change:``textract``: [``botocore``] Adds support for AnalyzeExpense, a new
API to extract relevant data such as contact information, items purchased, and
vendor name, from almost any invoice or receipt without the need for any templates
or configuration.
* api-change:``proton``: [``botocore``] Documentation-only update links
* api-change:``identitystore``: [``botocore``] Documentation updates for SSO API Ref.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``synthetics``: [``botocore``] CloudWatch Synthetics now supports visual
testing in its canaries.
- from version 1.18.6
* api-change:``securityhub``: [``botocore``] Added product name, company name, and Region
fields for security findings. Added details objects for RDS event subscriptions and AWS
ECS services. Added fields to the details for AWS Elasticsearch domains.
* api-change:``imagebuilder``: [``botocore``] Update to documentation to reapply missing
change to SSM uninstall switch default value and improve description.
* api-change:``s3outposts``: [``botocore``] Add on-premise access type support for endpoints
- from version 1.18.5
* api-change:``medialive``: [``botocore``] MediaLive now supports passing through style data
on WebVTT caption outputs.
* api-change:``databrew``: [``botocore``] This SDK release adds two new features: 1) Output
to Native JDBC destinations and 2) Adding configurations to profile jobs
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``s3control``: [``botocore``] Documentation updates for Amazon S3-control
* api-change:``ec2``: [``botocore``] This release allows customers to assign prefixes to their
elastic network interface and to reserve IP blocks in their subnet CIDRs. These reserved blocks
can be used to assign prefixes to elastic network interfaces or be excluded from auto-assignment.
* api-change:``qldb``: [``botocore``] Amazon QLDB now supports ledgers encrypted with customer
managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs to support the
changes.
- from version 1.18.4
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
Amazon WorkDocs.
For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-workdocs.html
* api-change:``proton``: [``botocore``] Documentation updates for AWS Proton
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``rds``: [``botocore``] Adds the OriginalSnapshotCreateTime field to the DBSnapshot
response object. This field timestamps the underlying data of a snapshot and doesn't change when
the snapshot is copied.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``lambda``: [``botocore``] New ResourceConflictException error code for
PutFunctionEventInvokeConfig, UpdateFunctionEventInvokeConfig, and DeleteFunctionEventInvokeConfig
operations.
* api-change:``codebuild``: [``botocore``] AWS CodeBuild now allows you to set the access permissions
for build artifacts, project artifacts, and log files that are uploaded to an Amazon S3 bucket that
is owned by another account.
* api-change:``personalize``: [``botocore``] My AWS Service (placeholder) - Making minProvisionedTPS
an optional parameter when creating a campaign. If not provided, it defaults to 1.
* api-change:``emr``: [``botocore``] Update emr client to latest version
- from version 1.18.3
* api-change:``compute-optimizer``: [``botocore``] Documentation updates for Compute Optimizer
* api-change:``ec2``: [``botocore``] Added idempotency to the CreateVolume API using the ClientToken
request parameter
- from version 1.18.2
* api-change:``imagebuilder``: [``botocore``] Documentation updates for reversal of default value for
additional instance configuration SSM switch, plus improved descriptions for semantic versioning.
* api-change:``directconnect``: [``botocore``] Documentation updates for directconnect
* api-change:``health``: [``botocore``] In the Health API, the maximum number of entities for the
EventFilter and EntityFilter data types has changed from 100 to 99. This change is related to an
internal optimization of the AWS Health service.
* api-change:``robomaker``: [``botocore``] This release allows customers to create a new version of
WorldTemplates with support for Doors.
* api-change:``location``: [``botocore``] Add five new API operations: UpdateGeofenceCollection,
UpdateMap, UpdatePlaceIndex, UpdateRouteCalculator, UpdateTracker.
* api-change:``emr-containers``: [``botocore``] Updated DescribeManagedEndpoint and ListManagedEndpoints
to return failureReason and stateDetails in API response.
- from version 1.18.1
* api-change:``appintegrations``: [``botocore``] Documentation update for AppIntegrations Service
* api-change:``chime``: [``botocore``] This SDK release adds Account Status as one of the attributes
in Account API response
* api-change:``auditmanager``: [``botocore``] This release relaxes the S3 URL character restrictions
in AWS Audit Manager. Regex patterns have been updated for the following attributes: s3RelativePath,
destination, and s3ResourcePath. 'AWS' terms have also been replaced with entities to align with
China Rebrand documentation efforts.
- from version 1.18.0
* api-change:``ec2``: [``botocore``] This feature enables customers to specify weekly recurring time
window(s) for scheduled events that reboot, stop or terminate EC2 instances.
* api-change:``cognito-idp``: [``botocore``] Documentation updates for cognito-idp
* api-change:``ecs``: [``botocore``] Documentation updates for support of awsvpc mode on Windows.
* api-change:``lex-models``: [``botocore``] Lex now supports the en-IN locale
* api-change:``iotsitewise``: [``botocore``] Update the default endpoint for the APIs used to manage
asset models, assets, gateways, tags, and account configurations. If you have firewalls with strict
egress rules, configure the rules to grant you access to api.iotsitewise.[region].amazonaws.com or
api.iotsitewise.[cn-region].amazonaws.com.cn.
* feature:Python: Drop support for Python 2.7
* feature:Python: [``botocore``] Dropped support for Python 2.7
- Disable Python2 builds for all SUSE distributions
- Remove Python2 build dependencies from spec file
- Update to version 1.17.112
* api-change:``dms``: [``botocore``] Release of feature needed for ECA-Endpoint settings.
This allows customer to delete a field in endpoint settings by using --exact-settings
flag in modify-endpoint api. This also displays default values for certain required fields
of endpoint settings in describe-endpoint-settings api.
* api-change:``glue``: [``botocore``] Add support for Event Driven Workflows
* api-change:``acm``: [``botocore``] Added support for RSA 3072 SSL certificate import
* api-change:``healthlake``: [``botocore``] General availability for Amazon HealthLake.
StartFHIRImportJob and StartFHIRExportJob APIs now require AWS KMS parameter. For more
information, see the Amazon HealthLake Documentation
https://docs.aws.amazon.com/healthlake/index.html.
* api-change:``wellarchitected``: [``botocore``] This update provides support for Well-
Architected API users to mark answer choices as not applicable.
* api-change:``lightsail``: [``botocore``] This release adds support for the Amazon Lightsail
object storage service, which allows you to create buckets and store objects.
- from version 1.17.111
* api-change:``amplifybackend``: [``botocore``] Added Sign in with Apple OAuth provider.
* api-change:``redshift``: [``botocore``] Release new APIs to support new Redshift
feature - Authentication Profile
* api-change:``ssm``: [``botocore``] Changes to OpsCenter APIs to support a new feature,
operational insights.
* api-change:``lex-models``: [``botocore``] Customers can now migrate bots built with
Lex V1 APIs to V2 APIs. This release adds APIs to initiate and manage the migration
of a bot.
* api-change:``directconnect``: [``botocore``] This release adds a new filed named
awsLogicalDeviceId that it displays the AWS Direct Connect endpoint which terminates
a physical connection's BGP Sessions.
* api-change:``pricing``: [``botocore``] Documentation updates for api.pricing
- from version 1.17.110
* api-change:``eks``: [``botocore``] Documentation updates for Wesley to support
the parallel node upgrade feature.
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports Principal Store
- from version 1.17.109
* api-change:``sagemaker``: [``botocore``] Releasing new APIs related to Tuning
steps in model building pipelines.
* api-change:``frauddetector``: [``botocore``] This release adds support for ML Explainability
to display model variable importance value in Amazon Fraud Detector.
* api-change:``mediaconvert``: [``botocore``] MediaConvert now supports color, style and position
information passthrough from 608 and Teletext to SRT and WebVTT subtitles. MediaConvert now
also supports Automatic QVBR quality levels for QVBR RateControlMode.
- from version 1.17.108
* api-change:``eks``: [``botocore``] Added waiters for EKS FargateProfiles.
* api-change:``outposts``: [``botocore``] Added property filters for listOutposts
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports route table monitoring,
and provides remediation action recommendations to security administrators for AWS Network
Firewall policies with misconfigured routes.
* api-change:``mediatailor``: [``botocore``] Add ListAlerts for Channel, Program, Source Location,
and VOD Source to return alerts for resources.
* api-change:``devops-guru``: [``botocore``] Add AnomalyReportedTimeRange field to include
open and close time of anomalies.
* api-change:``ssm-contacts``: [``botocore``] Updated description for CreateContactChannel contactId.
- from version 1.17.107
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``mq``: [``botocore``] adds support for modifying the maintenance window for brokers.
* api-change:``cloudfront``: [``botocore``] Amazon CloudFront now provides two new APIs,
ListConflictingAliases and AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs)
if you encounter the CNAMEAlreadyExists error code.
* api-change:``chime``: [``botocore``] Releasing new APIs for AWS Chime MediaCapturePipeline
* api-change:``iotsitewise``: [``botocore``] This release add storage configuration APIs for AWS IoT SiteWise.
* api-change:``storagegateway``: [``botocore``] Adding support for oplocks for SMB file shares,
S3 Access Point and S3 Private Link for all file shares and IP address support for file system associations
* api-change:``ec2``: [``botocore``] This release adds resource ids and tagging support for
VPC security group rules.
- from version 1.17.106
* api-change:``lambda``: [``botocore``] Added support for AmazonMQRabbitMQ as an event source.
Added support for VIRTUAL_HOST as SourceAccessType for streams event source mappings.
* api-change:``imagebuilder``: [``botocore``] Adds support for specifying parameters to customize components
for recipes. Expands configuration of the Amazon EC2 instances that are used for building and testing images,
including the ability to specify commands to run on launch, and more control over installation and removal
of the SSM agent.
* api-change:``mgn``: [``botocore``] Bug fix: Remove not supported EBS encryption type "/NONE"/
* api-change:``eks``: [``botocore``] Adding new error code UnsupportedAddonModification for Addons in EKS
* api-change:``macie2``: [``botocore``] Sensitive data findings in Amazon Macie now include enhanced location
data for JSON and JSON Lines files
* api-change:``sns``: [``botocore``] Documentation updates for Amazon SNS.
- from version 1.17.105
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``ec2``: [``botocore``] This release removes network-insights-boundary
- from version 1.17.104
* api-change:``sagemaker``: [``botocore``] SageMaker model registry now supports up to 5 containers
and associated environment variables.
* api-change:``sqs``: [``botocore``] Documentation updates for Amazon SQS.
* api-change:``ec2``: [``botocore``] Adding a new reserved field to support future infrastructure
improvements for Amazon EC2 Fleet.
- from version 1.17.103
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling infrastructure improvements and optimizations.
* api-change:``kendra``: [``botocore``] Amazon Kendra Enterprise Edition now offered in smaller more granular
units to enable customers with smaller workloads. Virtual Storage Capacity units now offer scaling in increments
of 100,000 documents (up to 30GB) per unit and Virtual Query Units offer scaling increments of 8,000 queries per day.
* api-change:``mediapackage-vod``: [``botocore``] Add support for Widevine DRM on CMAF packaging configurations.
Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
* api-change:``ssm-contacts``: [``botocore``] Fixes the tag key length range to 128 chars, tag value length to 256 chars;
Adds support for UTF-8 chars for contact and channel names, Allows users to unset name in UpdateContact API; Adds
throttling exception to StopEngagement API, validation exception to APIs UntagResource, ListTagsForResource
* api-change:``databrew``: [``botocore``] Adds support for the output of job results to the AWS Glue Data Catalog.
* api-change:``servicediscovery``: [``botocore``] AWS Cloud Map now allows configuring the TTL of the SOA record for a
hosted zone to control the negative caching for new services.
- from version 1.17.102
* api-change:``sagemaker``: [``botocore``] Sagemaker Neo now supports running compilation jobs using customer's Amazon VPC
* api-change:``glue``: [``botocore``] Add JSON Support for Glue Schema Registry
* api-change:``redshift``: [``botocore``] Added InvalidClusterStateFault to the DisableLogging API, thrown when calling the
API on a non available cluster.
* api-change:``mediaconvert``: [``botocore``] MediaConvert adds support for HDR10+, ProRes 4444, and XAVC outputs, ADM/DAMF
support for Dolby Atmos ingest, and alternative audio and WebVTT caption ingest via HLS inputs. MediaConvert also now
supports creating trickplay outputs for Roku devices for HLS, CMAF, and DASH output groups.
- from version 1.17.101
* api-change:``proton``: [``botocore``] Added waiters for template registration, service operations, and environment deployments.
* api-change:``amplifybackend``: [``botocore``] Imports an existing backend authentication resource.
* api-change:``snowball``: [``botocore``] AWS Snow Family customers can remotely monitor and operate their connected AWS
Snowcone devices. AWS Snowball Edge Storage Optimized customers can now import and export their data using NFS.
- from version 1.17.100
* api-change:``chime``: [``botocore``] Adds EventIngestionUrl field to MediaPlacement
* api-change:``cloud9``: [``botocore``] Minor update to AWS Cloud9 documentation to allow correct parsing of outputted text
* api-change:``connect``: [``botocore``] Released Amazon Connect quick connects management API for general availability (GA).
For more information, see https://docs.aws.amazon.com/connect/latest/APIReference/Welcome.html
* api-change:``dax``: [``botocore``] Add support for encryption in transit to DAX clusters.
* api-change:``wafv2``: [``botocore``] Added support for 15 new text transformation.
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports SharePoint 2013 and SharePoint 2016
when using a SharePoint data source.
* api-change:``securityhub``: [``botocore``] Added new resource details for ECS clusters and ECS task definitions.
Added additional information for S3 buckets, Elasticsearch domains, and API Gateway V2 stages.
* api-change:``transfer``: [``botocore``] Customers can successfully use legacy clients with Transfer Family
endpoints enabled for FTPS and FTP behind routers, firewalls, and load balancers by providing a Custom IP
address used for data channel communication.
* api-change:``codebuild``: [``botocore``] BucketOwnerAccess is currently not supported
- from version 1.17.99
* api-change:``docdb``: [``botocore``] DocumentDB documentation-only edits
* api-change:``cloud9``: [``botocore``] Updated documentation for CreateEnvironmentEC2 to explain that because Amazon
Linux AMI has ended standard support as of December 31, 2020, we recommend you choose Amazon Linux 2--which includes
long term support through 2023--for new AWS Cloud9 environments.
* api-change:``quicksight``: [``botocore``] Releasing new APIs for AWS QuickSight Folders
* api-change:``mediatailor``: [``botocore``] Update GetChannelSchedule to return information on ad breaks.
* api-change:``cloudfront``: [``botocore``] Amazon CloudFront adds support for a new security policy, TLSv1.2_2021.
* api-change:``license-manager``: [``botocore``] AWS License Manager now allows license administrators and end users
to communicate to each other by setting custom status reasons when updating the status on a granted license.
* api-change:``ec2``: [``botocore``] This release adds support for provisioning your own IP (BYOIP) range in multiple
regions. This feature is in limited Preview for this release. Contact your account manager if you are interested in
this feature.
* api-change:``events``: [``botocore``] Added the following parameters to ECS targets: CapacityProviderStrategy,
EnableECSManagedTags, EnableExecuteCommand, PlacementConstraints, PlacementStrategy, PropagateTags, ReferenceId,
and Tags
* api-change:``cloudsearch``: [``botocore``] This release replaces previous generation CloudSearch instances with
equivalent new instances that provide better stability at the same price.
* api-change:``codeguru-reviewer``: [``botocore``] Adds support for S3 based full repository analysis
and changed lines scan.
- from version 1.17.98
* api-change:``cloudformation``: [``botocore``] CloudFormation registry service now supports 3rd party public type sharing
- from version 1.17.97
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports the indexing of web documents for search through the web crawler.
* api-change:``sagemaker``: [``botocore``] Enable ml.g4dn instance types for SageMaker Batch Transform and SageMaker Processing
* api-change:``rds``: [``botocore``] This release enables Database Activity Streams for RDS Oracle
* api-change:``chime``: [``botocore``] This release adds a new API UpdateSipMediaApplicationCall, to update an in-progress
call for SipMediaApplication.
- from version 1.17.96
* api-change:``kms``: [``botocore``] Adds support for multi-Region keys
* api-change:``ec2``: [``botocore``] This release adds support for VLAN-tagged network traffic over an
Elastic Network Interface (ENI). This feature is in limited Preview for this release. Contact your account manager
if you are interested in this feature.
* api-change:``rds``: [``botocore``] This release enables fast cloning in Aurora Serverless. You can now clone between
Aurora Serverless clusters and Aurora Provisioned clusters.
* api-change:``mediatailor``: [``botocore``] Adds AWS Secrets Manager Access Token Authentication for Source Locations
- from version 1.17.95
* api-change:``redshift-data``: [``botocore``] Redshift Data API service now supports SQL parameterization.
* api-change:``connect``: [``botocore``] This release adds new sets of APIs: AssociateBot, DisassociateBot, and ListBots.
You can use it to programmatically add an Amazon Lex bot or Amazon Lex V2 bot on the specified Amazon Connect instance
* api-change:``ec2``: [``botocore``] EC2 M5n, M5dn, R5n, R5dn metal instances with 100 Gbps network performance and
Elastic Fabric Adapter (EFA) for ultra low latency
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
- from version 1.17.94
* api-change:``lookoutmetrics``: [``botocore``] Added "/LEARNING"/ status for anomaly detector and updated description for
"/Offset"/ parameter in MetricSet APIs.
* api-change:``iotanalytics``: [``botocore``] Adds support for data store partitions.
* api-change:``greengrassv2``: [``botocore``] We have verified the APIs being released here and are ready to release
- from version 1.17.93
* api-change:``ec2``: [``botocore``] Amazon EC2 adds new AMI property to flag outdated AMIs
* api-change:``medialive``: [``botocore``] AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27
image-based source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests.
* api-change:``mediaconnect``: [``botocore``] When you enable source failover, you can now designate one of two sources
as the primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge
combines the sources into a single stream. Failover allows switching between a primary and a backup stream.
- from version 1.17.92
* api-change:``sagemaker``: [``botocore``] Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing,
maintaining, and deploying models to your devices. You can now create deployable IoT Greengrass components during edge
packaging jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias.
* api-change:``appmesh``: [``botocore``] AppMesh now supports additional routing capabilities in match and rewrites for
Gateway Routes and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes.
* api-change:``redshift``: [``botocore``] Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when
calling the API on a non available cluster.
* api-change:``chime``: [``botocore``] This SDK release adds support for UpdateAccount API to allow users to update their
default license on Chime account.
* api-change:``ec2``: [``botocore``] This release adds a new optional parameter connectivityType (public, private) for the
CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC and can be
used for communication with other VPCs and on-premise networks.
* api-change:``ram``: [``botocore``] AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in
ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter
by permission attached
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Release BatchGetRecord API for AWS SageMaker
Feature Store Runtime.
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports targeted sign out through refresh token revocation
* api-change:``appflow``: [``botocore``] Adding MAP_ALL task type support.
* api-change:``managedblockchain``: [``botocore``] This release supports KMS customer-managed Customer Master Keys (CMKs)
on member-specific Hyperledger Fabric resources.
- from version 1.17.91
* api-change:``transfer``: [``botocore``] Documentation updates for the AWS Transfer Family service.
* api-change:``personalize-events``: [``botocore``] Support for unstructured text inputs in the items dataset to to
automatically extract key information from product/content description as an input when creating solution versions.
* api-change:``proton``: [``botocore``] This is the initial SDK release for AWS Proton
* api-change:``kendra``: [``botocore``] AWS Kendra now supports checking document status.
- from version 1.17.90
* api-change:``fsx``: [``botocore``] This release adds support for auditing end-user access to files, folders, and file
shares using Windows event logs, enabling customers to meet their security and compliance needs.
* api-change:``servicecatalog``: [``botocore``] increase max pagesize for List/Search apis
* api-change:``macie2``: [``botocore``] This release of the Amazon Macie API introduces stricter validation of S3 object
criteria for classification jobs.
* api-change:``cognito-idp``: [``botocore``] Documentation updates for cognito-idp
- from version 1.17.89
* api-change:``sagemaker``: [``botocore``] AWS SageMaker - Releasing new APIs related to Callback steps in model building
pipelines. Adds experiment integration to model building pipelines.
* api-change:``glue``: [``botocore``] Add SampleSize variable to S3Target to enable s3-sampling feature through API.
* api-change:``personalize``: [``botocore``] Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs
* api-change:``eks``: [``botocore``] Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group.
- from version 1.17.88
* api-change:``rds``: [``botocore``] Documentation updates for RDS: fixing an outdated link to the RDS
documentation in DBInstance$DBInstanceStatus
* api-change:``pi``: [``botocore``] The new GetDimensionKeyDetails action retrieves the attributes of the specified
dimension group for a DB instance or data source.
* api-change:``cloudtrail``: [``botocore``] AWS CloudTrail supports data events on new service resources, including
Amazon DynamoDB tables and S3 Object Lambda access points.
* api-change:``medialive``: [``botocore``] Add support for automatically setting the H.264 adaptive quantization
and GOP B-frame fields.
* api-change:``autoscaling``: [``botocore``] Documentation updates for Amazon EC2 Auto Scaling
* api-change:``qldb``: [``botocore``] Documentation updates for Amazon QLDB
- from version 1.17.87
* api-change:``s3``: [``botocore``] S3 Inventory now supports Bucket Key Status
* api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations now supports S3 Bucket Keys.
* api-change:``route53resolver``: [``botocore``] Documentation updates for Route 53 Resolver
* api-change:``ssm``: [``botocore``] Documentation updates for ssm to fix customer reported issue
* api-change:``forecast``: [``botocore``] Added optional field AutoMLOverrideStrategy to CreatePredictor API
that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible
in DescribePredictor and GetAccuracyMetrics responses.
- Update BuildRequires and Requires from setup.py
- Update to version 1.17.86
* api-change:``autoscaling``: [``botocore``] You can now launch EC2 instances with
GP3 volumes when using Auto Scaling groups with Launch Configurations
* api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
* api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS.
* api-change:``docdb``: [``botocore``] This SDK release adds support for DocDB global clusters.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``braket``: [``botocore``] Introduction of a RETIRED status for devices.
- from version 1.17.85
* api-change:``sns``: [``botocore``] This release adds SMS sandbox in Amazon SNS and the ability to
view all configured origination numbers. The SMS sandbox provides a safe environment for sending
SMS messages, without risking your reputation as an SMS sender.
* api-change:``polly``: [``botocore``] Amazon Polly adds new Canadian French voice - Gabrielle.
Gabrielle is available as Neural voice only.
* api-change:``ec2``: [``botocore``] Added idempotency to CreateNetworkInterface using the ClientToken parameter.
* api-change:``iotwireless``: [``botocore``] Added six new public customer logging APIs to allow customers
to set/get/reset log levels at resource type and resource id level. The log level set from the APIs will
be used to filter log messages that can be emitted to CloudWatch in customer accounts.
* api-change:``servicediscovery``: [``botocore``] Bugfixes - The DiscoverInstances API operation now provides
an option to return all instances for health-checked services when there are no healthy instances available.
- from version 1.17.84
* api-change:``lookoutmetrics``: [``botocore``] Allowing dot(.) character in table name for RDS
and Redshift as source connector.
* api-change:``location``: [``botocore``] Adds support for calculation of routes, resource tagging and
customer provided KMS keys.
* api-change:``datasync``: [``botocore``] Added SecurityDescriptorCopyFlags option that allows for control
of which components of SMB security descriptors are copied from source to destination objects.
- from version 1.17.83
* api-change:``iotevents-data``: [``botocore``] Releasing new APIs for AWS IoT Events Alarms
* api-change:``devicefarm``: [``botocore``] Introduces support for using our desktop testing service
with applications hosted within your Virtual Private Cloud (VPC).
* api-change:``kendra``: [``botocore``] Amazon Kendra now suggests popular queries in order to help
guide query typing and help overall accuracy.
* api-change:``iotsitewise``: [``botocore``] IoT SiteWise Monitor Portal API updates to add alarms
feature configuration.
* api-change:``resource-groups``: [``botocore``] Documentation updates for Resource Groups.
* api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
* api-change:``iotevents``: [``botocore``] Releasing new APIs for AWS IoT Events Alarms
* api-change:``fsx``: [``botocore``] This release adds LZ4 data compression support to FSx for Lustre to
reduce storage consumption of both file system storage and file system backups.
* api-change:``sqs``: [``botocore``] Documentation updates for Amazon SQS for General Availability
of high throughput for FIFO queues.
- from version 1.17.82
* api-change:``ec2``: [``botocore``] This release removes resource ids and tagging support
for VPC security group rules.
- from version 1.17.81
* api-change:``qldb``: [``botocore``] Support STANDARD permissions mode in CreateLedger and DescribeLedger.
Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
* api-change:``cloudfront``: [``botocore``] Documentation fix for CloudFront
* api-change:``outposts``: [``botocore``] Add ConflictException to DeleteOutpost, CreateOutpost
* api-change:``mwaa``: [``botocore``] Adds scheduler count selection for Environments using
Airflow version 2.0.2 or later.
* api-change:``ec2``: [``botocore``] This release adds resource ids and tagging support
for VPC security group rules.
* api-change:``ecs``: [``botocore``] The release adds support for registering External instances
to your Amazon ECS clusters.
* api-change:``acm-pca``: [``botocore``] This release enables customers to store CRLs in S3 buckets with
Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority
and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
- from version 1.17.80
* api-change:``transfer``: [``botocore``] AWS Transfer Family customers can now use AWS Managed Active
Directory or AD Connector to authenticate their end users, enabling seamless migration of file transfer
workflows that rely on AD authentication, without changing end users' credentials or needing a custom
authorizer.
* api-change:``iot``: [``botocore``] This release includes support for a new feature: Job templates for
AWS IoT Device Management Jobs. The release includes job templates as a new resource and APIs for
managing job templates.
* api-change:``workspaces``: [``botocore``] Adds support for Linux device types in WorkspaceAccessProperties
- from version 1.17.79
* api-change:``quicksight``: [``botocore``] Add new parameters on RegisterUser and UpdateUser APIs to assign
or update external ID associated to QuickSight users federated through web identity.
* api-change:``ce``: [``botocore``] Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization
and NetworkResourceUtilization to GetRightsizingRecommendation action
* api-change:``compute-optimizer``: [``botocore``] Adds support for 1) additional instance types, 2) additional
instance metrics, 3) finding reasons for instance recommendations, and 4) platform differences between a current
instance and a recommended instance type.
* api-change:``ec2``: [``botocore``] This release adds support for creating and managing EC2 On-Demand
Capacity Reservations on Outposts.
* api-change:``logs``: [``botocore``] This release provides dimensions and unit support for metric filters.
- from version 1.17.78
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``forecast``: [``botocore``] Updated attribute statistics in DescribeDatasetImportJob
response to support Long values
* api-change:``opsworkscm``: [``botocore``] New PUPPET_API_CRL attribute returned by DescribeServers API;
new EngineVersion of 2019 available for Puppet Enterprise servers.
- from version 1.17.77
* api-change:``personalize``: [``botocore``] Added new API to stop a solution version creation that is
pending or in progress for Amazon Personalize
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``quicksight``: [``botocore``] Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM).
- from version 1.17.76
* api-change:``kinesisanalyticsv2``: [``botocore``] Kinesis Data Analytics now allows rapid iteration on Apache
Flink stream processing through the Kinesis Data Analytics Studio feature.
* api-change:``rekognition``: [``botocore``] Amazon Rekognition Custom Labels adds support for customer managed
encryption, using AWS Key Management Service, of image files copied into the service and files written back
to the customer.
* api-change:``iam``: [``botocore``] Add pagination to ListUserTags operation
* api-change:``eks``: [``botocore``] Update the EKS AddonActive waiter.
* api-change:``autoscaling``: [``botocore``] With this release, customers can easily use Predictive Scaling as a
policy directly through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead
of predicted demand.
* api-change:``lightsail``: [``botocore``] Documentation updates for Amazon Lightsail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.17.75
* api-change:support: [botocore] Documentation updates for
support
* api-change:apprunner: [botocore] AWS App Runner is a service
that provides a fast, simple, and cost-effective way to deploy
from source code or a container image directly to a scalable
and secure web application in the AWS Cloud.
* api-change:compute-optimizer: [botocore] This release enables
compute optimizer to support exporting recommendations to
Amazon S3 for EBS volumes and Lambda Functions.
* api-change:personalize: [botocore] Amazon Personalize now
supports the ability to optimize a solution for a custom
objective in addition to maximizing relevance.
* api-change:license-manager: [botocore] AWS License Manager
now supports periodic report generation.
* api-change:iotsitewise: [botocore] Documentation updates for
AWS IoT SiteWise.
* api-change:lexv2-models: [botocore] Update lexv2-models client
to latest version
- from version 1.17.74
* api-change:mediaconnect: [botocore] MediaConnect now supports
JPEG XS for AWS Cloud Digital Interface (AWS CDI) uncompressed
workflows, allowing you to establish a bridge between your
on-premises live video network and the AWS Cloud.
* api-change:sagemaker-a2i-runtime: [botocore] Documentation
updates for Amazon A2I Runtime model
* api-change:applicationcostprofiler: [botocore] APIs for AWS
Application Cost Profiler.
* api-change:neptune: [botocore] Neptune support for
CopyTagsToSnapshots
* api-change:iotdeviceadvisor: [botocore] AWS IoT Core Device
Advisor is fully managed test capability for IoT devices.
Device manufacturers can use Device Advisor to test their IoT
devices for reliable and secure connectivity with AWS IoT.
* api-change:elasticache: [botocore] Documentation updates for
elasticache
- from version 1.17.73
* api-change:events: [botocore] Update InputTransformer variable
limit from 10 to 100 variables.
* enhancement:s3: [botocore] Block endpoint resolution of clients
configured with S3 pseudo-regions (e.g. aws-global,
s3-external-1) that will never resolve to a correct access
point endpoint.
* api-change:macie2: [botocore] This release of the Amazon Macie
API adds support for defining run-time, S3 bucket criteria for
classification jobs. It also adds resources for querying data
about AWS resources that Macie monitors.
* api-change:es: [botocore] Adds support for cold storage.
* api-change:securityhub: [botocore] Updated descriptions to add
notes on array lengths.
* api-change:detective: [botocore] Updated descriptions of array
parameters to add the restrictions on the array and value
lengths.
* api-change:transcribe: [botocore] Transcribe Medical now
supports identification of PHI entities within transcripts
* api-change:imagebuilder: [botocore] Text-only updates for
bundled documentation feedback tickets - spring 2021.
* enhancement:FIPS: [botocore] Add validation to only attempt to
connect to FIPS endpoints with a FIPS pseudo-region if the
pseudo-region is explicitly known to the SDK.
- from version 1.17.72
* api-change:ec2: [botocore] High Memory virtual instances are
powered by Intel Sky Lake CPUs and offer up to 12TB of memory.
- from version 1.17.71
* api-change:ssm-incidents: [botocore] AWS Systems Manager
Incident Manager enables faster resolution of critical
application availability and performance issues, management of
contacts and post-incident analysis
* api-change:ssm-contacts: [botocore] AWS Systems Manager
Incident Manager enables faster resolution of critical
application availability and performance issues, management of
contacts and post incident analysis
* api-change:s3control: [botocore] Documentation updates for
Amazon S3-control
- from version 1.17.70
* api-change:mediaconvert: [botocore] AWS Elemental MediaConvert
SDK has added support for Kantar SNAP File Audio Watermarking
with a Kantar Watermarking account, and Display Definition
Segment(DDS) segment data controls for DVB-Sub caption outputs.
* api-change:ecs: [botocore] This release contains updates for
Amazon ECS.
* api-change:codeartifact: [botocore] Documentation updates for
CodeArtifact
* api-change:eks: [botocore] This release updates
create-nodegroup and update-nodegroup-config APIs for
adding/updating taints on managed nodegroups.
* api-change:iotwireless: [botocore] Add three new optional
fields to support filtering and configurable sub-band in
WirelessGateway APIs. The filtering is for all the RF region
supported. The sub-band configuration is only applicable to
LoRa gateways of US915 or AU915 RF region.
* api-change:ssm: [botocore] This release adds new APIs to
associate, disassociate and list related items in SSM
OpsCenter; and this release adds DisplayName as a version-level
attribute for SSM Documents and introduces two new document
types: ProblemAnalysis, ProblemAnalysisTemplate.
* api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis
Analytics now supports ListApplicationVersions and
DescribeApplicationVersion API for Apache Flink applications
* api-change:config: [botocore] Adds paginator to multiple APIs:
By default, the paginator allows user to iterate over the
results and allows the CLI to return up to 1000 results.
- from version 1.17.69
* api-change:lakeformation: [botocore] This release adds Tag
Based Access Control to AWS Lake Formation service
* api-change:lookoutmetrics: [botocore] Enforcing UUID style for
parameters that are already in UUID format today. Documentation
specifying eventual consistency of lookoutmetrics resources.
* api-change:connect: [botocore] Adds tagging support for Connect
APIs CreateIntegrationAssociation and CreateUseCase.
- from version 1.17.68
* api-change:servicediscovery: [botocore] Bugfix: Improved input
validation for RegisterInstance action, InstanceId field
* api-change:kafka: [botocore] IAM Access Control for Amazon MSK
enables you to create clusters that use IAM to authenticate
clients and to allow or deny Apache Kafka actions for those
clients.
* api-change:ssm: [botocore] SSM feature release - ChangeCalendar
integration with StateManager.
* api-change:snowball: [botocore] AWS Snow Family adds APIs for
ordering and managing Snow jobs with long term pricing
- from version 1.17.67
* api-change:auditmanager: [botocore] This release updates the
CreateAssessmentFrameworkControlSet and
UpdateAssessmentFrameworkControlSet API data types. For both of
these data types, the control set name is now a required
attribute.
* api-change:nimble: [botocore] Documentation Updates for Amazon
Nimble Studio.
* api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis
Analytics now supports RollbackApplication for Apache Flink
applications to revert the application to the previous running
version
* api-change:sagemaker: [botocore] Amazon SageMaker Autopilot now
provides the ability to automatically deploy the best model to
an endpoint
- from version 1.17.66
* api-change:finspace: [botocore] Documentation updates for
FinSpace API.
* api-change:finspace-data: [botocore] Documentation updates for
FinSpaceData API.
- from version 1.17.65
* api-change:devops-guru: [botocore] Added GetCostEstimation and
StartCostEstimation to get the monthly resource usage cost and
added ability to view resource health by AWS service name and
to search insights be AWS service name.
* api-change:acm-pca: [botocore] This release adds the
KeyStorageSecurityStandard parameter to the
CreateCertificateAuthority API to allow customers to mandate a
security standard to which the CA key will be stored within.
* api-change:health: [botocore] Documentation updates for health
* api-change:chime: [botocore] This release adds the ability to
search for and order international phone numbers for Amazon
Chime SIP media applications.
* api-change:sagemaker: [botocore] Enable retrying Training and
Tuning Jobs that fail with InternalServerError by setting
RetryStrategy.
- from version 1.17.64
* api-change:finspace-data: [botocore] Update FinSpace Data
serviceAbbreviation
- from version 1.17.63
* api-change:finspace-data: [botocore] This is the initial SDK
release for the data APIs for Amazon FinSpace. Amazon FinSpace
is a data management and analytics application for the
financial services industry (FSI).
* api-change:mturk: [botocore] Update mturk client to latest
version
* api-change:chime: [botocore] Added new
BatchCreateChannelMembership API to support multiple membership
creation for channels
* api-change:finspace: [botocore] This is the initial SDK release
for the management APIs for Amazon FinSpace. Amazon FinSpace is
a data management and analytics service for the financial
services industry (FSI).
* api-change:securityhub: [botocore] Updated ASFF to add the
following new resource details objects: AwsEc2NetworkAcl,
AwsEc2Subnet, and AwsElasticBeanstalkEnvironment.
- from version 1.17.62
* api-change:personalize: [botocore] Update URL for dataset
export job documentation.
* api-change:marketplace-catalog: [botocore] Allows user defined
names for Changes in a ChangeSet. Users can use ChangeNames to
reference properties in another Change within a ChangeSet. This
feature allows users to make changes to an entity when the
entity identifier is not yet available while constructing the
StartChangeSet request.
* api-change:forecast: [botocore] Added new DeleteResourceTree
operation that helps in deleting all the child resources of a
given resource including the given resource.
* api-change:robomaker: [botocore] Adds ROS2 Foxy as a supported
Robot Software Suite Version and Gazebo 11 as a supported
Simulation Software Suite Version
* api-change:cloudfront: [botocore] CloudFront now supports
CloudFront Functions, a native feature of CloudFront that
enables you to write lightweight functions in JavaScript for
high-scale, latency-sensitive CDN customizations.
* api-change:customer-profiles: [botocore] This release
introduces GetMatches and MergeProfiles APIs to fetch and
merge duplicate profiles
- from version 1.17.61
* api-change:macie2: [botocore] The Amazon Macie API now provides
S3 bucket metadata that indicates whether a bucket policy
requires server-side encryption of objects when objects are
uploaded to the bucket.
* api-change:organizations: [botocore] Minor text updates for AWS
Organizations API Reference
* api-change:ecs: [botocore] Add support for EphemeralStorage on
TaskDefinition and TaskOverride
* api-change:chime: [botocore] Increase AppInstanceUserId length
to 64 characters
- from version 1.17.60
* api-change:connect: [botocore] Updated max number of tags that
can be attached from 200 to 50. MaxContacts is now an optional
parameter for the UpdateQueueMaxContact API.
* api-change:mediapackage-vod: [botocore] MediaPackage now offers
the option to place your Sequence Parameter Set (SPS), Picture
Parameter Set (PPS), and Video Parameter Set (VPS) encoder
metadata in every video segment instead of in the init fragment
for DASH and CMAF endpoints.
* api-change:nimble: [botocore] Amazon Nimble Studio is a virtual
studio service that empowers visual effects, animation, and
interactive content teams to create content securely within a
scalable, private cloud service.
* api-change:iotsitewise: [botocore] AWS IoT SiteWise
interpolation API will get interpolated values for an asset
property per specified time interval during a period of time.
* api-change:cloudformation: [botocore] Add CallAs parameter to
GetTemplateSummary to enable use with StackSets delegated
administrator integration
- from version 1.17.59
* api-change:auditmanager: [botocore] This release restricts
using backslashes in control, assessment, and framework names.
The controlSetName field of the
UpdateAssessmentFrameworkControlSet API now allows strings
without backslashes.
- from version 1.17.58
* api-change:ec2: [botocore] Adding support for Red Hat
Enterprise Linux with HA for Reserved Instances.
* api-change:iotwireless: [botocore] Add a new optional field
MessageType to support Sidewalk devices in
SendDataToWirelessDevice API
* api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis Data
Analytics now supports custom application maintenance
configuration using UpdateApplicationMaintenanceConfiguration
API for Apache Flink applications. Customers will have
visibility when their application is under maintenance status
using 'MAINTENANCE' application status.
* api-change:personalize: [botocore] Added support for exporting
data imported into an Amazon Personalize dataset to a specified
data source (Amazon S3 bucket).
* api-change:mediaconvert: [botocore] Documentation updates for
mediaconvert
* api-change:codeguru-reviewer: [botocore] Include KMS Key
Details in Repository Association APIs to enable usage of
customer managed KMS Keys.
* api-change:glue: [botocore] Adding Kafka Client Auth Related
Parameters
* api-change:eks: [botocore] This release updates existing
Amazon EKS input validation so customers will see an
InvalidParameterException instead of a ParamValidationError
when they enter 0 for minSize and/or desiredSize. It also adds
LaunchTemplate information to update responses and a new
"/CUSTOM"/ value for AMIType.
- from version 1.17.57
* api-change:mediapackage: [botocore] Add support for Widevine
DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs
can now be used simultaneously, with CBCS encryption.
* api-change:sns: [botocore] Amazon SNS adds two new attributes,
TemplateId and EntityId, for using sender IDs to send SMS
messages to destinations in India.
- from version 1.17.56
* api-change:forecast: [botocore] This release adds
EstimatedTimeRemaining minutes field to the
DescribeDatasetImportJob, DescribePredictor, DescribeForecast
API response which denotes the time remaining to complete the
job IN_PROGRESS.
* api-change:securityhub: [botocore] Replaced the term "/master"/
with "/administrator"/. Added new actions to replace
AcceptInvitation, GetMasterAccount, and
DisassociateFromMasterAccount. In Member, replaced MasterId
with AdministratorId.
* api-change:cognito-idp: [botocore] Documentation updates for
cognito-idp
* api-change:elasticache: [botocore] This release introduces log
delivery of Redis slow log from Amazon ElastiCache.
- from version 1.17.55
* api-change:detective: [botocore] Added parameters to track the
data volume in bytes for a member account. Deprecated the
existing parameters that tracked the volume as a percentage of
the allowed volume for a behavior graph. Changes reflected in
MemberDetails object.
* api-change:redshift: [botocore] Add operations: AddPartner,
DescribePartners, DeletePartner, and UpdatePartnerStatus to
support tracking integration status with data partners.
* api-change:groundstation: [botocore] Support new S3 Recording
Config allowing customers to write downlink data directly to
S3.
* api-change:kendra: [botocore] Amazon Kendra now enables users
to override index-level boosting configurations for each query.
* api-change:cloudformation: [botocore] Added support for
creating and updating stack sets with self-managed permissions
from templates that reference macros.
- from version 1.17.54
* api-change:savingsplans: [botocore] Added support for Amazon
SageMaker in Machine Learning Savings Plans
* api-change:ce: [botocore] Adding support for Sagemaker savings
plans in GetSavingsPlansPurchaseRecommendation API
- from version 1.17.53
* api-change:sts: [botocore] STS now supports assume role with
Web Identity using JWT token length upto 20000 characters
* api-change:dms: [botocore] AWS DMS added support of TLS for
Kafka endpoint. Added Describe endpoint setting API for DMS
endpoints.
- from version 1.17.52
* api-change:mediaconnect: [botocore] For flows that use Listener
protocols, you can now easily locate an output's outbound IP
address for a private internet. Additionally, MediaConnect now
supports the Waiters feature that makes it easier to poll for
the status of a flow until it reaches its desired state.
* api-change:config: [botocore] Add exception for
DeleteRemediationConfiguration and
DescribeRemediationExecutionStatus
* api-change:route53: [botocore] Documentation updates for
route53
* api-change:codestar-connections: [botocore] This release adds
tagging support for CodeStar Connections Host resources
- from version 1.17.51
* api-change:lightsail: [botocore] Documentation updates for
Amazon Lightsail.
* api-change:sts: [botocore] This release adds the SourceIdentity
parameter that can be set when assuming a role.
* api-change:comprehendmedical: [botocore] The InferICD10CM API
now returns TIME_EXPRESSION entities that refer to medical
conditions.
* api-change:rds: [botocore] Clarify that enabling or disabling
automated backups causes a brief downtime, not an outage.
* api-change:redshift: [botocore] Added support to enable AQUA in
Amazon Redshift clusters.
- Update to version 1.17.50
* api-change:``fsx``: [``botocore``] Support for cross-region and
cross-account backup copies
* api-change:``codebuild``: [``botocore``] AWS CodeBuild now allows you to
set the access permissions for build artifacts, project artifacts, and log
files that are uploaded to an Amazon S3 bucket that is owned by another account.
- from version 1.17.49
* api-change:``redshift``: [``botocore``] Add support for case sensitive table level restore
* api-change:``ec2``: [``botocore``] Add paginator support to DescribeStoreImageTasks
and update documentation.
* api-change:``shield``: [``botocore``] CreateProtection now throws InvalidParameterException
instead of InternalErrorException when system tags (tag with keys prefixed with "/aws:"/)
are passed in.
- from version 1.17.48
* api-change:``lookoutequipment``: [``botocore``] This release introduces support for
Amazon Lookout for Equipment.
* api-change:``kinesis-video-archived-media``: [``botocore``] Documentation updates
for archived.kinesisvideo
* api-change:``robomaker``: [``botocore``] This release allows RoboMaker customers to
specify custom tools to run with their simulation job
* api-change:``appstream``: [``botocore``] This release provides support for image updates
* api-change:``ram``: [``botocore``] Documentation updates for AWS RAM resource sharing
* api-change:``customer-profiles``: [``botocore``] Documentation updates for Put-Integration API
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling announces Warm Pools
that help applications to scale out faster by pre-initializing EC2 instances and save
money by requiring fewer continuously running instances
- from version 1.17.47
* api-change:``storagegateway``: [``botocore``] File Gateway APIs now support FSx
for Windows as a cloud storage.
* api-change:``accessanalyzer``: [``botocore``] IAM Access Analyzer now analyzes your
CloudTrail events to identify actions and services that have been used by an IAM
entity (user or role) and generates an IAM policy that is based on that activity.
* api-change:``elasticache``: [``botocore``] This release adds tagging support for all
AWS ElastiCache resources except Global Replication Groups.
* api-change:``ivs``: [``botocore``] This release adds support for the Auto-Record to S3
feature. Amazon IVS now enables you to save your live video to Amazon S3.
* api-change:``mgn``: [``botocore``] Add new service - Application Migration Service.
- from version 1.17.46
* api-change:``ssm``: [``botocore``] Supports removing a label or labels from a parameter,
enables ScheduledEndTime and ChangeDetails for StartChangeRequestExecution API, supports
critical/security/other noncompliant count for patch API.
* api-change:``medialive``: [``botocore``] MediaLive VPC outputs update to include Availability
Zones, Security groups, Elastic Network Interfaces, and Subnet Ids in channel response
* api-change:``ec2``: [``botocore``] This release adds support for storing EBS-backed AMIs
in S3 and restoring them from S3 to enable cross-partition copying of AMIs
* api-change:``cloud9``: [``botocore``] Documentation updates for Cloud9
- from version 1.17.45
* api-change:``auditmanager``: [``botocore``] AWS Audit Manager has updated the GetAssessment
API operation to include a new response field called userRole. The userRole field indicates
the role information and IAM ARN of the API caller.
* api-change:``medialive``: [``botocore``] MediaLive now support HTML5 Motion Graphics overlay
* api-change:``appflow``: [``botocore``] Added destination properties for Zendesk.
- from version 1.17.44
* api-change:``mediapackage``: [``botocore``] SPEKE v2 is an upgrade to the existing SPEKE API
to support multiple encryption keys, based on an encryption contract selected by the customer.
* api-change:``imagebuilder``: [``botocore``] This release adds support for Block Device Mappings
for container image builds, and adds distribution configuration support for EC2 launch templates
in AMI builds.
- from version 1.17.43
* api-change:``route53resolver``: [``botocore``] Route 53 Resolver DNS Firewall is a firewall service
that allows you to filter and regulate outbound DNS traffic for your VPCs.
* api-change:``mediaconvert``: [``botocore``] MediaConvert now supports HLS ingest, sidecar WebVTT
ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion
with style, & DRC profiles in AC3 audio.
* api-change:``lightsail``: [``botocore``] - This release adds support for state detail for
Amazon Lightsail container services.
* api-change:``kendra``: [``botocore``] AWS Kendra's ServiceNow data source now supports OAuth 2.0
authentication and knowledge article filtering via a ServiceNow query.
* api-change:``lex-models``: [``botocore``] Lex now supports the ja-JP locale
* api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version
* api-change:``fms``: [``botocore``] Added Firewall Manager policy support for
AWS Route 53 Resolver DNS Firewall.
* api-change:``ec2``: [``botocore``] VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate,
which generates CloudFormation templates for Athena.
For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena
* api-change:``wafv2``: [``botocore``] Added support for ScopeDownStatement for ManagedRuleGroups,
Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see
the AWS WAF Developer Guide.
- from version 1.17.42
* api-change:``iot``: [``botocore``] Added ability to prefix search on attribute value for ListThings API.
* api-change:``pricing``: [``botocore``] Minor documentation and link updates.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports creating custom language models
in the following languages: British English (en-GB), Australian English (en-AU), Indian Hindi (hi-IN),
and US Spanish (es-US).
* api-change:``cloudhsm``: [``botocore``] Minor documentation and link updates.
* api-change:``comprehend``: [``botocore``] Support for customer managed KMS encryption
of Comprehend custom models
* api-change:``cognito-sync``: [``botocore``] Minor documentation updates and link updates.
* api-change:``batch``: [``botocore``] AWS Batch adds support for Amazon EFS File System
* api-change:``detective``: [``botocore``] Added the ability to assign
tag values to Detective behavior graphs.
Tag values can be used for attribute-based access control, and for cost allocation for billing.
* api-change:``iotwireless``: [``botocore``] Add Sidewalk support to APIs: GetWirelessDevice, ListWirelessDevices,
GetWirelessDeviceStatistics. Add Gateway connection status in GetWirelessGatewayStatistics API.
* api-change:``cloudformation``: [``botocore``] 1. Added a new parameter RegionConcurrencyType in
OperationPreferences. 2. Changed the name of AccountUrl to AccountsUrl in DeploymentTargets parameter.
* api-change:``cloud9``: [``botocore``] Add ImageId input parameter to CreateEnvironmentEC2 endpoint.
New parameter enables creation of environments with different AMIs.
* api-change:``directconnect``: [``botocore``] This release adds MACsec support to AWS Direct Connect
* api-change:``redshift``: [``botocore``] Enable customers to share access to their Redshift
clusters from other VPCs (including VPCs from other accounts).
* api-change:``workmail``: [``botocore``] This release adds support for mobile device
access rules management in Amazon WorkMail.
* api-change:``datapipeline``: [``botocore``] Minor documentation updates and link updates.
* api-change:``machinelearning``: [``botocore``] Minor documentation updates and link updates.
- from version 1.17.41
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot now supports 1) feature
importance reports for AutoML jobs and 2) PartialFailures for AutoML jobs
* api-change:``ec2-instance-connect``: [``botocore``] Adding support to push SSH keys to the
EC2 serial console in order to allow an SSH connection to your Amazon EC2 instance's serial port.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``databrew``: [``botocore``] This SDK release adds two new dataset features:
1) support for specifying a database connection as a dataset input
2) support for dynamic datasets that accept configurable parameters in S3 path.
* api-change:``frauddetector``: [``botocore``] This release adds support for
Batch Predictions in Amazon Fraud Detector.
* api-change:``ec2``: [``botocore``] ReplaceRootVolume feature enables customers to replace
the EBS root volume of a running instance to a previously known state. Add support to grant
account-level access to the EC2 serial console
* api-change:``config``: [``botocore``] Adding new APIs to support ConformancePack
Compliance CI in Aggregators
* api-change:``pinpoint``: [``botocore``] Added support for journey pause/resume,
journey updatable import segment and journey quiet time wait.
- from version 1.17.40
* api-change:``wafv2``: [``botocore``] Added custom request handling and custom response support
in rule actions and default action; Added the option to inspect the web request body as parsed
and filtered JSON.
* api-change:``iam``: [``botocore``] AWS Identity and Access Management GetAccessKeyLastUsed API
will throw a custom error if customer public key is not found for access keys.
* api-change:``glue``: [``botocore``] Allow Dots in Registry and Schema Names for CreateRegistry,
CreateSchema; Fixed issue when duplicate keys are present and not returned as part of
QuerySchemaVersionMetadata.
* api-change:``docdb``: [``botocore``] This release adds support for Event Subscriptions to DocumentDB.
* api-change:``location``: [``botocore``] Amazon Location added support for specifying pricing
plan information on resources in alignment with our cost model.
- from version 1.17.39
* api-change:``iotwireless``: [``botocore``] Support tag-on-create for WirelessDevice.
* api-change:``customer-profiles``: [``botocore``] This release adds an optional parameter named
FlowDefinition in PutIntegrationRequest.
* api-change:``events``: [``botocore``] Add support for SageMaker Model Builder Pipelines
Targets to EventBridge
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports tagging words that
match your vocabulary filter for batch transcription.
- from version 1.17.38
* api-change:``lookoutmetrics``: [``botocore``] Allowing uppercase alphabets for RDS
and Redshift database names.
- from version 1.17.37
* api-change:``sqs``: [``botocore``] Documentation updates for Amazon SQS
* api-change:``rekognition``: [``botocore``] This release introduces AWS tagging support for
Amazon Rekognition collections, stream processors, and Custom Label models.
* api-change:``sagemaker``: [``botocore``] This feature allows customer to specify the environment
variables in their CreateTrainingJob requests.
* api-change:``medialive``: [``botocore``] EML now supports handling HDR10 and HLG 2020
color space from a Link input.
* api-change:``lookoutmetrics``: [``botocore``] Amazon Lookout for Metrics is now generally available.
You can use Lookout for Metrics to monitor your data for anomalies. For more information, see the
Amazon Lookout for Metrics Developer Guide.
* api-change:``alexaforbusiness``: [``botocore``] Added support for enabling and disabling data
retention in the CreateProfile and UpdateProfile APIs and retrieving the state of data retention
for a profile in the GetProfile API.
- from version 1.17.36
* api-change:``ssm``: [``botocore``] This release allows SSM Explorer customers to enable OpsData
sources across their organization when creating a resource data sync.
* api-change:``route53``: [``botocore``] Documentation updates for route53
* bugfix:S3: [``botocore``] Fix an issue with XML newline normalization in
PutBucketLifecycleConfiguration requests.
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``s3control``: [``botocore``] Documentation updates for s3-control
* api-change:``ec2``: [``botocore``] maximumEfaInterfaces added to DescribeInstanceTypes API
* api-change:``greengrass``: [``botocore``] Updated the parameters to make
name required for CreateGroup API.
- from version 1.17.35
* api-change:``ce``: [``botocore``] You can now create cost categories with inherited value
rules and specify default values for any uncategorized costs.
* api-change:``fis``: [``botocore``] Updated maximum allowed size of action parameter from 64 to 1024
* api-change:``redshift``: [``botocore``] Removed APIs to control AQUA on clusters.
* api-change:``iam``: [``botocore``] Documentation updates for IAM operations and descriptions.
* api-change:``gamelift``: [``botocore``] GameLift adds support for using event notifications
to monitor game session placements. Specify an SNS topic or use CloudWatch Events to track activity
for a game session queue.
- from version 1.17.34
* api-change:``ec2``: [``botocore``] This release adds support for UEFI boot on
selected AMD- and Intel-based EC2 instances.
* api-change:``redshift``: [``botocore``] Added support to enable AQUA in Amazon Redshift clusters.
* api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
* api-change:``macie2``: [``botocore``] This release of the Amazon Macie API adds support for
publishing sensitive data findings to AWS Security Hub and specifying which categories of
findings to publish to Security Hub.
- from version 1.17.33
* api-change:``sagemaker``: [``botocore``] Adding authentication support for pulling images
stored in private Docker registries to build containers for real-time inference.
* api-change:``ec2``: [``botocore``] X2gd instances are the next generation of memory-optimized
instances powered by AWS-designed, Arm-based AWS Graviton2 processors.
- from version 1.17.32
* bugfix:s3: [``botocore``] Updated mislabeled exceptions for S3 Object Lambda
- from version 1.17.31
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling Instance Refresh
now supports phased deployments.
* api-change:``s3``: [``botocore``] S3 Object Lambda is a new S3 feature that enables users
to apply their own custom code to process the output of a standard S3 GET request by
automatically invoking a Lambda function with a GET request
* api-change:``redshift``: [``botocore``] Add new fields for additional information about VPC
endpoint for clusters with reallocation enabled, and a new field for total storage capacity
for all clusters.
* api-change:``s3control``: [``botocore``] S3 Object Lambda is a new S3 feature that enables
users to apply their own custom code to process the output of a standard S3 GET request
by automatically invoking a Lambda function with a GET request
* api-change:``securityhub``: [``botocore``] New object for separate provider and customer
values. New objects track S3 Public Access Block configuration and identify sensitive data.
BatchImportFinding requests are limited to 100 findings.
- from version 1.17.30
* api-change:``sagemaker``: [``botocore``] Support new target device ml_eia2 in SageMaker
CreateCompilationJob API
* api-change:``batch``: [``botocore``] Making serviceRole an optional parameter when creating
a compute environment. If serviceRole is not provided then Service Linked Role will be
created (or reused if it already exists).
- from version 1.17.29
* api-change:``lambda``: [``botocore``] Allow empty list for function response types
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity
and Access Management (IAM).
* api-change:``mediaconnect``: [``botocore``] This release adds support for the SRT-listener
protocol on sources and outputs.
* api-change:``accessanalyzer``: [``botocore``] This release adds support for the ValidatePolicy
API. IAM Access Analyzer is adding over 100 policy checks and actionable recommendations that
help you validate your policies during authoring.
* api-change:``mediatailor``: [``botocore``] MediaTailor channel assembly is a new manifest-only
service that allows you to assemble linear streams using your existing VOD content.
* api-change:``mwaa``: [``botocore``] This release adds UPDATE_FAILED and UNAVAILABLE
MWAA environment states.
* api-change:``gamelift``: [``botocore``] GameLift expands to six new AWS Regions, adds support
for multi-location fleets to streamline management of hosting resources, and lets you customize
more of the game session placement process.
- from version 1.17.28
* api-change:``fis``: [``botocore``] Initial release of AWS Fault Injection Simulator, a managed
service that enables you to perform fault injection experiments on your AWS workloads
* api-change:``codedeploy``: [``botocore``] AWS CodeDeploy can now detect instances running an
outdated revision of your application and automatically update them with the latest revision.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``ecs``: [``botocore``] This is for ecs exec feature release which includes two new
APIs - execute-command and update-cluster and an AWS CLI customization for execute-command API
- from version 1.17.27
* api-change:``mediatailor``: [``botocore``] MediaTailor channel assembly is a new manifest-only
service that allows you to assemble linear streams using your existing VOD content.
* api-change:``workspaces``: [``botocore``] Adds API support for WorkSpaces bundle management operations.
* api-change:``cur``: [``botocore``] - Added optional billingViewArn field for OSG.
- from version 1.17.26
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``network-firewall``: [``botocore``] Update network-firewall client to latest version
- from version 1.17.25
* api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``backup``: [``botocore``] Update backup client to latest version
- from version 1.17.24
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``codeguruprofiler``: [``botocore``] Update codeguruprofiler client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
* api-change:``efs``: [``botocore``] Update efs client to latest version
- from version 1.17.23
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``kinesis-video-archived-media``: [``botocore``] Update
kinesis-video-archived-media client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
- from version 1.17.22
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``network-firewall``: [``botocore``] Update network-firewall client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``athena``: [``botocore``] Update athena client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``shield``: [``botocore``] Update shield client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
- from version 1.17.21
* api-change:``servicediscovery``: [``botocore``] Update servicediscovery client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``mwaa``: [``botocore``] Update mwaa client to latest version
- from version 1.17.20
* api-change:``forecast``: [``botocore``] Update forecast client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``acm``: [``botocore``] Update acm client to latest version
* api-change:``wellarchitected``: [``botocore``] Update wellarchitected client to latest version
- from version 1.17.19
* api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
* api-change:``directconnect``: [``botocore``] Update directconnect client to latest version
* bugfix:S3: [``botocore``] Fix an issue with XML newline normalization that could result
in the DeleteObjects operation incorrectly deleting the wrong keys.
* api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
* api-change:``datasync``: [``botocore``] Update datasync client to latest version
- from version 1.17.18
* enhancement:DynamoDB: Add a `__bytes__` method to the `Binary` DynamoDB type.
* api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
- from version 1.17.17
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
- from version 1.17.16
* api-change:``databrew``: [``botocore``] Update databrew client to latest version
* api-change:``detective``: [``botocore``] Update detective client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
* api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
* api-change:``transfer``: [``botocore``] Update transfer client to latest version
- from version 1.17.15
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
* api-change:``ecr-public``: [``botocore``] Update ecr-public client to latest version
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
- from version 1.17.14
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``redshift-data``: [``botocore``] Update redshift-data client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``iotevents``: [``botocore``] Update iotevents client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
- from version 1.17.13
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client
to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
- from version 1.17.12
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.17.11
* api-change:``health``: [``botocore``] Update health client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
- from version 1.17.10
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``lookoutvision``: [``botocore``] Update lookoutvision client to latest version
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Update to 1.26.4 (bsc#1199716)
* api-change:``gamesparks``: This release adds an optional DeploymentResult field in the responses
of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests APIs.
* enhancement:StreamingBody: Allow StreamingBody to be used as a context manager
* api-change:``lookoutmetrics``: In this release we added SnsFormat to SNSConfiguration to support
human readable alert.
- from version 1.26.3
* api-change:``greengrassv2``: This release adds the new DeleteDeployment API operation that you
can use to delete deployment resources. This release also adds support for discontinued
AWS-provided components, so AWS can communicate when a component has any issues that you should
consider before you deploy it.
* api-change:``quicksight``: API UpdatePublicSharingSettings enables IAM admins to enable/disable
account level setting for public access of dashboards. When enabled, owners/co-owners for
dashboards can enable public access on their dashboards. These dashboards can only be accessed
through share link or embedding.
* api-change:``appmesh``: This release updates the existing Create and Update APIs for meshes and
virtual nodes by adding a new IP preference field. This new IP preference field can be used to
control the IP versions being used with the mesh and allows for IPv6 support within App Mesh.
* api-change:``batch``: Documentation updates for AWS Batch.
* api-change:``iotevents-data``: Introducing new API for deleting detectors: BatchDeleteDetector.
* api-change:``transfer``: AWS Transfer Family now supports SetStat server configuration option,
which provides the ability to ignore SetStat command issued by file transfer clients, enabling
customers to upload files without any errors.
- from version 1.26.2
* api-change:``kms``: Add HMAC best practice tip, annual rotation of AWS managed keys.
* api-change:``glue``: This release adds a new optional parameter called codeGenNodeConfiguration
to CRUD job APIs that allows users to manage visual jobs via APIs. The updated CreateJob and
UpdateJob will create jobs that can be viewed in Glue Studio as a visual graph. GetJob can be used
to get codeGenNodeConfiguration.
- Update to 1.26.1
* api-change:``resiliencehub``: In this release, we are introducing support for Amazon Elastic
Container Service, Amazon Route 53, AWS Elastic Disaster Recovery, AWS Backup in addition to the
existing supported Services. This release also supports Terraform file input from S3 and
scheduling daily assessments
* api-change:``servicecatalog``: Updated the descriptions for the ListAcceptedPortfolioShares API
description and the PortfolioShareType parameters.
* api-change:``discovery``: Add Migration Evaluator Collector details to the GetDiscoverySummary
API response
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``workspaces-web``: Amazon WorkSpaces Web now supports Administrator timeout control
* api-change:``rekognition``: Documentation updates for Amazon Rekognition.
* api-change:``cloudfront``: Introduced a new error (TooLongCSPInResponseHeadersPolicy) that is
returned when the value of the Content-Security-Policy header in a response headers policy exceeds
the maximum allowed length.
- from version 1.26.0
* feature:Loaders: Support for loading gzip compressed model files.
* api-change:``grafana``: This release adds APIs for creating and deleting API keys in an Amazon
Managed Grafana workspace.
- from version 1.25.13
* api-change:``ivschat``: Documentation-only updates for IVS Chat API Reference.
* api-change:``lambda``: Lambda releases NodeJs 16 managed runtime to be available in all
commercial regions.
* api-change:``kendra``: Amazon Kendra now provides a data source connector for Jira. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-jira.html
* api-change:``transfer``: AWS Transfer Family now accepts ECDSA keys for server host keys
* api-change:``iot``: Documentation update for China region ListMetricValues for IoT
* api-change:``workspaces``: Increased the character limit of the login message from 600 to 850
characters.
* api-change:``finspace-data``: We've now deprecated CreateSnapshot permission for creating a data
view, instead use CreateDataView permission.
* api-change:``lightsail``: This release adds support to include inactive database bundles in the
response of the GetRelationalDatabaseBundles request.
* api-change:``outposts``: Documentation updates for AWS Outposts.
* api-change:``ec2``: This release introduces a target type Gateway Load Balancer Endpoint for
mirrored traffic. Customers can now specify GatewayLoadBalancerEndpoint option during the creation
of a traffic mirror target.
* api-change:``ssm-incidents``: Adding support for dynamic SSM Runbook parameter values. Updating
validation pattern for engagements. Adding ConflictException to UpdateReplicationSet API contract.
- from version 1.25.12
* api-change:``secretsmanager``: Doc only update for Secrets Manager that fixes several
customer-reported issues.
* api-change:``ec2``: This release updates AWS PrivateLink APIs to support IPv6 for PrivateLink
Services and Endpoints of type 'Interface'.
- Update to 1.25.11
* api-change:``migration-hub-refactor-spaces``: AWS Migration Hub Refactor Spaces documentation
only update to fix a formatting issue.
* api-change:``ec2``: Added support for using NitroTPM and UEFI Secure Boot on EC2 instances.
* api-change:``emr``: Update emr client to latest version
* api-change:``compute-optimizer``: Documentation updates for Compute Optimizer
* api-change:``eks``: Adds BOTTLEROCKET_ARM_64_NVIDIA and BOTTLEROCKET_x86_64_NVIDIA AMI types to
EKS managed nodegroups
- from version 1.25.10
* api-change:``evidently``: Add detail message inside GetExperimentResults API response to indicate
experiment result availability
* api-change:``ssm-contacts``: Fixed an error in the DescribeEngagement example for AWS Incident
Manager.
* api-change:``cloudcontrol``: SDK release for Cloud Control API to include paginators for Python
SDK.
- from version 1.25.9
* api-change:``rds``: Various documentation improvements.
* api-change:``redshift``: Introduces new field 'LoadSampleData' in CreateCluster operation.
Customers can now specify 'LoadSampleData' option during creation of a cluster, which results in
loading of sample data in the cluster that is created.
* api-change:``ec2``: Add new state values for IPAMs, IPAM Scopes, and IPAM Pools.
* api-change:``mediapackage``: This release adds Dvb Dash 2014 as an available profile option for
Dash Origin Endpoints.
* api-change:``securityhub``: Documentation updates for Security Hub API reference
* api-change:``location``: Amazon Location Service now includes a MaxResults parameter for
ListGeofences requests.
- from version 1.25.8
* api-change:``ec2``: Amazon EC2 I4i instances are powered by 3rd generation Intel Xeon Scalable
processors and feature up to 30 TB of local AWS Nitro SSD storage
* api-change:``kendra``: AWS Kendra now supports hierarchical facets for a query. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/filtering.html
* api-change:``iot``: AWS IoT Jobs now allows you to create up to 100,000 active continuous and
snapshot jobs by using concurrency control.
* api-change:``datasync``: AWS DataSync now supports a new ObjectTags Task API option that can be
used to control whether Object Tags are transferred.
- from version 1.25.7
* api-change:``ssm``: This release adds the TargetMaps parameter in SSM State Manager API.
* api-change:``backup``: Adds support to 2 new filters about job complete time for 3 list jobs APIs
in AWS Backup
* api-change:``lightsail``: Documentation updates for Lightsail
* api-change:``iotsecuretunneling``: This release introduces a new API RotateTunnelAccessToken that
allow revoking the existing tokens and generate new tokens
- from version 1.25.6
* api-change:``ec2``: Adds support for allocating Dedicated Hosts on AWS Outposts. The
AllocateHosts API now accepts an OutpostArn request parameter, and the DescribeHosts API now
includes an OutpostArn response parameter.
* api-change:``s3``: Documentation only update for doc bug fixes for the S3 API docs.
* api-change:``kinesisvideo``: Add support for multiple image feature related APIs for configuring
image generation and notification of a video stream. Add "/GET_IMAGES"/ to the list of supported API
names for the GetDataEndpoint API.
* api-change:``sagemaker``: SageMaker Autopilot adds new metrics for all candidate models generated
by Autopilot experiments; RStudio on SageMaker now allows users to bring your own development
environment in a custom image.
* api-change:``kinesis-video-archived-media``: Add support for GetImages API for retrieving images
from a video stream
- from version 1.25.5
* api-change:``organizations``: This release adds the INVALID_PAYMENT_INSTRUMENT as a fail reason
and an error message.
* api-change:``synthetics``: CloudWatch Synthetics has introduced a new feature to provide
customers with an option to delete the underlying resources that Synthetics canary creates when the
user chooses to delete the canary.
* api-change:``outposts``: This release adds a new API called ListAssets to the Outposts SDK, which
lists the hardware assets in an Outpost.
- from version 1.25.4
* api-change:``rds``: Feature - Adds support for Internet Protocol Version 6 (IPv6) on RDS database
instances.
* api-change:``codeguru-reviewer``: Amazon CodeGuru Reviewer now supports suppressing
recommendations from being generated on specific files and directories.
* api-change:``ssm``: Update the StartChangeRequestExecution, adding TargetMaps to the Runbook
parameter
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK nows supports creation of Dolby
Vision profile 8.1, the ability to generate black frames of video, and introduces audio-only DASH
and CMAF support.
* api-change:``wafv2``: You can now inspect all request headers and all cookies. You can now
specify how to handle oversize body contents in your rules that inspect the body.
- from version 1.25.3
* api-change:``auditmanager``: This release adds documentation updates for Audit Manager. We
provided examples of how to use the Custom_ prefix for the keywordValue attribute. We also provided
more details about the DeleteAssessmentReport operation.
* api-change:``network-firewall``: AWS Network Firewall adds support for stateful threat signature
AWS managed rule groups.
* api-change:``ec2``: This release adds support to query the public key and creation date of EC2
Key Pairs. Additionally, the format (pem or ppk) of a key pair can be specified when creating a new
key pair.
* api-change:``braket``: This release enables Braket Hybrid Jobs with Embedded Simulators to have
multiple instances.
* api-change:``guardduty``: Documentation update for API description.
* api-change:``connect``: This release introduces an API for changing the current agent status of a
user in Connect.
- from version 1.25.2
* api-change:``rekognition``: This release adds support to configure stream-processor resources for
label detections on streaming-videos. UpateStreamProcessor API is also launched with this release,
which could be used to update an existing stream-processor.
* api-change:``cloudtrail``: Increases the retention period maximum to 2557 days. Deprecates unused
fields of the ListEventDataStores API response. Updates documentation.
* api-change:``lookoutequipment``: This release adds the following new features: 1) Introduces an
option for automatic schema creation 2) Now allows for Ingestion of data containing most common
errors and allows automatic data cleaning 3) Introduces new API ListSensorStatistics that gives
further information about the ingested data
* api-change:``iotwireless``: Add list support for event configurations, allow to get and update
event configurations by resource type, support LoRaWAN events; Make NetworkAnalyzerConfiguration as
a resource, add List, Create, Delete API support; Add FCntStart attribute support for ABP
WirelessDevice.
* api-change:``amplify``: Documentation only update to support the Amplify GitHub App feature launch
* api-change:``chime-sdk-media-pipelines``: For Amazon Chime SDK meetings, the Amazon Chime Media
Pipelines SDK allows builders to capture audio, video, and content share streams. You can also
capture meeting events, live transcripts, and data messages. The pipelines save the artifacts to an
Amazon S3 bucket that you designate.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for custom validation dataset
and validation ratio through the CreateAutoMLJob and DescribeAutoMLJob APIs.
- Update to 1.25.1
* api-change:``lightsail``: This release adds support for Lightsail load balancer HTTP to HTTPS
redirect and TLS policy configuration.
* api-change:``sagemaker``: SageMaker Inference Recommender now accepts customer KMS key ID for
encryption of endpoints and compilation outputs created during inference recommendation.
* api-change:``pricing``: Documentation updates for Price List API
* api-change:``glue``: This release adds documentation for the APIs to create, read, delete, list,
and batch read of AWS Glue custom patterns, and for Lake Formation configuration settings in the
AWS Glue crawler.
* api-change:``cloudfront``: CloudFront now supports the Server-Timing header in HTTP responses
sent from CloudFront. You can use this header to view metrics that help you gain insights about the
behavior and performance of CloudFront. To use this header, enable it in a response headers policy.
* api-change:``ivschat``: Adds new APIs for IVS Chat, a feature for building interactive chat
experiences alongside an IVS broadcast.
* api-change:``network-firewall``: AWS Network Firewall now enables customers to use a customer
managed AWS KMS key for the encryption of their firewall resources.
- from version 1.25.0
* api-change:``gamelift``: Documentation updates for Amazon GameLift.
* api-change:``mq``: This release adds the CRITICAL_ACTION_REQUIRED broker state and the
ActionRequired API property. CRITICAL_ACTION_REQUIRED informs you when your broker is degraded.
ActionRequired provides you with a code which you can use to find instructions in the Developer
Guide on how to resolve the issue.
* feature:IMDS: Added resiliency mechanisms to IMDS Credential Fetcher
* api-change:``securityhub``: Security Hub now lets you opt-out of auto-enabling the defaults
standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security Hub's
integration with AWS Organizations.
* api-change:``connect``: This release adds SearchUsers API which can be used to search for users
with a Connect Instance
* api-change:``rds-data``: Support to receive SQL query results in the form of a simplified JSON
string. This enables developers using the new JSON string format to more easily convert it to an
object using popular JSON string parsing libraries.
- from version 1.24.46
* api-change:``chime-sdk-meetings``: Include additional exceptions types.
* api-change:``ec2``: Adds support for waiters that automatically poll for a deleted NAT Gateway
until it reaches the deleted state.
- from version 1.24.45
* api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
list for classifying and grouping recommendations.
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``iottwinmaker``: General availability (GA) for AWS IoT TwinMaker. For more
information, see https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``mediatailor``: This release introduces tiered channels and adds support for live
sources. Customers using a STANDARD channel can now create programs using live sources.
* api-change:``storagegateway``: This release adds support for minimum of 5 character length
virtual tape barcodes.
* api-change:``lookoutmetrics``: Added DetectMetricSetConfig API for detecting configuration
required for creating metric set from provided S3 data source.
* api-change:``iotsitewise``: This release adds 3 new batch data query APIs :
BatchGetAssetPropertyValue, BatchGetAssetPropertyValueHistory and BatchGetAssetPropertyAggregates
* api-change:``glue``: This release adds APIs to create, read, delete, list, and batch read of Glue
custom entity types
- from version 1.24.44
* api-change:``macie2``: Sensitive data findings in Amazon Macie now indicate how Macie found the
sensitive data that produced a finding (originType).
* api-change:``rds``: Added a new cluster-level attribute to set the capacity range for Aurora
Serverless v2 instances.
* api-change:``mgn``: Removed required annotation from input fields in Describe operations
requests. Added quotaValue to ServiceQuotaExceededException
* api-change:``connect``: This release adds APIs to search, claim, release, list, update, and
describe phone numbers. You can also use them to associate and disassociate contact flows to phone
numbers.
- from version 1.24.43
* api-change:``textract``: This release adds support for specifying and extracting information from
documents using the Queries feature within Analyze Document API
* api-change:``worklink``: Amazon WorkLink is no longer supported. This will be removed in a future
version of the SDK.
* api-change:``ssm``: Added offset support for specifying the number of days to wait after the date
and time specified by a CRON expression when creating SSM association.
* api-change:``autoscaling``: EC2 Auto Scaling now adds default instance warm-up times for all
scaling activities, health check replacements, and other replacement events in the Auto Scaling
instance lifecycle.
* api-change:``personalize``: Adding StartRecommender and StopRecommender APIs for Personalize.
* api-change:``kendra``: Amazon Kendra now provides a data source connector for Quip. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-quip.html
* api-change:``polly``: Amazon Polly adds new Austrian German voice - Hannah. Hannah is available
as Neural voice only.
* api-change:``transfer``: This release contains corrected HomeDirectoryMappings examples for
several API functions: CreateAccess, UpdateAccess, CreateUser, and UpdateUser,.
* api-change:``kms``: Adds support for KMS keys and APIs that generate and verify HMAC codes
* api-change:``redshift``: Introduces new fields for LogDestinationType and LogExports on
EnableLogging requests and Enable/Disable/DescribeLogging responses. Customers can now select
CloudWatch Logs as a destination for their Audit Logs.
- from version 1.24.42
* api-change:``lightsail``: This release adds support to describe the synchronization status of the
account-level block public access feature for your Amazon Lightsail buckets.
* api-change:``rds``: Removes Amazon RDS on VMware with the deletion of APIs related to Custom
Availability Zones and Media installation
* api-change:``athena``: This release adds subfields, ErrorMessage, Retryable, to the AthenaError
response object in the GetQueryExecution API when a query fails.
- from version 1.24.41
* api-change:``batch``: Enables configuration updates for compute environments with
BEST_FIT_PROGRESSIVE and SPOT_CAPACITY_OPTIMIZED allocation strategies.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``appstream``: Includes updates for create and update fleet APIs to manage the session
scripts locations for Elastic fleets.
* api-change:``glue``: Auto Scaling for Glue version 3.0 and later jobs to dynamically scale
compute resources. This SDK change provides customers with the auto-scaled DPU usage
* api-change:``appflow``: Enables users to pass custom token URL parameters for Oauth2
authentication during create connector profile
- from version 1.24.40
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``fsx``: This release adds support for deploying FSx for ONTAP file systems in a
single Availability Zone.
- from version 1.24.39
* api-change:``ec2``: X2idn and X2iedn instances are powered by 3rd generation Intel Xeon Scalable
processors with an all-core turbo frequency up to 3.5 GHzAmazon EC2. C6a instances are powered by
3rd generation AMD EPYC processors.
* api-change:``devops-guru``: This release adds new APIs DeleteInsight to deletes the insight along
with the associated anomalies, events and recommendations.
* api-change:``efs``: Update efs client to latest version
* api-change:``iottwinmaker``: This release adds the following new features: 1) ListEntities API
now supports search using ExternalId. 2) BatchPutPropertyValue and GetPropertyValueHistory API now
allows users to represent time in sub-second level precisions.
- from version 1.24.38
* api-change:``amplifyuibuilder``: In this release, we have added the ability to bind events to
component level actions.
* api-change:``apprunner``: This release adds tracing for App Runner services with X-Ray using AWS
Distro for OpenTelemetry. New APIs: CreateObservabilityConfiguration,
DescribeObservabilityConfiguration, ListObservabilityConfigurations, and
DeleteObservabilityConfiguration. Updated APIs: CreateService and UpdateService.
* api-change:``workspaces``: Added API support that allows customers to create GPU-enabled
WorkSpaces using EC2 G4dn instances.
- from version 1.24.37
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for the
pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported
formats, and improved filter support for processing 444/RGB content.
* api-change:``wafv2``: Add a new CurrentDefaultVersion field to
ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each
ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
* api-change:``mediapackage-vod``: This release adds ScteMarkersSource as an available field for
Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers
from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the
segments.
- from version 1.24.36
* api-change:``apigateway``: ApiGateway CLI command get-usage now includes usagePlanId, startDate,
and endDate fields in the output to match documentation.
* api-change:``personalize``: This release provides tagging support in AWS Personalize.
* api-change:``pi``: Adds support for DocumentDB to the Performance Insights API.
* api-change:``events``: Update events client to latest version
* api-change:``docdb``: Added support to enable/disable performance insights when creating or
modifying db instances
* api-change:``sagemaker``: Amazon Sagemaker Notebook Instances now supports G5 instance types
- from version 1.24.35
* bugfix:Proxy: Fix failure case for IP proxy addresses using TLS-in-TLS. `boto/botocore#2652
<https://github.com/boto/botocore/pull/2652>`__
* api-change:``config``: Add resourceType enums for AWS::EMR::SecurityConfiguration and
AWS::SageMaker::CodeRepository
* api-change:``panorama``: Added Brand field to device listings.
* api-change:``lambda``: This release adds new APIs for creating and managing Lambda Function URLs
and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can use Function
URLs to create built-in HTTPS endpoints on their functions.
* api-change:``kendra``: Amazon Kendra now provides a data source connector for Box. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
- from version 1.24.34
* api-change:``securityhub``: Added additional ASFF details for RdsSecurityGroup AutoScalingGroup,
ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
* api-change:``fsx``: Provide customers more visibility into file system status by adding new
"/Misconfigured Unavailable"/ status for Amazon FSx for Windows File Server.
* api-change:``s3control``: Documentation-only update for doc bug fixes for the S3 Control API docs.
* api-change:``datasync``: AWS DataSync now supports Amazon FSx for OpenZFS locations.
- from version 1.24.33
* api-change:``iot``: AWS IoT - AWS IoT Device Defender adds support to list metric datapoints
collected for IoT devices through the ListMetricValues API
* api-change:``servicecatalog``: This release adds ProvisioningArtifictOutputKeys to
DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates
ProvisioningArtifactOutputs.
* api-change:``sms``: Revised product update notice for SMS console deprecation.
* api-change:``proton``: SDK release to support tagging for AWS Proton Repository resource
* enhancement:AWSCRT: Upgrade awscrt version to 0.13.8
- Update to 1.24.32
* api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the
specified Amazon Connect instance.
- from version 1.24.31
* api-change:``cloudcontrol``: SDK release for Cloud Control API in Amazon Web Services China
(Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by
NWCD
* api-change:``pinpoint-sms-voice-v2``: Amazon Pinpoint now offers a version 2.0 suite of SMS and
voice APIs, providing increased control over sending and configuration. This release is a new SDK
for sending SMS and voice messages called PinpointSMSVoiceV2.
* api-change:``workspaces``: Added APIs that allow you to customize the logo, login message, and
help links in the WorkSpaces client login page. To learn more, visit
https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
* api-change:``route53-recovery-cluster``: This release adds a new API "/ListRoutingControls"/ to
list routing control states using the highly reliable Route 53 ARC data plane endpoints.
* api-change:``databrew``: This AWS Glue Databrew release adds feature to support ORC as an input
format.
* api-change:``auditmanager``: This release adds documentation updates for Audit Manager. The
updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a
delegated administrator.
* api-change:``grafana``: This release adds tagging support to the Managed Grafana service. New
APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to
support tagging while calling CreateWorkspace.
- from version 1.24.30
* api-change:``iot-data``: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed
to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you
access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
* api-change:``ec2``: This release simplifies the auto-recovery configuration process enabling
customers to set the recovery behavior to disabled or default
* api-change:``fms``: AWS Firewall Manager now supports the configuration of third-party policies
that can use either the centralized or distributed deployment models.
* api-change:``fsx``: This release adds support for modifying throughput capacity for FSx for ONTAP
file systems.
* api-change:``iot``: Doc only update for IoT that fixes customer-reported issues.
- from version 1.24.29
* api-change:``organizations``: This release provides the new CloseAccount API that enables
principals in the management account to close any member account within an organization.
- from version 1.24.28
* api-change:``medialive``: This release adds support for selecting a maintenance window.
* api-change:``acm-pca``: Updating service name entities
- from version 1.24.27
* api-change:``ec2``: This is release adds support for Amazon VPC Reachability Analyzer to analyze
path through a Transit Gateway.
* api-change:``ssm``: This Patch Manager release supports creating, updating, and deleting Patch
Baselines for Rocky Linux OS.
* api-change:``batch``: Bug Fix: Fixed a bug where shapes were marked as unboxed and were not
serialized and sent over the wire, causing an API error from the service.
- from version 1.24.26
* api-change:``lambda``: Adds support for increased ephemeral storage (/tmp) up to 10GB for Lambda
functions. Customers can now provision up to 10 GB of ephemeral storage per function instance, a
20x increase over the previous limit of 512 MB.
* api-change:``config``: Added new APIs GetCustomRulePolicy and GetOrganizationCustomRulePolicy,
and updated existing APIs PutConfigRule, DescribeConfigRule, DescribeConfigRuleEvaluationStatus,
PutOrganizationConfigRule, DescribeConfigRule to support a new feature for building AWS Config
rules with AWS CloudFormation Guard
* api-change:``transcribe``: This release adds an additional parameter for subtitling with Amazon
Transcribe batch jobs: outputStartIndex.
- from version 1.24.25
* api-change:``redshift``: This release adds a new [--encrypted | --no-encrypted] field in
restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a cluster
encrypted with AWS Managed Key or their own KMS key.
* api-change:``ebs``: Increased the maximum supported value for the Timeout parameter of the
StartSnapshot API from 60 minutes to 4320 minutes. Changed the HTTP error code for
ConflictException from 503 to 409.
* api-change:``gamesparks``: Released the preview of Amazon GameSparks, a fully managed AWS service
that provides a multi-service backend for game developers.
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``transfer``: Documentation updates for AWS Transfer Family to describe how to remove
an associated workflow from a server.
* api-change:``auditmanager``: This release updates 1 API parameter, the SnsArn attribute. The
character length and regex pattern for the SnsArn attribute have been updated, which enables you to
deselect an SNS topic when using the UpdateSettings operation.
* api-change:``ssm``: Update AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource
APIs to reflect the support for tagging Automation resources. Includes other minor documentation
updates.
- from version 1.24.24
* api-change:``location``: Amazon Location Service now includes a MaxResults parameter for
GetDevicePositionHistory requests.
* api-change:``polly``: Amazon Polly adds new Catalan voice - Arlet. Arlet is available as Neural
voice only.
* api-change:``lakeformation``: The release fixes the incorrect permissions called out in the
documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet release fixes
the corresponding SDK and documentation.
* api-change:``ecs``: Documentation only update to address tickets
* api-change:``ce``: Added three new APIs to support tagging and resource-level authorization on
Cost Explorer resources: TagResource, UntagResource, ListTagsForResource. Added optional
parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and CreateAnomalyMonitor APIs
to support Tag On Create.
- from version 1.24.23
* api-change:``ram``: Document improvements to the RAM API operations and parameter descriptions.
* api-change:``ecr``: This release includes a fix in the DescribeImageScanFindings paginated output.
* api-change:``quicksight``: AWS QuickSight Service Features - Expand public API support for group
management.
* api-change:``chime-sdk-meetings``: Add support for media replication to link multiple WebRTC
media sessions together to reach larger and global audiences. Participants connected to a replica
session can be granted access to join the primary session and can switch sessions with their
existing WebRTC connection
* api-change:``mediaconnect``: This release adds support for selecting a maintenance window.
- Update to 1.24.22
* enhancement:jmespath: Add env markers to get working version of jmespath for python 3.6
* api-change:``glue``: Added 9 new APIs for AWS Glue Interactive Sessions: ListSessions,
StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement, ListStatements,
CancelStatement
- from version 1.24.21
* enhancement:Dependency: Added support for jmespath 1.0
* api-change:``amplifybackend``: Adding the ability to customize Cognito verification messages for
email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for
ForgotPassword in CreateBackendAuth and UpdateBackendAuth
* api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (CA) now
supports customizable certificate subject names and extensions.
* api-change:``ssm-incidents``: Removed incorrect validation pattern for
IncidentRecordSource.invokedBy
* api-change:``billingconductor``: This is the initial SDK release for AWS Billing Conductor. The
AWS Billing Conductor is a customizable billing service, allowing you to customize your billing
data to match your desired business structure.
* api-change:``s3outposts``: S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists
all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
- from version 1.24.20
* api-change:``robomaker``: This release deprecates ROS, Ubuntu and Gazbeo from RoboMaker
Simulation Service Software Suites in favor of user-supplied containers and Relaxed Software Suites.
* api-change:``dataexchange``: This feature enables data providers to use the RevokeRevision
operation to revoke subscriber access to a given revision. Subscribers are unable to interact with
assets within a revoked revision.
* api-change:``ec2``: Adds the Cascade parameter to the DeleteIpam API. Customers can use this
parameter to automatically delete their IPAM, including non-default scopes, pools, cidrs, and
allocations. There mustn't be any pools provisioned in the default public scope to use this
parameter.
* api-change:``cognito-idp``: Updated EmailConfigurationType and SmsConfigurationType to reflect
that you can now choose Amazon SES and Amazon SNS resources in the same Region.
* enhancement:AWSCRT: Upgrade awscrt extra to 0.13.5
* api-change:``location``: New HERE style "/VectorHereExplore"/ and "/VectorHereExploreTruck"/.
* api-change:``ecs``: Documentation only update to address tickets
* api-change:``keyspaces``: Fixing formatting issues in CLI and SDK documentation
* api-change:``rds``: Various documentation improvements
- from version 1.24.19
* api-change:``kendra``: Amazon Kendra now provides a data source connector for Slack. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
* api-change:``timestream-query``: Amazon Timestream Scheduled Queries now support Timestamp
datatype in a multi-measure record.
* enhancement:Stubber: Added support for modeled exception fields when adding errors to a client
stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``config``: Add resourceType enums for AWS::ECR::PublicRepository and
AWS::EC2::LaunchTemplate
- from version 1.24.18
* api-change:``outposts``: This release adds address filters for listSites
* api-change:``lambda``: Adds PrincipalOrgID support to AddPermission API. Customers can use it to
manage permissions to lambda functions at AWS Organizations level.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager.
* api-change:``connect``: This release adds support for enabling Rich Messaging when starting a new
chat session via the StartChatContact API. Rich Messaging enables the following formatting options:
bold, italics, hyperlinks, bulleted lists, and numbered lists.
* api-change:``chime``: Chime VoiceConnector Logging APIs will now support MediaMetricLogs. Also
CreateMeetingDialOut now returns AccessDeniedException.
- from version 1.24.17
* api-change:``transcribe``: Documentation fix for API `StartMedicalTranscriptionJobRequest`, now
showing min sample rate as 16khz
* api-change:``transfer``: Adding more descriptive error types for managed workflows
* api-change:``lexv2-models``: Update lexv2-models client to latest version
- from version 1.24.16
* api-change:``comprehend``: Amazon Comprehend now supports extracting the sentiment associated
with entities such as brands, products and services from text documents.
- from version 1.24.15
* api-change:``eks``: Introducing a new enum for NodeGroup error code:
Ec2SubnetMissingIpv6Assignment
* api-change:``keyspaces``: Adding link to CloudTrail section in Amazon Keyspaces Developer Guide
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for reading
timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as
the video and audio in HLS packages.
- from version 1.24.14
* api-change:``chime-sdk-meetings``: Adds support for Transcribe language identification feature to
the StartMeetingTranscription API.
* api-change:``ecs``: Amazon ECS UpdateService API now supports additional parameters:
loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
* api-change:``migration-hub-refactor-spaces``: AWS Migration Hub Refactor Spaces documentation
update.
- from version 1.24.13
* api-change:``synthetics``: Allow custom handler function.
* api-change:``transfer``: Add waiters for server online and offline.
* api-change:``devops-guru``: Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You
can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This
feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this
feature with UpdateEventSourcesConfig.
* api-change:``macie``: Amazon Macie Classic (macie) has been discontinued and is no longer
available. A new Amazon Macie (macie2) is now available with significant design improvements and
additional features.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``connect``: This release updates the *InstanceStorageConfig APIs so they support a
new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming
for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis
segments will be published.
- from version 1.24.12
* api-change:``greengrassv2``: Doc only update that clarifies Create Deployment section.
* api-change:``fsx``: This release adds support for data repository associations to use root ("//"/)
as the file system path
* api-change:``kendra``: Amazon Kendra now suggests spell corrections for a query. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
* api-change:``appflow``: Launching Amazon AppFlow Marketo as a destination connector SDK.
* api-change:``timestream-query``: Documentation only update for SDK and CLI
- from version 1.24.11
* api-change:``gamelift``: Minor updates to address errors.
* api-change:``cloudtrail``: Add bytesScanned field into responses of DescribeQuery and
GetQueryResults.
* api-change:``athena``: This release adds support for S3 Object Ownership by allowing the S3
bucket owner full control canned ACL to be set when Athena writes query results to S3 buckets.
* api-change:``keyspaces``: This release adds support for data definition language (DDL) operations
* api-change:``ecr``: This release adds support for tracking images lastRecordedPullTime.
- Version update to 1.24.10
* api-change:``mediapackage``: This release adds Hybridcast as an available profile option for Dash
Origin Endpoints.
* api-change:``rds``: Documentation updates for Multi-AZ DB clusters.
* api-change:``mgn``: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration
object (and as a parameter to UpdateLaunchConfigurationRequest).
* api-change:``kafkaconnect``: Adds operation for custom plugin deletion (DeleteCustomPlugin) and
adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return
errors from asynchronous resource creation.
- from version 1.24.9
* api-change:``finspace-data``: Add new APIs for managing Users and Permission Groups.
* api-change:``amplify``: Add repositoryCloneMethod field for hosting an Amplify app. This field
shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
* api-change:``fsx``: This release adds support for the following FSx for OpenZFS features:
snapshot lifecycle transition messages, force flag for deleting file systems with child resources,
LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
* api-change:``fis``: This release adds logging support for AWS Fault Injection Simulator
experiments. Experiment templates can now be configured to send experiment activity logs to Amazon
CloudWatch Logs or to an S3 bucket.
* api-change:``route53-recovery-cluster``: This release adds a new API option to enable overriding
safety rules to allow routing control state updates.
* api-change:``amplifyuibuilder``: We are adding the ability to configure workflows and actions for
components.
* api-change:``athena``: This release adds support for updating an existing named query.
* api-change:``ec2``: This release adds support for new AMI property 'lastLaunchedTime'
* api-change:``servicecatalog-appregistry``: AppRegistry is deprecating Application and
Attribute-Group Name update feature. In this release, we are marking the name attributes for Update
APIs as deprecated to give a heads up to our customers.
- from version 1.24.8
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``panorama``: Added NTP server configuration parameter to ProvisionDevice operation.
Added alternate software fields to DescribeDevice response
- from version 1.24.7
* api-change:``route53``: SDK doc update for Route 53 to update some parameters with new
information.
* api-change:``databrew``: This AWS Glue Databrew release adds feature to merge job outputs into a
max number of files for S3 File output type.
* api-change:``transfer``: Support automatic pagination when listing AWS Transfer Family resources.
* api-change:``s3control``: Amazon S3 Batch Operations adds support for new integrity checking
capabilities in Amazon S3.
* api-change:``s3``: This release adds support for new integrity checking capabilities in Amazon
S3. You can choose from four supported checksum algorithms for data integrity checking on your
upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it
streams data into S3
* api-change:``fms``: AWS Firewall Manager now supports the configuration of AWS Network Firewall
policies with either centralized or distributed deployment models. This release also adds support
for custom endpoint configuration, where you can choose which Availability Zones to create firewall
endpoints in.
* api-change:``lightsail``: This release adds support to delete and create Lightsail default key
pairs that you can use with Lightsail instances.
* api-change:``autoscaling``: You can now hibernate instances in a warm pool to stop instances
without deleting their RAM contents. You can now also return instances to the warm pool on scale
in, instead of always terminating capacity that you will need later.
- from version 1.24.6
* api-change:``transfer``: The file input selection feature provides the ability to use either the
originally uploaded file or the output file from the previous workflow step, enabling customers to
make multiple copies of the original file while keeping the source file intact for file archival.
* api-change:``lambda``: Lambda releases .NET 6 managed runtime to be available in all commercial
regions.
* api-change:``textract``: Added support for merged cells and column header for table response.
- from version 1.24.5
* api-change:``translate``: This release enables customers to use translation settings for
formality customization in their synchronous translation output.
* api-change:``wafv2``: Updated descriptions for logging configuration.
* api-change:``apprunner``: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes)
and a Node.js 14 runtime.
- from version 1.24.4
* api-change:``imagebuilder``: This release adds support to enable faster launching for Windows
AMIs created by EC2 Image Builder.
* api-change:``customer-profiles``: This release introduces apis CreateIntegrationWorkflow,
DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and
view integration workflows.
* api-change:``dynamodb``: DynamoDB ExecuteStatement API now supports Limit as a request parameter
to specify the maximum number of items to evaluate. If specified, the service will process up to
the Limit and the results will include a LastEvaluatedKey value to continue the read in a
subsequent operation.
- from version 1.24.3
* api-change:``transfer``: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols.
Display Banners are bodies of text that can be displayed before and/or after a user authenticates
onto a server using one of the previously mentioned protocols.
* api-change:``gamelift``: Increase string list limit from 10 to 100.
* api-change:``budgets``: This change introduces DescribeBudgetNotificationsForAccount API which
returns budget notifications for the specified account
- from version 1.24.2
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``redshift``: SDK release for Cross region datasharing and cost-control for cross
region datasharing
* api-change:``evidently``: Add support for filtering list of experiments and launches by status
* api-change:``backup``: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED
event types in BackupVaultNotifications events list.
- from version 1.24.1
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``budgets``: Adds support for auto-adjusting budgets, a new budget method alongside
fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit
baseline using a historical lookback average or current period forecast.
* api-change:``ce``: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
* api-change:``glue``: Support for optimistic locking in UpdateTable
* api-change:``ssm``: Assorted ticket fixes and updates for AWS Systems Manager.
- Version update to 1.24.0
* api-change:``appflow``: Launching Amazon AppFlow SAP as a destination connector SDK.
* feature:Parser: Adding support for parsing int/long types in rest-json response headers.
* api-change:``rds``: Adds support for determining which Aurora PostgreSQL versions support
Babelfish.
* api-change:``athena``: This release adds a subfield, ErrorType, to the AthenaError response
object in the GetQueryExecution API when a query fails.
- from version 1.23.54
* api-change:``ssm``: Documentation updates for AWS Systems Manager.
- from version 1.23.53
* api-change:``cloudformation``: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
* api-change:``lookoutvision``: This release makes CompilerOptions in Lookout for Vision's
StartModelPackagingJob's Configuration object optional.
* api-change:``pinpoint``: This SDK release adds a new paramater creation date for GetApp and
GetApps Api call
* api-change:``sns``: Customer requested typo fix in API documentation.
* api-change:``wafv2``: Adds support for AWS WAF Fraud Control account takeover prevention (ATP),
with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for
application integration SDKs for Android and iOS mobile apps.
- from version 1.23.52
* api-change:``cloudformation``: This SDK release is for the feature launch of AWS CloudFormation
Hooks.
- from version 1.23.51
* api-change:``kendra``: Amazon Kendra now provides a data source connector for Amazon FSx. For
more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
* api-change:``apprunner``: This release adds support for App Runner to route outbound network
traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector,
ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and
UpdateService.
* api-change:``s3control``: This release adds support for S3 Batch Replication. Batch Replication
lets you replicate existing objects, already replicated objects to new destinations, and objects
that previously failed to replicate. Customers will receive object-level visibility of progress and
a detailed completion report.
* api-change:``sagemaker``: Autopilot now generates an additional report with information on the
performance of the best model, such as a Confusion matrix and Area under the receiver operating
characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
- from version 1.23.50
* api-change:``auditmanager``: This release updates 3 API parameters.
UpdateAssessmentFrameworkControlSet now requires the controls attribute, and
CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework
now has a minimum length constraint for the controlSets attribute.
* api-change:``synthetics``: Adding names parameters to the Describe APIs.
* api-change:``ssm-incidents``: Update RelatedItem enum to support SSM Automation
* api-change:``events``: Update events client to latest version
* enhancement:Lambda Request Header: Adding request header for Lambda recursion detection.
- from version 1.23.49
* api-change:``athena``: You can now optionally specify the account ID that you expect to be the
owner of your query results output location bucket in Athena. If the account ID of the query
results bucket owner does not match the specified account ID, attempts to output to the bucket will
fail with an S3 permissions error.
* api-change:``rds``: updates for RDS Custom for Oracle 12.1 support
* api-change:``lakeformation``: Add support for calling Update Table Objects without a
TransactionId.
- from version 1.23.48
* api-change:``ec2``: adds support for AMIs in Recycle Bin
* api-change:``robomaker``: The release deprecates the use various APIs of RoboMaker Deployment
Service in favor of AWS IoT GreenGrass v2.0.
* api-change:``meteringmarketplace``: Add CustomerAWSAccountId to ResolveCustomer API response and
increase UsageAllocation limit to 2500.
* api-change:``rbin``: Add EC2 Image recycle bin support.
- from version 1.23.47
* api-change:``emr``: Update emr client to latest version
* api-change:``personalize``: Adding minRecommendationRequestsPerSecond attribute to recommender
APIs.
* enhancement:Request headers: Adding request headers with retry information.
* api-change:``appflow``: Launching Amazon AppFlow Custom Connector SDK.
* api-change:``dynamodb``: Documentation update for DynamoDB Java SDK.
* api-change:``iot``: This release adds support for configuring AWS IoT logging level per client
ID, source IP, or principal ID.
* api-change:``comprehend``: Amazon Comprehend now supports sharing and importing custom trained
models from one AWS account to another within the same region.
* api-change:``ce``: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions
* api-change:``fis``: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These
actions return additional details about resource types and parameters that can be targeted by FIS
actions. Added a parameters field for the targets that can be specified in experiment templates.
* api-change:``es``: Allows customers to get progress updates for blue/green deployments
* api-change:``glue``: Launch Protobuf support for AWS Glue Schema Registry
* api-change:``elasticache``: Documentation update for AWS ElastiCache
- Version update to 1.23.46
* api-change:``appconfigdata``: Documentation updates for AWS AppConfig Data.
* api-change:``athena``: This release adds a field, AthenaError, to the GetQueryExecution response
object when a query fails.
* api-change:``appconfig``: Documentation updates for AWS AppConfig
* api-change:``cognito-idp``: Doc updates for Cognito user pools API Reference.
* api-change:``secretsmanager``: Feature are ready to release on Jan 28th
* api-change:``sagemaker``: This release added a new NNA accelerator compilation support for
Sagemaker Neo.
- from version 1.23.45
* api-change:``ec2``: X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all
core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
* api-change:``kafka``: Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that
allows you to specify volume throughput during cluster creation and broker volume updates.
* api-change:``connect``: This release adds support for configuring a custom chat duration when
starting a new chat session via the StartChatContact API. The default value for chat duration is 25
hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days
(10,080 minutes).
* api-change:``amplify``: Doc only update to the description of basicauthcredentials to describe
the required encoding and format.
* api-change:``opensearch``: Allows customers to get progress updates for blue/green deployments
- from version 1.23.44
* api-change:``frauddetector``: Added new APIs for viewing past predictions and obtaining
prediction metadata including prediction explanations: ListEventPredictions and
GetEventPredictionMetadata
* api-change:``ebs``: Documentation updates for Amazon EBS Direct APIs.
* api-change:``codeguru-reviewer``: Added failure state and adjusted timeout in waiter
* api-change:``securityhub``: Adding top level Sample boolean field
* api-change:``sagemaker``: API changes relating to Fail steps in model building pipeline and add
PipelineExecutionFailureReason in PipelineExecutionSummary.
- from version 1.23.43
* api-change:``fsx``: This release adds support for growing SSD storage capacity and
growing/shrinking SSD IOPS for FSx for ONTAP file systems.
* api-change:``efs``: Update efs client to latest version
* api-change:``connect``: This release adds support for custom vocabularies to be used with Contact
Lens. Custom vocabularies improve transcription accuracy for one or more specific words.
* api-change:``guardduty``: Amazon GuardDuty expands threat detection coverage to protect Amazon
Elastic Kubernetes Service (EKS) workloads.
- from version 1.23.42
* api-change:``route53-recovery-readiness``: Updated documentation for Route53 Recovery Readiness
APIs.
- from version 1.23.41
* enhancement:Exceptions: ProxyConnectionError previously provided the full proxy URL. User info
will now be appropriately masked if needed.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for 4K AV1 output
resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML metadata files, and
the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
* api-change:``transcribe``: Add support for granular PIIEntityTypes when using Batch
ContentRedaction.
- Version update to 1.23.40
* api-change:``guardduty``: Amazon GuardDuty findings now include remoteAccountDetails under
AwsApiCallAction section if instance credential is exfiltrated.
* api-change:``connect``: This release adds tagging support for UserHierarchyGroups resource.
* api-change:``mediatailor``: This release adds support for multiple Segment Delivery
Configurations. Users can provide a list of names and URLs when creating or editing a source
location. When retrieving content, users can send a header to choose which URL should be used to
serve content.
* api-change:``fis``: Added action startTime and action endTime timestamp fields to the
ExperimentAction object
* api-change:``ec2``: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon
Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
- from version 1.23.39
* api-change:``macie2``: This release of the Amazon Macie API introduces stricter validation of
requests to create custom data identifiers.
* api-change:``ec2-instance-connect``: Adds support for ED25519 keys. PushSSHPublicKey Availability
Zone parameter is now optional. Adds EC2InstanceStateInvalidException for instances that are not
running. This was previously a service exception, so this may require updating your code to handle
this new exception.
- from version 1.23.38
* api-change:``ivs``: This release adds support for the new Thumbnail Configuration property for
Recording Configurations. For more information see
https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
* api-change:``storagegateway``: Documentation update for adding bandwidth throttling support for
S3 File Gateways.
* api-change:``location``: This release adds the CalculateRouteMatrix API which calculates routes
for the provided departure and destination positions. The release also deprecates the use of
pricing plan across all verticals.
* api-change:``cloudtrail``: This release fixes a documentation bug in the description for the
readOnly field selector in advanced event selectors. The description now clarifies that users omit
the readOnly field selector to select both Read and Write management events.
* api-change:``ec2``: Add support for AWS Client VPN client login banner and session timeout.
- from version 1.23.37
* enhancement:Configuration: Adding support for `defaults_mode` configuration. The `defaults_mode`
will be used to determine how certain default configuration options are resolved in the SDK.
- from version 1.23.36
* api-change:``config``: Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis
resources
* api-change:``application-insights``: Application Insights support for Active Directory and
SharePoint
* api-change:``honeycode``: Added read and write api support for multi-select picklist. And added
errorcode field to DescribeTableDataImportJob API output, when import job fails.
* api-change:``ram``: This release adds the ListPermissionVersions API which lists the versions for
a given permission.
* api-change:``lookoutmetrics``: This release adds a new DeactivateAnomalyDetector API operation.
- Version update to 1.23.35
* api-change:``pinpoint``: Adds JourneyChannelSettings to WriteJourneyRequest
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``nimble``: Amazon Nimble Studio now supports validation for Launch Profiles. Launch
Profiles now report static validation results after create/update to detect errors in network or
active directory configuration.
* api-change:``glue``: This SDK release adds support to pass run properties when starting a
workflow run
* api-change:``ssm``: AWS Systems Manager adds category support for DescribeDocument API
* api-change:``elasticache``: AWS ElastiCache for Redis has added a new Engine Log LogType in
LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for Redis
clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
- from version 1.23.34
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``honeycode``: Honeycode is releasing new APIs to allow user to create, delete and
list tags on resources.
* api-change:``ec2``: Hpc6a instances are powered by a third-generation AMD EPYC processors (Milan)
delivering all-core turbo frequency of 3.4 GHz
* api-change:``fms``: Shield Advanced policies for Amazon CloudFront resources now support
automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData
ManagedServiceData is now 8192 characters, instead of 4096.
* api-change:``pi``: This release adds three Performance Insights APIs. Use
ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata,
and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in
DescribeDimensionKeys retrieves per-SQL metrics.
- from version 1.23.33
* api-change:``finspace-data``: Documentation updates for FinSpace.
* api-change:``rds``: This release adds the db-proxy event type to support subscribing to RDS Proxy
events.
* api-change:``ce``: Doc only update for Cost Explorer API that fixes missing clarifications for
MatchOptions definitions
* api-change:``kendra``: Amazon Kendra now supports advanced query language and query-less search.
* api-change:``workspaces``: Introducing new APIs for Workspaces audio optimization with Amazon
Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns, UpdateConnectClientAddIn and
DeleteConnectClientAddIn.
* api-change:``iotevents-data``: This release provides documentation updates for Timer.timestamp in
the IoT Events API Reference Guide.
* api-change:``ec2``: EC2 Capacity Reservations now supports RHEL instance platforms (RHEL with SQL
Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL with HA, RHEL with
HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
- from version 1.23.32
* api-change:``ec2``: New feature: Updated EC2 API to support faster launching for Windows images.
Optimized images are pre-provisioned, using snapshots to launch instances up to 65% faster.
* api-change:``compute-optimizer``: Adds support for new Compute Optimizer capability that makes it
easier for customers to optimize their EC2 instances by leveraging multiple CPU architectures.
* api-change:``lookoutmetrics``: This release adds FailureType in the response of
DescribeAnomalyDetector.
* api-change:``databrew``: This SDK release adds support for specifying a Bucket Owner for an S3
location.
* api-change:``transcribe``: Documentation updates for Amazon Transcribe.
- from version 1.23.31
* api-change:``medialive``: This release adds support for selecting the Program Date Time (PDT)
Clock source algorithm for HLS outputs.
- from version 1.23.30
* api-change:``ec2``: This release introduces On-Demand Capacity Reservation support for Cluster
Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
* api-change:``mediatailor``: This release adds support for filler slate when updating MediaTailor
channels that use the linear playback mode.
* api-change:``opensearch``: Amazon OpenSearch Service adds support for Fine Grained Access Control
for existing domains running Elasticsearch version 6.7 and above
* api-change:``iotwireless``: Downlink Queue Management feature provides APIs for customers to
manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view,
delete or purge the queued message(s). It allows customer to preempt the queued messages and let
more urgent messages go through.
* api-change:``es``: Amazon OpenSearch Service adds support for Fine Grained Access Control for
existing domains running Elasticsearch version 6.7 and above
* api-change:``mwaa``: This release adds a "/Source"/ field that provides the initiator of an update,
such as due to an automated patch from AWS or due to modification via Console or API.
* api-change:``appsync``: AppSync: AWS AppSync now supports configurable batching sizes for AWS
Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
- from version 1.23.29
* api-change:``cloudtrail``: This release adds support for CloudTrail Lake, a new feature that lets
you run SQL-based queries on events that you have aggregated into event data stores. New APIs have
been added for creating and managing event data stores, and creating, running, and managing queries
in CloudTrail Lake.
* api-change:``iot``: This release adds an automatic retry mechanism for AWS IoT Jobs. You can now
define a maximum number of retries for each Job rollout, along with the criteria to trigger the
retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
* api-change:``ec2``: This release adds a new API called
ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer
responsibility of their VPC Endpoint connections.
* api-change:``snowball``: Updating validation rules for interfaces used in the Snowball API to
tighten security of service.
* api-change:``lakeformation``: Add new APIs for 3rd Party Support for Lake Formation
* api-change:``appstream``: Includes APIs for App Entitlement management regarding entitlement and
entitled application association.
* api-change:``eks``: Amazon EKS now supports running applications using IPv6 address space
* api-change:``quicksight``: Multiple Doc-only updates for Amazon QuickSight.
* api-change:``ecs``: Documentation update for ticket fixes.
* api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.g5 instance
types.
* api-change:``glue``: Add Delta Lake target support for Glue Crawler and 3rd Party Support for
Lake Formation
- Version update to 1.23.28
* api-change:``rekognition``: This release introduces a new field IndexFacesModelVersion, which is
the version of the face detect and storage model that was used when indexing the face vector.
* api-change:``s3``: Minor doc-based updates based on feedback bugs received.
* enhancement:JSONFileCache: Add support for __delitem__ in JSONFileCache
* api-change:``s3control``: Documentation updates for the renaming of Glacier to Glacier Flexible
Retrieval.
- from version 1.23.27
* api-change:``sagemaker``: The release allows users to pass pipeline definitions as Amazon S3
locations and control the pipeline execution concurrency using ParallelismConfiguration. It also
adds support of EMR jobs as pipeline steps.
* api-change:``rds``: Multiple doc-only updates for Relational Database Service (RDS)
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added strength levels to the
Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
* api-change:``greengrassv2``: This release adds the API operations to manage the Greengrass role
associated with your account and to manage the core device connectivity information. Greengrass V2
customers can now depend solely on Greengrass V2 SDK for all the API operations needed to manage
their fleets.
* api-change:``detective``: Added and updated API operations to support the Detective integration
with AWS Organizations. New actions are used to manage the delegated administrator account and the
integration configuration.
- from version 1.23.26
* api-change:``nimble``: Amazon Nimble Studio adds support for users to upload files during a
streaming session using NICE DCV native client or browser.
* api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports updating message attributes
via channel flows
* api-change:``imagebuilder``: Added a note to infrastructure configuration actions and data types
concerning delivery of Image Builder event messages to encrypted SNS topics. The key that's used to
encrypt the SNS topic must reside in the account that Image Builder runs under.
* api-change:``workmail``: This release allows customers to change their email monitoring
configuration in Amazon WorkMail.
* api-change:``transfer``: Property for Transfer Family used with the FTPS protocol. TLS Session
Resumption provides a mechanism to resume or share a negotiated secret key between the control and
data connection for an FTPS session.
* api-change:``lookoutmetrics``: This release adds support for Causal Relationships. Added new
ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
* api-change:``mediaconnect``: You can now use the Fujitsu-QoS protocol for your MediaConnect
sources and outputs to transport content to and from Fujitsu devices.
* api-change:``qldb``: Amazon QLDB now supports journal exports in JSON and Ion Binary formats.
This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
- from version 1.23.25
* api-change:``customer-profiles``: This release adds an optional parameter, ObjectTypeNames to the
PutIntegration API to support multiple object types per integration option. Besides, this release
introduces Standard Order Objects which contain data from third party systems and each order object
belongs to a specific profile.
* api-change:``sagemaker``: This release adds a new ContentType field in AutoMLChannel for
SageMaker CreateAutoMLJob InputDataConfig.
* api-change:``forecast``: Adds ForecastDimensions field to the DescribeAutoPredictorResponse
* api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup,
LaunchConfiguration, and S3 buckets.
* api-change:``location``: Making PricingPlan optional as part of create resource API.
* api-change:``redshift``: This release adds API support for managed Redshift datashares. Customers
can now interact with a Redshift datashare that is managed by a different service, such as AWS Data
Exchange.
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``devops-guru``: Adds Tags support to DescribeOrganizationResourceCollectionHealth
* api-change:``imagebuilder``: This release adds support for importing and exporting VM Images as
part of the Image Creation workflow via EC2 VM Import/Export.
* api-change:``datasync``: AWS DataSync now supports FSx Lustre Locations.
* api-change:``finspace-data``: Make dataset description optional and allow s3 export for dataviews
- Version update to 1.23.24
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.23.23
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``network-firewall``: This release adds support for managed rule groups.
* api-change:``route53-recovery-control-config``: This release adds tagging supports to Route53
Recovery Control Configuration. New APIs: TagResource, UntagResource and ListTagsForResource.
Updates: add optional field `tags` to support tagging while calling CreateCluster,
CreateControlPanel and CreateSafetyRule.
* api-change:``ec2``: Adds waiters support for internet gateways.
* api-change:``sms``: This release adds SMS discontinuation information to the API and CLI
references.
* api-change:``route53domains``: Amazon Route 53 domain registration APIs now support filtering and
sorting in the ListDomains API, deleting a domain by using the DeleteDomain API and getting domain
pricing information by using the ListPrices API.
* api-change:``savingsplans``: Adds the ability to specify Savings Plans hourly commitments using
five digits after the decimal point.
- from version 1.23.22
* api-change:``lookoutvision``: This release adds new APIs for packaging an Amazon Lookout for
Vision model as an AWS IoT Greengrass component.
* api-change:``sagemaker``: This release added a new Ambarella device(amba_cv2) compilation support
for Sagemaker Neo.
* api-change:``comprehendmedical``: This release adds a new set of APIs (synchronous and batch) to
support the SNOMED-CT ontology.
* api-change:``health``: Documentation updates for AWS Health
* api-change:``logs``: This release adds AWS Organizations support as condition key in destination
policy for cross account Subscriptions in CloudWatch Logs.
* api-change:``outposts``: This release adds the UpdateOutpost API.
* api-change:``support``: Documentation updates for AWS Support.
* api-change:``iot``: This release allows customer to enable caching of custom authorizer on HTTP
protocol for clients that use persistent or Keep-Alive connection in order to reduce the number of
Lambda invocations.
- from version 1.23.21
* api-change:``location``: This release adds support for Accuracy position filtering, position
metadata and autocomplete for addresses and points of interest based on partial or misspelled
free-form text.
* api-change:``appsync``: AWS AppSync now supports custom domain names, allowing you to associate a
domain name that you own with an AppSync API in your account.
* api-change:``route53``: Add PriorRequestNotComplete exception to UpdateHostedZoneComment API
- from version 1.23.20
* api-change:``rekognition``: This release added new KnownGender types for Celebrity Recognition.
- from version 1.23.19
* api-change:``ram``: This release adds the ability to use the new ResourceRegionScope parameter on
List operations that return lists of resources or resource types. This new parameter filters the
results by letting you differentiate between global or regional resource types.
* api-change:``networkmanager``: This release adds API support for AWS Cloud WAN.
* api-change:``amplifyuibuilder``: This release introduces the actions and data types for the new
Amplify UI Builder API. The Amplify UI Builder API provides a programmatic interface for creating
and configuring user interface (UI) component libraries and themes for use in Amplify applications.
- from version 1.23.18
* api-change:``sagemaker``: This release enables - 1/ Inference endpoint configuration
recommendations and ability to run custom load tests to meet performance needs. 2/ Deploy
serverless inference endpoints. 3/ Query, filter and retrieve end-to-end ML lineage graph, and
incorporate model quality/bias detection in ML workflow.
* api-change:``kendra``: Experience Builder allows customers to build search applications without
writing code. Analytics Dashboard provides quality and usability metrics for Kendra indexes. Custom
Document Enrichment allows customers to build a custom ingestion pipeline to pre-process documents
and generate metadata.
* api-change:``directconnect``: Adds SiteLink support to private and transit virtual interfaces.
SiteLink is a new Direct Connect feature that allows routing between Direct Connect points of
presence.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``ec2``: This release adds support for Amazon VPC IP Address Manager (IPAM), which
enables you to plan, track, and monitor IP addresses for your workloads. This release also adds
support for VPC Network Access Analyzer, which enables you to analyze network access to resources
in your Virtual Private Clouds.
* api-change:``shield``: This release adds API support for Automatic Application Layer DDoS
Mitigation for AWS Shield Advanced. Customers can now enable automatic DDoS mitigation in count or
block mode for layer 7 protected resources.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``devops-guru``: DevOps Guru now provides detailed, database-specific analyses of
performance issues and recommends corrective actions for Amazon Aurora database instances with
Performance Insights turned on. You can also use AWS tags to choose which resources to analyze and
define your applications.
* api-change:``dynamodb``: Add support for Table Classes and introduce the Standard Infrequent
Access table class.
- from version 1.23.17
* api-change:``s3``: Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting
in S3 Object Ownership to disable ACLs for bucket and the objects in it.
* api-change:``backup-gateway``: Initial release of AWS Backup gateway which enables you to
centralize and automate protection of on-premises VMware and VMware Cloud on AWS workloads using
AWS Backup.
* api-change:``iot``: Added the ability to enable/disable IoT Fleet Indexing for Device Defender
and Named Shadow information, and search them through IoT Fleet Indexing APIs.
* api-change:``ec2``: This release adds support for Is4gen and Im4gn instances. This release also
adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are
logical networking components that connect an EC2 instance to your on-premises network.
* api-change:``outposts``: This release adds the SupportedHardwareType parameter to CreateOutpost.
* api-change:``storagegateway``: Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment
for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an
identifier for the HostEnvironment on which the gateway is running.
* api-change:``kinesis``: Amazon Kinesis Data Streams now supports on demand streams.
* api-change:``glue``: Support for DataLake transactions
* api-change:``accessanalyzer``: AWS IAM Access Analyzer now supports policy validation for
resource policies attached to S3 buckets and access points. You can run additional policy checks by
specifying the S3 resource type you want to attach to your resource policy.
* api-change:``lakeformation``: This release adds support for row and cell-based access control in
Lake Formation. It also adds support for Lake Formation Governed Tables, which support ACID
transactions and automatic storage optimizations.
* api-change:``kafka``: This release adds three new V2 APIs. CreateClusterV2 for creating both
provisioned and serverless clusters. DescribeClusterV2 for getting information about provisioned
and serverless clusters and ListClustersV2 for listing all clusters (both provisioned and
serverless) in your account.
* api-change:``redshift-data``: Data API now supports serverless queries.
* api-change:``snowball``: Tapeball is to integrate tape gateway onto snowball, it enables customer
to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the
cloud.
* api-change:``workspaces-web``: This is the initial SDK release for Amazon WorkSpaces Web. Amazon
WorkSpaces Web is a low-cost, fully managed WorkSpace built to deliver secure web-based workloads
and software-as-a-service (SaaS) application access to users within existing web browsers.
* api-change:``iottwinmaker``: AWS IoT TwinMaker makes it faster and easier to create, visualize
and monitor digital twins of real-world systems like buildings, factories and industrial equipment
to optimize operations. Learn more:
https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/Welcome.html (New Service) (Preview)
* api-change:``fsx``: This release adds support for the FSx for OpenZFS file system type, FSx for
Lustre file systems with the Persistent_2 deployment type, and FSx for Lustre file systems with
Amazon S3 data repository associations and automatic export policies.
- from version 1.23.16
* api-change:``s3``: Amazon S3 Event Notifications adds Amazon EventBridge as a destination and
supports additional event types. The PutBucketNotificationConfiguration API can now skip validation
of Amazon SQS, Amazon SNS and AWS Lambda destinations.
* api-change:``wellarchitected``: This update provides support for Well-Architected API users to
use custom lens features.
* api-change:``rum``: This is the first public release of CloudWatch RUM
* api-change:``rbin``: This release adds support for Recycle Bin.
* api-change:``iotsitewise``: AWS IoT SiteWise now supports retention configuration for the hot
tier storage.
* api-change:``compute-optimizer``: Adds support for the enhanced infrastructure metrics paid
feature. Also adds support for two new sets of resource efficiency metrics, including savings
opportunity metrics and performance improvement opportunity metrics.
* api-change:``ecr``: This release adds supports for pull through cache rules and enhanced scanning.
* api-change:``evidently``: Introducing Amazon CloudWatch Evidently. This is the first public
release of Amazon CloudWatch Evidently.
* api-change:``inspector2``: This release adds support for the new Amazon Inspector API. The new
Amazon Inspector can automatically discover and scan Amazon EC2 instances and Amazon ECR container
images for software vulnerabilities and unintended network exposure, and report centralized
findings across multiple AWS accounts.
* api-change:``ssm``: Added two new attributes to DescribeInstanceInformation called SourceId and
SourceType along with new string filters SourceIds and SourceTypes to filter instance records.
* api-change:``ec2``: This release adds support for G5g and M6a instances. This release also adds
support for Amazon EBS Snapshots Archive, a feature that enables you to archive your EBS snapshots;
and Recycle Bin, a feature that enables you to protect your EBS snapshots against accidental
deletion.
* api-change:``dataexchange``: This release enables providers and subscribers to use Data Set, Job,
and Asset operations to work with API assets from Amazon API Gateway. In addition, this release
enables subscribers to use the SendApiAsset operation to invoke a provider's Amazon API Gateway API
that they are entitled to.
- from version 1.23.15
* api-change:``migration-hub-refactor-spaces``: This is the initial SDK release for AWS Migration
Hub Refactor Spaces
* api-change:``textract``: This release adds support for synchronously analyzing identity documents
through a new API: AnalyzeID
* api-change:``personalize-runtime``: This release adds inference support for Recommenders.
* api-change:``personalize``: This release adds API support for Recommenders and BatchSegmentJobs.
- from version 1.23.14
* api-change:``autoscaling``: Documentation updates for Amazon EC2 Auto Scaling.
* api-change:``mgn``: Application Migration Service now supports an additional replication method
that does not require agent installation on each source server. This option is available for source
servers running on VMware vCenter versions 6.7 and 7.0.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``iotdeviceadvisor``: Documentation update for Device Advisor GetEndpoint API
* api-change:``pinpoint``: Added a One-Time Password (OTP) management feature. You can use the
Amazon Pinpoint API to generate OTP codes and send them to your users as SMS messages. Your apps
can then call the API to verify the OTP codes that your users input
* api-change:``outposts``: This release adds new APIs for working with Outpost sites and orders.
- from version 1.23.13
* api-change:``timestream-query``: Releasing Amazon Timestream Scheduled Queries. It makes
real-time analytics more performant and cost-effective for customers by calculating and storing
frequently accessed aggregates, and other computations, typically used in operational dashboards,
business reports, and other analytics applications
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``proton``: This release adds APIs for getting the outputs and provisioned stacks for
Environments, Pipelines, and ServiceInstances. You can now add tags to
EnvironmentAccountConnections. It also adds APIs for working with PR-based provisioning. Also, it
adds APIs for syncing templates with a git repository.
* api-change:``translate``: This release enables customers to use translation settings to mask
profane words and phrases in their translation output.
* api-change:``lambda``: Remove Lambda function url apis
* api-change:``imagebuilder``: This release adds support for sharing AMIs with Organizations within
an EC2 Image Builder Distribution Configuration.
* api-change:``customer-profiles``: This release introduces a new auto-merging feature for profile
matching. The auto-merging configurations can be set via CreateDomain API or UpdateDomain API. You
can use GetIdentityResolutionJob API and ListIdentityResolutionJobs API to fetch job status.
* api-change:``autoscaling``: Customers can now configure predictive scaling policies to
proactively scale EC2 Auto Scaling groups based on any CloudWatch metrics that more accurately
represent the load on the group than the four predefined metrics. They can also use math
expressions to further customize the metrics.
* api-change:``timestream-write``: This release adds support for multi-measure records and magnetic
store writes. Multi-measure records allow customers to store multiple measures in a single table
row. Magnetic store writes enable customers to write late arrival data (data with timestamp in the
past) directly into the magnetic store.
* api-change:``iotsitewise``: AWS IoT SiteWise now accepts data streams that aren't associated with
any asset properties. You can organize data by updating data stream associations.
- from version 1.23.12
* api-change:``redshift``: This release adds support for reserved node exchange with restore/resize
* api-change:``elasticache``: Adding support for r6gd instances for Redis with data tiering. In a
cluster with data tiering enabled, when available memory capacity is exhausted, the least recently
used data is automatically tiered to solid state drives for cost-effective capacity scaling with
minimal performance impact.
* api-change:``opensearch``: This release adds an optional parameter dry-run for the
UpdateDomainConfig API to perform basic validation checks, and detect the deployment type that will
be required for the configuration change, without actually applying the change.
* api-change:``backup``: This release adds new opt-in settings for advanced features for DynamoDB
backups
* api-change:``iot``: This release introduces a new feature, Managed Job Template, for AWS IoT Jobs
Service. Customers can now use service provided managed job templates to easily create jobs for
supported standard job actions.
* api-change:``iotwireless``: Two new APIs, GetNetworkAnalyzerConfiguration and
UpdateNetworkAnalyzerConfiguration, are added for the newly released Network Analyzer feature which
enables customers to view real-time frame information and logs from LoRaWAN devices and gateways.
* api-change:``workspaces``: Documentation updates for Amazon WorkSpaces
* api-change:``s3``: Introduce two new Filters to S3 Lifecycle configurations -
ObjectSizeGreaterThan and ObjectSizeLessThan. Introduce a new way to trigger actions on noncurrent
versions by providing the number of newer noncurrent versions along with noncurrent days.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``macie2``: Documentation updates for Amazon Macie
* api-change:``ec2``: This release adds a new parameter ipv6Native to the allow creation of
IPv6-only subnets using the CreateSubnet operation, and the operation ModifySubnetAttribute
includes new parameters to modify subnet attributes to use resource-based naming and enable DNS
resolutions for Private DNS name.
* api-change:``sqs``: Amazon SQS adds a new queue attribute, SqsManagedSseEnabled, which enables
server-side queue encryption using SQS owned encryption keys.
* api-change:``ecs``: Documentation update for ARM support on Amazon ECS.
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``finspace-data``: Update documentation for createChangeset API.
* api-change:``dynamodb``: DynamoDB PartiQL now supports ReturnConsumedCapacity, which returns
capacity units consumed by PartiQL APIs if the request specified returnConsumedCapacity parameter.
PartiQL APIs include ExecuteStatement, BatchExecuteStatement, and ExecuteTransaction.
* api-change:``lambda``: Release Lambda event source filtering for SQS, Kinesis Streams, and
DynamoDB Streams.
* api-change:``iotdeviceadvisor``: This release introduces a new feature for Device Advisor:
ability to execute multiple test suites in parallel for given customer account. You can use
GetEndpoint API to get the device-level test endpoint and call StartSuiteRun with
"/parallelRun=true"/ to run suites in parallel.
* api-change:``rds``: Adds support for Multi-AZ DB clusters for RDS for MySQL and RDS for
PostgreSQL.
- from version 1.23.11
* api-change:``connect``: This release adds support for UpdateContactFlowMetadata,
DeleteContactFlow and module APIs. For details, see the Release Notes in the Amazon Connect
Administrator Guide.
* api-change:``dms``: Added new S3 endpoint settings to allow to convert the current UTC time into
a specified time zone when a date partition folder is created. Using with 'DatePartitionedEnabled'.
* api-change:``es``: This release adds an optional parameter dry-run for the
UpdateElasticsearchDomainConfig API to perform basic validation checks, and detect the deployment
type that will be required for the configuration change, without actually applying the change.
* api-change:``ssm``: Adds new parameter to CreateActivation API . This parameter is for "/internal
use only"/.
* api-change:``chime-sdk-meetings``: Added new APIs for enabling Echo Reduction with Voice Focus.
* api-change:``eks``: Adding missing exceptions to RegisterCluster operation
* api-change:``quicksight``: Add support for Exasol data source, 1 click enterprise embedding and
email customization.
* api-change:``cloudformation``: This release include SDK changes for the feature launch of Stack
Import to Service Managed StackSet.
* api-change:``rds``: Adds local backup support to Amazon RDS on AWS Outposts.
* api-change:``braket``: This release adds support for Amazon Braket Hybrid Jobs.
* api-change:``s3control``: Added Amazon CloudWatch publishing option for S3 Storage Lens metrics.
* api-change:``finspace-data``: Add new APIs for managing Datasets, Changesets, and Dataviews.
- from version 1.23.10
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``cloudformation``: The StackSets ManagedExecution feature will allow concurrency for
non-conflicting StackSet operations and queuing the StackSet operations that conflict at a given
time for later execution.
* api-change:``redshift``: Added support of default IAM role for CreateCluster,
RestoreFromClusterSnapshot and ModifyClusterIamRoles APIs
* api-change:``lambda``: Add support for Lambda Function URLs. Customers can use Function URLs to
create built-in HTTPS endpoints on their functions.
* api-change:``appstream``: Includes APIs for managing resources for Elastic fleets: applications,
app blocks, and application-fleet associations.
* api-change:``medialive``: This release adds support for specifying a SCTE-35 PID on input.
MediaLive now supports SCTE-35 PID selection on inputs containing one or more active SCTE-35 PIDs.
* api-change:``batch``: Documentation updates for AWS Batch.
* api-change:``application-insights``: Application Insights now supports monitoring for HANA
- from version 1.23.9
* api-change:``ivs``: Add APIs for retrieving stream session information and support for filtering
live streams by health. For more information, see
https://docs.aws.amazon.com/ivs/latest/userguide/stream-health.html
* api-change:``lambda``: Added support for CLIENT_CERTIFICATE_TLS_AUTH and
SERVER_ROOT_CA_CERTIFICATE as SourceAccessType for MSK and Kafka event source mappings.
* api-change:``chime``: Adds new Transcribe API parameters to StartMeetingTranscription, including
support for content identification and redaction (PII & PHI), partial results stabilization, and
custom language models.
* api-change:``chime-sdk-meetings``: Adds new Transcribe API parameters to
StartMeetingTranscription, including support for content identification and redaction (PII & PHI),
partial results stabilization, and custom language models.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Dashboard
views. You can now view insights data for your active assessments, and quickly identify
non-compliant evidence that needs to be remediated.
* api-change:``databrew``: This SDK release adds the following new features: 1) PII detection in
profile jobs, 2) Data quality rules, enabling validation of data quality in profile jobs, 3) SQL
query-based datasets for Amazon Redshift and Snowflake data sources, and 4) Connecting DataBrew
datasets with Amazon AppFlow flows.
* api-change:``redshift-data``: Rolling back Data API serverless features until dependencies are
live.
* api-change:``kafka``: Amazon MSK has added a new API that allows you to update the connectivity
settings for an existing cluster to enable public accessibility.
* api-change:``forecast``: NEW CreateExplanability API that helps you understand how attributes
such as price, promotion, etc. contributes to your forecasted values; NEW CreateAutoPredictor API
that trains up to 40% more accurate forecasting model, saves up to 50% of retraining time, and
provides model level explainability.
* api-change:``appconfig``: Add Type to support feature flag configuration profiles
- from version 1.23.8
* api-change:``appconfigdata``: AWS AppConfig Data is a new service that allows you to retrieve
configuration deployed by AWS AppConfig. See the AppConfig user guide for more details on getting
started. https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html
* api-change:``drs``: Introducing AWS Elastic Disaster Recovery (AWS DRS), a new service that
minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based
applications using affordable storage, minimal compute, and point-in-time recovery.
* api-change:``apigateway``: Documentation updates for Amazon API Gateway.
* api-change:``sns``: Amazon SNS introduces the PublishBatch API, which enables customers to
publish up to 10 messages per API request. The new API is valid for Standard and FIFO topics.
* api-change:``redshift-data``: Data API now supports serverless requests.
* api-change:``amplifybackend``: New APIs to support the Amplify Storage category. Add and manage
file storage in your Amplify app backend.
- from version 1.23.7
* api-change:``location``: This release adds the support for Relevance, Distance, Time Zone,
Language and Interpolated Address for Geocoding and Reverse Geocoding.
* api-change:``cloudtrail``: CloudTrail Insights now supports ApiErrorRateInsight, which enables
customers to identify unusual activity in their AWS account based on API error codes and their rate.
- from version 1.23.6
* api-change:``migrationhubstrategy``: AWS SDK for Migration Hub Strategy Recommendations. It
includes APIs to start the portfolio assessment, import portfolio data for assessment, and to
retrieve recommendations. For more information, see the AWS Migration Hub documentation at
https://docs.aws.amazon.com/migrationhub/index.html
* api-change:``ec2``: Adds a new VPC Subnet attribute "/EnableDns64."/ When enabled on IPv6 Subnets,
the Amazon-Provided DNS Resolver returns synthetic IPv6 addresses for IPv4-only destinations.
* api-change:``wafv2``: Your options for logging web ACL traffic now include Amazon CloudWatch Logs
log groups and Amazon S3 buckets.
* api-change:``dms``: Add Settings in JSON format for the source GCP MySQL endpoint
* api-change:``ssm``: Adds support for Session Reason and Max Session Duration for Systems Manager
Session Manager.
* api-change:``appstream``: This release includes support for images of AmazonLinux2 platform type.
* api-change:``eks``: Adding Tags support to Cluster Registrations.
* api-change:``transfer``: AWS Transfer Family now supports integrating a custom identity provider
using AWS Lambda
- from version 1.23.5
* api-change:``ec2``: C6i instances are powered by a third-generation Intel Xeon Scalable processor
(Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature up to 8 NVIDIA A10G
Tensor Core GPUs and second generation AMD EPYC processors.
* api-change:``ssm``: This Patch Manager release supports creating Patch Baselines for RaspberryPi
OS (formerly Raspbian)
* api-change:``devops-guru``: Add support for cross account APIs.
* api-change:``connect``: This release adds APIs for creating and managing scheduled tasks.
Additionally, adds APIs to describe and update a contact and list associated references.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added automatic modes for GOP
configuration and added the ability to ingest screen recordings generated by Safari on MacOS 12
Monterey.
- from version 1.23.4
* api-change:``dynamodb``: Updated Help section for "/dynamodb update-contributor-insights"/ API
* api-change:``ec2``: This release provides an additional route target for the VPC route table.
* api-change:``translate``: This release enables customers to import Multi-Directional Custom
Terminology and use Multi-Directional Custom Terminology in both real-time translation and
asynchronous batch translation.
- from version 1.23.3
* api-change:``backup``: AWS Backup SDK provides new options when scheduling backups: select
supported services and resources that are assigned to a particular tag, linked to a combination of
tags, or can be identified by a partial tag value, and exclude resources from their assignments.
* api-change:``ecs``: This release adds support for container instance health.
* api-change:``resiliencehub``: Initial release of AWS Resilience Hub, a managed service that
enables you to define, validate, and track the resilience of your applications on AWS
- from version 1.23.2
* api-change:``batch``: Adds support for scheduling policy APIs.
* api-change:``health``: Documentation updates for AWS Health.
* api-change:``greengrassv2``: This release adds support for Greengrass core devices running
Windows. You can now specify name of a Windows user to run a component.
- from version 1.23.1
* bugfix:urllib3: Fix NO_OP_TICKET import bug in older versions of urllib3
- from version 1.23.0
* feature:EndpointResolver: Adding support for resolving modeled FIPS and Dualstack endpoints.
* feature:``six``: Updated vendored version of ``six`` from 1.10.0 to 1.16.0
* api-change:``sagemaker``: SageMaker CreateEndpoint and UpdateEndpoint APIs now support additional
deployment configuration to manage traffic shifting options and automatic rollback monitoring.
DescribeEndpoint now shows new in-progress deployment details with stage status.
* api-change:``chime-sdk-meetings``: Updated format validation for ids and regions.
* api-change:``wafv2``: You can now configure rules to run a CAPTCHA check against web requests
and, as needed, send a CAPTCHA challenge to the client.
* api-change:``ec2``: This release adds internal validation on the GatewayAssociationState field
- from version 1.22.12
* api-change:``ec2``: DescribeInstances now returns customer-owned IP addresses for instances
running on an AWS Outpost.
* api-change:``translate``: This release enable customers to use their own KMS keys to encrypt
output files when they submit a batch transform job.
* api-change:``resourcegroupstaggingapi``: Documentation updates and improvements.
- from version 1.22.11
* api-change:``chime-sdk-meetings``: The Amazon Chime SDK Meetings APIs allow software developers
to create meetings and attendees for interactive audio, video, screen and content sharing in custom
meeting applications which use the Amazon Chime SDK.
* api-change:``sagemaker``: ListDevices and DescribeDevice now show Edge Manager agent version.
* api-change:``connect``: This release adds CRUD operation support for Security profile resource in
Amazon Connect
* api-change:``iotwireless``: Adding APIs for the FUOTA (firmware update over the air) and
multicast for LoRaWAN devices and APIs to support event notification opt-in feature for Sidewalk
related events. A few existing APIs need to be modified for this new feature.
* api-change:``ec2``: This release adds a new instance replacement strategy for EC2 Fleet, Spot
Fleet. Now you can select an action to perform when your instance gets a rebalance notification.
EC2 Fleet, Spot Fleet can launch a replacement then terminate the instance that received
notification after a termination delay
- from version 1.22.10
* api-change:``finspace``: Adds superuser and data-bundle parameters to CreateEnvironment API
* api-change:``connectparticipant``: This release adds a new boolean attribute - Connect
Participant - to the CreateParticipantConnection API, which can be used to mark the participant as
connected.
* api-change:``datasync``: AWS DataSync now supports Hadoop Distributed File System (HDFS) Locations
* api-change:``macie2``: This release adds support for specifying the severity of findings that a
custom data identifier produces, based on the number of occurrences of text that matches the
detection criteria.
- from version 1.22.9
* api-change:``cloudfront``: CloudFront now supports response headers policies to add HTTP headers
to the responses that CloudFront sends to viewers. You can use these policies to add CORS headers,
control browser caching, and more, without modifying your origin or writing any code.
* api-change:``connect``: Amazon Connect Chat now supports real-time message streaming.
* api-change:``nimble``: Amazon Nimble Studio adds support for users to stop and start streaming
sessions.
- from version 1.22.8
* api-change:``rekognition``: This Amazon Rekognition Custom Labels release introduces the
management of datasets with projects
* api-change:``networkmanager``: This release adds API support to aggregate resources, routes, and
telemetry data across a Global Network.
* api-change:``lightsail``: This release adds support to enable access logging for buckets in the
Lightsail object storage service.
* api-change:``neptune``: Adds support for major version upgrades to ModifyDbCluster API
- from version 1.22.7
* api-change:``transcribe``: Transcribe and Transcribe Call Analytics now support automatic
language identification along with custom vocabulary, vocabulary filter, custom language model and
PII redaction.
* api-change:``application-insights``: Added Monitoring support for SQL Server Failover Cluster
Instance. Additionally, added a new API to allow one-click monitoring of containers resources.
* api-change:``rekognition``: This release added new attributes to Rekognition Video
GetCelebrityRecognition API operations.
* api-change:``connect``: Amazon Connect Chat now supports real-time message streaming.
* api-change:``ec2``: Support added for AMI sharing with organizations and organizational units in
ModifyImageAttribute API
- Version update to 1.22.6
* api-change:``gamelift``: Added support for Arm-based AWS Graviton2 instances,
such as M6g, C6g, and R6g.
* api-change:``ecs``: Amazon ECS now supports running Fargate tasks on Windows
Operating Systems Families which includes Windows Server 2019 Core and Windows
Server 2019 Full.
* api-change:``sagemaker``: This release adds support for RStudio on SageMaker.
* api-change:``connectparticipant``: This release adds a new boolean attribute
- Connect Participant - to the CreateParticipantConnection API, which can be
used to mark the participant as connected.
* api-change:``ec2``: Added new read-only DenyAllIGWTraffic network interface
attribute. Added support for DL1 24xlarge instances powered by Habana Gaudi
Accelerators for deep learning model training workloads
* api-change:``ssm-incidents``: Updating documentation, adding new field to
ConflictException to indicate earliest retry timestamp for some operations,
increase maximum length of nextToken fields
- from version 1.22.5
* api-change:``autoscaling``: This release adds support for attribute-based
instance type selection, a new EC2 Auto Scaling feature that lets customers
express their instance requirements as a set of attributes, such as vCPU,
memory, and storage.
* api-change:``ec2``: This release adds: attribute-based instance type selection
for EC2 Fleet, Spot Fleet, a feature that lets customers express instance
requirements as attributes like vCPU, memory, and storage; and Spot placement
score, a feature that helps customers identify an optimal location to run
Spot workloads.
* api-change:``eks``: EKS managed node groups now support BOTTLEROCKET_x86_64
and BOTTLEROCKET_ARM_64 AMI types.
* api-change:``sagemaker``: This release allows customers to describe one or
more versioned model packages through BatchDescribeModelPackage, update
project via UpdateProject, modify and read customer metadata properties
using Create, Update and Describe ModelPackage and enables cross account
registration of model packages.
* enhancement:Session: Added `get_partition_for_region` allowing partition
lookup by region name.
* api-change:``textract``: This release adds support for asynchronously analyzing
invoice and receipt documents through two new APIs: StartExpenseAnalysis and
GetExpenseAnalysis
- from version 1.22.4
* api-change:``emr-containers``: This feature enables auto-generation of certificate
to secure the managed-endpoint and removes the need for customer provided
certificate-arn during managed-endpoint setup.
* api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports push
notifications through Amazon Pinpoint
* api-change:``chime-sdk-identity``: The Amazon Chime SDK now supports push
notifications through Amazon Pinpoint
- from version 1.22.3
* api-change:``rds``: This release adds support for Amazon RDS Custom, which
is a new RDS management type that gives you full access to your database
and operating system.
For more information, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-custom.html
* api-change:``auditmanager``: This release introduces a new feature for Audit
Manager: Custom framework sharing. You can now share your custom frameworks
with another AWS account, or replicate them into another AWS Region under
your own account.
* api-change:``ec2``: This release adds support to create a VPN Connection
that is not attached to a Gateway at the time of creation. Use this to
create VPNs associated with Core Networks, or modify your VPN and attach
a gateway using the modify API after creation.
* api-change:``route53resolver``: New API for ResolverConfig, which allows
autodefined rules for reverse DNS resolution to be disabled for a VPC
- from version 1.22.2
* api-change:``quicksight``: Added QSearchBar option for GenerateEmbedUrlForRegisteredUser
ExperienceConfiguration to support Q search bar embedding
* api-change:``auditmanager``: This release introduces character restrictions for
ControlSet names. We updated regex patterns for the following attributes:
ControlSet, CreateAssessmentFrameworkControlSet, and UpdateAssessmentFrameworkControlSet.
* api-change:``chime``: Chime VoiceConnector and VoiceConnectorGroup APIs
will now return an ARN.
- from version 1.22.1
* api-change:``connect``: Released Amazon Connect hours of operation API for
general availability (GA). This API also supports AWS CloudFormation. For
more information, see Amazon Connect Resource Type Reference in the AWS
CloudFormation User Guide.
- from version 1.22.0
* api-change:``appflow``: Feature to add support for JSON-L format
for S3 as a source.
* api-change:``mediapackage-vod``: MediaPackage passes through digital
video broadcasting (DVB) subtitles into the output.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added
support for specifying caption time delta in milliseconds and the ability
to apply color range legalization to source content other than AVC video.
* api-change:``mediapackage``: When enabled, MediaPackage passes through
digital video broadcasting (DVB) subtitles into the output.
* api-change:``panorama``: General availability for AWS Panorama. AWS SDK
for Panorama includes APIs to manage your devices and nodes, and deploy
computer vision applications to the edge. For more information, see the
AWS Panorama documentation at http://docs.aws.amazon.com/panorama
* feature:Serialization: rest-json serialization defaults aligned across AWS SDKs
* api-change:``directconnect``: This release adds 4 new APIS, which needs to be public able
* api-change:``securityhub``: Added support for cross-Region finding aggregation,
which replicates findings from linked Regions to a single aggregation Region.
Added operations to view, enable, update, and delete the finding aggregation.
- from version 1.21.65
* api-change:``dataexchange``: This release adds support for our public preview
of AWS Data Exchange for Amazon Redshift. This enables data providers to list
products including AWS Data Exchange datashares for Amazon Redshift, giving
subscribers read-only access to provider data in Amazon Redshift.
* api-change:``chime-sdk-messaging``: The Amazon Chime SDK now allows developers
to execute business logic on in-flight messages before they are delivered to
members of a messaging channel with channel flows.
- from version 1.21.64
* api-change:``quicksight``: AWS QuickSight Service Features - Add IP Restriction
UI and public APIs support.
* enchancement:AWSCRT: Upgrade awscrt extra to 0.12.5
* api-change:``ivs``: Bug fix: remove unsupported maxResults and nextToken
pagination parameters from ListTagsForResource
- from version 1.21.63
* api-change:``efs``: Update efs client to latest version
* api-change:``glue``: Enable S3 event base crawler API.
- from version 1.21.62
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``autoscaling``: Amazon EC2 Auto Scaling now supports filtering
describe Auto Scaling groups API using tags
* api-change:``sagemaker``: This release updates the provisioning artifact ID
to an optional parameter in CreateProject API. The provisioning artifact ID
defaults to the latest provisioning artifact ID of the product if you don't
provide one.
* api-change:``robomaker``: Adding support to GPU simulation jobs as well
as non-ROS simulation jobs.
- from version 1.21.61
* api-change:``config``: Adding Config support for AWS::OpenSearch::Domain
* api-change:``ec2``: This release adds support for additional VPC Flow Logs
delivery options to S3, such as Apache Parquet formatted files, Hourly
partitions and Hive-compatible S3 prefixes
* api-change:``storagegateway``: Adding support for Audit Logs on NFS shares
and Force Closing Files on SMB shares.
* api-change:``workmail``: This release adds APIs for adding, removing and
retrieving details of mail domains
* api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.13 in Kinesis
Data Analytics. Changed the required status of some Update properties to better
fit the corresponding Create properties.
- from version 1.21.60
* api-change:``cloudsearch``: Adds an additional validation exception for
Amazon CloudSearch configuration APIs for better error handling.
* api-change:``ecs``: Documentation only update to address tickets.
* api-change:``mediatailor``: MediaTailor now supports ad prefetching.
* api-change:``ec2``: EncryptionSupport for InstanceStorageInfo added
to DescribeInstanceTypes API
- from version 1.21.59
* api-change:``elbv2``: Update elbv2 client to latest version
* bugfix:Signing: SigV4QueryAuth and CrtSigV4QueryAuth now properly respect
AWSRequest.params while signing boto/botocore (#2521)
* api-change:``medialive``: This release adds support for Transport Stream
files as an input type to MediaLive encoders.
* api-change:``ec2``: Documentation update for Amazon EC2.
* api-change:``frauddetector``: New model type: Transaction Fraud Insights,
which is optimized for online transaction fraud. Stored Events, which allows
customers to send and store data directly within Amazon Fraud Detector.
Batch Import, which allows customers to upload a CSV file of historic
event data for processing and storage
- from version 1.21.58
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``securityhub``: Added new resource details objects to ASFF,
including resources for WAF rate-based rules, EC2 VPC endpoints, ECR
repositories, EKS clusters, X-Ray encryption, and OpenSearch domains.
Added additional details for CloudFront distributions, CodeBuild projects,
ELB V2 load balancers, and S3 buckets.
* api-change:``mediaconvert``: AWS Elemental MediaConvert has added the ability
to set account policies which control access restrictions for HTTP, HTTPS,
and S3 content sources.
* api-change:``ec2``: This release removes a requirement for filters on
SearchLocalGatewayRoutes operations.
- from version 1.21.57
* api-change:``kendra``: Amazon Kendra now supports indexing and querying
documents in different languages.
* api-change:``grafana``: Initial release of the SDK for Amazon Managed Grafana API.
* api-change:``firehose``: Allow support for Amazon Opensearch Service(successor
to Amazon Elasticsearch Service) as a Kinesis Data Firehose delivery destination.
* api-change:``backup``: Launch of AWS Backup Vault Lock, which protects your
backups from malicious and accidental actions, works with existing backup policies,
and helps you meet compliance requirements.
* api-change:``schemas``: Removing unused request/response objects.
* api-change:``chime``: This release enables customers to configure Chime
MediaCapturePipeline via API.
- from version 1.21.56
* api-change:``sagemaker``: This release adds a new TrainingInputMode FastFile
for SageMaker Training APIs.
* api-change:``amplifybackend``: Adding a new field 'AmplifyFeatureFlags' to the
response of the GetBackend operation. It will return a stringified version of
the cli.json file for the given Amplify project.
* api-change:``fsx``: This release adds support for Lustre 2.12 to FSx for Lustre.
* api-change:``kendra``: Amazon Kendra now supports integration with AWS SSO
- from version 1.21.55
* api-change:``workmail``: This release allows customers to change their inbound
DMARC settings in Amazon WorkMail.
* api-change:``location``: Add support for PositionFiltering.
* api-change:``application-autoscaling``: With this release, Application Auto
Scaling adds support for Amazon Neptune. Customers can now automatically add
or remove Read Replicas of their Neptune clusters to keep the average CPU
Utilization at the target value specified by the customers.
* api-change:``ec2``: Released Capacity Reservation Fleet, a feature of Amazon
EC2 Capacity Reservations, which provides a way to manage reserved capacity
across instance types.
For more information: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-fleets.html
* api-change:``glue``: This release adds tag as an input of CreateConnection
* api-change:``backup``: AWS Backup Audit Manager framework report.
- Remove unnecessary dependencies from BuildRequires
- Skip integration tests as these require an internet connection
- Switch package to multibuild and split tests into separate package
- Switch tests from nose to pytest
- Version update to 1.21.54
* api-change:``codebuild``: CodeBuild now allows you to select how batch
build statuses are sent to the source provider for a project.
* api-change:``efs``: Update efs client to latest version
* api-change:``kms``: Added SDK examples for ConnectCustomKeyStore, CreateCustomKeyStore,
CreateKey, DeleteCustomKeyStore, DescribeCustomKeyStores, DisconnectCustomKeyStore,
GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GetPublicKey, ReplicateKey,
Sign, UpdateCustomKeyStore and Verify APIs
- from version 1.21.53
* api-change:``synthetics``: CloudWatch Synthetics now enables customers to choose a customer
managed AWS KMS key or an Amazon S3-managed key instead of an AWS managed key (default)
for the encryption of artifacts that the canary stores in Amazon S3. CloudWatch Synthetics
also supports artifact S3 location updation now.
* api-change:``ssm``: When "/AutoApprovable"/ is true for a Change Template, then specifying
- -auto-approve (boolean) in Start-Change-Request-Execution will create a change request
that bypasses approver review. (except for change calendar restrictions)
* api-change:``apprunner``: This release contains several minor bug fixes.
- from version 1.21.52
* api-change:``network-firewall``: This release adds support for strict ordering for stateful
rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which
you provide them.
* api-change:``dataexchange``: This release enables subscribers to set up automatic exports of
newly published revisions using the new EventAction API.
* api-change:``workmail``: This release adds support for mobile device access overrides management
in Amazon WorkMail.
* api-change:``account``: This release of the Account Management API enables customers to manage
the alternate contacts for their AWS accounts.
For more information, see https://docs.aws.amazon.com/accounts/latest/reference/accounts-welcome.html
* api-change:``workspaces``: Added CreateUpdatedWorkspaceImage API to update WorkSpace images with
latest software and drivers. Updated DescribeWorkspaceImages API to display if there are updates
available for WorkSpace images.
* api-change:``cloudcontrol``: Initial release of the SDK for AWS Cloud Control API
* api-change:``macie2``: Amazon S3 bucket metadata now indicates whether an error or a bucket's
permissions settings prevented Amazon Macie from retrieving data about the bucket or the bucket's
objects.
- from version 1.21.51
* api-change:``lambda``: Adds support for Lambda functions powered by AWS Graviton2 processors.
Customers can now select the CPU architecture for their functions.
* api-change:``sesv2``: This release includes the ability to use 2048 bits RSA key pairs for DKIM
in SES, either with Easy DKIM or Bring Your Own DKIM.
* api-change:``amp``: This release adds alert manager and rule group namespace APIs
- from version 1.21.50
* api-change:``transfer``: Added changes for managed workflows feature APIs.
* api-change:``imagebuilder``: Fix description for AmiDistributionConfiguration Name property,
which actually refers to the output AMI name. Also updated for consistent terminology to use
"/base"/ image, and another update to fix description text.
- from version 1.21.49
* api-change:``appintegrations``: The Amazon AppIntegrations service enables you to configure
and reuse connections to external applications.
* api-change:``wisdom``: Released Amazon Connect Wisdom, a feature of Amazon Connect, which provides
real-time recommendations and search functionality in general availability (GA).
For more information, see https://docs.aws.amazon.com/wisdom/latest/APIReference/Welcome.html.
* api-change:``pinpoint``: Added support for journey with contact center activity
* api-change:``voice-id``: Released the Amazon Voice ID SDK, for usage with the Amazon Connect
Voice ID feature released for Amazon Connect.
* api-change:``connect``: This release updates a set of APIs: CreateIntegrationAssociation,
ListIntegrationAssociations, CreateUseCase, and StartOutboundVoiceContact. You can use it to
create integrations with Amazon Pinpoint for the Amazon Connect Campaigns use case, Amazon
Connect Voice ID, and Amazon Connect Wisdom.
* api-change:``elbv2``: Update elbv2 client to latest version
- from version 1.21.48
* api-change:``license-manager``: AWS License Manager now allows customers to get the LicenseArn
in the Checkout API Response.
* api-change:``ec2``: DescribeInstances now returns Platform Details, Usage Operation, and Usage
Operation Update Time.
- from version 1.21.47
* api-change:``mediaconvert``: This release adds style and positioning support for caption or
subtitle burn-in from rich text sources such as TTML. This release also introduces configurable
image-based trick play track generation.
* api-change:``appsync``: Documented the new OpenSearchServiceDataSourceConfig data type. Added
deprecation notes to the ElasticsearchDataSourceConfig data type.
* api-change:``ssm``: Added cutoff behavior support for preventing new task invocations from
starting when the maintenance window cutoff time is reached.
- from version 1.21.46
* api-change:``imagebuilder``: This feature adds support for specifying GP3 volume throughput and
configuring instance metadata options for instances launched by EC2 Image Builder.
* api-change:``wafv2``: Added the regex match rule statement, for matching web requests against
a single regular expression.
* api-change:``mediatailor``: This release adds support to configure logs for playback configuration.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``iam``: Added changes to OIDC API about not using port numbers in the URL.
* api-change:``license-manager``: AWS License Manager now allows customers to change their Windows
Server or SQL license types from Bring-Your-Own-License (BYOL) to License Included or vice-versa
(using the customer's media).
* api-change:``mediapackage-vod``: MediaPackage VOD will now return the current processing statuses
of an asset's endpoints. The status can be QUEUED, PROCESSING, PLAYABLE, or FAILED.
- from version 1.21.45
* api-change:``comprehend``: Amazon Comprehend now supports versioning of custom models, improved
training with ONE_DOC_PER_FILE text documents for custom entity recognition, ability to provide
specific test sets during training, and live migration to new model endpoints.
* api-change:``iot``: This release adds support for verifying, viewing and filtering AWS IoT Device
Defender detect violations with four verification states.
* api-change:``ecr``: This release adds additional support for repository replication
* api-change:``ec2``: This update adds support for downloading configuration templates using new
APIs (GetVpnConnectionDeviceTypes and GetVpnConnectionDeviceSampleConfiguration) and Internet
Key Exchange version 2 (IKEv2) parameters for many popular CGW devices.
- from version 1.21.44
* api-change:``opensearch``: This release adds an optional parameter in the ListDomainNames API to
filter domains based on the engine type (OpenSearch/Elasticsearch).
* api-change:``es``: This release adds an optional parameter in the ListDomainNames API to filter
domains based on the engine type (OpenSearch/Elasticsearch).
* api-change:``dms``: Optional flag force-planned-failover added to reboot-replication-instance
API call. This flag can be used to test a planned failover scenario used during some maintenance
operations.
- from version 1.21.43
* api-change:``kafkaconnect``: This is the initial SDK release for Amazon Managed Streaming for
Apache Kafka Connect (MSK Connect).
* api-change:``macie2``: This release adds support for specifying which managed data identifiers
are used by a classification job, and retrieving a list of managed data identifiers that are
available.
* api-change:``robomaker``: Adding support to create container based Robot and Simulation
applications by introducing an environment field
* api-change:``s3``: Add support for access point arn filtering in S3 CW Request Metrics
* api-change:``transcribe``: This release adds support for subtitling with Amazon
Transcribe batch jobs.
* api-change:``sagemaker``: Add API for users to retry a failed pipeline execution
or resume a stopped one.
* api-change:``pinpoint``: This SDK release adds a new feature for Pinpoint campaigns,
in-app messaging.
- from version 1.21.42
* api-change:``sagemaker``: This release adds support for "/Project Search"/
* api-change:``ec2``: This release adds support for vt1 3xlarge, 6xlarge and 24xlarge instances
powered by Xilinx Alveo U30 Media Accelerators for video transcoding workloads
* api-change:``wafv2``: This release adds support for including rate based rules in a rule group.
* api-change:``chime``: Adds support for SipHeaders parameter for CreateSipMediaApplicationCall.
* api-change:``comprehend``: Amazon Comprehend now allows you to train and run PDF and Word
documents for custom entity recognition. With PDF and Word formats, you can extract information
from documents containing headers, lists and tables.
- from version 1.21.41
* api-change:``iot``: AWS IoT Rules Engine adds OpenSearch action. The OpenSearch rule action
lets you stream data from IoT sensors and applications to Amazon OpenSearch Service which
is a successor to Amazon Elasticsearch Service.
* api-change:``ec2``: Adds support for T3 instances on Amazon EC2 Dedicated Hosts.
* enhancement:Tagged Unions: Introducing support for the `union` trait on structures in request
and response objects.
- from version 1.21.40
* api-change:``cloudformation``: Doc only update for CloudFormation that fixes several
customer-reported issues.
* api-change:``rds``: This release adds support for providing a custom timeout value for
finding a scaling point during autoscaling in Aurora Serverless v1.
* api-change:``ecr``: This release updates terminology around KMS keys.
* api-change:``sagemaker``: This release adds support for "/Lifecycle Configurations"/ to
SageMaker Studio
* api-change:``transcribe``: This release adds an API option for startTranscriptionJob and
startMedicalTranscriptionJob that allows the user to specify encryption context key value
pairs for batch jobs.
* api-change:``quicksight``: Add new data source type for Amazon OpenSearch
(successor to Amazon ElasticSearch).
- from version 1.21.39
* api-change:``emr``: Update emr client to latest version
* api-change:``codeguru-reviewer``: The Amazon CodeGuru Reviewer API now includes the
RuleMetadata data object and a Severity attribute on a RecommendationSummary object.
A RuleMetadata object contains information about a rule that generates a recommendation.
Severity indicates how severe the issue associated with a recommendation is.
* api-change:``lookoutequipment``: Added OffCondition parameter to CreateModel API
- from version 1.21.38
* api-change:``opensearch``: Updated Configuration APIs for Amazon OpenSearch Service
(successor to Amazon Elasticsearch Service)
* api-change:``ram``: A minor text-only update that fixes several customer issues.
* api-change:``kafka``: Amazon MSK has added a new API that allows you to update the
encrypting and authentication settings for an existing cluster.
- from version 1.21.37
* api-change:``elasticache``: Doc only update for ElastiCache
* api-change:``amp``: This release adds tagging support for Amazon Managed Service
for Prometheus workspace.
* api-change:``forecast``: Predictor creation now supports selecting an accuracy metric
to optimize in AutoML and hyperparameter optimization. This release adds additional
accuracy metrics for predictors - AverageWeightedQuantileLoss, MAPE and MASE.
* api-change:``xray``: Updated references to AWS KMS keys and customer managed
keys to reflect current terminology.
* api-change:``ssm-contacts``: Added SDK examples for SSM-Contacts.
* api-change:``mediapackage``: SPEKE v2 support for live CMAF packaging type. SPEKE v2
is an upgrade to the existing SPEKE API to support multiple encryption keys, it supports
live DASH currently.
* api-change:``eks``: Adding RegisterCluster and DeregisterCluster operations, to support
connecting external clusters to EKS.
- from version 1.21.36
* api-change:``chime-sdk-identity``: Documentation updates for Chime
* api-change:``chime-sdk-messaging``: Documentation updates for Chime
* api-change:``outposts``: This release adds a new API CreateOrder.
* api-change:``frauddetector``: Enhanced GetEventPrediction API response to include
risk scores from imported SageMaker models
* api-change:``codeguru-reviewer``: Added support for CodeInconsistencies detectors
- from version 1.21.35
* api-change:``acm-pca``: Private Certificate Authority Service now allows customers
to enable an online certificate status protocol (OCSP) responder service on their
private certificate authorities. Customers can also optionally configure a custom
CNAME for their OCSP responder.
* api-change:``s3control``: S3 Multi-Region Access Points provide a single global
endpoint to access a data set that spans multiple S3 buckets in different AWS Regions.
* api-change:``accessanalyzer``: Updates service API, documentation, and paginators to
support multi-region access points from Amazon S3.
* api-change:``schemas``: This update include the support for Schema Discoverer to
discover the events sent to the bus from another account. The feature will be enabled
by default when discoverer is created or updated but can also be opt-in or opt-out
by specifying the value for crossAccount.
* api-change:``securityhub``: New ASFF Resources: AwsAutoScalingLaunchConfiguration,
AwsEc2VpnConnection, AwsEcrContainerImage. Added KeyRotationStatus to AwsKmsKey.
Added AccessControlList, BucketLoggingConfiguration,BucketNotificationConfiguration
and BucketNotificationConfiguration to AwsS3Bucket.
* enhancement:s3: Added support for S3 Multi-Region Access Points
* api-change:``efs``: Update efs client to latest version
* api-change:``transfer``: AWS Transfer Family introduces Managed Workflows for creating,
executing, monitoring, and standardizing post file transfer processing
* api-change:``ebs``: Documentation updates for Amazon EBS direct APIs.
* api-change:``quicksight``: This release adds support for referencing parent
datasets as sources in a child dataset.
* api-change:``fsx``: Announcing Amazon FSx for NetApp ONTAP, a new service that provides
fully managed shared storage in the AWS Cloud with the data access and management
capabilities of ONTAP.
* enhancement:Signers: Added support for Sigv4a Signing Algorithm
* api-change:``lex-models``: Lex now supports Korean (ko-KR) locale.
- from version 1.21.34
* api-change:``ec2``: Added LaunchTemplate support for the IMDS IPv6 endpoint
* api-change:``cloudtrail``: Documentation updates for CloudTrail
* api-change:``mediatailor``: This release adds support for wall clock
programs in LINEAR channels.
* api-change:``config``: Documentation updates for config
* api-change:``servicecatalog-appregistry``: Introduction of GetAssociatedResource
API and GetApplication response extension for Resource Groups support.
- Version update to 1.21.33
* api-change:iot: Added Create/Update/Delete/Describe/List APIs for a new
IoT resource named FleetMetric. Added a new Fleet Indexing query API named
GetBucketsAggregation. Added a new field named DisconnectedReason in Fleet
Indexing query response. Updated their related documentations.
* api-change:polly: Amazon Polly adds new South African English voice -
Ayanda. Ayanda is available as Neural voice only.
* api-change:compute-optimizer: Documentation updates for Compute Optimizer
* api-change:sqs: Amazon SQS adds a new queue attribute, RedriveAllowPolicy,
which includes the dead-letter queue redrive permission parameters. It defines
which source queues can specify dead-letter queues as a JSON object.
* api-change:memorydb: Documentation updates for MemoryDB
- from version 1.21.32
* api-change:codebuild: Documentation updates for CodeBuild
* api-change:firehose: This release adds the Dynamic Partitioning feature to
Kinesis Data Firehose service for S3 destinations.
* api-change:kms: This release has changes to KMS nomenclature to remove the
word master from both the "/Customer master key"/ and "/CMK"/ abbreviation and
replace those naming conventions with "/KMS key"/.
* api-change:cloudformation: AWS CloudFormation allows you to iteratively
develop your applications when failures are encountered without rolling back
successfully provisioned resources. By specifying stack failure options, you
can troubleshoot resources in a CREATE_FAILED or UPDATE_FAILED status.
- from version 1.21.31
* api-change:s3: Documentation updates for Amazon S3.
* api-change:emr: Update emr client to latest version
* api-change:ec2: This release adds the BootMode flag to the ImportImage API
and showing the detected BootMode of an ImportImage task.
- from version 1.21.30
* api-change:transcribe: This release adds support for batch transcription
in six new languages - Afrikaans, Danish, Mandarin Chinese (Taiwan), New
Zealand English, South African English, and Thai.
* api-change:rekognition: This release added new attributes to Rekognition
RecognizeCelebities and GetCelebrityInfo API operations.
* api-change:ec2: Support added for resizing VPC prefix lists
* api-change:compute-optimizer: Adds support for 1) the AWS Graviton
(AWS_ARM64) recommendation preference for Amazon EC2 instance and Auto Scaling
group recommendations, and 2) the ability to get the enrollment statuses for
all member accounts of an organization.
- from version 1.21.29
* api-change:fms: AWS Firewall Manager now supports triggering resource
cleanup workflow when account or resource goes out of policy scope for AWS WAF,
Security group, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall
policies.
* api-change:ec2: Support added for IMDS IPv6 endpoint
* api-change:datasync: Added include filters to CreateTask and UpdateTask,
and added exclude filters to StartTaskExecution, giving customers more granular
control over how DataSync transfers files, folders, and objects. *
api-change:events: AWS CWEvents adds an enum of EXTERNAL for EcsParameters
LaunchType for PutTargets API
- from version 1.21.28
* api-change:mediaconvert: AWS Elemental MediaConvert SDK has added MBAFF
encoding support for AVC video and the ability to pass encryption context from
the job settings to S3.
* api-change:polly: Amazon Polly adds new New Zealand English voice - Aria.
Aria is available as Neural voice only. * api-change:transcribe: This release
adds support for feature tagging with Amazon Transcribe batch jobs.
* api-change:ssm: Updated Parameter Store property for logging improvements.
* api-change:iot-data: Updated Publish with support for new Retain flag and
added two new API operations: GetRetainedMessage, ListRetainedMessages.
- from version 1.21.27
* api-change:dms: Amazon AWS DMS service now support Redis target endpoint
migration. Now S3 endpoint setting is capable to setup features which are used
to be configurable only in extract connection attributes.
* api-change:frauddetector: Updated an element of the DescribeModelVersion
API response (LogitMetrics -> logOddsMetrics) for clarity. Added new exceptions
to several APIs to protect against unlikely scenarios.
* api-change:iotsitewise: Documentation updates for AWS IoT SiteWise
* api-change:dlm: Added AMI deprecation support for Amazon Data Lifecycle
Manager EBS-backed AMI policies.
* api-change:glue: Add support for Custom Blueprints
* api-change:apigateway: Adding some of the pending releases (1) Adding WAF
Filter to GatewayResponseType enum (2) Ensuring consistent error model for all
operations (3) Add missing BRE to GetVpcLink operation
* api-change:backup: AWS Backup - Features: Evaluate your backup activity
and generate audit reports.
- from version 1.21.26
* api-change:eks: Adds support for EKS add-ons "/preserve"/ flag, which allows
customers to maintain software on their EKS clusters after removing it from EKS
add-ons management.
* api-change:comprehend: Add tagging support for Comprehend async inference job.
* api-change:robomaker: Documentation updates for RoboMaker
* api-change:ec2: encryptionInTransitSupported added to DescribeInstanceTypes API
- from version 1.21.25
* api-change:ec2: The ImportImage API now supports the ability to create
AMIs with AWS-managed licenses for Microsoft SQL Server for both Windows and
Linux.
* api-change:memorydb: AWS MemoryDB SDK now supports all APIs for newly launched MemoryDB service.
* api-change:application-autoscaling: This release extends Application Auto
Scaling support for replication group of Amazon ElastiCache Redis clusters.
Auto Scaling monitors and automatically expands node group count and number of
replicas per node group when a critical usage threshold is met or according to
customer-defined schedule.
* api-change:appflow: This release adds support for SAPOData connector and
extends Veeva connector for document extraction.
- from version 1.21.24
* api-change:codebuild: CodeBuild now allows you to make the build results
for your build projects available to the public without requiring access to an
AWS account.
* api-change:route53: Documentation updates for route53
* api-change:sagemaker-runtime: Update sagemaker-runtime client to latest version
* api-change:route53resolver: Documentation updates for Route 53 Resolver
* api-change:sagemaker: Amazon SageMaker now supports Asynchronous Inference
endpoints. Adds PlatformIdentifier field that allows Notebook Instance creation
with different platform selections. Increases the maximum number of containers
in multi-container endpoints to 15. Adds more instance types to InstanceType
field.
- from version 1.21.23
* api-change:cloud9: Added DryRun parameter to CreateEnvironmentEC2 API.
Added ManagedCredentialsActions parameter to UpdateEnvironment API
* api-change:ec2: This release adds support for EC2 ED25519 key pairs for authentication
* api-change:clouddirectory: Documentation updates for clouddirectory
* api-change:ce: This release is a new feature for Cost Categories: Split
charge rules. Split charge rules enable you to allocate shared costs between
your cost category values.
* api-change:logs: Documentation-only update for CloudWatch Logs
- from version 1.21.22
* api-change:iotsitewise: AWS IoT SiteWise added query window for the
interpolation interval. AWS IoT SiteWise computes each interpolated value by
using data points from the timestamp of each interval minus the window to the
timestamp of each interval plus the window.
* api-change:s3: Documentation updates for Amazon S3
* api-change:codebuild: CodeBuild now allows you to select how batch build
statuses are sent to the source provider for a project.
* api-change:ds: This release adds support for describing client authentication settings.
* api-change:config: Update ResourceType enum with values for Backup Plan,
Selection, Vault, RecoveryPoint; ECS Cluster, Service, TaskDefinition; EFS
AccessPoint, FileSystem; EKS Cluster; ECR Repository resources
* api-change:license-manager: AWS License Manager now allows end users to
call CheckoutLicense API using new CheckoutType PERPETUAL. Perpetual checkouts
allow sellers to check out a quantity of entitlements to be drawn down for
consumption.
- from version 1.21.21
* api-change:quicksight: Documentation updates for QuickSight.
* api-change:emr: Update emr client to latest version
* api-change:customer-profiles: This release introduces Standard Profile
Objects, namely Asset and Case which contain values populated by data from
third party systems and belong to a specific profile. This release adds an
optional parameter, ObjectFilter to the ListProfileObjects API in order to
search for these Standard Objects.
* api-change:elasticache: This release adds ReplicationGroupCreateTime field
to ReplicationGroup which indicates the UTC time when ElastiCache
ReplicationGroup is created
- from version 1.21.20
* api-change:sagemaker: Amazon SageMaker Autopilot adds new metrics for all
candidate models generated by Autopilot experiments.
* api-change:apigatewayv2: Adding support for ACM imported or private CA
certificates for mTLS enabled domain names
* api-change:apigateway: Adding support for ACM imported or private CA
certificates for mTLS enabled domain names
* api-change:databrew: This SDK release adds support for the output of a
recipe job results to Tableau Hyper format.
* api-change:lambda: Lambda Python 3.9 runtime launch
- from version 1.21.19
* api-change:snow-device-management: AWS Snow Family customers can remotely
monitor and operate their connected AWS Snowcone devices.
* api-change:ecs: Documentation updates for ECS.
* api-change:nimble: Add new attribute 'ownedBy' in Streaming Session APIs.
'ownedBy' represents the AWS SSO Identity Store User ID of the owner of the
Streaming Session resource.
* api-change:codebuild: CodeBuild now allows you to make the build results
for your build projects available to the public without requiring access to an
AWS account.
* api-change:ebs: Documentation updates for Amazon EBS direct APIs.
* api-change:route53: Documentation updates for route53
- from version 1.21.18
* api-change:chime: Add support for "/auto"/ in Region field of StartMeetingTranscription API request.
* enchancement:Client: Improve client performance by caching _alias_event_name on EventAliaser
- from version 1.21.17
* api-change:wafv2: This release adds APIs to support versioning
feature of AWS WAF Managed rule groups
* api-change:rekognition: This release adds support for four new types of
segments (opening credits, content segments, slates, and studio logos),
improved accuracy for credits and shot detection and new filters to control
black frame detection.
* api-change:ssm: Documentation updates for AWS Systems Manager.
- from version 1.21.16
* api-change:synthetics: Documentation updates for Visual Monitoring feature
and other doc ticket fixes.
* api-change:chime-sdk-identity: The Amazon Chime SDK Identity APIs allow
software developers to create and manage unique instances of their messaging
applications.
* api-change:chime-sdk-messaging: The Amazon Chime SDK Messaging APIs allow
software developers to send and receive messages in custom messaging
applications.
* api-change:connect: This release adds support for agent status and hours
of operation. For details, see the Release Notes in the Amazon Connect
Administrator Guide.
* api-change:lightsail: This release adds support to track when a bucket
access key was last used.
* api-change:athena: Documentation updates for Athena.
- from version 1.21.15
* api-change:lexv2-models: Update lexv2-models client to latest version
* api-change:autoscaling: EC2 Auto Scaling adds configuration checks and
Launch Template validation to Instance Refresh.
- from version 1.21.14
* api-change:rds: This release adds AutomaticRestartTime to the
DescribeDBInstances and DescribeDBClusters operations. AutomaticRestartTime
indicates the time when a stopped DB instance or DB cluster is restarted
automatically.
* api-change:imagebuilder: Updated list actions to include a list of valid
filters that can be used in the request.
* api-change:transcribe: This release adds support for call analytics
(batch) within Amazon Transcribe.
* api-change:events: Update events client to latest version
* api-change:ssm-incidents: Documentation updates for Incident Manager.
- from version 1.21.13
* api-change:redshift: API support for Redshift Data Sharing feature.
* api-change:iotsitewise: My AWS Service (placeholder) - This release
introduces custom Intervals and offset for tumbling window in metric for AWS
IoT SiteWise.
* api-change:glue: Add ConcurrentModificationException to create-table,
delete-table, create-database, update-database, delete-database
* api-change:mediaconvert: AWS Elemental MediaConvert SDK has added control
over the passthrough of XDS captions metadata to outputs.
* api-change:proton: Docs only add idempotent create apis
- from version 1.21.12
* api-change:ssm-contacts: Added new attribute in AcceptCode API.
AcceptCodeValidation takes in two values - ENFORCE, IGNORE. ENFORCE forces
validation of accept code and IGNORE ignores it which is also the default
behavior; Corrected TagKeyList length from 200 to 50
* api-change:greengrassv2: This release adds support for component system
resource limits and idempotent Create operations. You can now specify the
maximum amount of CPU and memory resources that each component can use.
- from version 1.21.11
* api-change:appsync: AWS AppSync now supports a new authorization mode
allowing you to define your own authorization logic using an AWS Lambda
function.
* api-change:elbv2: Update elbv2 client to latest version
* api-change:secretsmanager: Add support for KmsKeyIds in the
ListSecretVersionIds API response
* api-change:sagemaker: API changes with respect to Lambda steps in model
building pipelines. Adds several waiters to async Sagemaker Image APIs. Add
more instance types to AppInstanceType field
- from version 1.21.10
* api-change:savingsplans: Documentation update for valid Savings Plans offering ID pattern
* api-change:ec2: This release adds support for G4ad xlarge and 2xlarge
instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC
processors
* api-change:chime: Adds support for live transcription of meetings with
Amazon Transcribe and Amazon Transcribe Medical. The new APIs,
StartMeetingTranscription and StopMeetingTranscription, control the generation
of user-attributed transcriptions sent to meeting clients via Amazon Chime SDK
data messages.
* api-change:iotsitewise: Added support for AWS IoT SiteWise Edge. You can
now create an AWS IoT SiteWise gateway that runs on AWS IoT Greengrass V2. With
the gateway, you can collect local server and equipment data, process the data,
and export the selected data from the edge to the AWS Cloud.
* api-change:iot: Increase maximum credential duration of role alias to 12 hours.
- from version 1.21.9
* api-change:sso-admin: Documentation updates for
arn:aws:trebuchet:::service:v1:03a2216d-1cda-4696-9ece-1387cb6f6952
* api-change:cloudformation: SDK update to support Importing existing Stacks
to new/existing Self Managed StackSet - Stack Import feature.
- from version 1.21.8
* api-change:route53: This release adds support for the RECOVERY_CONTROL
health check type to be used in conjunction with Route53 Application Recovery
Controller.
* api-change:iotwireless: Add SidewalkManufacturingSn as an identifier to
allow Customer to query WirelessDevice, in the response, AmazonId is added in
the case that Sidewalk device is return.
* api-change:route53-recovery-control-config: Amazon Route 53 Application
Recovery Controller's routing control - Routing Control Configuration APIs help
you create and delete clusters, control panels, routing controls and safety
rules. State changes (On/Off) of routing controls are not part of configuration
APIs.
* api-change:route53-recovery-readiness: Amazon Route 53 Application
Recovery Controller's readiness check capability continually monitors resource
quotas, capacity, and network routing policies to ensure that the recovery
environment is scaled and configured to take over when needed.
* api-change:quicksight: Add support to use row-level security with tags
when embedding dashboards for users not provisioned in QuickSight
* api-change:iotanalytics: IoT Analytics now supports creating a dataset
resource with IoT SiteWise MultiLayerStorage data stores, enabling customers to
query industrial data within the service. This release includes adding JOIN
functionality for customers to query multiple data sources in a dataset.
* api-change:shield: Change name of DDoS Response Team (DRT) to Shield Response Team (SRT)
* api-change:lexv2-models: Update lexv2-models client to latest version
* api-change:redshift-data: Added structures to support new Data API
operation BatchExecuteStatement, used to execute multiple SQL statements within
a single transaction.
* api-change:route53-recovery-cluster: Amazon Route 53 Application Recovery
Controller's routing control - Routing Control Data Plane APIs help you update
the state (On/Off) of the routing controls to reroute traffic across
application replicas in a 100% available manner.
* api-change:batch: Add support for ListJob filters
- Disables Py 2 build for SLE 15
+ Py 2 is considered legacy with limited support. Should not have been
built or released for Py 2. This was a mistake.
- Version update to 1.21.7 (bsc#1189649)
* api-change:``s3control``: S3 Access Point aliases can be used anywhere you
use S3 bucket names to access data in S3
* api-change:``textract``: Adds support for AnalyzeExpense, a new API to extract
relevant data such as contact information, items purchased, and vendor name,
from almost any invoice or receipt without the need for any templates or
configuration.
* api-change:``proton``: Documentation-only update links
* api-change:``identitystore``: Documentation updates for SSO API Ref.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``synthetics``: CloudWatch Synthetics now supports visual
testing in its canaries.
- from version 1.21.6
* api-change:``securityhub``: Added product name, company name, and Region fields for
security findings. Added details objects for RDS event subscriptions and AWS ECS
services. Added fields to the details for AWS Elasticsearch domains.
* api-change:``imagebuilder``: Update to documentation to reapply missing change to
SSM uninstall switch default value and improve description.
* api-change:``s3outposts``: Add on-premise access type support for endpoints
- from version 1.21.5
* api-change:``medialive``: MediaLive now supports passing through style data
on WebVTT caption outputs.
* api-change:``databrew``: This SDK release adds two new features: 1) Output to
Native JDBC destinations and 2) Adding configurations to profile jobs
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``s3control``: Documentation updates for Amazon S3-control
* api-change:``ec2``: This release allows customers to assign prefixes to their
elastic network interface and to reserve IP blocks in their subnet CIDRs. These
reserved blocks can be used to assign prefixes to elastic network interfaces or
be excluded from auto-assignment.
* api-change:``qldb``: Amazon QLDB now supports ledgers encrypted with customer
managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs
to support the changes.
- from version 1.21.4
* api-change:``kendra``: Amazon Kendra now provides a data source connector for
Amazon WorkDocs. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-workdocs.html
* api-change:``proton``: Documentation updates for AWS Proton
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``rds``: Adds the OriginalSnapshotCreateTime field to the DBSnapshot response
object. This field timestamps the underlying data of a snapshot and doesn't change when
the snapshot is copied.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``lambda``: New ResourceConflictException error code for PutFunctionEventInvokeConfig,
UpdateFunctionEventInvokeConfig, and DeleteFunctionEventInvokeConfig operations.
* api-change:``codebuild``: AWS CodeBuild now allows you to set the access permissions for build
artifacts, project artifacts, and log files that are uploaded to an Amazon S3 bucket that is
owned by another account.
* api-change:``personalize``: My AWS Service (placeholder) - Making minProvisionedTPS an optional
parameter when creating a campaign. If not provided, it defaults to 1.
* api-change:``emr``: Update emr client to latest version
- from version 1.21.3
* api-change:``compute-optimizer``: Documentation updates for Compute Optimizer
* api-change:``ec2``: Added idempotency to the CreateVolume API using the ClientToken
request parameter
- from version 1.21.2
* api-change:``imagebuilder``: Documentation updates for reversal of default value for additional
instance configuration SSM switch, plus improved descriptions for semantic versioning.
* api-change:``directconnect``: Documentation updates for directconnect
* api-change:``health``: In the Health API, the maximum number of entities for the EventFilter and
EntityFilter data types has changed from 100 to 99. This change is related to an internal
optimization of the AWS Health service.
* api-change:``robomaker``: This release allows customers to create a new version of WorldTemplates
with support for Doors.
* api-change:``location``: Add five new API operations: UpdateGeofenceCollection, UpdateMap,
UpdatePlaceIndex, UpdateRouteCalculator, UpdateTracker.
* api-change:``emr-containers``: Updated DescribeManagedEndpoint and ListManagedEndpoints to return
failureReason and stateDetails in API response.
- from version 1.21.1
* api-change:``appintegrations``: Documentation update for AppIntegrations Service
* api-change:``chime``: This SDK release adds Account Status as one of the attributes in Account API response
* api-change:``auditmanager``: This release relaxes the S3 URL character restrictions in AWS Audit Manager.
Regex patterns have been updated for the following attributes: s3RelativePath, destination, and s3ResourcePath.
'AWS' terms have also been replaced with entities to align with China Rebrand documentation efforts.
- from version 1.21.0
* api-change:``ec2``: This feature enables customers to specify weekly recurring time window(s) for scheduled
events that reboot, stop or terminate EC2 instances.
* api-change:``cognito-idp``: Documentation updates for cognito-idp
* api-change:``ecs``: Documentation updates for support of awsvpc mode on Windows.
* api-change:``lex-models``: Lex now supports the en-IN locale
* api-change:``iotsitewise``: Update the default endpoint for the APIs used to manage asset models, assets, gateways,
tags, and account configurations. If you have firewalls with strict egress rules, configure the rules to grant
you access to api.iotsitewise.[region].amazonaws.com or api.iotsitewise.[cn-region].amazonaws.com.cn.
* feature:Python: Dropped support for Python 2.7
- Disable Python2 builds for all SUSE distributions
- Remove Python2 build dependencies from spec file
- Version update to 1.20.112
* api-change:``dms``: Release of feature needed for ECA-Endpoint settings. This allows
customer to delete a field in endpoint settings by using --exact-settings flag in modify-
endpoint api. This also displays default values for certain required fields of endpoint
settings in describe-endpoint-settings api.
* api-change:``glue``: Add support for Event Driven Workflows
* api-change:``acm``: Added support for RSA 3072 SSL certificate import
* api-change:``healthlake``: General availability for Amazon HealthLake. StartFHIRImportJob
and StartFHIRExportJob APIs now require AWS KMS parameter. For more information, see the
Amazon HealthLake Documentation https://docs.aws.amazon.com/healthlake/index.html.
* api-change:``wellarchitected``: This update provides support for Well-Architected API users
to mark answer choices as not applicable.
* api-change:``lightsail``: This release adds support for the Amazon Lightsail object storage
service, which allows you to create buckets and store objects.
- from version 1.20.111
* api-change:``amplifybackend``: Added Sign in with Apple OAuth provider.
* api-change:``redshift``: Release new APIs to support new Redshift feature - Authentication Profile
* api-change:``ssm``: Changes to OpsCenter APIs to support a new feature, operational insights.
* api-change:``lex-models``: Customers can now migrate bots built with Lex V1 APIs to V2 APIs.
This release adds APIs to initiate and manage the migration of a bot.
* api-change:``directconnect``: This release adds a new filed named awsLogicalDeviceId that it
displays the AWS Direct Connect endpoint which terminates a physical connection's BGP Sessions.
* api-change:``pricing``: Documentation updates for api.pricing
- from version 1.20.110
* api-change:``eks``: Documentation updates for Wesley to support the parallel node upgrade feature.
* api-change:``kendra``: Amazon Kendra now supports Principal Store
- from version 1.20.109
* api-change:``sagemaker``: Releasing new APIs related to Tuning steps in model building pipelines.
* api-change:``frauddetector``: This release adds support for ML Explainability to display model
variable importance value in Amazon Fraud Detector.
* api-change:``mediaconvert``: MediaConvert now supports color, style and position information
passthrough from 608 and Teletext to SRT and WebVTT subtitles. MediaConvert now also supports
Automatic QVBR quality levels for QVBR RateControlMode.
- from version 1.20.108
* api-change:``eks``: Added waiters for EKS FargateProfiles.
* api-change:``outposts``: Added property filters for listOutposts
* api-change:``fms``: AWS Firewall Manager now supports route table monitoring, and provides
remediation action recommendations to security administrators for AWS Network Firewall policies
with misconfigured routes.
* api-change:``mediatailor``: Add ListAlerts for Channel, Program, Source Location, and VOD Source to
return alerts for resources.
* api-change:``devops-guru``: Add AnomalyReportedTimeRange field to include open and close
time of anomalies.
* api-change:``ssm-contacts``: Updated description for CreateContactChannel contactId.
- from version 1.20.107
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``mq``: adds support for modifying the maintenance window for brokers.
* api-change:``cloudfront``: Amazon CloudFront now provides two new APIs, ListConflictingAliases and
AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs) if you encounter the
CNAMEAlreadyExists error code.
* api-change:``chime``: Releasing new APIs for AWS Chime MediaCapturePipeline
* api-change:``iotsitewise``: This release add storage configuration APIs for AWS IoT SiteWise.
* api-change:``storagegateway``: Adding support for oplocks for SMB file shares, S3 Access Point and
S3 Private Link for all file shares and IP address support for file system associations
* api-change:``ec2``: This release adds resource ids and tagging support for VPC security group rules.
- from version 1.20.106
* api-change:``lambda``: Added support for AmazonMQRabbitMQ as an event source. Added support for
VIRTUAL_HOST as SourceAccessType for streams event source mappings.
* api-change:``imagebuilder``: Adds support for specifying parameters to customize components for recipes.
Expands configuration of the Amazon EC2 instances that are used for building and testing images,
including the ability to specify commands to run on launch, and more control over installation and
removal of the SSM agent.
* api-change:``mgn``: Bug fix: Remove not supported EBS encryption type "/NONE"/
* api-change:``eks``: Adding new error code UnsupportedAddonModification for Addons in EKS
* api-change:``macie2``: Sensitive data findings in Amazon Macie now include enhanced location
data for JSON and JSON Lines files
* api-change:``sns``: Documentation updates for Amazon SNS.
- from version 1.20.105
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``ec2``: This release removes network-insights-boundary
- from version 1.20.104
* api-change:``sagemaker``: SageMaker model registry now supports up to 5 containers
and associated environment variables.
* api-change:``sqs``: Documentation updates for Amazon SQS.
* api-change:``ec2``: Adding a new reserved field to support future infrastructure
improvements for Amazon EC2 Fleet.
- from version 1.20.103
* api-change:``autoscaling``: Amazon EC2 Auto Scaling infrastructure improvements and optimizations.
* api-change:``kendra``: Amazon Kendra Enterprise Edition now offered in smaller more granular units
to enable customers with smaller workloads. Virtual Storage Capacity units now offer scaling in
increments of 100,000 documents (up to 30GB) per unit and Virtual Query Units offer scaling increments
of 8,000 queries per day.
* api-change:``mediapackage-vod``: Add support for Widevine DRM on CMAF packaging configurations.
Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
* api-change:``ssm-contacts``: Fixes the tag key length range to 128 chars, tag value length to 256
chars; Adds support for UTF-8 chars for contact and channel names, Allows users to unset name in
UpdateContact API; Adds throttling exception to StopEngagement API, validation exception to APIs
UntagResource, ListTagsForResource
* api-change:``databrew``: Adds support for the output of job results to the AWS Glue Data Catalog.
* api-change:``servicediscovery``: AWS Cloud Map now allows configuring the TTL of the SOA record for a
hosted zone to control the negative caching for new services.
- from version 1.20.102
* api-change:``sagemaker``: Sagemaker Neo now supports running compilation jobs using customer's Amazon VPC
* api-change:``glue``: Add JSON Support for Glue Schema Registry
* api-change:``redshift``: Added InvalidClusterStateFault to the DisableLogging API, thrown when calling the
API on a non available cluster.
* api-change:``mediaconvert``: MediaConvert adds support for HDR10+, ProRes 4444, and XAVC outputs, ADM/DAMF
support for Dolby Atmos ingest, and alternative audio and WebVTT caption ingest via HLS inputs. MediaConvert
also now supports creating trickplay outputs for Roku devices for HLS, CMAF, and DASH output groups.
- from version 1.20.101
* api-change:``proton``: Added waiters for template registration, service operations, and environment deployments.
* api-change:``amplifybackend``: Imports an existing backend authentication resource.
* api-change:``snowball``: AWS Snow Family customers can remotely monitor and operate their connected AWS Snowcone
devices. AWS Snowball Edge Storage Optimized customers can now import and export their data using NFS.
- from version 1.20.100
* api-change:``chime``: Adds EventIngestionUrl field to MediaPlacement
* api-change:``cloud9``: Minor update to AWS Cloud9 documentation to allow correct parsing of outputted text
* api-change:``connect``: Released Amazon Connect quick connects management API for general availability (GA).
For more information, see https://docs.aws.amazon.com/connect/latest/APIReference/Welcome.html
* api-change:``dax``: Add support for encryption in transit to DAX clusters.
* api-change:``wafv2``: Added support for 15 new text transformation.
* api-change:``kendra``: Amazon Kendra now supports SharePoint 2013 and SharePoint 2016 when
using a SharePoint data source.
* api-change:``securityhub``: Added new resource details for ECS clusters and ECS task definitions. Added
additional information for S3 buckets, Elasticsearch domains, and API Gateway V2 stages.
* api-change:``transfer``: Customers can successfully use legacy clients with Transfer Family endpoints enabled
for FTPS and FTP behind routers, firewalls, and load balancers by providing a Custom IP address used for data
channel communication.
* api-change:``codebuild``: BucketOwnerAccess is currently not supported
- from version 1.20.99
* api-change:``docdb``: DocumentDB documentation-only edits
* api-change:``cloud9``: Updated documentation for CreateEnvironmentEC2 to explain that because Amazon Linux AMI
has ended standard support as of December 31, 2020, we recommend you choose Amazon Linux 2--which includes long
term support through 2023--for new AWS Cloud9 environments.
* api-change:``quicksight``: Releasing new APIs for AWS QuickSight Folders
* api-change:``mediatailor``: Update GetChannelSchedule to return information on ad breaks.
* api-change:``cloudfront``: Amazon CloudFront adds support for a new security policy, TLSv1.2_2021.
* api-change:``license-manager``: AWS License Manager now allows license administrators and end users to communicate
to each other by setting custom status reasons when updating the status on a granted license.
* api-change:``ec2``: This release adds support for provisioning your own IP (BYOIP) range in multiple regions.
This feature is in limited Preview for this release. Contact your account manager if you are interested in
this feature.
* api-change:``events``: Added the following parameters to ECS targets: CapacityProviderStrategy, EnableECSManagedTags,
EnableExecuteCommand, PlacementConstraints, PlacementStrategy, PropagateTags, ReferenceId, and Tags
* api-change:``cloudsearch``: This release replaces previous generation CloudSearch instances with equivalent new
instances that provide better stability at the same price.
* api-change:``codeguru-reviewer``: Adds support for S3 based full repository analysis and changed lines scan.
- from version 1.20.98
* api-change:``cloudformation``: CloudFormation registry service now supports 3rd party public type sharing
- from version 1.20.97
* api-change:``kendra``: Amazon Kendra now supports the indexing of web documents for search through the web crawler.
* api-change:``sagemaker``: Enable ml.g4dn instance types for SageMaker Batch Transform and SageMaker Processing
* api-change:``rds``: This release enables Database Activity Streams for RDS Oracle
* api-change:``chime``: This release adds a new API UpdateSipMediaApplicationCall, to update an in-progress
call for SipMediaApplication.
- from version 1.20.96
* api-change:``kms``: Adds support for multi-Region keys
* api-change:``ec2``: This release adds support for VLAN-tagged network traffic over an Elastic Network Interface
(ENI). This feature is in limited Preview for this release. Contact your account manager if you are interested
in this feature.
* api-change:``rds``: This release enables fast cloning in Aurora Serverless. You can now clone between Aurora
Serverless clusters and Aurora Provisioned clusters.
* api-change:``mediatailor``: Adds AWS Secrets Manager Access Token Authentication for Source Locations
- from version 1.20.95
* api-change:``redshift-data``: Redshift Data API service now supports SQL parameterization.
* api-change:``connect``: This release adds new sets of APIs: AssociateBot, DisassociateBot, and ListBots. You can
use it to programmatically add an Amazon Lex bot or Amazon Lex V2 bot on the specified Amazon Connect instance
* api-change:``ec2``: EC2 M5n, M5dn, R5n, R5dn metal instances with 100 Gbps network performance and Elastic Fabric
Adapter (EFA) for ultra low latency
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``lexv2-models``: Update lexv2-models client to latest version
- from version 1.20.94
* api-change:``lookoutmetrics``: Added "/LEARNING"/ status for anomaly detector and updated description for "/Offset"/
parameter in MetricSet APIs.
* api-change:``iotanalytics``: Adds support for data store partitions.
* api-change:``greengrassv2``: We have verified the APIs being released here and are ready to release
- from version 1.20.93
* api-change:``ec2``: Amazon EC2 adds new AMI property to flag outdated AMIs
* api-change:``medialive``: AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27 image-based
source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests.
* api-change:``mediaconnect``: When you enable source failover, you can now designate one of two sources as the
primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge
combines the sources into a single stream. Failover allows switching between a primary and a backup stream.
- from version 1.20.92
* api-change:``sagemaker``: Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing, maintaining,
and deploying models to your devices. You can now create deployable IoT Greengrass components during edge packaging
jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias.
* api-change:``appmesh``: AppMesh now supports additional routing capabilities in match and rewrites for Gateway Routes
and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes.
* api-change:``redshift``: Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when calling the
API on a non available cluster.
* api-change:``chime``: This SDK release adds support for UpdateAccount API to allow users to update their default
license on Chime account.
* api-change:``ec2``: This release adds a new optional parameter connectivityType (public, private) for the
CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC
and can be used for communication with other VPCs and on-premise networks.
* api-change:``ram``: AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions
and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission
attached
* api-change:``sagemaker-featurestore-runtime``: Release BatchGetRecord API for AWS SageMaker Feature Store Runtime.
* api-change:``cognito-idp``: Amazon Cognito now supports targeted sign out through refresh token revocation
* api-change:``appflow``: Adding MAP_ALL task type support.
* api-change:``managedblockchain``: This release supports KMS customer-managed Customer Master Keys (CMKs) on
member-specific Hyperledger Fabric resources.
- from version 1.20.91
* api-change:``transfer``: Documentation updates for the AWS Transfer Family service.
* api-change:``personalize-events``: Support for unstructured text inputs in the items dataset to to automatically
extract key information from product/content description as an input when creating solution versions.
* api-change:``proton``: This is the initial SDK release for AWS Proton
* api-change:``kendra``: AWS Kendra now supports checking document status.
- from version 1.20.90
* api-change:``fsx``: This release adds support for auditing end-user access to files, folders, and file shares
using Windows event logs, enabling customers to meet their security and compliance needs.
* api-change:``servicecatalog``: increase max pagesize for List/Search apis
* api-change:``macie2``: This release of the Amazon Macie API introduces stricter validation of S3 object
criteria for classification jobs.
* api-change:``cognito-idp``: Documentation updates for cognito-idp
- from version 1.20.89
* api-change:``sagemaker``: AWS SageMaker - Releasing new APIs related to Callback steps in model building pipelines.
Adds experiment integration to model building pipelines.
* api-change:``glue``: Add SampleSize variable to S3Target to enable s3-sampling feature through API.
* api-change:``personalize``: Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs
* api-change:``eks``: Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group.
- from version 1.20.88
* api-change:``rds``: Documentation updates for RDS: fixing an outdated link to the RDS documentation
in DBInstance$DBInstanceStatus
* api-change:``pi``: The new GetDimensionKeyDetails action retrieves the attributes of the specified dimension group
for a DB instance or data source.
* api-change:``cloudtrail``: AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB
tables and S3 Object Lambda access points.
* api-change:``medialive``: Add support for automatically setting the H.264 adaptive quantization and GOP B-frame fields.
* api-change:``autoscaling``: Documentation updates for Amazon EC2 Auto Scaling
* api-change:``qldb``: Documentation updates for Amazon QLDB
- from version 1.20.87
* api-change:``s3``: S3 Inventory now supports Bucket Key Status
* api-change:``s3control``: Amazon S3 Batch Operations now supports S3 Bucket Keys.
* api-change:``route53resolver``: Documentation updates for Route 53 Resolver
* api-change:``ssm``: Documentation updates for ssm to fix customer reported issue
* api-change:``forecast``: Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to
customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and
GetAccuracyMetrics responses.
- Version update to 1.20.86
* api-change:``autoscaling``: You can now launch EC2 instances with GP3 volumes
when using Auto Scaling groups with Launch Configurations
* api-change:``lightsail``: Documentation updates for Lightsail
* api-change:``ecs``: Documentation updates for Amazon ECS.
* api-change:``docdb``: This SDK release adds support for DocDB global clusters.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``braket``: Introduction of a RETIRED status for devices.
- from version 1.20.85
* api-change:``sns``: This release adds SMS sandbox in Amazon SNS and the ability to view
all configured origination numbers. The SMS sandbox provides a safe environment for sending
SMS messages, without risking your reputation as an SMS sender.
* api-change:``polly``: Amazon Polly adds new Canadian French voice - Gabrielle.
Gabrielle is available as Neural voice only.
* api-change:``ec2``: Added idempotency to CreateNetworkInterface using the ClientToken parameter.
* api-change:``iotwireless``: Added six new public customer logging APIs to allow customers to
set/get/reset log levels at resource type and resource id level. The log level set from the APIs
will be used to filter log messages that can be emitted to CloudWatch in customer accounts.
* api-change:``servicediscovery``: Bugfixes - The DiscoverInstances API operation now provides an
option to return all instances for health-checked services when there are no healthy instances
available.
- from version 1.20.84
* api-change:``lookoutmetrics``: Allowing dot(.) character in table name for RDS and Redshift as
source connector.
* api-change:``location``: Adds support for calculation of routes, resource tagging and customer
provided KMS keys.
* api-change:``datasync``: Added SecurityDescriptorCopyFlags option that allows for control of which
components of SMB security descriptors are copied from source to destination objects.
- from version 1.20.83
* api-change:``iotevents-data``: Releasing new APIs for AWS IoT Events Alarms
* api-change:``devicefarm``: Introduces support for using our desktop testing service with
applications hosted within your Virtual Private Cloud (VPC).
* api-change:``kendra``: Amazon Kendra now suggests popular queries in order to help guide query
typing and help overall accuracy.
* api-change:``iotsitewise``: IoT SiteWise Monitor Portal API updates to add alarms feature configuration.
* api-change:``resource-groups``: Documentation updates for Resource Groups.
* api-change:``lightsail``: Documentation updates for Lightsail
* api-change:``iotevents``: Releasing new APIs for AWS IoT Events Alarms
* api-change:``fsx``: This release adds LZ4 data compression support to FSx for Lustre to reduce storage
consumption of both file system storage and file system backups.
* api-change:``sqs``: Documentation updates for Amazon SQS for General Availability of high throughput
for FIFO queues.
- from version 1.20.82
* api-change:``ec2``: This release removes resource ids and tagging support for VPC security group rules.
- from version 1.20.81
* api-change:``qldb``: Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add
UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
* api-change:``cloudfront``: Documentation fix for CloudFront
* api-change:``outposts``: Add ConflictException to DeleteOutpost, CreateOutpost
* api-change:``mwaa``: Adds scheduler count selection for Environments using Airflow version 2.0.2 or later.
* api-change:``ec2``: This release adds resource ids and tagging support for VPC security group rules.
* api-change:``ecs``: The release adds support for registering External instances to your Amazon ECS clusters.
* api-change:``acm-pca``: This release enables customers to store CRLs in S3 buckets with Block Public Access
enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and
UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
- from version 1.20.80
* api-change:``transfer``: AWS Transfer Family customers can now use AWS Managed Active Directory or AD Connector
to authenticate their end users, enabling seamless migration of file transfer workflows that rely on AD
authentication, without changing end users' credentials or needing a custom authorizer.
* api-change:``iot``: This release includes support for a new feature: Job templates for AWS IoT Device Management
Jobs. The release includes job templates as a new resource and APIs for managing job templates.
* api-change:``workspaces``: Adds support for Linux device types in WorkspaceAccessProperties
- from version 1.20.79
* api-change:``quicksight``: Add new parameters on RegisterUser and UpdateUser APIs to assign or update external
ID associated to QuickSight users federated through web identity.
* api-change:``ce``: Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization and
NetworkResourceUtilization to GetRightsizingRecommendation action
* api-change:``compute-optimizer``: Adds support for 1) additional instance types, 2) additional instance metrics,
3) finding reasons for instance recommendations, and 4) platform differences between a current instance and a
recommended instance type.
* api-change:``ec2``: This release adds support for creating and managing EC2 On-Demand Capacity Reservations on Outposts.
* api-change:``logs``: This release provides dimensions and unit support for metric filters.
- from version 1.20.78
* api-change:``efs``: Update efs client to latest version
* api-change:``s3``: Documentation updates for Amazon S3
* api-change:``forecast``: Updated attribute statistics in DescribeDatasetImportJob response to support Long values
* api-change:``opsworkscm``: New PUPPET_API_CRL attribute returned by DescribeServers API; new EngineVersion
of 2019 available for Puppet Enterprise servers.
- from version 1.20.77
* api-change:``personalize``: Added new API to stop a solution version creation that is pending or in
progress for Amazon Personalize
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``quicksight``: Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
- from version 1.20.76
* api-change:``kinesisanalyticsv2``: Kinesis Data Analytics now allows rapid iteration on Apache Flink stream
processing through the Kinesis Data Analytics Studio feature.
* api-change:``rekognition``: Amazon Rekognition Custom Labels adds support for customer managed encryption, using
AWS Key Management Service, of image files copied into the service and files written back to the customer.
* api-change:``iam``: Add pagination to ListUserTags operation
* api-change:``eks``: Update the EKS AddonActive waiter.
* api-change:``autoscaling``: With this release, customers can easily use Predictive Scaling as a policy directly
through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead of predicted demand.
* api-change:``lightsail``: Documentation updates for Amazon Lightsail.
- Update BuildRequires from requirements.txt
- Version update to 1.20.75
* api-change:support: Documentation updates for support
* api-change:apprunner: AWS App Runner is a service that provides
a fast, simple, and cost-effective way to deploy from source
code or a container image directly to a scalable and secure web
application in the AWS Cloud.
* api-change:compute-optimizer: This release enables compute
optimizer to support exporting recommendations to Amazon S3 for
EBS volumes and Lambda Functions.
* api-change:personalize: Amazon Personalize now supports the
ability to optimize a solution for a custom objective in
addition to maximizing relevance.
* api-change:license-manager: AWS License Manager now supports
periodic report generation.
* api-change:iotsitewise: Documentation updates for AWS IoT
SiteWise.
* api-change:lexv2-models: Update lexv2-models client to latest
version
- from version 1.20.74
* api-change:mediaconnect: MediaConnect now supports JPEG XS for
AWS Cloud Digital Interface (AWS CDI) uncompressed workflows,
allowing you to establish a bridge between your on-premises
live video network and the AWS Cloud.
* api-change:sagemaker-a2i-runtime: Documentation updates for
Amazon A2I Runtime model
* api-change:applicationcostprofiler: APIs for AWS Application
Cost Profiler.
* api-change:neptune: Neptune support for CopyTagsToSnapshots
* api-change:iotdeviceadvisor: AWS IoT Core Device Advisor is
fully managed test capability for IoT devices. Device
manufacturers can use Device Advisor to test their IoT devices
for reliable and secure connectivity with AWS IoT.
* api-change:elasticache: Documentation updates for elasticache
- from version 1.20.73
* api-change:events: Update InputTransformer variable limit from
10 to 100 variables.
* enhancement:s3: Block endpoint resolution of clients configured
with S3 pseudo-regions (e.g. aws-global, s3-external-1) that
will never resolve to a correct access point endpoint.
* api-change:macie2: This release of the Amazon Macie API adds
support for defining run-time, S3 bucket criteria for
classification jobs. It also adds resources for querying data
about AWS resources that Macie monitors.
* api-change:es: Adds support for cold storage.
* api-change:securityhub: Updated descriptions to add notes on
array lengths.
* api-change:detective: Updated descriptions of array parameters
to add the restrictions on the array and value lengths.
* api-change:transcribe: Transcribe Medical now supports
identification of PHI entities within transcripts
* api-change:imagebuilder: Text-only updates for bundled
documentation feedback tickets - spring 2021.
* enhancement:FIPS: Add validation to only attempt to connect to
FIPS endpoints with a FIPS pseudo-region if the pseudo-region
is explicitly known to the SDK.
- from version 1.20.72
* api-change:ec2: High Memory virtual instances are powered by
Intel Sky Lake CPUs and offer up to 12TB of memory.
- from version 1.20.71
* api-change:ssm-incidents: AWS Systems Manager Incident Manager
enables faster resolution of critical application availability
and performance issues, management of contacts and
post-incident analysis
* api-change:ssm-contacts: AWS Systems Manager Incident Manager
enables faster resolution of critical application availability
and performance issues, management of contacts and post
incident analysis
* api-change:s3control: Documentation updates for Amazon
S3-control
- from version 1.20.70
* api-change:mediaconvert: AWS Elemental MediaConvert SDK has
added support for Kantar SNAP File Audio Watermarking with a
Kantar Watermarking account, and Display Definition
Segment(DDS) segment data controls for DVB-Sub caption outputs.
* api-change:ecs: This release contains updates for Amazon ECS.
* api-change:codeartifact: Documentation updates for CodeArtifact
* api-change:eks: This release updates create-nodegroup and
update-nodegroup-config APIs for adding/updating taints on
managed nodegroups.
* api-change:iotwireless: Add three new optional fields to
support filtering and configurable sub-band in WirelessGateway
APIs. The filtering is for all the RF region supported. The
sub-band configuration is only applicable to LoRa gateways of
US915 or AU915 RF region.
* api-change:ssm: This release adds new APIs to associate,
disassociate and list related items in SSM OpsCenter; and this
release adds DisplayName as a version-level attribute for SSM
Documents and introduces two new document types:
ProblemAnalysis, ProblemAnalysisTemplate.
* api-change:kinesisanalyticsv2: Amazon Kinesis Analytics now
supports ListApplicationVersions and DescribeApplicationVersion
API for Apache Flink applications
* api-change:config: Adds paginator to multiple APIs: By default,
the paginator allows user to iterate over the results and
allows the CLI to return up to 1000 results.
- Version update to 1.20.69
* api-change:``lakeformation``: This release adds Tag Based
Access Control to AWS Lake Formation service
* api-change:``lookoutmetrics``: Enforcing UUID style for
parameters that are already in UUID format today. Documentation
specifying eventual consistency of lookoutmetrics resources.
* api-change:``connect``: Adds tagging support for Connect APIs
CreateIntegrationAssociation and CreateUseCase.
- from version 1.20.68
* api-change:``servicediscovery``: Bugfix: Improved input
validation for RegisterInstance action, InstanceId field
* api-change:``kafka``: IAM Access Control for Amazon MSK enables
you to create clusters that use IAM to authenticate clients and
to allow or deny Apache Kafka actions for those clients.
* api-change:``ssm``: SSM feature release - ChangeCalendar
integration with StateManager.
* api-change:``snowball``: AWS Snow Family adds APIs for ordering
and managing Snow jobs with long term pricing
- from version 1.20.67
* api-change:``auditmanager``: This release updates the
CreateAssessmentFrameworkControlSet and
UpdateAssessmentFrameworkControlSet API data types. For both of
these data types, the control set name is now a required
attribute.
* api-change:``nimble``: Documentation Updates for Amazon Nimble
Studio.
* api-change:``kinesisanalyticsv2``: Amazon Kinesis Analytics now
supports RollbackApplication for Apache Flink applications to
revert the application to the previous running version
* api-change:``sagemaker``: Amazon SageMaker Autopilot now
provides the ability to automatically deploy the best model to
an endpoint
- from version 1.20.66
* api-change:``finspace``: Documentation updates for FinSpace
API.
* api-change:``finspace-data``: Documentation updates for
FinSpaceData API.
- from version 1.20.65
* api-change:``devops-guru``: Added GetCostEstimation and
StartCostEstimation to get the monthly resource usage cost and
added ability to view resource health by AWS service name and
to search insights be AWS service name.
* api-change:``acm-pca``: This release adds the
KeyStorageSecurityStandard parameter to the
CreateCertificateAuthority API to allow customers to mandate a
security standard to which the CA key will be stored within.
* api-change:``health``: Documentation updates for health
* api-change:``chime``: This release adds the ability to search
for and order international phone numbers for Amazon Chime SIP
media applications.
* api-change:``sagemaker``: Enable retrying Training and
Tuning Jobs that fail with InternalServerError by setting
RetryStrategy.
- from version 1.20.64
* api-change:``finspace-data``: Update FinSpace Data
serviceAbbreviation
- from version 1.20.63
* api-change:``finspace-data``: This is the initial SDK release
for the data APIs for Amazon FinSpace. Amazon FinSpace is a
data management and analytics application for the financial
services industry (FSI).
* api-change:``mturk``: Update mturk client to latest version
* api-change:``chime``: Added new BatchCreateChannelMembership
API to support multiple membership creation for channels
* api-change:``finspace``: This is the initial SDK release for
the management APIs for Amazon FinSpace. Amazon FinSpace is a
data management and analytics service for the financial
services industry (FSI).
* api-change:``securityhub``: Updated ASFF to add the following
new resource details objects: AwsEc2NetworkAcl, AwsEc2Subnet,
and AwsElasticBeanstalkEnvironment.
- from version 1.20.62
* api-change:``personalize``: Update URL for dataset export job
documentation.
* api-change:``marketplace-catalog``: Allows user defined names
for Changes in a ChangeSet. Users can use ChangeNames to
reference properties in another Change within a ChangeSet. This
feature allows users to make changes to an entity when the
entity identifier is not yet available while constructing the
StartChangeSet request.
* api-change:``forecast``: Added new DeleteResourceTree operation
that helps in deleting all the child resources of a given
resource including the given resource.
* api-change:``robomaker``: Adds ROS2 Foxy as a supported Robot
Software Suite Version and Gazebo 11 as a supported Simulation
Software Suite Version
* api-change:``cloudfront``: CloudFront now supports CloudFront
Functions, a native feature of CloudFront that enables you to
write lightweight functions in JavaScript for high-scale,
latency-sensitive CDN customizations.
* api-change:``customer-profiles``: This release introduces
GetMatches and MergeProfiles APIs to fetch and merge duplicate
profiles
- from version 1.20.61
* api-change:``macie2``: The Amazon Macie API now provides S3
bucket metadata that indicates whether a bucket policy requires
server-side encryption of objects when objects are uploaded to
the bucket.
* api-change:``organizations``: Minor text updates for AWS
Organizations API Reference
* api-change:``ecs``: Add support for EphemeralStorage on
TaskDefinition and TaskOverride
* api-change:``chime``: Increase AppInstanceUserId length to 64
characters
- from version 1.20.60
* api-change:``connect``: Updated max number of tags that can be
attached from 200 to 50. MaxContacts is now an optional
parameter for the UpdateQueueMaxContact API.
* api-change:``mediapackage-vod``: MediaPackage now offers the
option to place your Sequence Parameter Set (SPS), Picture
Parameter Set (PPS), and Video Parameter Set (VPS) encoder
metadata in every video segment instead of in the init fragment
for DASH and CMAF endpoints.
* api-change:``nimble``: Amazon Nimble Studio is a virtual studio
service that empowers visual effects, animation, and
interactive content teams to create content securely within a
scalable, private cloud service.
* api-change:``iotsitewise``: AWS IoT SiteWise interpolation API
will get interpolated values for an asset property per
specified time interval during a period of time.
* api-change:``cloudformation``: Add CallAs parameter to
GetTemplateSummary to enable use with StackSets delegated
administrator integration
- from version 1.20.59
* api-change:``auditmanager``: This release restricts using
backslashes in control, assessment, and framework names. The
controlSetName field of the UpdateAssessmentFrameworkControlSet
API now allows strings without backslashes.
- from version 1.20.58
* api-change:``ec2``: Adding support for Red Hat Enterprise Linux
with HA for Reserved Instances.
* api-change:``iotwireless``: Add a new optional field
MessageType to support Sidewalk devices in
SendDataToWirelessDevice API
* api-change:``kinesisanalyticsv2``: Amazon Kinesis Data
Analytics now supports custom application maintenance
configuration using UpdateApplicationMaintenanceConfiguration
API for Apache Flink applications. Customers will have
visibility when their application is under maintenance status
using 'MAINTENANCE' application status.
* api-change:``personalize``: Added support for exporting data
imported into an Amazon Personalize dataset to a specified data
source (Amazon S3 bucket).
* api-change:``mediaconvert``: Documentation updates for
mediaconvert
* api-change:``codeguru-reviewer``: Include KMS Key Details in
Repository Association APIs to enable usage of customer managed
KMS Keys.
* api-change:``glue``: Adding Kafka Client Auth Related
Parameters
* api-change:``eks``: This release updates existing Amazon EKS
input validation so customers will see an
InvalidParameterException instead of a ParamValidationError
when they enter 0 for minSize and/or desiredSize. It also adds
LaunchTemplate information to update responses and a new
"/CUSTOM"/ value for AMIType.
- from version 1.20.57
* api-change:``mediapackage``: Add support for Widevine DRM on
CMAF origin endpoints. Both Widevine and FairPlay DRMs can now
be used simultaneously, with CBCS encryption.
* api-change:``sns``: Amazon SNS adds two new attributes,
TemplateId and EntityId, for using sender IDs to send SMS
messages to destinations in India.
- from version 1.20.56
* api-change:``forecast``: This release adds
EstimatedTimeRemaining minutes field to the
DescribeDatasetImportJob, DescribePredictor, DescribeForecast
API response which denotes the time remaining to complete the
job IN_PROGRESS.
* api-change:``securityhub``: Replaced the term "/master"/ with
"/administrator"/. Added new actions to replace AcceptInvitation,
GetMasterAccount, and DisassociateFromMasterAccount. In Member,
replaced MasterId with AdministratorId.
* api-change:``cognito-idp``: Documentation updates for
cognito-idp
* api-change:``elasticache``: This release introduces log
delivery of Redis slow log from Amazon ElastiCache.
- from version 1.20.55
* api-change:``detective``: Added parameters to track the data
volume in bytes for a member account. Deprecated the existing
parameters that tracked the volume as a percentage of the
allowed volume for a behavior graph. Changes reflected in
MemberDetails object.
* api-change:``redshift``: Add operations: AddPartner,
DescribePartners, DeletePartner, and UpdatePartnerStatus to
support tracking integration status with data partners.
* api-change:``groundstation``: Support new S3 Recording Config
allowing customers to write downlink data directly to S3.
* api-change:``kendra``: Amazon Kendra now enables users to
override index-level boosting configurations for each query.
* api-change:``cloudformation``: Added support for creating and
updating stack sets with self-managed permissions from
templates that reference macros.
- from version 1.20.54
* api-change:``savingsplans``: Added support for Amazon SageMaker
in Machine Learning Savings Plans
* api-change:``ce``: Adding support for Sagemaker savings plans
in GetSavingsPlansPurchaseRecommendation API
- from version 1.20.53
* api-change:``sts``: STS now supports assume role with Web
Identity using JWT token length upto 20000 characters
* api-change:``dms``: AWS DMS added support of TLS for Kafka
endpoint. Added Describe endpoint setting API for DMS
endpoints.
- from version 1.20.52
* api-change:``mediaconnect``: For flows that use Listener
protocols, you can now easily locate an output's outbound IP
address for a private internet. Additionally, MediaConnect now
supports the Waiters feature that makes it easier to poll for
the status of a flow until it reaches its desired state.
* api-change:``config``: Add exception for
DeleteRemediationConfiguration and
DescribeRemediationExecutionStatus
* api-change:``route53``: Documentation updates for route53
* api-change:``codestar-connections``: This release adds tagging
support for CodeStar Connections Host resources
- from version 1.20.51
* api-change:``lightsail``: Documentation updates for Amazon
Lightsail.
* api-change:``sts``: This release adds the SourceIdentity
parameter that can be set when assuming a role.
* api-change:``comprehendmedical``: The InferICD10CM API now
returns TIME_EXPRESSION entities that refer to medical
conditions.
* api-change:``rds``: Clarify that enabling or disabling
automated backups causes a brief downtime, not an outage.
* api-change:``redshift``: Added support to enable AQUA in Amazon
Redshift clusters.
- Version update to 1.20.50
* api-change:``fsx``: Support for cross-region and cross-account backup copies
* api-change:``codebuild``: AWS CodeBuild now allows you to set the access
permissions for build artifacts, project artifacts, and log files that are
uploaded to an Amazon S3 bucket that is owned by another account.
- from version 1.20.49
* api-change:``redshift``: Add support for case sensitive table level restore
* api-change:``ec2``: Add paginator support to DescribeStoreImageTasks and update documentation.
* api-change:``shield``: CreateProtection now throws InvalidParameterException
instead of InternalErrorException when system tags (tag with keys prefixed with
"/aws:"/) are passed in.
- from version 1.20.48
* api-change:``lookoutequipment``: This release introduces support for Amazon Lookout for Equipment.
* api-change:``kinesis-video-archived-media``: Documentation updates for archived.kinesisvideo
* api-change:``robomaker``: This release allows RoboMaker customers to specify
custom tools to run with their simulation job
* api-change:``appstream``: This release provides support for image updates
* api-change:``ram``: Documentation updates for AWS RAM resource sharing
* api-change:``customer-profiles``: Documentation updates for Put-Integration API
* api-change:``autoscaling``: Amazon EC2 Auto Scaling announces Warm Pools that help
applications to scale out faster by pre-initializing EC2 instances and
save money by requiring fewer continuously running instances
- from version 1.20.47
* api-change:``storagegateway``: File Gateway APIs now support FSx for Windows as a cloud storage.
* api-change:``accessanalyzer``: IAM Access Analyzer now analyzes your CloudTrail
events to identify actions and services that have been used by an IAM entity
(user or role) and generates an IAM policy that is based on that activity.
* api-change:``elasticache``: This release adds tagging support for all
AWS ElastiCache resources except Global Replication Groups.
* api-change:``ivs``: This release adds support for the Auto-Record to S3 feature.
Amazon IVS now enables you to save your live video to Amazon S3.
* api-change:``mgn``: Add new service - Application Migration Service.
- from version 1.20.46
* api-change:``ssm``: Supports removing a label or labels from a parameter, enables
ScheduledEndTime and ChangeDetails for StartChangeRequestExecution API, supports
critical/security/other noncompliant count for patch API.
* api-change:``medialive``: MediaLive VPC outputs update to include Availability Zones,
Security groups, Elastic Network Interfaces, and Subnet Ids in channel response
* api-change:``ec2``: This release adds support for storing EBS-backed AMIs in S3
and restoring them from S3 to enable cross-partition copying of AMIs
* api-change:``cloud9``: Documentation updates for Cloud9
- from version 1.20.45
* api-change:``auditmanager``: AWS Audit Manager has updated the GetAssessment API
operation to include a new response field called userRole. The userRole field
indicates the role information and IAM ARN of the API caller.
* api-change:``medialive``: MediaLive now support HTML5 Motion Graphics overlay
* api-change:``appflow``: Added destination properties for Zendesk.
- from version 1.20.44
* api-change:``mediapackage``: SPEKE v2 is an upgrade to the existing SPEKE API to
support multiple encryption keys, based on an encryption contract selected by
the customer.
* api-change:``imagebuilder``: This release adds support for Block Device Mappings
for container image builds, and adds distribution configuration support for EC2
launch templates in AMI builds.
- from version 1.20.43
* api-change:``route53resolver``: Route 53 Resolver DNS Firewall is a firewall service
that allows you to filter and regulate outbound DNS traffic for your VPCs.
* api-change:``mediaconvert``: MediaConvert now supports HLS ingest, sidecar WebVTT
ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle
conversion with style, & DRC profiles in AC3 audio.
* api-change:``lightsail``: - This release adds support for state detail for
Amazon Lightsail container services.
* api-change:``kendra``: AWS Kendra's ServiceNow data source now supports OAuth 2.0
authentication and knowledge article filtering via a ServiceNow query.
* api-change:``lex-models``: Lex now supports the ja-JP locale
* api-change:``lex-runtime``: Update lex-runtime client to latest version
* api-change:``fms``: Added Firewall Manager policy support for
AWS Route 53 Resolver DNS Firewall.
* api-change:``ec2``: VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate,
which generates CloudFormation templates for Athena.
For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena
* api-change:``wafv2``: Added support for ScopeDownStatement for ManagedRuleGroups,
Labels, LabelMatchStatement, and LoggingFilter. For more information on these
features, see the AWS WAF Developer Guide.
- from version 1.20.42
* api-change:``iot``: Added ability to prefix search on attribute value for ListThings API.
* api-change:``pricing``: Minor documentation and link updates.
* api-change:``transcribe``: Amazon Transcribe now supports creating custom language models
in the following languages: British English (en-GB), Australian English (en-AU), Indian
Hindi (hi-IN), and US Spanish (es-US).
* api-change:``cloudhsm``: Minor documentation and link updates.
* api-change:``comprehend``: Support for customer managed KMS encryption of Comprehend custom models
* api-change:``cognito-sync``: Minor documentation updates and link updates.
* api-change:``batch``: AWS Batch adds support for Amazon EFS File System
* api-change:``detective``: Added the ability to assign tag values to Detective behavior
graphs. Tag values can be used for attribute-based access control, and for cost
allocation for billing.
* api-change:``iotwireless``: Add Sidewalk support to APIs: GetWirelessDevice, ListWirelessDevices,
GetWirelessDeviceStatistics. Add Gateway connection status in GetWirelessGatewayStatistics API.
* api-change:``cloudformation``: 1. Added a new parameter RegionConcurrencyType in OperationPreferences.
2. Changed the name of AccountUrl to AccountsUrl in DeploymentTargets parameter.
* api-change:``cloud9``: Add ImageId input parameter to CreateEnvironmentEC2 endpoint.
New parameter enables creation of environments with different AMIs.
* api-change:``directconnect``: This release adds MACsec support to AWS Direct Connect
* api-change:``redshift``: Enable customers to share access to their Redshift
clusters from other VPCs (including VPCs from other accounts).
* api-change:``workmail``: This release adds support for mobile device access
rules management in Amazon WorkMail.
* api-change:``datapipeline``: Minor documentation updates and link updates.
* api-change:``machinelearning``: Minor documentation updates and link updates.
- from version 1.20.41
* api-change:``sagemaker``: Amazon SageMaker Autopilot now supports 1) feature importance
reports for AutoML jobs and 2) PartialFailures for AutoML jobs
* api-change:``ec2-instance-connect``: Adding support to push SSH keys to the EC2 serial
console in order to allow an SSH connection to your Amazon EC2 instance's serial port.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``databrew``: This SDK release adds two new dataset features: 1) support for
specifying a database connection as a dataset input 2) support for dynamic datasets that
accept configurable parameters in S3 path.
* api-change:``frauddetector``: This release adds support for
Batch Predictions in Amazon Fraud Detector.
* api-change:``ec2``: ReplaceRootVolume feature enables customers to replace the EBS root
volume of a running instance to a previously known state. Add support to grant
account-level access to the EC2 serial console
* api-change:``config``: Adding new APIs to support ConformancePack Compliance CI in Aggregators
* api-change:``pinpoint``: Added support for journey pause/resume, journey
updatable import segment and journey quiet time wait.
- from version 1.20.40
* api-change:``wafv2``: Added custom request handling and custom response support in
rule actions and default action; Added the option to inspect the web request body
as parsed and filtered JSON.
* api-change:``iam``: AWS Identity and Access Management GetAccessKeyLastUsed API will
throw a custom error if customer public key is not found for access keys.
* api-change:``glue``: Allow Dots in Registry and Schema Names for CreateRegistry,
CreateSchema; Fixed issue when duplicate keys are present and not returned as part
of QuerySchemaVersionMetadata.
* api-change:``docdb``: This release adds support for Event Subscriptions to DocumentDB.
* api-change:``location``: Amazon Location added support for specifying pricing plan
information on resources in alignment with our cost model.
- from version 1.20.39
* api-change:``iotwireless``: Support tag-on-create for WirelessDevice.
* api-change:``customer-profiles``: This release adds an optional parameter
named FlowDefinition in PutIntegrationRequest.
* api-change:``events``: Add support for SageMaker Model Builder
Pipelines Targets to EventBridge
* api-change:``transcribe``: Amazon Transcribe now supports tagging words that
match your vocabulary filter for batch transcription.
- from version 1.20.38
* api-change:``lookoutmetrics``: Allowing uppercase alphabets for RDS and Redshift database names.
- from version 1.20.37
* api-change:``sqs``: Documentation updates for Amazon SQS
* api-change:``rekognition``: This release introduces AWS tagging support
for Amazon Rekognition collections, stream processors, and Custom Label models.
* api-change:``sagemaker``: This feature allows customer to specify the environment
variables in their CreateTrainingJob requests.
* api-change:``medialive``: EML now supports handling HDR10 and
HLG 2020 color space from a Link input.
* api-change:``lookoutmetrics``: Amazon Lookout for Metrics is now generally available.
You can use Lookout for Metrics to monitor your data for anomalies.
For more information, see the Amazon Lookout for Metrics Developer Guide.
* api-change:``alexaforbusiness``: Added support for enabling and disabling data
retention in the CreateProfile and UpdateProfile APIs and retrieving the state of
data retention for a profile in the GetProfile API.
- from version 1.20.36
* api-change:``ssm``: This release allows SSM Explorer customers to enable OpsData
sources across their organization when creating a resource data sync.
* api-change:``route53``: Documentation updates for route53
* bugfix:S3: Fix an issue with XML newline normalization in PutBucketLifecycleConfiguration requests.
* api-change:``s3``: Documentation updates for Amazon S3
* api-change:``s3control``: Documentation updates for s3-control
* api-change:``ec2``: maximumEfaInterfaces added to DescribeInstanceTypes API
* api-change:``greengrass``: Updated the parameters to make name required for CreateGroup API.
- from version 1.20.35
* api-change:``ce``: You can now create cost categories with inherited value
rules and specify default values for any uncategorized costs.
* api-change:``fis``: Updated maximum allowed size of action parameter from 64 to 1024
* api-change:``redshift``: Removed APIs to control AQUA on clusters.
* api-change:``iam``: Documentation updates for IAM operations and descriptions.
* api-change:``gamelift``: GameLift adds support for using event notifications to monitor
game session placements. Specify an SNS topic or use CloudWatch Events to track activity
for a game session queue.
- from version 1.20.34
* api-change:``ec2``: This release adds support for UEFI boot on selected
AMD- and Intel-based EC2 instances.
* api-change:``redshift``: Added support to enable AQUA in Amazon Redshift clusters.
* api-change:``codeartifact``: Documentation updates for CodeArtifact
* api-change:``macie2``: This release of the Amazon Macie API adds support for publishing
sensitive data findings to AWS Security Hub and specifying which categories of findings
to publish to Security Hub.
- from version 1.20.33
* api-change:``sagemaker``: Adding authentication support for pulling images stored in
private Docker registries to build containers for real-time inference.
* api-change:``ec2``: X2gd instances are the next generation of memory-optimized instances
powered by AWS-designed, Arm-based AWS Graviton2 processors.
- from version 1.20.32
* bugfix:s3: Updated mislabeled exceptions for S3 Object Lambda
- from version 1.20.31
* api-change:``autoscaling``: Amazon EC2 Auto Scaling Instance Refresh
now supports phased deployments.
* api-change:``s3``: S3 Object Lambda is a new S3 feature that enables users to apply their
own custom code to process the output of a standard S3 GET request by automatically
invoking a Lambda function with a GET request
* api-change:``redshift``: Add new fields for additional information about VPC endpoint
for clusters with reallocation enabled, and a new field for total storage capacity for
all clusters.
* api-change:``s3control``: S3 Object Lambda is a new S3 feature that enables users to apply
their own custom code to process the output of a standard S3 GET request by automatically
invoking a Lambda function with a GET request
* api-change:``securityhub``: New object for separate provider and customer values. New objects
track S3 Public Access Block configuration and identify sensitive data. BatchImportFinding
requests are limited to 100 findings.
- from version 1.20.30
* api-change:``sagemaker``: Support new target device ml_eia2 in SageMaker CreateCompilationJob API
* api-change:``batch``: Making serviceRole an optional parameter when creating a compute environment.
If serviceRole is not provided then Service Linked Role will be created (or reused if it already exists).
- from version 1.20.29
* api-change:``lambda``: Allow empty list for function response types
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediaconnect``: This release adds support for the
SRT-listener protocol on sources and outputs.
* api-change:``accessanalyzer``: This release adds support for the ValidatePolicy API. IAM Access
Analyzer is adding over 100 policy checks and actionable recommendations that help you validate
your policies during authoring.
* api-change:``mediatailor``: MediaTailor channel assembly is a new manifest-only service
that allows you to assemble linear streams using your existing VOD content.
* api-change:``mwaa``: This release adds UPDATE_FAILED and UNAVAILABLE MWAA environment states.
* api-change:``gamelift``: GameLift expands to six new AWS Regions, adds support for multi-location
fleets to streamline management of hosting resources, and lets you customize more
of the game session placement process.
- from version 1.20.28
* api-change:``fis``: Initial release of AWS Fault Injection Simulator, a managed service that
enables you to perform fault injection experiments on your AWS workloads
* api-change:``codedeploy``: AWS CodeDeploy can now detect instances running an outdated revision
of your application and automatically update them with the latest revision.
* api-change:``emr``: Update emr client to latest version
* api-change:``ecs``: This is for ecs exec feature release which includes two new APIs - execute-command
and update-cluster and an AWS CLI customization for execute-command API
- from version 1.20.27
* api-change:``mediatailor``: MediaTailor channel assembly is a new manifest-only service
that allows you to assemble linear streams using your existing VOD content.
* api-change:``workspaces``: Adds API support for WorkSpaces bundle management operations.
* api-change:``cur``: - Added optional billingViewArn field for OSG.
- from version 1.20.26
* api-change:``comprehend``: Update comprehend client to latest version
* api-change:``wafv2``: Update wafv2 client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``network-firewall``: Update network-firewall client to latest version
- from version 1.20.25
* api-change:``accessanalyzer``: Update accessanalyzer client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``backup``: Update backup client to latest version
- from version 1.20.24
* api-change:``rds``: Update rds client to latest version
* api-change:``codeguruprofiler``: Update codeguruprofiler client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``iotwireless``: Update iotwireless client to latest version
* api-change:``efs``: Update efs client to latest version
- from version 1.20.23
* api-change:``lambda``: Update lambda client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``kinesis-video-archived-media``: Update kinesis-video-archived-media
client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``s3control``: Update s3control client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
- from version 1.20.22
* api-change:``license-manager``: Update license-manager client to latest version
* api-change:``network-firewall``: Update network-firewall client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``athena``: Update athena client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``shield``: Update shield client to latest version
* api-change:``codepipeline``: Update codepipeline client to latest version
* api-change:``appflow``: Update appflow client to latest version
- from version 1.20.21
* api-change:``servicediscovery``: Update servicediscovery client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``mwaa``: Update mwaa client to latest version
- from version 1.20.20
* api-change:``forecast``: Update forecast client to latest version
* api-change:``secretsmanager``: Update secretsmanager client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``es``: Update es client to latest version
* api-change:``acm``: Update acm client to latest version
* api-change:``wellarchitected``: Update wellarchitected client to latest version
- from version 1.20.19
* api-change:``iotwireless``: Update iotwireless client to latest version
* api-change:``directconnect``: Update directconnect client to latest version
* bugfix:S3: Fix an issue with XML newline normalization that could result in the
DeleteObjects operation incorrectly deleting the wrong keys.
* api-change:``managedblockchain``: Update managedblockchain client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``compute-optimizer``: Update compute-optimizer client to latest version
* api-change:``datasync``: Update datasync client to latest version
- from version 1.20.18
* api-change:``alexaforbusiness``: Update alexaforbusiness client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``codepipeline``: Update codepipeline client to latest version
* api-change:``eks``: Update eks client to latest version
- from version 1.20.17
* api-change:``s3``: Update s3 client to latest version
* api-change:``sso-admin``: Update sso-admin client to latest version
* api-change:``eks``: Update eks client to latest version
* api-change:``emr``: Update emr client to latest version
- from version 1.20.16
* api-change:``databrew``: Update databrew client to latest version
* api-change:``detective``: Update detective client to latest version
* api-change:``lightsail``: Update lightsail client to latest version
* api-change:``imagebuilder``: Update imagebuilder client to latest version
* api-change:``transfer``: Update transfer client to latest version
- from version 1.20.15
* api-change:``es``: Update es client to latest version
* api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version
* api-change:``appflow``: Update appflow client to latest version
* api-change:``ecr-public``: Update ecr-public client to latest version
* api-change:``compute-optimizer``: Update compute-optimizer client to latest version
- from version 1.20.14
* api-change:``glue``: Update glue client to latest version
* api-change:``redshift-data``: Update redshift-data client to latest version
* api-change:``s3control``: Update s3control client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``pinpoint``: Update pinpoint client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``iotevents``: Update iotevents client to latest version
* api-change:``connect``: Update connect client to latest version
- from version 1.20.13
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
- from version 1.20.12
* api-change:``rds``: Update rds client to latest version
- from version 1.20.11
* api-change:``health``: Update health client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``cloudformation``: Update cloudformation client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
- from version 1.20.10
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``config``: Update config client to latest version
* api-change:``lookoutvision``: Update lookoutvision client to latest version
- python-configshell-fb
-
- Upgrade to latest upstream version v1.1.29 (jre#SLE-17360):
* setup.py: specify a version range for pyparsing
* setup.py: lets stick to pyparsing v2.4.7
* Don't warn if prefs file doesn't exist
- Update to version v1.1.28 from v1.1.27 (jre#SLE-17360):
* version 1.1.28
* Ensure that all output reaches the client when daemonized
* Remove Epydoc markup from command messages
* Remove epydoc imports and epydoc calls
Which removed the need for patch:
* Ensure-that-all-output-reaches-the-client-when-daemo.patch
- python-jsonschema
-
- Add patch to fix build with new webcolors:
* webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
* Added a format_nongpl setuptools extra, which installs only format
dependencies that are non-GPL (#619).
- specfile:
* be more explicit in %files section
* require python-importlib-metadata
- update to version 3.1.1:
* Temporarily revert the switch to js-regex until #611 and #612 are
resolved.
- changes from version 3.1.0:
* Regular expressions throughout schemas now respect the ECMA 262
dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
* Fixed a bug where 0 and False were considered equal by
const and enum
- from v3.0.1
* Fixed a bug where extending validators did not preserve their
notion of which validator property contains $id information.
- from v3.0.0
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions
(and overrides)
* Falling back to isodate for the date-time format checker is
no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions (and overrides)
* Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
- python-paramiko
-
- update to 2.4.3
* Fix Ed25519 key handling so certain key comment lengths don't cause
SSHException("/Invalid key"/) (bsc#1200603)
* Add support for the modern (as of Python 3.3) import location of
MutableMapping (used in host key management) to avoid the old location
becoming deprecated in Python 3.8.
- refresh add-support-for-new-OpenSSH-private-key-format.patch
- refresh paramiko-test_extend_timeout.patch
- refresh support-cryptography-25-and-above.patch
- Add CVE-2022-24302-race-condition.patch:
* Fix a race condition between creation and chmod when writing private
keys. (bsc#1197279)
* Fix exploit (CVE-2018-1000805) in Paramiko's server mode (not client mode)
(bsc#1111151)
- python-psutil
-
- Add patch mem-used-bsc1181475.patch (bsc#1181475)
* Adopt change of used memory calculation from upstream of procps
- python-py
-
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
* Fix a regular expression DoS vulnerability in the py.path.svnwc
SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
* Add type annotation stubs
- python-pytz
-
- update to 2022.1
* matches tzdata 2022a
* declare python 3.10 compatibility
- update to 2021.3
* matches tzdata 2021c
- python-rtslib-fb
-
- Update parameters description in rbd-support.patch
- Add rbd-support-disable_emulate_legacy_capacity.patch (bsc#1199090)
- python-s3transfer
-
- Update 0.5.0: (bsc#1189649)
* feature:Python: Dropped support for Python 2.7
- Disable Python2 builds for all SUSE distributions
- Remove Python2 build dependencies from spec file
- Update to 0.4.2:
* enhancement:s3: Add support for ExpectedBucketOwner. Fixes #181.
- Update to 0.4.1:
* enhancement:crt: Add set_exception to CRTTransferFuture to allow setting exceptions in subscribers.
- Update to 0.4.0:
* feature:crt: Add optional AWS Common Runtime (CRT) support. The AWS CRT provides a C-based S3 transfer client that can improve transfer throughput.
- Update to 0.3.7:
* bugfix:ReadFileChunk: Fix seek behavior in ReadFileChunk class
- Update to 0.3.6:
* bugfix:packaging: Fix setup.py metadata for futures on Python 2.7
- Update to 0.3.5:
* enhancement:s3: Block TransferManager methods for S3 Object Lambda resources
- Update to 0.3.4:
* enhancement:s3: Add server side encryption context into allowed list
- Only build Python3 flavors for distributions 15 and greater
- Update to version 0.2.1 (bsc#1146853)
- update to 0.1.13 (bsc#1075263)
- python3
-
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Rename support-expat-245.patch to
support-expat-CVE-2022-25236-patched.patch to unify the patch
with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
OpenSSL (bpo#9425).
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
OpenSSL (bpo#9425).
- Don't use OpenSSL 1.1 on platforms which don't have it.
- Remove shebangs from from python-base libraries in _libdir
(bsc#1193179, bsc#1192249).
- Readjust patches:
- bpo-31046_ensurepip_honours_prefix.patch
- decimal.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566)
- 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore
permission error when changing the mtime of the source file in presence
of SOURCE_DATE_EPOCH
- The previous construct works only on the current Factory, not
in SLE.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Due to conflicting demands of bsc#1183858 and platforms where
Python 3.6 is only in interpreter+pip set we have to make
complicated ugly construct about Sphinx BR.
- Make python36 primary interpreter on SLE-15
- Make build working even on older SLEs.
- Update to 3.6.15:
- bpo-43124: Made the internal putcmd function in smtplib
sanitize input for presence of r and n characters to avoid
(unlikely) command injection. Library
- bpo-45001: Made email date parsing more robust against
malformed input, namely a whitespace-only Date: header. Patch
by Wouter Bolsterlee. Tests
- bpo-38965: Fix test_faulthandler on GCC 10. Use the
“volatile” keyword in faulthandler._stack_overflow() to
prevent tail call optimization on any compiler, rather than
relying on compiler specific pragma.
- Remove upstreamed patches:
- faulthandler_stack_overflow_on_GCC10.patch
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
- Update to 3.6.14:
* Security
- bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now
avoids infinitely reading potential HTTP headers after
a 100 Continue status response from the server.
- bpo-43882: The presence of newline or tab characters in parts
of a URL could allow some forms of attacks.
Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature
of the pydoc module which could be abused to read arbitrary files
on the disk (directory traversal vulnerability). Moreover, even
source code of Python modules can contain sensitive data like
passwords. Vulnerability reported by David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value
returned from the server in response to the PASV command by
default. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the
client network.
Code that requires the former vulnerable behavior may set a
trust_server_pasv_ipv4_address attribute on their ftplib.FTP
instances to True to re-enable it.
- bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression
Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable
regex has quadratic worst-case complexity and it allows cause
a denial of service when identifying crafted invalid RFCs. This
ReDoS issue is on the client side and needs remote attackers to
control the HTTP server.
- Upstreamed patches were removed:
- CVE-2021-3426-inf-disclosure-pydoc-getfile.patch
- CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
- Refreshed patches:
- python3-sorted_tar.patch
- riscv64-ctypes.patch
- Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- add 22198.patch to build with Sphinx 4
- Stop providing "/python"/ symbol (bsc#1185588), which means
python2 currently.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and
CRLF_injection_via_host_part.patch.
- python3-ec2imgutils
-
- Update to version 9.0.4 (bsc#1192298)
+ Set a time out for the ssh connection to avoid hang in a multi threaded
environment
- Update to version 9.0.3 (bsc#1190538)
+ Support setting the boot mode for EC2 images, either to legacy-bios
or uefi. Argument is optional, without it instance will use the default
boot mode for the given instance type.
- Update to version 9.0.2 (bsc#1189649)
+ In addition to tagging images in AWS also set them to deprecated
in EC2. This allows the framework to hide the images from new users
when images are no longer supposed to be used.
- release-notes-sle_hpc
-
- 15.3.20220831 (tracked in bsc#933411)
- Removed mention of SES (bsc#1188305)
- Updated links (bsc#1187664)
- rpm-config-SUSE
-
- Add bsc1192160-rpm-config-SUSE-support-compressed-firmware-files.patch:
Backported from e4c04ac, the upcoming kernel will support the
compressed firmware files, and this patch corresponds to that kernel
change, fixing firmware.prov to deal with the xz-compressed firmware
files as well (bsc#1192160).
- Support ZSTD compressed kernel modules
[bsc#1190850,
bsc1190850-support-zstd-compressed-kernel-modules.patch]
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
- Fixed an error when using the external compression library
where files larger that 1GB would not be transferred completely
and failing with error:
- deflate on token returned 0 (XXX bytes left)
- rsync error: error in rsync protocol data stream (code 12)
* Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
* Add rsync-iconv-segfault.patch
- rsyslog
-
- - fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
* add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- Remove inotify watch descriptor in imfile on inode change detected
(bsc#1198939)
* add 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
syslog reception (bsc#1199061)
* add CVE-2022-24903.patch
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
- fix config parameters in specfile (bsc#1194593)
- Upgrade to rsyslog 8.2106.0:
* NOTE: the prime new feature is support for TLS and non-TLS connections
via imtcp in parallel. Furthermore, most TLS parameters can now be overriden
at the input() level. The notable exceptions are certificate files, something
that is due to be implemented as next step.
* 2021-06-14: new global option "/parser.supportCompressionExtension"/
This permits to turn off rsyslog's single-message compression extension
when it interferes with non-syslog message processing (the parser
subsystem expects syslog messages, not generic text)
closes https://github.com/rsyslog/rsyslog/issues/4598
* 2021-05-12: imtcp: add more override config params to input()
It is now possible to override all module parameters at the input() level. Module
parameters serve as defaults. Existing configs need no modification.
* 2021-05-06: imtcp: add stream driver parameter to input() configuration
This permits to have different inputs use different stream drivers
and stream driver parameters.
closes https://github.com/rsyslog/rsyslog/issues/3727
* 2021-04-29: imtcp: permit to run multiple inputs in parallel
Previously, a single server was used to run all imtcp inputs. This
had a couple of drawsbacks. First and foremost, we could not use
different stream drivers in the varios inputs. This patch now
provides a baseline to do that, but does still not implement the
capability (in this sense it is a staging patch).
Secondly, we now ensure that each input has at least one exclusive
thread for processing, untangling the performance of multiple
inputs from each other.
see also: https://github.com/rsyslog/rsyslog/issues/3727
* 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown
tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and,
in theory, also others - even ones we do not know about). However, the
internal synchornization did not properly take multiple tcpsrv users
in consideration.
As such, a single user could hang under some circumstances. This was
caused by improperly awaking all users from a pthread condition wait.
That in turn could lead to some sluggish behaviour and, in rare cases,
a hang at shutdown.
Note: it was highly unlikely to experience real problems with the
officially provided modules.
* 2021-04-22: refactoring of syslog/tcp driver parameter passing
This has now been generalized to a parameter block, which makes it much cleaner and
also easier to add new parameters in the future.
* 2021-04-22: config script: add re_match_i() and re_extract_i() functions
This provides case-insensitive regex functionality.
closes https://github.com/rsyslog/rsyslog/issues/4429
- Upgrade to rsyslog 8.2104.0:
* rainerscript: call getgrnam_r repeatedly to get all group members
(bsc#1178490)
* new contributed module imhiredis
* new built-in function get_property() to access property vars
* mmdblookup: add support for mmdb DB reload on HUP
* script bugfix: empty array in foreach() improperly handled
* imjournal bugfixes (handle leak, empty file)
* new contributed function module fmunflatten
* test bugfix: some tests did not work with newer TLS library versions
* some improvements to project CI
- update remote.conf example file to new 'Address' and 'Port' notation
(bsc#1182653)
- HTTPS URLs used for source
- Upgrade to rsyslog 8.2102.0:
* omfwd: add stats counter for sent bytes
* omfwd: add error reporting configuration option
* action stats counter bugfix: failure count was not properly incremented
* action stats counter bugfix: resume count was not incremented
* omfwd bugfix: segfault or error if port not given
* lookup table bugfix: data race on lookup table reload
* testbench modernization
* testbench: fix invalid sequence of kafka tests runs
* testbench: fix kafkacat issues
* testbench: fix year-dependendt clickhouse test
- Upgrade to rsyslog 8.2012.0:
* testbench bugfix: some tests did not work in make distcheck
* immark: rewrite with many improvements
* usability: re-phrase error message to help users better understand cause
* add new system property $now-unixtimestamp
* omfwd: add new rate limit option
* omfwd bug: param "/StreamDriver.PermitExpiredCerts"/ is not "/off"/ by default
- prepare usrmerge (boo#1029961)
- remove legacy stuff from specfile
* sysvinit is not supported anymore, so remove all tests
related to systemv in the specfile
- Upgrade to rsyslog 8.2010.0:
* gnutls TLS subsystem bugfix: handshake error handling
* core/msg bugfix: memory leak
* core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object
* openssl TLS subsystem: improvments of error and status messages
* add 'exists()' script function to check if variable exists
* core bugfix: do not create empty JSON objects on non-existent key access
* gnutls subsysem bugfix: potential hang on session closure
* core/network bugfix: obey net.enableDNS=off when querying local hostname
* core bugfix: potential segfault on query of PROGRAMNAME property
* imtcp bugfix: broken connection not necessariy detected
* new module: imhttp - http input
* mmdarwin bugfix: potential zero uuid when reusing existing one
* imdocker bugfix: build issue on some platforms
* omudpspoof bugfix: make compatbile with Solaris build
* testbench fix: python 3 incompatibility
* core bugfix: segfault if disk-queue file cannot be created
* cosmetic: fix dummy module name in debug output
* config bugfix: intended warning emitted as error
- Upgrade to rsyslog 8.2008.0
Way too many changes since 8.39.0 to be listed here.
- Added custom unit file rsyslog.service because
systemd service file was removed from upstream project
- Removed obsolete patches:
* 0001-satisfy-gcc-flag-fno-common.patch
* rsyslog-pgsql-pkg-config.patch
* rsyslog-unit.patch
- Use systemd_ordering instead of requiring to make rsyslog useable
in containers.
- Fix the URL for bug reporting, should not point to novell.com
(bsc#1173433)
- Add support for omkafka which is now in Factory, and 15.x repos
- avoid build error with gcc flag -fno-common (bsc#1160414)
* add 0001-satisfy-gcc-flag-fno-common.patch
- ruby2
-
- Update suse.patch to 41adc98ad1:
- Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819)
- add back some lost chunks to the suse.patch
- Update suse.patch:
- backport fix for CVE-2022-28739: ruby: Buffer overrun in
String-to-Float conversion (boo#1198441)
- back port date 2.0.3 CVE-2021-41817 (boo#1193035)
- merge the previous bug fixes into suse.patch
- CVE-2021-32066.patch
- CVE-2021-31810.patch
- CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
extconf.rb work
Add patches to fix the following CVE's:
- CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
vulnerability in Net:IMAP (bsc#1188160)
- CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
responses vulnerability in Net:FTP (bsc#1188161)
- CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
vulnerability in RDoc (bsc#1190375)
- runc
-
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "/permission denied"/ error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
- Update to runc v1.1.3. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.3.
(Includes a fix for bsc#1200088.)
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
code (this was due to how s390x does syscall multiplexing).
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
* Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang.
* When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths.
* Socket activation was failing when more than 3 sockets were used.
* Various CI fixes.
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
* runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
- bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
+ bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
- Update to runc v1.1.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.2.
CVE-2022-29162 bsc#1199460
* A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical Linux
environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
CVE-2022-29162. bsc#1199460
* `runc spec` no longer sets any inheritable capabilities in the created
example OCI spec (`config.json`) file.
- Update to runc v1.1.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.1.
* runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355)
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404)
* Loosen OCI spec validation to avoid bogus "/Intel RDT is not supported"/
error. (#3406)
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
- Update to runc v1.1.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.0.
- libcontainer will now refuse to build without the nsenter package being
correctly compiled (specifically this requires CGO to be enabled). This
should avoid folks accidentally creating broken runc binaries (and
incorrectly importing our internal libraries into their projects). (#3331)
- Update to runc v1.1.0~rc1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
+ Add support for RDMA cgroup added in Linux 4.11.
* runc exec now produces exit code of 255 when the exec failed.
This may help in distinguishing between runc exec failures
(such as invalid options, non-running container or non-existent
binary etc.) and failures of the command being executed.
+ runc run: new --keep option to skip removal exited containers artefacts.
This might be useful to check the state (e.g. of cgroup controllers) after
the container hasexited.
+ seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
(the latter is just an alias for SCMP_ACT_KILL).
+ seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
users to create sophisticated seccomp filters where syscalls can be
efficiently emulated by privileged processes on the host.
+ checkpoint/restore: add an option (--lsm-mount-context) to set
a different LSM mount context on restore.
+ intelrdt: support ClosID parameter.
+ runc exec --cgroup: an option to specify a (non-top) in-container cgroup
to use for the process being executed.
+ cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
run/exec now adds the container to the appropriate cgroup under it).
+ sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
behaviour.
+ mounts: add support for bind-mounts which are inaccessible after switching
the user namespace. Note that this does not permit the container any
additional access to the host filesystem, it simply allows containers to
have bind-mounts configured for paths the user can access but have
restrictive access control settings for other users.
+ Add support for recursive mount attributes using mount_setattr(2). These
have the same names as the proposed mount(8) options -- just prepend r
to the option name (such as rro).
+ Add runc features subcommand to allow runc users to detect what features
runc has been built with. This includes critical information such as
supported mount flags, hook names, and so on. Note that the output of this
command is subject to change and will not be considered stable until runc
1.2 at the earliest. The runtime-spec specification for this feature is
being developed in opencontainers/runtime-spec#1130.
* system: improve performance of /proc/$pid/stat parsing.
* cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
the ownership of certain cgroup control files (as per
/sys/kernel/cgroup/delegate) to allow for proper deferral to the container
process.
* runc checkpoint/restore: fixed for containers with an external bind mount
which destination is a symlink.
* cgroup: improve openat2 handling for cgroup directory handle hardening.
runc delete -f now succeeds (rather than timing out) on a paused
container.
* runc run/start/exec now refuses a frozen cgroup (paused container in case of
exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.
- Update to runc v1.0.3. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784
bsc#1193436
* A potential vulnerability was discovered in runc (related to an internal
usage of netlink), however upon further investigation we discovered that
while this bug was exploitable on the master branch of runc, no released
version of runc could be exploited using this bug. The exploit required
being able to create a netlink attribute with a length that would overflow a
uint16 but this was not possible in any released version of runc. For more
information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
Due to an abundance of caution we decided to do an emergency release with
this fix, but to reiterate we do not believe this vulnerability was
possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
discovering and reporting this vulnerability so quickly.
* Fixed inability to start a container with read-write bind mount of a
read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
- Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the "/adding seccomp filter
rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful "/failed to decode ..."/ errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
Azure volume.
* Fixed "/unable to find groups ... token too long"/ error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
with runc under openSUSE MicroOS's SELinux policy. boo#1187704
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert "/number of IOs"/ statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
* cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make "/runc --version"/ output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
syscalls unusable for glibc.
- salt
-
- Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
- Fix Syndic authentication errors (bsc#1199562)
- Add Amazon EC2 detection for virtual grains (bsc#1195624)
- Fix the regression in schedule module releasded in 3004 (bsc#1202631)
- Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
- Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Fix test_ipc unit test
- Added:
* fix-the-regression-in-schedule-module-releasded-in-3.patch
* ignore-non-utf8-characters-while-reading-files-with-.patch
* backport-syndic-auth-fixes.patch
* retry-if-rpm-lock-is-temporarily-unavailable-547.patch
* change-the-delimeters-to-prevent-possible-tracebacks.patch
* fix-state.apply-in-test-mode-with-file-state-module-.patch
* fix-test_ipc-unit-tests.patch
* add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Added:
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* save-log-to-logfile-with-docker.build.patch
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* normalize-package-names-once-with-pkg.installed-remo.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* use-salt-bundle-in-dockermod.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* add-support-for-gpgautoimport-539.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- Added:
* fix-for-cve-2022-22967-bsc-1200566.patch
- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
- Added:
* make-sure-saltcacheloader-use-correct-fileclient-519.patch
- Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672)
* See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Expose missing "/ansible"/ module functions in Salt 3004 (bsc#1195625)
- Fixes for Python 3.10
- Fix issues found around pre_flight_script_args
- Fix salt-call event.send with pillar or grains
- Fix exception in batch_async caused by a bad function call
- Fix print regression for yumnotify plugin
- Fix issues with salt-ssh's extra-filerefs
- Fix crash when calling manage.not_alive runners
- Added:
* add-missing-ansible-module-functions-to-whitelist-in.patch
* drop-serial-from-event.unpack-in-cli.batch_async.patch
* fix-crash-when-calling-manage.not_alive-runners.patch
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
* fix-salt-call-event.send-call-with-grains-and-pillar.patch
* fix-the-regression-for-yumnotify-plugin-456.patch
* fixes-for-python-3.10-502.patch
* prevent-shell-injection-via-pre_flight_script_args-4.patch
- Modified:
* add-custom-suse-capabilities-as-grains.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* add-migrated-state-and-gpg-key-management-functions-.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* adds-explicit-type-cast-for-port.patch
* async-batch-implementation.patch
* debian-info_installed-compatibility-50453.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* early-feature-support-config.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* fix-bsc-1065792.patch
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
* fix-multiple-security-issues-bsc-1197417.patch
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
* fixes-56144-to-enable-hotadd-profile-support.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* implementation-of-suse_ip-execution-module-bsc-10999.patch
* improvements-on-ansiblegate-module-354.patch
* include-aliases-in-the-fqdns-grains.patch
* info_installed-works-without-status-attr-now.patch
* make-aptpkg.list_repos-compatible-on-enabled-disable.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
* refactor-and-improvements-for-transactional-updates-.patch
* restore-default-behaviour-of-pkg-list-return.patch
* return-the-expected-powerpc-os-arch-bsc-1117995.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
* run-salt-master-as-dedicated-salt-user.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
* switch-firewalld-state-to-use-change_interface.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* x509-fixes-111.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
* 3002-set-distro-requirement-to-oldest-supported-vers.patch
* 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
* 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
* accumulated-changes-from-yomi-167.patch
* accumulated-changes-required-for-yomi-165.patch
* add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
* add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
* add-all_versions-parameter-to-include-all-installed-.patch
* add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
* add-astra-linux-common-edition-to-the-os-family-list.patch
* add-batch_presence_ping_timeout-and-batch_presence_p.patch
* add-cpe_name-for-osversion-grain-parsing-u-49946.patch
* add-docker-logout-237.patch
* add-hold-unhold-functions.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
* add-multi-file-support-and-globbing-to-the-filetree-.patch
* add-new-custom-suse-capability-for-saltutil-state-mo.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
* add-pkg.services_need_restart-302.patch
* add-saltssh-multi-version-support-across-python-inte.patch
* add-supportconfig-module-for-remote-calls-and-saltss.patch
* add-virt.all_capabilities.patch
* adding-preliminary-support-for-rocky.-59682-391.patch
* allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
* allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
* ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
* apply-patch-from-upstream-to-support-python-3.8.patch
* async-batch-implementation-fix-320.patch
* avoid-traceback-when-http.query-request-cannot-be-pe.patch
* backport-a-few-virt-prs-272.patch
* backport-of-upstream-pr59492-to-3002.2-404.patch
* backport-thread.is_alive-fix-390.patch
* backport-virt-patches-from-3001-256.patch
* batch-async-catch-exceptions-and-safety-unregister-a.patch
* batch_async-avoid-using-fnmatch-to-match-event-217.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
* changed-imports-to-vendored-tornado.patch
* clear-network-interface-cache-when-grains-are-reques.patch
* do-noop-for-services-states-when-running-systemd-in-.patch
* do-not-break-repo-files-with-multiple-line-values-on.patch
* do-not-crash-when-there-are-ipv6-established-connect.patch
* do-not-make-ansiblegate-to-crash-on-python3-minions.patch
* do-not-monkey-patch-yaml-bsc-1177474.patch
* do-not-raise-streamclosederror-traceback-but-only-lo.patch
* don-t-call-zypper-with-more-than-one-no-refresh.patch
* drop-wrong-mock-from-chroot-unit-test.patch
* drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
* ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
* fall-back-to-pymysql.patch
* figure-out-python-interpreter-to-use-inside-containe.patch
* fix-__mount_device-wrapper-254.patch
* fix-a-test-and-some-variable-names-229.patch
* fix-a-wrong-rebase-in-test_core.py-180.patch
* fix-aptpkg-systemd-call-bsc-1143301.patch
* fix-aptpkg.normalize_name-when-package-arch-is-all.patch
* fix-async-batch-multiple-done-events.patch
* fix-async-batch-race-conditions.patch
* fix-batch_async-obsolete-test.patch
* fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
* fix-error-handling-in-openscap-module-bsc-1188647-40.patch
* fix-failing-unit-tests-for-batch-async.patch
* fix-failing-unit-tests-for-systemd.patch
* fix-for-log-checking-in-x509-test.patch
* fix-for-some-cves-bsc1181550.patch
* fix-for-temp-folder-definition-in-loader-unit-test.patch
* fix-git_pillar-merging-across-multiple-__env__-repos.patch
* fix-grains.test_core-unit-test-277.patch
* fix-ipv6-scope-bsc-1108557.patch
* fix-issue-parsing-errors-in-ansiblegate-state-module.patch
* fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
* fix-novendorchange-option-284.patch
* fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
* fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
* fix-save-for-iptables-state-module-bsc-1185131-372.patch
* fix-the-removed-six.itermitems-and-six.-_type-262.patch
* fix-unit-test-for-grains-core.patch
* fix-unit-tests-for-batch-async-after-refactor.patch
* fix-virt.update-with-cpu-defined-263.patch
* fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
* fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
* fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
* fixes-cve-2018-15750-cve-2018-15751.patch
* fixing-streamclosed-issue.patch
* get-os_arch-also-without-rpm-package-installed.patch
* grains-master-can-read-grains.patch
* grains.extra-support-old-non-intel-kernels-bsc-11806.patch
* handle-master-tops-data-when-states-are-applied-by-t.patch
* handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
* implement-network.fqdns-module-function-bsc-1134860-.patch
* improve-batch_async-to-release-consumed-memory-bsc-1.patch
* integration-of-msi-authentication-with-azurearm-clou.patch
* invalidate-file-list-cache-when-cache-file-modified-.patch
* loop-fix-variable-names-for-until_no_eval.patch
* loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
* make-profiles-a-package.patch
* move-server_id-deprecation-warning-to-reduce-log-spa.patch
* move-vendor-change-logic-to-zypper-class-355.patch
* open-suse-3002.2-bigvm-310.patch
* open-suse-3002.2-virt-network-311.patch
* open-suse-3002.2-xen-grub-316.patch
* opensuse-3000-libvirt-engine-fixes-251.patch
* opensuse-3000-virt-defined-states-222.patch
* opensuse-3000.2-virt-backports-236-257.patch
* opensuse-3000.3-spacewalk-runner-parse-command-250.patch
* option-to-en-disable-force-refresh-in-zypper-215.patch
* parsing-epoch-out-of-version-provided-during-pkg-rem.patch
* path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
* pkgrepo-support-python-2.7-function-call-295.patch
* prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
* prevent-command-injection-in-the-snapper-module-bsc-.patch
* prevent-import-errors-when-running-test_btrfs-unit-t.patch
* prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
* prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
* prevent-systemd-run-description-issue-when-running-a.patch
* prevent-test_mod_del_repo_multiline_values-to-fail.patch
* provide-the-missing-features-required-for-yomi-yet-o.patch
* python3.8-compatibility-pr-s-235.patch
* re-adding-function-to-test-for-root.patch
* regression-fix-of-salt-ssh-on-processing-targets-353.patch
* reintroducing-reverted-changes.patch
* remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
* remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
* remove-deprecated-warning-that-breaks-miniion-execut.patch
* remove-duplicated-method-definitions-in-salt.netapi-.patch
* remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
* remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
* remove-vendored-backports-abc-from-requirements.patch
* remove-wrong-_parse_cpe_name-from-grains.core-452.patch
* revert-add-patch-support-for-allow-vendor-change-opt.patch
* sanitize-grains-loaded-from-roster_grains.json.patch
* strip-trailing-from-repo.uri-when-comparing-repos-in.patch
* support-config-non-root-permission-issues-fixes-u-50.patch
* support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
* support-transactional-systems-microos-271.patch
* templates-move-the-globals-up-to-the-environment-jin.patch
* transactional_update-detect-recursion-in-the-executo.patch
* transactional_update-unify-with-chroot.call.patch
* use-current-ioloop-for-the-localclient-instance-of-b.patch
* use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
* vendor-stateresult.patch
* virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
* virt-pass-emulator-when-getting-domain-capabilities-.patch
* virt-uefi-fix-backport-312.patch
* virt-use-dev-kvm-to-detect-kvm-383.patch
* virt._get_domain-don-t-raise-an-exception-if-there-i.patch
* virt.network_update-handle-missing-ipv4-netmask-attr.patch
* xen-disk-fixes-264.patch
* xfs-do-not-fails-if-type-is-not-present.patch
* zypperpkg-filter-patterns-that-start-with-dot-244.patch
- Renamed and modified:
* 3002.2-do-not-consider-skipped-targets-as-failed-for.patch -> 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
* 3002.2-postgresql-json-support-in-pillar-424.patch -> 3003.3-postgresql-json-support-in-pillar-423.patch
* add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch -> add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
* allow-vendor-change-option-with-zypper-313.patch -> allow-vendor-change-option-with-zypper.patch
* fix-inspector-module-export-function-bsc-1097531-480.patch -> fix-inspector-module-export-function-bsc-1097531-481.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch -> fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
* fix-state.orchestrate_single-to-not-pass-pillar-none.patch -> state.orchestrate_single-does-not-pass-pillar-none-4.patch
* fix-traceback.-_exc-calls-429.patch -> fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-444.patch -> mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* support-transactional-systems-microos-271.patch -> support-transactional-systems-microos.patch
- Fix regression preventing bootstrapping new clients caused by
redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
* add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
* remove-duplicated-method-definitions-in-salt.netapi-.patch
* fix-multiple-security-issues-bsc-1197417.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
* fix-state.orchestrate_single-to-not-pass-pillar-none.patch
* clear-network-interface-cache-when-grains-are-reques.patch
- Renamed:
* patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
* Sign authentication replies to prevent MiTM (CVE-2022-22935)
* Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
* Prevent job and fileserver replays (CVE-2022-22936)
* Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
* patch_for_cve_bsc1197417.patch
- Fix inspector module export function (bsc#1097531)
- Add all ssh kwargs to sanitize_kwargs method
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
* add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* vendor-stateresult.patch
* fix-inspector-module-export-function-bsc-1097531-480.patch
* refactor-and-improvements-for-transactional-updates-.patch
- Use dnfnotify instead yumnotify for relevant distros
- Remove wrong _parse_cpe_name from grains.core
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "/salt-api"/ package to require python3-cherrypy on RHEL systems
- tar is required by minion on transactional-update system
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
* mock-ip_addrs-in-utils-minions.py-unit-test-444.patch
* remove-wrong-_parse_cpe_name-from-grains.core-452.patch
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
* 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
* fix-the-regression-for-yumnotify-plugin-456.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* fix-traceback.-_exc-calls-429.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
* 3002.2-postgresql-json-support-in-pillar-424.patch
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- samba
-
- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
- Revert NIS support removal; (bsc#1199247);
- Use requires_eq macro to require the libldb2 version available at
samba-dsdb-modules build time; (bsc#1199362);
- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);
- Update to 4.15.7
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written
to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal; (bso#14983);
* Simple bind doesn't work against an RODC (with non-preloaded users);
(bso#13879);
* Crash of winbind on RODC; (bso#14641);
* uncached logon on RODC always fails once; (bso#14865);
* KVNO off by 100000; (bso#14951);
* LDAP simple binds should honour "/old password allowed period"/;
(bso#15001);
* wbinfo -a doesn't work reliable with upn names; (bso#15003);
* Simple bind doesn't work against an RODC (with non-preloaded
users); (bso#13879);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* Regression: create krb5 conf = yes doesn't work with a single KDC;
(bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
previous versions; (bsc#1197995);
- Add missing samba-libs requirement to samba-winbind package;
(bsc#1198255);
- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
(bsc#1080338).
- Fix ntlm authentications with "/winbind use default domain = yes"/;
(bso#13126); (bsc#1173429); (bsc#1196308).
- Fix samba-ad-dc status warning notification message by disabling
systemd notifications in bgqd; (bsc#1195896); (bso#14947).
- libldb version mismatch in Samba dsdb component; (bsc#1118508);
- Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
outside target of a symlink exists; (bso#14911);
(bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN
conflict checks; bso#14950); (bsc#1195048).
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "/client max protocol"/ to NT1 before
calling the "/Reconnecting with SMB1 for workgroup listing"/
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "/smbd --build-options"/ no longer works without an smb.conf file;
(bso#14945);
- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).
- Update to version 4.15.3; (jsc#SLE-23329);
+ CVE-2021-43566: Symlink race error can allow directory creation
outside of the exported share; (bso#13979); (bsc#1139519);
+ CVE-2021-20316: Symlink race error can allow metadata read and
modify outside of the exported share; (bso#14842); (bsc#1191227);
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
- The username map [script] advice from CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails;
(bsc#1192849); (bso#14901).
- Fix regression introduced by CVE-2020-25717 patches, winbindd
does not start when 'allow trusted domains' is off; (bso#14899);
- CVE-2020-25717: samba: A user on the domain can become root on
domain members; (bsc#1192284); (bso#14556).
- CVE-2020-25721: auth: Fill in the new HAS_SAM_NAME_AND_SID
values; (bsc#1192505); (bso#14564).
- CVE-2020-25718: An RODC can issue (forge) administrator tickets
to other servers; (bsc#1192246);(bso#14558).
- CVE-2020-25719: samba: AD DC Username based races when no PAC
is given;(bsc#1192247);(bso#14561).
- CVE-2020-25722: samba: AD DC UPN vs samAccountName not checked
(top-level bug for AD DC validation issues);(bsc#1192283);
(bso#14564).
- CVE-2021-3738: samba: crash in dsdb stack;(bsc#1192215);
(bso#14468).
- CVE-2021-23192: samba: dcerpc requests don't check all fragments
against the first auth_state;(bsc#1192214);(bso#14875).
- CVE-2016-2124: don't fallback to non spnego authentication if we
require kerberos; (bsc#1014440); (bso#12444).
- Update to 4.13.13
* rodc_rwdc test flaps;(bso#14868).
* Backport bronze bit fixes, tests, and selftest improvements;
(bso#14881).
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY]
'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba
with embedded Heimdal;(bso#14642).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* "/in"/ operator on ldb.Message is case sensitive;(bso#14845).
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
* Allow special chars like "/@"/ in samAccountName when generating
the salt;(bso#14874).
* Fix transit path validation;(bso#12998).
* Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
* rpcclient NetFileEnum and net rpc file both cause lock order
violation: brlock.tdb, share_entries.tdb;(bso#14645).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
- Update to 4.13.12
* Address a signifcant performance regression in database access
in the AD DC since Samba 4.12;(bso#14806).
* Fix performance regression in lsa_LookupSids3/LookupNames4
since Samba 4.9 by using an explicit database handle cache;
(bso#14807).
* An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ;(bso#14817).
* Address flapping samba_tool_drs_showrepl test;(bso#14818).
* Address flapping dsdb_schema_attributes test;(bso#14819).
* An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ;(bso#14817).
* Fix CTDB flag/status update race conditions(bso#14784).
- Update to 4.13.11
* smbd: panic on force-close share during offload write;
(bso#14769).
* Fix returned attributes on fake quota file handle and avoid
hitting the VFS;(bso#14731).
* smbd: "/deadtime"/ parameter doesn't work anymore;(bso#14783).
* net conf list crashes when run as normal user;(bso#14787).
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7;(bso#14607).
* Start the SMB encryption as soon as possible;(bso#14793).
* Winbind should not start if the socket path for the privileged
pipe is too long;(bso#14792).
- Fix 'net rpc' authentication when using the machine account;
(bsc#1189017); (bso#14796);
- Fix dependency problem upgrading from libndr0 to libndr1;
(bsc#1189875);
- Fix dependency problem upgrading from libsmbldap0 to libsmbldap2;
(bsc#1189875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
to replication delay; (bsc#1188727);
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).
- Update to 4.13.10
* s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles; (bso#14708);
* Take a copy to make sure we don't reference free'd memory; (bso#14721);
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path; (bso#14736);
* samba-tool: Give better error information when the
'domain backup restore' fails with a duplicate SID; (bso#14575);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
* smbXsrv_{open,session,tcon}: Protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
* samba-tool domain backup offline doesn't work against bind DLZ
backend; (bso#14027);
* netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup; (bso#14669);
- Update to 4.13.9
* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
* Add documentation for dsdb_group_audit and dsdb_group_json_audit
to "/log level"/, synchronise "/log level"/ in smb.conf with the code; (bso#14689);
* Fix smbd panic when two clients open same file; (bso#14672);
* Fix memory leak in the RPC server; (bso#14675);
* s3: smbd: Fix deferred renames; (bso#14679);
* s3-iremotewinspool: Set the per-request memory context; (bso#14675);
* rpc_server3: Fix a memleak for internal pipes; (bso#14675);
* third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
* third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663);
* Fix the build on OmniOS; (bso#14288);
- Update to 4.13.8
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571
- Update to 4.13.7
* Release with dependency on ldb version 2.2.1.
- shadow
-
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- shared-mime-info
-
- Backport bsc1191630.patch: Jaroslav backporting 15fb9891
glfo#xdg/shared-mime-info!81 to resolve nautilus can no longer
launch apps when browsing files problem(glfo#xdg/shared-mime-info#11,
bsc#1191630).
- sqlite3
-
- update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
- update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
- update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
- update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
related test failures on 32 bit
- update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
- update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
- update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
sqlite-src-3380100-atof1.patch
- update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like "/--wrap N"/,
"/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
- update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("/START"/) is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
- sudo
-
- Add sudo-1.9.5p2-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou@gmail.com>
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- suse-build-key
-
- still ship the old ptf key (was not added to documentation by mistake).
(bsc#1198504)
- No longer install 1024bit keys by default. (bsc#1197293)
- SLE11 key moved to documentation
- old PTF (pre March 2022) moved to documentation only
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
- suse-module-tools
-
- Update to version 15.3.15:
* blacklist isst_if_mbox_msr (bsc#1187196)
- Update to version 15.3.14:
* add commit which was missing by mistake:
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
- Update to version 15.3.13:
* fixup "/rpm-script: fix bad exit status in OpenQA (bsc#1191922)"/
- Update to version 15.3.12:
* rpm-script: fix bad exit status in OpenQA (bsc#1191922)
* cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
- Update to version 15.3.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
- Update to version 15.3.10:
* Import kernel scriptlets from kernel-source
(bsc#1189841, bsc#1190598)
* Provide "/suse-kernel-rpm-scriptlets"/
- Update to version 15.3.9:
* fix problem that initrd may not be rebuilt after installing
kernel-$flavor-extra (bsc#1189441)
- sysconfig
-
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
- system-users
-
- system-user-tss.conf: Remove group entry, not needed and did
contain syntax errors (bsc#1190401).
- systemd
-
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
To decrease log level of messages about use of KillMode=none from warning to
debug. SAP still uses this deprecated option and the warnings emitted by PID1
confuse both SAP customers and support.
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
90740ae2aa string-util: explicitly cast character to unsigned
ca1455c5b9 string-util: fix build error on aarch64
c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
387a2e1fbf basic/string-util: simplify how str_realloc() is used
cdc4d55d22 basic/string-util: inline iterator variable declarations
d435514c85 basic/string-util: split out helper function
bdbc4faff5 basic/escape: always escape newlines in shell_escape()
3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/
08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations
074e1b622e Allow control characters in environment variable values (bsc#1200170)
44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/
d5756f6f71 test-env-util: Verify that r is disallowed in env var values
d02bac33d3 basic/env-util: make function shorter
c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
887c150a04 test-env-util: print function headers
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
b593249c00 core/device: do not downgrade device state if it is already enumerated
7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
912c07c281 core/device: drop unnecessary condition
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Call pam_loginuid when creating user@.service (bsc#1198507)
It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
- Import commit 12b0904b9117aeaef138784e5b118b82cd87d7cb
b579fe1e09 tmpfiles: constify item_compatible() parameters
01f4af3573 test: add test checking tmpfiles conf file precedence
e8f4d24e97 test tmpfiles: add a test for 'w+'
9c559f3854 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
7fab6b6a6e journald: make use of CLAMP() in cache_space_refresh()
1c8b02567c journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
0007446abc journal-file: port journal_file_open() to openat_report_new()
a07ad29813 fs-util: make sure openat_report_new() initializes return param also on shortcut
6bb087a1fc fs-util: fix typos in comments
42532a8bfb fs-util: add openat_report_new() wrapper around openat()
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated. If such symlinks are found the script
now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
6cfeacbf86 shared/install: ignore failures for auxiliary files
37083278ed install: make UnitFileChangeType enum anonymous
0a02185526 shared/install: reduce scope of iterator variables
86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- update s390 udev rules conversion script to include the case when
the legacy rule was also 41-* (bsc#1195247)
* change scripts-udev-convert-rules.sh
- Import commit 773652879446a81689c39aea23a486627992409b
a76263ced9 meson: allow extra net naming schemes to be defined during configuration
301bf4f1bf meson: drop the list of valid net naming schemes
b89924793d netif-naming: inline one iterator variable
da4a4df29c udev: fix potential memleak
d60486bf1b udev: allow onboard index up to 65535
ac2baecc84 udev: use snprintf_ok()
8aad315c7c udev: fix potential infinite loop
471ea73eb0 udev: make dev_pci_slot() return earlier when PCI bridge is found
69b7c9a6bd udev: use uint32_t for hotplug_slot
cdd0e89c0e udev: split out logic of parsing s390 PCI slots
84e1a91baa udev: it is not necessary that the path is readable
03548e8d0e udev: add missing initialization to fix freeing invalid address
772f964bf6 udev: fix slot based network names on s390
c5071cf699 tree-wide: fix typo
06640d06df net_id: fix newly added naming scheme name
58f9592f1f udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
df9e240c92 udev/net_id: parse _SUN ACPI index as a signed integer
cfcaddfa74 localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- Import commit 6a96632f26f20a68578f9d620a593ceab2a0e3b6
c4aa40982c shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
ae13ea6511 shared/rm_rf: refactor rm_rf() to shorten code a bit
3266d7f5c8 shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
- Drop 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
Drop 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
Drop 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
They have been merged into 'SUSE/v246' branch.
- resolved: disable DNSSEC until the following issue is solved:
https://github.com/systemd/systemd/issues/10579
- resolved: disable fallback DNS servers and fail when no DNS server info could
be obtained from the links. It's better to let the sysadmin know that
something is likely misconfigured rather than silently handing over the DNS
queries to Google or Cloudflare.
- resolved: DNSSEC support (build) requires openssl therefore document this
build dependency in systemd-network sub-package.
- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)
- Added patches to fix CVE-2021-3997 (bsc#1194178)
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
These patches will be moved to the git repo once the bug will become
public.
- Import commit 3850086c6580291188fe574ad37c8026012894fb
c0505cbb8d tmpfiles: 'st' may have been used uninitialized
d3f7c9e806 macro: add new helper RET_NERRNO()
4a95baa5de rm-rf: optionally fsync() after removing directory tree
dd8137a589 rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
3f8765ed2c rm-rf: fstatat() might fail if containing dir has limited access mode, patch that too
87d39407b7 btrfs-util: add helper that abstracts "/might be btrfs subvol?"/ check
71ed335c7a rm-rf: add new flag REMOVE_CHMOD
611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
All these commits except the last one (611376f830) are preparation for
CVE-2021-3997.
- Drop 0001-rules-don-t-ignore-Xen-interfaces-anymore.patch
It's been merged in the git repo (commit 611376f830).
- Suppress PAM warning when the credentials for user@.service service are
established (bsc#1190515)
systemd-user PAM service needs to define a default implementation of
pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used,
which consists of pam_warn.so + pam_deny.so, and will throw a warning each
time a user logs in.
The new default simply consists in calling pam_deny.so alone.
* 60-io-scheduler.rules: add rules for virtual devices
(boo#1193759)
* 60-io-scheduler.rules: enforce "/none"/ for loop devices
(boo#1193759)
- Import commit 34eba0c28cb02d15fdbf55ce28bdfa56142ae4d1
0a8cb60af6 Bump the max number of inodes for /dev to a million (bsc#1192858)
848c9207cb Bump the max number of inodes for /dev to 128k (bsc#1192858)
ea44eb34f2 sleep: don't skip resume device with low priority/available space (bsc#1192423)
9325a68316 test: use kbd-mode-map we ship in one more test case
8ff379e11d test-keymap-util: always use kbd-model-map we ship
- Fix IO scheduler udev rules
* 60-io-scheduler.rules: don't use BFQ for real multiqueue devices
(jsc#SLE-21032, bsc#1192161)
* 60-io-scheduler.rules: use "/none"/ for multipath components
(bsc#1192161)
- Import commit f2f061f1da064bfd47e2201967a854bb9281ca5b
98e87fc3fd busctl: use usec granularity for the timestamp printed by the busctl monitor command (jsc#SLE-17798)
- Import commit 5d20af26eee6507bfa9fdb6e5dd4bfc187e3399e
37e021ee84 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
2aee16afd0 mountpoint-util: rebreak some comments
962e487cb4 virt: Support detection for ARM64 Hyper-V guests (bsc#1186071)
8545a66afd Use BIOS characteristics to distinguish EC2 bare-metal from VMs
03311b59c3 machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
0fc3118a67 id128-util: use common implementation of helper to get/validate product ID
83bfa06ebc virt: detect Amazon EC2 Nitro instance (bsc#1190440)
e8b8df3ed9 core: move several source files to src/shared
- Enable support for Portable Services (jsc#SLE-21694)
Will be released in Leap only.
- Import commit 263f7076bc77475045193653a785bbdc0457b5c6
239e0ce5e7 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588)
0db7e590e1 manager: reexecute on SIGRTMIN+25, user instances only
ef8afc4545 core: Make sure cgroup_oom_queue is flushed on manager exit
f794e01080 cgroup: do 'catchup' for unit cgroup inotify watch files
54369b7660 manager: Fix HW watchdog when systemd starts before driver loaded (bsc#1189446)
1d0524bd54 pid1: various minor watchdog modernizations
- Drop 1007-tmpfiles-follow-SUSE-policies.patch
Since most of the tmpfiles config files shipped by upstream are
ignored (see previous commit "/Drop most of the tmpfiles that deal
with generic paths"/), this patch is no more relevant.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
* rules weren't applied to dm devices (multipath), fix it
(bsc#1188713)
* ignore obsolete "/elevator"/ kernel parameter (bsc#1184994)
("/elevator"/ did falsely overide settings even for blk-mq, fixed).
* remove support for single-queue block IO which the kernel doesn't
support any more.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Import commit f5c33d9f82d3d782d28938df9ff09484360c540d (merge of v246.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d
- Avoid the error message when udev is updated due to udev being
already active when the sockets are started again (bsc#1188291)
- systemd-presets-branding-SLE
-
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
- systemd-presets-common-SUSE
-
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter "/user"/, the save/apply-changes commands now
work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (boo#1200485)
- enable vgauthd service for VMWare by default (bsc#1195251)
- talloc
-
- Update to 2.3.3; (jsc#SLE-23329);
+ python: Ensure reference counts are properly incremented
+ Change pytalloc source to LGPL;(bso#9931);
- Update to 2.3.2
- Fix build with RPM 4.16:
bad %if condition: 01550 != 1110 || "/x86_64"/ == x86_64
no bare word support, x86_64 needs to be quoted
- tar
-
- bsc1200657.patch was previously incomplete leading to deadlocks
* bsc#1202436
* bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
(%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131, CVE-2021-20193
* bsc#1120610
- GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
not contain any info files, and has not even a pre script. The
- doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
tar-1.31-racy_compress_tests.patch that are no longer needed
(applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
it but finds xattr functions in libc.
- update to version 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the "/-K NAME"/ option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
* tar-1.30-tests-difflink.patch
* tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
- targetcli-fb
-
- Update to version 2.1.54:
* version 2.1.54
* fileio backstore: fix sparse file creation
* Do not install systemd files in setup.py
Removing the need for our patch fix-setup-install.patch,
since that managed systemd file locations, now handled
in the SPEC file. Also, fixed incorrect spelling of
targetclid as targetcld for preun stop_on_removal.
- tcl
-
- New version 8.6.12:
* (bug)[d43f96] [string trim*] broken for Emoji
* (bug)[22324b] [string reverse] broken for Emoji
* (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
* (bug)[8419c5] Unix tty channels tolerate EINTR
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[4c591f] [string compare] EIAS violation
* (bug)[266494] [concat foo [list #]] EIAS violation
* (bug)[24b918] Save IO buffers from modern optimizers
* (new) support for POSIX error EILSEQ
* (bug)[688fcc] segfault during traced delete of alias
* (bug)[ccc448] segfault in ensemble rewrite machinery
* (new) Update to Unicode-14
* (bug)[a8579d] failed proc argument spec processing
* Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
* Add tcltest::(Setup|Eval|Cleanup|)Test
* Update to Unicode-13
* Add 3 libtommath functions to stub table
* Many more bug fixes
- Potentially incompatible changes:
* (bug)[ffeb20] [binary decode base64] ignore invalid chars
* (bug)[b8e82d] some -maxlen values break uuencode round trip
* (bug)[085913] Tcl_DStringAppendElement # quoting precision
* (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
* (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
* (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
* (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
* (new) force -eofchar 032 when evaluating library scripts
* (new)[48898a] improve error message consistency
* (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- New version: 8.6.10:
* (bug)[7a9dc5] [file normalize ~/~foo] segfault
* (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
* (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
obsoletes tcl-expand-regression.patch.
* (bug)[e3f481] tests var-1.2[01]
* (new) Update to Unicode 12.0
* (new)[TIP 527] New command [timerate]
* (bug)[39fed4] [package require] memory validity
* (new) New command tcl::unsupported::corotype
* (bug) memlink when namespace deletion kills linked var
* (new) README file converted to README.md in Markdown
* (bug)[8b9854] [info level 0] regression with ensembles
* (bug)[6bdadf] crash multi-arg write-traced [lappend]
* (bug)[f8a33c] crash Tcl_Exit before init
* (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
* (bug)[fec0c1] C stack overflow compiling bytecode
* tzdata updated to Olson's tzdata2019c
* (bug)[16768d] Fix [info hostname] on NetBSD
* (new) libtommath updated to release 1.2.0
* (bug)[bcd100] bad fs cache when system encoding changes
* (bug)[135804] segfault in [next] after destroy
* (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
propagation
- Use FAT LTO objects in order to provide proper static
library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
(tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
* NR-enable [package require]
* (bug)[9fd5c6] crash in object deletion, test oo-11.5
* (bug)[3c32a3] crash deleting object with class mixed in
* (platform) stop using -lieee, removed from glibc-2.27
(bsc#1179615, bsc#1181840).
* (bug)[8e6a9a] bad binary [string match], test string-11.55
* (bug)[1873ea] repair multi-thread std channel init
* (bug)[db36fa] broken bytecode for index values
* (bug) broken compiled [string replace], test string-14.19
* (bug) [string trim*] engine crashed on invalid UTF
* (bug) missing trace in compiled [array set], test var-20.11
* (bug)[46a241] crash in unset array with search, var-13.[23]
* (bug)[27b682] race made [file delete] raise "/no such file"/
* (bug)[925643] 32/64 cleanup of filesystem DIR operations
* (bug) leaks in TclSetEnv and env cache
* (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
* (bug)[270f78] race in [file mkdir]
* (bug)[3f7af0] [file delete] raised "/permission denied"/
* (bug)[d051b7] overflow crash in [format]
* revised quoting of [exec] args in generated command line
* HTTP Keep-Alive with pipelined requests
* (new)[TIP 505] [lreplace] accepts all out of range indices
* (bug) Prevent crash from NULL keyName in the registry package
* Update tcltest package for Travis support
* (bug)[35a8f1] overlong string length of some lists
* (bug)[00d04c] Repair [binary encode base64]
- Version 8.6.8:
* [array names -regexp] supports backrefs
* Fix gcc build failures due to #pragma placement
* (bug)[b50fb2] exec redir append stdout and stderr to file
* (bug)[2a9465] http state 100 continue handling broken
* (bug)[0e4d88] replace command, delete trace kills namespace
* (bug)[1a5655] [info * methods] includes mixins
* (bug)[fc1409] segfault in method cloning, oo-15.15
* (bug)[3298012] Stop crash when hash tables overflow 32 bits
* (bug)[5d6de6] Close failing case of [package prefer stable]
* (bug)[4f6a1e] Crash when ensemble map and list are same
* (bug)[ce3a21] file normalize failure when tail is empty
* (new)[TIP 477] nmake build system reform
* (bug)[586e71] EvalObjv exception handling at level #0
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
iwidgets (bsc#903017).
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- tdb
-
- Update to version 1.4.4; (jsc#SLE-23329);
+ Fix a memory leak on error
+ python: remove all 'from __future__ import print_function'
+ Fix CID 1471761 String not null terminated
+ Use hex_byte() in parse_hex()
+ Use hex_byte() in read_data()
+ fix studio compiler build
+ Fix some signed/unsigned comparisons
+ also use __has_attribute macro to check for attribute support
+ Fix clang 9 missing-field-initializer warnings
+ pytdb tests: add test for storev()
+ pytdb: add python binding for storev()
+ tdbtorture: Use ARRAY_DEL_ELEMENT()
+ py3: Remove #define PyInt_FromLong PyLong_FromLong
+ py3: Remove #define PyInt_AsLong PyLong_AsLong
+ py3: Remove #define PyInt_Check PyLong_Check
+ tdb: Align integer types
- Drop obsolete patch ignore-tdb1-run-transaction-expand.diff
- Fix header file using undefined function visibility macro;
Add patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch; (bso#14762);
- telnet
-
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
(CVE-2022-39028, bsc#1203759)
CVE-2022-39028.patch
- Update Source location to use Gentoo mirror, fixes bsc#1129925
- tevent
-
- Adust tevent spec to export bundled libcmocka-tevent needed
by ldb; (jsc#SLE-23329);
- Update to version 0.11.0
+ Other minor build fixes; (bso#14526);
+ Add custom tag to events
+ Add event trace api
- timezone
-
- Update to reflect new Chile DST change, bsc#1202310
* bsc1202310.patch
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
- timezone update 2021e (bsc#1177460):
* Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
* Fiji suspends DST for the 2021/2022 season
* 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
- unzip
-
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
- update-alternatives
-
- break bash <-> update-alternatives cycle by coolo's rewrite
of %post in lua [bsc#1195654]
- util-linux
-
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
bsc#1194976,
util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
fix testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- blockdev: allow for larger values for start sector (bsc#1188507)
blockdev-allow-for-larger-values-for-start-sector.patch
- util-linux-systemd
-
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
bsc#1194976,
util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
fix testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- blockdev: allow for larger values for start sector (bsc#1188507)
blockdev-allow-for-larger-values-for-start-sector.patch
- vim
-
- Updated to version 9.0 with patch level 0313, fixes the following problems
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
- Deleted patches:
* restrict-shell-commands.patch
* source-check-sandbox.patch
* vim-8.0.1568-CVE-2021-3778.patch
* vim-8.0.1568-CVE-2021-3796.patch
* vim-8.0.1568-CVE-2021-3872.patch
* vim-8.0.1568-CVE-2021-3927.patch
* vim-8.0.1568-CVE-2021-3928.patch
* vim-8.0.1568-CVE-2021-3984.patch
* vim-8.0.1568-CVE-2021-4019.patch
* vim-8.0.1568-CVE-2021-4193.patch
* vim-8.0.1568-CVE-2021-46059.patch
* vim-8.0.1568-CVE-2022-0319.patch
* vim-8.0.1568-CVE-2022-0351.patch
* vim-8.0.1568-CVE-2022-0361.patch
* vim-8.0.1568-CVE-2022-0413.patch
* vim-8.0.1568-globalvimrc.patch
- Added patches:
* vim-8.1.0297-dump3.patch
* vim-8.2.2411-globalvimrc.patch
* disable-unreliable-tests-arch.patch
- Updated patches:
* disable-unreliable-tests.patch
* vim-7.3-filetype_changes.patch
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-gvimrc_fontset.patch
* vim-7.3-help_tags.patch
* vim-7.3-mktemp_tutor.patch
* vim-7.3-name_vimrc.patch
* vim-7.3-sh_is_bash.patch
* vim-7.3-use_awk.patch
* vim-7.4-disable_lang_no.patch
* vim-7.4-filetype_apparmor.patch
* vim-7.4-filetype_mine.patch
* vim-7.4-highlight_fstab.patch
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim73-no-static-libpython.patch
- Updated to version 8.2 with patch level 5038, fixes the following problems
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- xen
-
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
- bsc#1197081 - dom0 fails to boot with constrained vcpus and nodes
62f4cfee-sched-setup-dom0-vCPU-affinity-once.patch
- Upstream bug fixes (bsc#1027519)
62d65105-x86-spec-ctrl-MD_CLEAR-reporting.patch
62d807c1-x86-suppress-MMX.patch
62ecfc08-VMX-use-IST-RSB-protection.patch
62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
leaks (XSA-403)
xsa403.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
- Drop patch replaced by upstream version
xsa408.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
Part of already released 4.14.5 tarball
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch
- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
- Update to Xen 4.14.5 bug fix release (bsc#1027519)
xen-4.14.5-testing-src.tar.bz2
- Drop patches contained in new tarball
60782745-x86-AMD-split-LFENCE-setup.patch
6081bae4-x86-cpuid-LFENCE-always-serialising.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
Replace
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
by upstream backport
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
- Upstream bug fixes (bsc#1027519)
60782745-x86-AMD-split-LFENCE-setup.patch
6081bae4-x86-cpuid-LFENCE-always-serialising.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Update to Xen 4.14.4 bug fix release (bsc#1027519)
xen-4.14.4-testing-src.tar.bz2
- Drop patches contained in new tarball
6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
6138b7a2-x86-AMD-enum-speculative-hints.patch
6138b7a3-x86-AMD-use-newer-SSBD.patch
6139f1b1-x86-spec-ctrl-print-AMD-features.patch
6148453b-VT-d-hidden-devices-unmap.patch
6148455f-VT-d-PCI-segment-numbers-16-bits.patch
61532102-PCI-bridge-with-subord-bus-0xFF.patch
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
618289da-x86-shstk-fix-with-XPTI-active.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
xsa393.patch
xsa394.patch
xsa395.patch
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
- Upstream bug fixes (bsc#1027519)
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
618289da-x86-shstk-fix-with-XPTI-active.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
- Drop xsa patches in favor of upstream versions
xsa385.patch
xsa388-1.patch
xsa388-2.patch
xsa389.patch
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
designated memory limit (XSA-385)
xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
xen: PoD operations on misaligned GFNs (XSA-388)
xsa388-1.patch
xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
with partially successful P2M updates on x86 (XSA-389)
xsa389.patch
- Upstream bug fixes (bsc#1027519)
6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
6138b7a2-x86-AMD-enum-speculative-hints.patch
6138b7a3-x86-AMD-use-newer-SSBD.patch
6139f1b1-x86-spec-ctrl-print-AMD-features.patch
6148453b-VT-d-hidden-devices-unmap.patch
6148455f-VT-d-PCI-segment-numbers-16-bits.patch
61532102-PCI-bridge-with-subord-bus-0xFF.patch
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
not deassigned correctly (XSA-386)
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
- Update to Xen 4.14.3 bug fix release (bsc#1027519)
xen-4.14.3-testing-src.tar.bz2
- Drop patches contained in new tarball
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
61001231-x86-work-around-GNU-ld-2-37-issue.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6126339d-AMD-IOMMU-global-ER-extending.patch
6126344f-AMD-IOMMU-unity-map-handling.patch
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
6126349a-AMD-IOMMU-rearrange-reassignment.patch
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
612634c3-x86-p2m-introduce-p2m_is_special.patch
612634dc-x86-p2m-guard-identity-mappings.patch
612634f4-x86-mm-widen-locked-region-in-xatp1.patch
6126350a-gnttab-release-mappings-preemption.patch
6126351f-gnttab-replace-mapkind.patch
6126353d-gnttab-get-status-frames-array-capacity.patch
61263553-Arm-restrict-maxmem-for-dom0less.patch
6128a856-gnttab-radix-tree-node-init.patch
xsa384.patch
- xfsprogs
-
- xfsprogs-devel: add libhandle1 dependency following split
(bsc#1191566)
- xfs_admin: support external log devices (bsc#1189984)
* Add xfsprogs-xfs_admin-support-external-log-devices.patch
- xfs_quota: state command should report ugp grace times (bsc#1189983)
* Add xfsprogs-xfs_quota-display-warning-limits-when-printing-quota.patch
* Add xfsprogs-xfs_quota-state-command-should-report-ugp-grace-time.patch
- xfsprogs: Remove barrier/nobarrier mount options from xfs.5
(bsc#1191675)
* Add xfsprogs-man-Remove-barrier-nobarrier-mount-options-from.patch
- xfs_io: add label command (bsc#1191500)
* Add xfsprogs-xfs_io-add-label-command.patch
- xfs_bmap: remove -c from manpage (bsc#1189552)
- xfs_bmap: don't reject -e (bsc#1189552)
* Add xfsprogs-xfs_bmap-remove-c-from-manpage.patch
* Add xfsprogs-xfs_bmap-don-t-reject-e.patch
- xfs_repair: check plausibility of root dir pointer before trashing it
(bsc#1188651)
* Add xfsprogs-xfs_repair-refactor-fixed-inode-location-checks.patch
* Add xfsprogs-xfs_repair-check-plausibility-of-root-dir-pointer-be.patch
- xfsprogs: split libhandle1 into a separate package, since nothing
within xfsprogs dynamically links against it. The shared library
is still required by xfsdump as a runtime dependency.
- mkfs.xfs: fix ASSERT on too-small device with stripe geometry
(bsc#1181536)
* Add xfsprogs-mkfs.xfs-fix-ASSERT-on-too-small-device-with-stripe-.patch
- mkfs.xfs: if either sunit or swidth is nonzero, the other must be as
well (bsc#1085917, bsc#1181535)
* Add xfsprogs-mkfs.xfs-if-either-sunit-or-swidth-is-nonzero-the-ot.patch
- xfs_growfs: refactor geometry reporting (bsc#1181306)
* Add xfsprogs-xfs_growfs-refactor-geometry-reporting.patch
- xfs_growfs: allow mounted device node as argument (bsc#1181299)
* Add xfsprogs-libfrog-fs_table_lookup_mount-should-realpath-the-ar.patch
* Add xfsprogs-xfs_fsr-refactor-mountpoint-finding-to-use-libfrog-p.patch
* Add xfsprogs-xfs_growfs-allow-mounted-device-node-as-argument.patch
- xfs_repair: rebuild directory when non-root leafn blocks claim block 0
(bsc#1181309)
* Add xfsprogs-xfs_repair-rebuild-directory-when-non-root-leafn-blo.patch
- xz
-
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
(ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
* bsc1198062.patch
- yaml-cpp
-
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
yaml-cpp which cause DOS by stack consumption
(CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- yast2
-
- Fixed refreshing old repositories during system upgrade
(bsc#1196120, similar to bsc#1190228)
- 4.3.69
- do not strip surrounding white space in CDATA XML elements (bsc#1195910)
- 4.3.68
- do not strip trailing white space in XML elements (bsc#1195910)
- 4.3.67
- Do not reinitialize the packaging system during offline
upgrade (bsc#1193784 and bsc#1192437).
- 4.3.66
- yast2-add-on
-
- Restore the repo unexpanded URL to get it properly saved in
the /etc/zypp/repos.d file (bsc#972046, bsc#1194851).
- 4.3.10
- Auto client does not crash when trying to import from an
empty add-on section (bsc#1189154).
- 4.3.9
- yast2-audit-laf
-
- Set the name of the auto client in the desktop file
(bsc#1196590).
- 4.3.2
- yast2-bootloader
-
- AutoYaST: do not clone device for hibernation and also check
during autoinstallation if device for hibernation exists and if
not then use proposed one. (bsc#1187690 and bsc#1197192)
- 4.3.31
- yast2-country
-
- Fixed passing multiple arguments to "/localectl set-locale"/
(bsc#1177863)
- 4.3.19
- Use official China timezone Asia/Shanghai (bsc#1187857)
- 4.3.18
- Move the keyboards database to lib/ to make the module compatible
with the self-update mechanism (bsc#1189461).
- 4.3.17
- yast2-dhcp-server
-
- Fix DNS zone creation by fixing a maintained DNS zone check.
Reported and fixed by Daniel Pätzold <obel1x@web.de>
See github#yast/yast-dhcp-server#59.
- 4.3.2
- Fix URL in .spec file
- yast2-installation
-
- Revert changes introduced in v4.3.50 as it produces some ordering
cycle issues (bsc#1198294)
- 4.3.52
- AutoYaST: move custom file creation past user creation so that
the element files/file/file_owner actually has an effect
(bsc#1196595)
- 4.3.51
- Do not stop xvnc.socket but run the YaST2-Second-Stage and
YaST2-Firsboot services before it in order to prevent early
vnc connections (bsc#1197265)
-4.3.50
- Run the YaST2-Second-Stage and YaST2-Firsboot services after
purge-kernels to prevent a zypper lock error message
(bsc#1196431).
- 4.3.49
- Prevent getty auto-generation because it makes xvnc to fail when
it is started in YaST second stage (bsc#1196614).
- 4.3.48
- Avoid terminal login prompt when running Second Stage service
(bsc#1196594 and related to bsc#1195059).
- 4.3.47
- Modified Second Stage service dependencies fixing a root login
systemd timeout when installing with ssh (bsc#1195059)
- 4.3.46
- Do not create a Btrfs snapshot at the end of the installation
or upgrade when the root filesystem is mounted as read-only
(jsc#SLE-22560).
- 4.3.45
- Filter the installation proposals (in the Installation Settings
screen) according to the AutoYaST profile even before
tab switching (related to bsc#1190294)
- 4.3.44
- Fix file copying when using relurl:// and file:// naming schemes
(bsc#1191160).
- 4.3.43
- Display release notes during upgrade (bsc#1186044)
- 4.3.42
- yast2-iscsi-client
-
- Add iscsi support for qedi/qede offload cards
(bsc#1188139, bsc#1187958).
- 4.3.4
- yast2-network
-
- CFA NM: replace problematic characters when getting the filename
for the given wireless configuration (bsc#1199451).
- 4.3.82
- Fixed interfaces table description for s390 Group devices
(bsc#1192560).
- 4.3.81
- Replace calls to dropped method InterfacesTable#friendly_name
(bsc#1192560).
- 4.3.80
- AutoYaST
- When the interface section contains the "/device"/ (deprecated)
and "/name"/ elements then use the "/device"/ as the "/name"/ and the
"/name"/ as the "/description"/. (bsc#1192270)
- Add the "/description"/ element to the interface section.
- 4.3.79
- Do not crash when checking if a virtual interface is connected
(bsc#1192183, bsc#1192270).
- 4.3.78
- bnc#1185524, bsc#1187512
- do not crash at the end of installation when storing wifi
configuration for NetworkManager at the target
- 4.3.77
- Do not crash when the interfaces table contains a not configured
one (bnc#1190645, bsc#1190915)
- Fix the shown description using the interface friendly name when
it is empty (bsc#1190933)
- 4.3.76
- Consider aliases sections as case insensitive (bsc#1190739).
- 4.3.75
- bnc#1190645
- display user defined device name in the devices overview
- 4.3.74
- Do not crash when the aliases defined in the AutoYaST profile
are not defined as a map (bsc#1188344)
- 4.3.73
- Support 'boot' and 'on' as aliases for the 'auto' startmode
(bsc#1186910)
- 4.3.72
- Fix the Comment entry in the desktop file so the tooltip
in the control center is properly translated (bsc#1187270).
- 4.3.71
- Use the linuxrc proxy settings for the HTTPS and FTP proxies
(bsc#1185016)
- 4.3.70
- yast2-packager
-
- do not keep file handle to repo metadata open accidentally (bsc#1196061)
- 4.3.26
- Use consistent names for the Full medium repositories
(bsc#1191652)
- 4.3.25
- When editing a repository display the repository alias as a
fallback if the repository name is not set, do not display
empty name (bsc#1184935)
- 4.3.24
- Fix the Comment entry in the desktop file so the tooltip
in the control center is properly translated (bsc#1187270).
- 4.3.23
- yast2-python-bindings
-
- Fix backtrace formatting for Python exceptions (bsc#1181595).
- 4.2.0
- yast2-registration
-
- Report properly that no product is selected in autoinstallation
instead of nil crash (bsc#1188211)
- 4.3.25
- Fixed evaluating the update repositories (bsc#1188717),
the SUSE Manager update repositories were not disabled
when installing the system without updates
- 4.3.24
- yast2-samba-client
-
- Use translation macro for range settings expert details text;
(bsc#1197936).
- 4.3.5
- With latest versions of samba (>=4.15.0) calling 'net ads lookup'
with '-U%' fails; (boo#1193533).
- 4.3.4
- yast2-schema
-
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.29
- Added fcoe-client schema (bsc#1194895)
- 4.3.28
- Add 'description' to the interfaces in the networking section
(bsc#1192270).
- 4.3.27
- Add the "/keep_unknown_lv"/ element to the partitioning schema
(bsc#1191968).
- 4.3.26
- Add the "/hostname"/ element to the rules schema (bsc#1190696).
- 4.3.25
- Add missing elements to rules.xml schema:
- installed_product and installed_product_version (boo#1176089)
- dialog section (bsc#1188153)
- 4.3.24
- yast2-storage-ng
-
- Fix fstab entry filesystem matching allowing the use of quotes
surrounding the device UUID or label (bsc#1197692)
- 4.3.60
- AutoYaST: fixes for reusing encrypted devices, RAIDs and bcache
devices (bsc#1193450).
- 4.3.59
- Fix duplicate PV error detection with disabled multipath
(related to bsc#1170216).
- 4.3.58
- Set the volume group extent size according to the AutoYaST
profile (bsc#1192124).
- 4.3.57
- Fix (un)masking systemd units by using the systemctl --plain
flag for getting an output without status glyphs (bsc#1191347).
- 4.3.56
- Recommend to install libyui-qt-graph package (bsc#1191109) in
order to offer the View/Device Graphs menu option.
- 4.3.55
- Fix the Comment entry in the desktop file so the tooltip
in the control center is properly translated (bsc#1187270).
- 4.3.54
- yast2-update
-
- Use the "/norecovery"/ mount option when searching the root
partitions (bsc#1195894)
- 4.3.4
- zlib
-
- Fix heap-based buffer over-read or buffer overflow in inflate via
large gzip header extra field (bsc#1202175, CVE-2022-37434,
CVE-2022-37434-extra-header-1.patch,
CVE-2022-37434-extra-header-2.patch).
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch
- Update 410.patch to include new fixes from upstream,
fixes bsc#1192688
- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
to match upstream commit
- Drop patches which changes have been merged in 410.patch:
* zlib-compression-switching.patch
* zlib-390x-z15-fix-hw-compression.patch
* bsc1174551-fxi-imcomplete-raw-streams.patch
- zsh
-
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
could be exploited through e.g. VCS_Info to execute arbitrary shell
commands (CVE-2021-45444 bsc#1196435)
- zypp-plugin
-
- zypper
-
- BuildRequires: libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
(bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
Since libzypp 17.23.0 the PPP status is auto established. No
extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56
- lr: Allow shortening the Name column if table is wider than the
terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
(bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
resolve argument.
- zypper-download: Handle unresolvable arguments as error.
This commit changes zypper-download such that it behaves more
consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52
- Singletrans: handle fatal and non-fatal script errors properly.
- Add SingleTransReportReceiver.
- Immediately write out additional rpm output.
- BuildRequires: libzypp-devel >= 17.29.0.
Need SingleTransReport and immediate rpm script output reports.
- version 1.14.51
- Fix compiler warning.
- zypper.conf: New option whether to collect subcommands found in
$PATH (fixes #379)
+[subcommand] i
+
+## Whether to look for subcommands in $PATH
+##
+## If a subcommand is not found in the zypper_execdir, the wrapper
+## will look in the rest of your $PATH for it. Thus, it's possible
+## to write local zypper extensions that don't live in system space.
+## See section SUBCOMMANDS in the zypper manpage.
+##
+## Valid values: boolean
+## Default value: yes
+##
+# seachSubcommandInPath = yes.
- help subcommand: show path of command found in $PATH.
- version 1.14.50
- Avoid calling 'su' to detect a too restrictive sudo user umask
(bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires: libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires: libzypp-devel >= 17.27.1.
For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
prompt (fixes #403)
These packages are usually more interesting than the updated
ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
(bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
packages to the latest version (bsc#1187466)
- version 1.14.47