- 000release-packages:SLE-Micro-release
-
n/a
- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- cloud-netconfig
-
- Update to version 1.15
+ Add support for creating IPv6 default route in GCE (bsc#1240869)
+ Minor fix when looking up IPv6 default route
- cloud-regionsrv-client
-
- Update version to 10.4.0
+ Remove repositories when the package is being removed
We do not want to leave repositories behind refering to the plugin that
is being removed when the package gets removed (bsc#1240310, bsc#1240311)
+ Turn docker into an optional setup (jsc#PCT-560)
Change the Requires into a Recommends and adapt the code accordingly
+ Support flexible licenses in GCE (jsc#PCT-531)
+ Drop the azure-addon package it is geting replaced by the
license-watcher package which has a generic implementation of the
same functionality.
+ Handle cache inconsistencies (bsc#1218345)
+ Properly handle the zypper root target argument (bsc#1240997)
- container-selinux
-
- Update to version 2.236.0:
* Allow super privileged containers to use RealtimeKit for scheduling
* Add container_ro_file_t to the podman artifact store
- Update to version 2.235.0:
* Bump to v2.235.0
* OWNERS: add wrabcak and zpytela
* OWNERS: initial commit
* container_log{reader,writer}_t: allow watch file
* RPM: Update gating config
* Enable aarch64 testing
* TMT: simplify podman tests
* feat: support /var/lib/crio
- OBS service file: use the tagged commit for archive versioning and don't
just archive the latest changes from the main branch using the latest tag
- Update to version 2.234.2:
* TMT: enable epel idomatically
* Packit: switch back to fedora-all
* RPM: Bump Epoch to 4
* rpm: ship manpage
* Add proper labeling for RamaLama
* Packit: remove rhel / epel jobs
* packit: remove unused file
- Add BuildRequires selinux-policy-%{selinuxtype} to enable building
for SLFO. Might be removed in the future again when 1231252
is fixed.
- Update to version 2.233.0:
* container_engine_t: small change to allow non root exec in a container
* RPM: explicitly list ghosted paths and skip mode verification
* container-selinux install on non selinux-policy-targeted systems (#332)
* set container_log_t type for /var/log/kube-apiserver
* Allow kubelet_t to create a sock file kubelet_var_lib_t
* dontaudit spc_t to mmap_zero
* Packit: update targets (#330)
* container_engine_t: another round of small improvements (#327)
* Allow container_device_plugin_t to use the network (#325)
* RPM: cleanup changelog (#324)
* TMT: Simplify tests
- Update to version 2.232.1:
* Bump to v2.232.1
* TMT: fix srpm download syntax on rawhide
* Bump to 2.232.0
* Packit: remove `update_release` key from downstream jobs (#313)
* Update container-selinux.8 man page
* Add ownership of /usr/share/udica (#312)
* Packit/TMT: upstream maintenance of downstream gating tests
* extend container_engine_t again
* Allow spc_t to use localectl
* Allow spc_t to use timedatectl
* introduce container_use_xserver_devices boolean to allow GPU access
- Update to version 2.231.0:
* Allow container domains to communicate with spc_t unix_stream_sockets
* Move to %posttrans to ensure selinux-policy got updated before
the commands run (bsc#1221720)
- Manual update to version 2.230.0+git4.a8e389d to include this
commit that is needed for the main selinux-policy update to work:
* Rename all /var/run file context entries to /run
- Update to version 2.230.0:
* Move to tar_scm based packaging: added _service and _servicedata
* Allow containers to unmount file systems
* Add buildah as a container_runtime_exec_t label
* Additional rules for container_user_t
* improve container_engine_t
- Update to version 2.228:
* Allow container domains to watch fifo_files
* container_engine_t: improve for podman in kubernetes case
* Allow spc_t to transition to install_t domain
* Default to allowing containers to use dri devices
* Allow access to BPF Filesystems
* Fix kubernetes transition rule
* Label kubensenter as well as kubenswrapper
* Allow container domains to execute container_runtime_tmpfs_t files
* Allow container domains to ptrace themselves
* Allow container domains to use container_runtime_tmpfs_t as an entrypoint
* Add boolean to allow containers to use dri devices
* Give containers access to pod resources endpoint
* Label kubenswrapper kubelet_exec_t
- Update to version 2.222:
* Allow containers to read/write inherited dri devices
- Update to version 2.221:
* Allow containers to shutdown sockets inherited from container
runtimes
* Allow spc_t to use execmod libraries on container file systems
* Add boolean to allow containers to read all cert files
* More MLS Policy allow rules
* Allow container runtimes using pasta bind icmp_socket to port_t
* Fix spc_t transitions from container_runtime_domain
- Update to version 2.215.0:
* Add some MLS rules to policy
* Allow container runtime to dyntransition to spc_t
* Tighten controls on confined users
* Add labels for /var/lib/shared
* Cleanup entrypoint definitions
* Allow container_device_plugin_t access to debugfs
* Allow containers which use devices to map them
- Update to version 2.211.0:
* Don't transition to initrc_t domains from spc_t
* Add tunable to allow sshd_t to launch container engines
* Allow syslogd_t gettatr on inheritited runtime tmpfs files
* Add container_file_t and container_ro_file_t as user_home_type
* Set default context for local-path-provisioner
* Allow daemon to send dbus messages to spc_t by
- Update to version 2.206.0:
* Allow unconfined domains to transition to container_runtime_t
* Allow container domains to transition to install_t
* Allow avirt_sandbox_domain to manage container_file_t types
* Allow containers to watch sysfs_t directories
* Allow spc_t to transption to rpm_script_t
* Smaller permission changes for container_init_t
- Drop spc.patch, is now included
- Update to version 2.198.0:
* Fix spc_t transition rules on tmpfs_t
- Changes from 2.197.0:
* Add boolean containers_use_ecryptfs policy
- Changes from 2.195.1:
* Readd missing allow rules for container_t
- Changes from 2.194.0:
* Allow syslogd_t to use tmpfs files created by container runtime
- Changes from 2.193.0:
* Allow containers to mount tmpfs_t file systems
* Label spc_t as a init initrc daemon
* Allow userdomains to run containers
- Changes from 2.191.0:
* Create container_logwriter_t type
- Changes from 2.190.1:
* Support BuildKit
* container.fc: Set label for kata-agent
* support nerdctl
- Changes from 2.190.0:
* Packit: initial enablement
* Allow iptables to list directories labeled as container_file_t
- Changes from 2.189.0:
* Dont audit searching other processes in /proc.
- Rename spc_timedated.patch to spc.patch
- Update spc.patch to allow privileged containers to use
localectl (bsc#1207077)
- Add spc_timedated.patch to allow privileged containers to use
timedatectl (bsc#1207054)
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- docker
-
- Don't use the new container-selinux conditional requires on SLE-12, as the
RPM version there doesn't support it. Arguably the change itself is a bit
suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
+ 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
+ 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)
- python-kiwi
-
- Fix bundle extension for vagrant type
When bundling result files that uses a vagrant type,
kiwi creates them with the extension .vagrant.virtualbox.box
or .vagrant.libvirt.box. The bundler code renames them using
only the .box suffix which is too short as it is missing
the subformat information. This commit fixes it and keeps
this information in the result bundle file name.
This Fixes #2656
- Fix file references in kiwi bundler result files
When using a custom bundle_format the kiwi result bundler renames
the output files to match the bundle_format. However, if there are
output files that references other output files, for example the
vmware binary (.vmdk) in the guest config file (.vmx) then this
renaming breaks those result files. This patch adds a reference
file check for all non binary output files if they contain a
reference to another output file and updates the data accordingly.
This Fixes bsc#1221790 and bsc#1236504
- Use multipath child instead of parent device
On multipath systems we need to find underlying child device
instead of using parent device.
This prevents listing all parent devices for a multipath device
- glib2
-
- Add glib2-CVE-2025-3360.patch:
Backport 8d60d7dc from upstream, Fix integer overflow when
parsing very long ISO8601 inputs. This will only happen with
invalid (or maliciously invalid) potential ISO8601 strings,
but `g_date_time_new_from_iso8601()` needs to be robust against
that.
(CVE-2025-3360, bsc#1240897)
- glibc
-
- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
debug env var for setuid for static (CVE-2025-4802, bsc#1243317)
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- hwinfo
-
- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88
- merge gh#openSUSE/hwinfo#152
- avoid reporting of spurious usb storage devices (bsc#1223330)
- 21.87
- merge gh#openSUSE/hwinfo#151
- do not overdo usb device de-duplication (bsc#1239663)
- 21.86
- ignition
-
- Add CVE-2025-22868.patch
* Fixes [bsc#1239192]
- Edit ignition-umount-initrd-fstab.service to not rely on combustion
units forcing proper order (bsc#1239822)
- Add dependency on combustion to make ignition-kargs-helper work
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- iputils
-
- Fix bsc#1243284 - ping on s390x prints invalid ttl
* Add iputils-invalid-ttl-s390x.patch
* Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems
- Security fix [bsc#1242300, CVE-2025-47268]
* integer overflow in RTT calculation can lead to undefined behavior
* Add iputils-CVE-2025-47268.patch
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- kernel-default
-
- Update
patches.suse/can-etas_es58x-es58x_rx_err_msg-fix-memory-leak-in-e.patch
(git-fixes stable-5.14.19 CVE-2021-47671 bsc#1241421).
- commit 855e2af
- Update
patches.suse/net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(bsc#1240195 CVE-2024-46784 bsc#1230771).
- commit b86bfe4
- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
This reverts commit b68bd5953c15c3c2b21e60fbd6d8a52b0bbb030c.
This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit d9d19c1
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit b68bd59
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
(CVE-2025-22045 bsc#1241433).
- commit c4ca325
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280 CVE-2025-22020).
- commit 0f74fae
- drm/vkms: Fix use after free and double free on init error
(CVE-2025-22097 bsc#1241541).
- commit 02fe040
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 15ff527
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit 889e26f
- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
bsc#1238471).
- commit 1d6ea68
- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch.
- commit 88b5c8e
- Update
patches.suse/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_pro.patch
(git-fixes CVE-2022-49741 bsc#1240747).
- commit 0c9a431
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- commit 6a0c1b0
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785 bsc#1238747)
- commit 2c96a9a
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit 50bbf71
- Delete
patches.suse/btrfs-defrag-don-t-use-merged-extent-map-for-their-generat.patch.
- Delete
patches.suse/btrfs-fix-defrag-not-merging-contiguous-extents-due-to-mer.patch.
- Delete
patches.suse/btrfs-fix-extent-map-merging-not-happening-for-adjacent-ex.patch.
Reverting ineffective changes for bsc#1239968 and closing it as WONTFIX.
- commit a1bc1ab
- padata: avoid UAF for reorder_work (CVE-2025-21726 bsc#1238865).
- commit bfab8c2
- kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061 CVE-2025-21839).
- commit 38fa6d3
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061 CVE-2025-21839).
- commit 325b428
- KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT (bsc#1239061 CVE-2025-21839).
- commit 8727046
- KVM: X86: Remove unneeded KVM_DEBUGREG_RELOAD (bsc#1239061 CVE-2025-21839).
- commit bbb1715
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Always check inode size of inline inodes (bsc#1240207
CVE-2022-49739).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (bsc#1240207
CVE-2022-49739).
- commit a949c3f
- Revert "gfs2: Fix inode height consistency check (git-fixes)."
This reverts commit 935054ab3fe2351d6b7c7a49e49bc57d5ae66ce2.
The revert commit will re-add by bsc#1240207 bug fix
- commit f6fc2e8
- Refresh
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-throttled.patch.
The original version had a back-port mistake that cause aregression.
- commit fb94b71
- mm/khugepaged: fix ->anon_vma race (CVE-2023-52935 bsc#1240276).
- commit 6257477
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (bsc#1240195).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 15a2f6b
- net: mana: Support holes in device list reply msg (bsc#1240133).
- commit 1dee3f4
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit 4c491c6
- Update
patches.suse/ALSA-hda-via-Avoid-potential-array-out-of-bound-in-a.patch
(git-fixes CVE-2023-52988 bsc#1240293).
- Update
patches.suse/Bluetooth-Fix-possible-deadlock-in-rfcomm_sk_state_c.patch
(git-fixes CVE-2023-53016 bsc#1240281).
- Update
patches.suse/HID-betop-check-shape-of-output-reports.patch
(git-fixes bsc#1207186 CVE-2023-53015 bsc#1240288).
- Update
patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
(git-fixes bsc#1209788 CVE-2023-1652 CVE-2023-53025
bsc#1240264).
- Update
patches.suse/RDMA-core-Fix-ib-block-iterator-counter-overflow.patch
(bsc#1207878 CVE-2023-53026 bsc#1240308).
- Update
patches.suse/Revert-wifi-mac80211-fix-memory-leak-in-ieee80211_if.patch
(git-fixes CVE-2023-53028 bsc#1240212).
- Update
patches.suse/Squashfs-fix-handling-and-sanity-checking-of-xattr_i.patch
(git-fixes CVE-2023-52933 bsc#1240275).
- Update
patches.suse/block-bfq-fix-uaf-for-bfqq-in-bic_set_bfqq-b600.patch
(git-fixes CVE-2023-52983 bsc#1240284).
- Update
patches.suse/bnxt-Do-not-read-past-the-end-of-test-names.patch
(jsc#SLE-18978 CVE-2023-53010 bsc#1240290).
- Update
patches.suse/bpf-Fix-pointer-leak-due-to-insufficient-speculative.patch
(bsc#1231375 CVE-2023-53024 bsc#1240272).
- Update
patches.suse/bpf-Skip-task-with-pid-1-in-send_signal_common.patch
(git-fixes CVE-2023-52992 bsc#1240317).
- Update
patches.suse/can-isotp-split-tx-timer-into-transmission-and-timeo.patch
(git-fixes CVE-2023-52941 bsc#1240280).
- Update
patches.suse/cifs-Fix-oops-due-to-uncleared-server-smbd_conn-in-reconnect.patch
(git-fixes CVE-2023-53006 bsc#1240208).
- Update
patches.suse/cifs-fix-potential-memory-leaks-in-session-setup.patch
(bsc#1193629 CVE-2023-53008 bsc#1240318).
- Update
patches.suse/drm-i915-Fix-potential-bit_17-double-free.patch
(git-fixes CVE-2023-52930 bsc#1240304).
- Update
patches.suse/efi-fix-potential-NULL-deref-in-efi_mem_reserve_pers.patch
(git-fixes CVE-2023-52976 bsc#1240283).
- Update
patches.suse/firewire-fix-memory-leak-for-payload-of-request-suba.patch
(git-fixes CVE-2023-52989 bsc#1240266).
- Update
patches.suse/mm-memcg-fix-NULL-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch
(bsc#1209262 CVE-2023-52939 bsc#1240231).
- Update
patches.suse/net-mdio-validate-parameter-addr-in-mdiobus_get_phy.patch
(git-fixes CVE-2023-53019 bsc#1240286).
- Update
patches.suse/net-nfc-Fix-use-after-free-in-local_cleanup.patch
(git-fixes CVE-2023-53023 bsc#1240309).
- Update
patches.suse/net-phy-dp83822-Fix-null-pointer-access-on-DP83825-D.patch
(git-fixes CVE-2023-52984 bsc#1240279).
- Update
patches.suse/netfilter-nft_payload-incorrect-arithmetics-when-fet.patch
(CVE-2023-0179 bsc#1207034 CVE-2023-53033 bsc#1240210).
- Update
patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch
(bsc#1209547 CVE-2017-5753 CVE-2023-53000 bsc#1240227).
- Update
patches.suse/octeontx2-pf-Avoid-use-of-GFP_KERNEL-in-atomic-conte.patch
(git-fixes CVE-2023-53030 bsc#1240292).
- Update
patches.suse/octeontx2-pf-Fix-the-use-of-GFP_KERNEL-in-atomic-con.patch
(git-fixes CVE-2023-53029 bsc#1240220).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647 CVE-2023-52974
bsc#1240213).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-logout-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-52975 bsc#1240322).
- Update
patches.suse/squashfs-harden-sanity-check-in-squashfs_read_xattr_.patch
(git-fixes CVE-2023-52979 bsc#1240282).
- Update
patches.suse/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch
(git-fixes CVE-2023-53005 bsc#1240278).
- Update
patches.suse/tracing-Make-sure-trace_printk-can-output-as-soon-as-it-can-be-used.patch
(git-fixes CVE-2023-53007 bsc#1240229).
- Update
patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
(git-fixes bsc#1213167 CVE-2023-3567 CVE-2023-52973
bsc#1240218).
- Update
patches.suse/x86-i8259-Mark-legacy-PIC-interrupts-with-IRQ_LEVEL.patch
(git-fixes CVE-2023-52993 bsc#1240297).
- commit f69d55e
- Update
patches.suse/VMCI-Use-threaded-irqs-instead-of-tasklets.patch
(git-fixes CVE-2022-49759 bsc#1240245).
- Update
patches.suse/dmaengine-Fix-double-increment-of-client_count-in-dm.patch
(git-fixes CVE-2022-49753 bsc#1240250).
- Update
patches.suse/dmaengine-imx-sdma-Fix-a-possible-memory-leak-in-sdm.patch
(git-fixes CVE-2022-49746 bsc#1240242).
- Update
patches.suse/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch
(git fixes CVE-2022-49748 bsc#1240256).
- Update
patches.suse/usb-gadget-f_fs-Prevent-race-during-ffs_ep0_queue_wa.patch
(git-fixes CVE-2022-49755 bsc#1240247).
- Update
patches.suse/w1-fix-WARNING-after-calling-w1_process.patch
(git-fixes CVE-2022-49751 bsc#1240254).
- commit 67615b0
- Update
patches.suse/can-j1939-fix-errant-WARN_ON_ONCE-in-j1939_session_d.patch
(git-fixes CVE-2021-4454 bsc#1240205).
- commit 3ad7432
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- commit fb96cb5
- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732 bsc#1237877)
- commit 4fd8031
- RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714 bsc#1237890)
- commit b066549
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
(CVE-2024-56651 bsc#1235528).
- commit c9a4975
- btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753 bsc#1237875)
- commit 4b7aa14
- idpf: fix idpf_vc_core_init error path (CVE-2024-53064
bsc#1233558).
- commit f7c6f3c
- btrfs: send: fix invalid clone operation for file that got
its size decreased (bsc#1239969).
- btrfs: send: allow cloning non-aligned extent if it ends at
i_size (bsc#1239969).
- commit 6046fcc
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit ab31abc
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX
coalescing (bsc#1239016).
- commit 3e2838d
- btrfs: fix defrag not merging contiguous extents due to merged
extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents
(bsc#1239968).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1239968).
- commit 7ca0c8b
- scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053
bsc#1237918).
- commit 31de519
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083 bsc#1239036).
- commit c06a95f
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit bc72fe5
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(bsc#1239126).
- commit 9ba4a9a
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 2ba6fb9
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit a35b49f
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 2a858ad
- partitions: mac: fix handling of bogus partition table
(CVE-2025-21772 bsc#1238911).
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(CVE-2022-49465 bsc#1238919).
- commit 0fbb2d1
- crypto: ecdh - explicitly zeroize private_key
(CVE-2024-42098 bsc#1228779).
- commit b69238c
- crypto: aead,cipher - zeroize key buffer after use
(CVE-2024-42229 bsc#1228708).
- commit 15d760d
- Update
patches.suse/dmaengine-qcom-bam_dma-fix-runtime-PM-underflow.patch
(git-fixes CVE-2022-49650 bsc#1239452).
- Update
patches.suse/netfilter-nf_tables-initialize-registers-in-nft_do_c.patch
(CVE-2022-1016 bsc#1197227 CVE-2022-49293 bsc#1239454).
- commit 320b3f1
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
- commit b914598
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes CVE-2024-41092 bsc#1228483).
- commit 8041e33
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(bsc#1237903 CVE-2022-49051).
Added CVE reference
- commit 3c47ace
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115 CVE-2025-21780)
- commit 698625c
- Update
patches.suse/0001-be2net-Fix-buffer-overflow-in-be_get_module_eeprom.patch
(bsc#1201323 CVE-2022-49581 bsc#1238540).
- Update
patches.suse/0004-dm-fix-use-after-free-in-dm_cleanup_zoned_dev.patch
(git-fixes CVE-2022-49270 bsc#1238459).
- Update
patches.suse/0005-drm-mediatek-Add-vblank-register-unregister-callback.patch
(bsc#1190768 CVE-2022-49506 bsc#1238804).
- Update
patches.suse/0006-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch
(git-fixes CVE-2022-49044 bsc#1237840).
- Update patches.suse/0009-block-bfq-don-t-move-oom_bfqq.patch
(git-fixes CVE-2022-49179 bsc#1238092).
- Update
patches.suse/0010-bfq-fix-use-after-free-in-bfq_dispatch_request.patch
(git-fixes CVE-2022-49176 bsc#1238097).
- Update
patches.suse/0011-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch
(git-fixes CVE-2022-49674 bsc#1239041).
- Update
patches.suse/0012-dm-ioctl-prevent-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-49122 bsc#1237983).
- Update
patches.suse/0014-drm-dp-Fix-OOB-read-when-handling-Post-Cursor2-regis.patch
(bsc#1190786 CVE-2022-49218 bsc#1237785).
- Update
patches.suse/0015-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch
(git-fixes CVE-2022-49327 bsc#1238662).
- Update
patches.suse/0017-nbd-call-genl_unregister_family-first-in-nbd_cleanup.patch
(git-fixes CVE-2022-49295 bsc#1238707).
- Update
patches.suse/0018-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch
(git-fixes CVE-2022-49710 bsc#1238417).
- Update
patches.suse/0018-nbd-fix-race-between-nbd_alloc_config-and-module-removal.patch
(git-fixes CVE-2022-49300 bsc#1238183).
- Update
patches.suse/0019-block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch
(git-fixes CVE-2022-49720 bsc#1238281).
- Update
patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch
(git-fixes CVE-2022-49297 bsc#1238469).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_atomic_open_dot.patch
(git-fixes CVE-2022-49705 bsc#1237990).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_get_link.patch
(git-fixes CVE-2022-49704 bsc#1237780).
- Update
patches.suse/ACPI-CPPC-Avoid-out-of-bounds-access-when-parsing-_C.patch
(git-fixes CVE-2022-49145 bsc#1238162).
- Update
patches.suse/ALSA-firewire-lib-fix-uninitialized-flag-for-AV-C-de.patch
(git-fixes CVE-2022-49248 bsc#1238284).
- Update
patches.suse/ALSA-oss-Fix-PCM-OSS-buffer-allocation-overflow.patch
(git-fixes CVE-2022-49292 bsc#1238625).
- Update
patches.suse/ALSA-pcm-Check-for-null-pointer-of-pointer-substream.patch
(git-fixes CVE-2022-49498 bsc#1238825).
- Update
patches.suse/ALSA-pcm-Fix-potential-AB-BA-lock-with-buffer_mutex-.patch
(CVE-2022-1048 bsc#1197331 CVE-2022-49272 bsc#1238272).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-hw_params-and-hw.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49291
bsc#1238705).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-prealloc-proc-wr.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49288
bsc#1238271).
- Update
patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch
(CVE-2022-3303 bsc#1203769 git-fixes CVE-2022-49733
bsc#1238454).
- Update
patches.suse/ALSA-usb-audio-Cancel-pending-work-at-closing-a-MIDI.patch
(git-fixes CVE-2022-49545 bsc#1238729).
- Update
patches.suse/ARM-Fix-refcount-leak-in-axxia_boot_secondary.patch
(git-fixes CVE-2022-49679 bsc#1238418).
- Update
patches.suse/ARM-cns3xxx-Fix-refcount-leak-in-cns3xxx_init.patch
(git-fixes CVE-2022-49677 bsc#1238601).
- Update
patches.suse/ARM-exynos-Fix-refcount-leak-in-exynos_map_pmu.patch
(git-fixes CVE-2022-49680 bsc#1238415).
- Update
patches.suse/ARM-hisi-Add-missing-of_node_put-after-of_find_compa.patch
(git-fixes CVE-2022-49447 bsc#1238956).
- Update
patches.suse/ARM-meson-Fix-refcount-leak-in-meson_smp_prepare_cpu.patch
(git-fixes CVE-2022-49656 bsc#1237812).
- Update
patches.suse/ASoC-Intel-sof_sdw-handle-errors-on-card-registratio.patch
(git-fixes CVE-2022-49617 bsc#1238902).
- Update
patches.suse/ASoC-SOF-Intel-Fix-NULL-ptr-dereference-when-ENOMEM.patch
(git-fixes CVE-2022-49268 bsc#1238090).
- Update
patches.suse/ASoC-atmel-Add-missing-of_node_put-in-at91sam9g20ek_.patch
(git-fixes CVE-2022-49243 bsc#1238337).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-sam9x5_wm8731_drive.patch
(git-fixes CVE-2022-49241 bsc#1238116).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-snd_proto_probe.patch
(git-fixes CVE-2022-49246 bsc#1238302).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49252 bsc#1237787).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-compander-for-aux.patch
(git-fixes CVE-2022-49250 bsc#1238389).
- Update
patches.suse/ASoC-codecs-va-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49251 bsc#1237835).
- Update
patches.suse/ASoC-codecs-wc938x-fix-accessing-array-out-of-bounds.patch
(git-fixes CVE-2022-49249 bsc#1238339).
- Update
patches.suse/ASoC-codecs-wcd934x-Add-missing-of_node_put-in-wcd93.patch
(git-fixes CVE-2022-49239 bsc#1238334).
- Update
patches.suse/ASoC-cs35l41-Fix-an-out-of-bounds-access-in-otp_pack.patch
(bsc#1203699 CVE-2022-49515 bsc#1237817).
- Update
patches.suse/ASoC-fsl-Fix-refcount-leak-in-imx_sgtl5000_probe.patch
(git-fixes CVE-2022-49486 bsc#1237946).
- Update
patches.suse/ASoC-imx-hdmi-Fix-refcount-leak-in-imx_hdmi_probe.patch
(git-fixes CVE-2022-49480 bsc#1238799).
- Update
patches.suse/ASoC-mediatek-Fix-error-handling-in-mt8173_max98090_.patch
(git-fixes CVE-2022-49514 bsc#1238429).
- Update
patches.suse/ASoC-mediatek-Fix-missing-of_node_put-in-mt2701_wm89.patch
(git-fixes CVE-2022-49517 bsc#1237996).
- Update
patches.suse/ASoC-mediatek-mt8192-mt6359-Fix-error-handling-in-mt.patch
(git-fixes CVE-2022-49244 bsc#1238176).
- Update
patches.suse/ASoC-mxs-Fix-error-handling-in-mxs_sgtl5000_probe.patch
(git-fixes CVE-2022-49242 bsc#1238126).
- Update
patches.suse/ASoC-mxs-saif-Fix-refcount-leak-in-mxs_saif_probe.patch
(git-fixes CVE-2022-49482 bsc#1238543).
- Update
patches.suse/ASoC-rt5645-Fix-errorenous-cleanup-order.patch
(git-fixes CVE-2022-49493 bsc#1238939).
- Update
patches.suse/ASoC-rt7-sdw-harden-jack_detect_handler.patch
(git-fixes CVE-2022-49616 bsc#1238898).
- Update
patches.suse/ASoC-rt711-sdca-fix-kernel-NULL-pointer-dereference-.patch
(git-fixes CVE-2022-49615 bsc#1238897).
- Update
patches.suse/ASoC-samsung-Fix-refcount-leak-in-aries_audio_probe.patch
(git-fixes CVE-2022-49477 bsc#1238295).
- Update
patches.suse/ASoC-ti-j721e-evm-Fix-refcount-leak-in-j721e_soc_pro.patch
(git-fixes CVE-2022-49473 bsc#1238135).
- Update
patches.suse/Bluetooth-Fix-use-after-free-in-hci_send_acl.patch
(git-fixes CVE-2022-49111 bsc#1237984).
- Update
patches.suse/Bluetooth-btmtksdio-Fix-kernel-oops-in-btmtksdio_int.patch
(git-fixes CVE-2022-49200 bsc#1237958).
- Update
patches.suse/Bluetooth-fix-dangling-sco_conn-and-use-after-free-i.patch
(git-fixes CVE-2022-49474 bsc#1238071).
- Update
patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch
(git-fixes CVE-2022-49555 bsc#1238231).
- Update
patches.suse/Bluetooth-use-memset-avoid-memory-leaks.patch
(git-fixes CVE-2022-49116 bsc#1237922).
- Update
patches.suse/HID-elan-Fix-potential-double-free-in-elan_input_con.patch
(git-fixes CVE-2022-49508 bsc#1237940).
- Update
patches.suse/IB-rdmavt-add-lock-to-call-to-rvt_error_qp-to-preven.patch
(git-fixes CVE-2022-49089 bsc#1238041).
- Update
patches.suse/Input-gpio-keys-cancel-delayed-work-only-in-case-of-.patch
(git-fixes CVE-2022-49430 bsc#1238870).
- Update
patches.suse/Input-sparcspkr-fix-refcount-leak-in-bbc_beep_probe.patch
(git-fixes CVE-2022-49438 bsc#1238242).
- Update patches.suse/KVM-Don-t-null-dereference-ops-destroy.patch
(git-fixes CVE-2022-49568 bsc#1238792).
- Update
patches.suse/KVM-SVM-Use-kzalloc-for-sev-ioctl-interfaces-to-prev.patch
(git-fixes CVE-2022-49556 bsc#1238134).
- Update
patches.suse/KVM-SVM-fix-panic-on-out-of-bounds-guest-IRQ.patch
(git-fixes CVE-2022-49154 bsc#1238167).
- Update
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49610
bsc#1238952).
- Update
patches.suse/KVM-x86-Drop-WARNs-that-assert-a-triple-fault-never-.patch
(git-fixes CVE-2022-49559 bsc#1237942).
- Update
patches.suse/KVM-x86-Use-__try_cmpxchg_user-to-update-guest-PTE-A.patch
(git-fixes CVE-2022-49562 bsc#1238309).
- Update
patches.suse/LSM-general-protection-fault-in-legacy_parse_param.patch
(git-fixes CVE-2022-49180 bsc#1238110).
- Update
patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch
(git-fixes CVE-2022-49505 bsc#1238615).
- Update
patches.suse/NFS-Avoid-writeback-threads-getting-stuck-in-mempool.patch
(git-fixes CVE-2022-49097 bsc#1237729).
- Update
patches.suse/NFSD-prevent-integer-overflow-on-32-bit-systems.patch
(git-fixes CVE-2022-49279 bsc#1238655).
- Update
patches.suse/NFSD-prevent-underflow-in-nfssvc_decode_writeargs.patch
(git-fixes CVE-2022-49280 bsc#1238630).
- Update
patches.suse/NFSv4-Don-t-hold-the-layoutget-locks-across-multiple.patch
(git-fixes CVE-2022-49316 bsc#1238386).
- Update
patches.suse/NFSv4-Fix-free-of-uninitialized-nfs4_label-on-referr.patch
(git-fixes CVE-2022-49418 bsc#1238878).
- Update
patches.suse/NFSv4.2-fix-reference-count-leaks-in-_nfs42_proc_cop.patch
(git-fixes CVE-2022-49103 bsc#1238080).
- Update
patches.suse/PCI-Avoid-pci_dev_lock-AB-BA-deadlock-with-sriov_num.patch
(git-fixes CVE-2022-49434 bsc#1238916).
- Update patches.suse/PCI-endpoint-Fix-misused-goto-label.patch
(git-fixes CVE-2022-49115 bsc#1237961).
- Update
patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch
(git-fixes CVE-2022-49175 bsc#1238099).
- Update
patches.suse/PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-of_get_d.patch
(git-fixes CVE-2022-49668 bsc#1237957).
- Update
patches.suse/PM-devfreq-rk3399_dmc-Disable-edev-on-remove.patch
(git-fixes CVE-2022-49460 bsc#1238892).
- Update
patches.suse/PM-domains-Fix-sleep-in-atomic-bug-caused-by-genpd_d.patch
(git-fixes CVE-2022-49265 bsc#1238432).
- Update
patches.suse/RDMA-cm-Fix-memory-leak-in-ib_cm_insert_listen.patch
(git-fixes CVE-2022-49671 bsc#1238823).
- Update
patches.suse/RDMA-hfi1-Fix-potential-integer-multiplication-overf.patch
(git-fixes CVE-2022-49404 bsc#1238430).
- Update
patches.suse/RDMA-hfi1-Fix-use-after-free-bug-for-mm-struct.patch
(git-fixes CVE-2022-49076 bsc#1237738).
- Update
patches.suse/RDMA-hfi1-Prevent-panic-when-SDMA-is-disabled.patch
(git-fixes CVE-2022-49429 bsc#1238889).
- Update
patches.suse/RDMA-hfi1-Prevent-use-of-lock-before-it-is-initializ.patch
(git-fixes CVE-2022-49433 bsc#1238268).
- Update
patches.suse/RDMA-irdma-Fix-sleep-from-invalid-context-BUG.patch
(git-fixes CVE-2022-49606 bsc#1238410).
- Update
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch
(git-fixes CVE-2022-49208 bsc#1238345).
- Update
patches.suse/RDMA-mlx5-Fix-memory-leak-in-error-flow-for-subscrib.patch
(git-fixes CVE-2022-49206 bsc#1238343).
- Update
patches.suse/RDMA-nldev-Prevent-underflow-in-nldev_stat_set_count.patch
(jsc#SLE-19249 CVE-2022-49199 bsc#1238234).
- Update
patches.suse/SUNRPC-Fix-the-svc_deferred_event-trace-class.patch
(git-fixes CVE-2022-49065 bsc#1237739).
- Update patches.suse/SUNRPC-Trap-RDMA-segment-overflows.patch
(git-fixes CVE-2022-49356 bsc#1238444).
- Update
patches.suse/USB-host-isp116x-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49302 bsc#1238653).
- Update patches.suse/afs-Fix-dynamic-root-getattr.patch
(git-fixes CVE-2022-49688 bsc#1238423).
- Update
patches.suse/arch-arm64-Fix-topology-initialization-for-core-sche.patch
(git-fixes CVE-2022-49090 bsc#1238021).
- Update
patches.suse/arm64-compat-Do-not-treat-syscall-number-as-ESR_ELx-.patch
(git-fixes CVE-2022-49520 bsc#1238836).
- Update patches.suse/arm64-ftrace-consistently-handle-PLTs.patch
(git-fixes CVE-2022-49721 bsc#1237789).
- Update
patches.suse/ata-libata-core-fix-NULL-pointer-deref-in-ata_host_a.patch
(git-fixes CVE-2022-49731 bsc#1239071).
- Update
patches.suse/ata-pata_octeon_cf-Fix-refcount-leak-in-octeon_cf_pr.patch
(git-fixes CVE-2022-49354 bsc#1238636).
- Update
patches.suse/ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch
(git-fixes CVE-2022-49073 bsc#1237746).
- Update
patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch
(git-fixes CVE-2022-49213 bsc#1238327).
- Update
patches.suse/ath10k-skip-ath10k_halt-during-suspend-for-driver-st.patch
(git-fixes CVE-2022-49519 bsc#1238943).
- Update
patches.suse/ath11k-disable-spectral-scan-during-spectral-deinit.patch
(git-fixes CVE-2022-49523 bsc#1238557).
- Update
patches.suse/ath11k-fix-kernel-panic-during-unload-load-ath11k-mo.patch
(git-fixes CVE-2022-49131 bsc#1237966).
- Update patches.suse/ath11k-mhi-use-mhi_sync_power_up.patch
(git-fixes CVE-2022-49130 bsc#1237978).
- Update
patches.suse/ath11k-pci-fix-crash-on-suspend-if-board-file-is-not.patch
(git-fixes CVE-2022-49132 bsc#1237976).
- Update
patches.suse/ath9k_htc-fix-potential-out-of-bounds-access-with-in.patch
(git-fixes CVE-2022-49503 bsc#1238868).
- Update patches.suse/ath9k_htc-fix-uninit-value-bugs.patch
(git-fixes CVE-2022-49235 bsc#1238333).
- Update
patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch
(bsc#1197926 CVE-2022-49412 bsc#1238436).
- Update
patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch
(bsc#1197926 CVE-2022-49411 bsc#1238307).
- Update
patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch
(bsc#1197926 CVE-2022-49413 bsc#1238710).
- Update
patches.suse/blk-iolatency-Fix-inflight-count-imbalances-and-IO-h.patch
(bsc#1200825 CVE-2022-49394 bsc#1238712).
- Update
patches.suse/blk-mq-don-t-touch-tagset-in-blk_mq_get_sq_hctx.patch
(bsc#1200824 CVE-2022-49377 bsc#1238545).
- Update
patches.suse/block-Fix-the-maximum-minor-value-is-blk_alloc_ext_m.patch
(bsc#1198021 CVE-2022-49147 bsc#1237960).
- Update
patches.suse/block-don-t-delete-queue-kobject-before-its-children.patch
(bsc#1198019 CVE-2022-49259 bsc#1238413).
- Update
patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch
(bsc#1202781 CVE-2022-49266 bsc#1238465).
- Update
patches.suse/bpf-Fix-UAF-due-to-race-between-btf_try_get_module-a.patch
(git-fixes CVE-2022-49236 bsc#1238120).
- Update
patches.suse/bpf-arm64-Clear-prog-jited_len-along-prog-jited.patch
(git-fixes CVE-2022-49341 bsc#1238381).
- Update
patches.suse/brcmfmac-pcie-Release-firmwares-in-the-brcmf_pcie_se.patch
(git-fixes CVE-2022-49263 bsc#1238267).
- Update
patches.suse/bus-fsl-mc-bus-fix-KASAN-use-after-free-in-fsl_mc_bu.patch
(git-fixes CVE-2022-49711 bsc#1238416).
- Update
patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
(git-fixes CVE-2022-49661 bsc#1237788).
- Update
patches.suse/can-isotp-sanitize-CAN-ID-checks-in-isotp_bind.patch
(git-fixes CVE-2022-49269 bsc#1238533).
- Update
patches.suse/can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
(git-fixes CVE-2022-49275 bsc#1238719).
- Update
patches.suse/can-mcba_usb-properly-check-endpoint-type.patch
(git-fixes CVE-2022-49151 bsc#1237778).
- Update
patches.suse/ceph-fix-inode-reference-leakage-in-ceph_get_snapdir.patch
(bsc#1206048 CVE-2022-49109 bsc#1237836).
- Update
patches.suse/ceph-fix-memory-leak-in-ceph_readdir-when-note_last_dentry-returns-error.patch
(bsc#1206049 CVE-2022-49107 bsc#1237973).
- Update
patches.suse/cgroup-Use-separate-src-dst-nodes-when-preloading-css_sets-for-migration.patch
(bsc#1201610 CVE-2022-49647 bsc#1238805).
- Update
patches.suse/char-xillybus-fix-a-refcount-leak-in-cleanup_dev.patch
(git-fixes CVE-2022-49310 bsc#1238642).
- Update patches.suse/cifs-fix-handlecache-and-multiuser.patch
(bsc#1193629 CVE-2022-49281 bsc#1238635).
- Update
patches.suse/cifs-fix-potential-double-free-during-failed-mount.patch
(bsc#1193629 CVE-2022-49541 bsc#1238727).
- Update
patches.suse/cifs-potential-buffer-overflow-in-handling-symlinks.patch
(bsc#1193629 CVE-2022-49058 bsc#1237814).
- Update
patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch
(CVE-2022-0168 bsc#1197472 CVE-2022-49271 bsc#1238626).
- Update
patches.suse/clk-Fix-clk_hw_get_clk-when-dev-is-NULL.patch
(git-fixes CVE-2022-49187 bsc#1238011).
- Update
patches.suse/clk-qcom-clk-rcg2-Update-logic-to-calculate-D-value-.patch
(git-fixes CVE-2022-49189 bsc#1238150).
- Update
patches.suse/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch
(bsc#1201218 CVE-2022-49726 bsc#1238808).
- Update
patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49621 bsc#1239051).
- Update
patches.suse/crypto-ccree-Fix-use-after-free-in-cc_cipher_exit.patch
(git-fixes CVE-2022-49258 bsc#1237952).
- Update
patches.suse/crypto-hisilicon-sec-fix-the-aead-software-fallback-.patch
(bsc#1198240 CVE-2022-49260 bsc#1238458).
- Update
patches.suse/crypto-octeontx2-remove-CONFIG_DM_CRYPT-check.patch
(git-fixes CVE-2022-49262 bsc#1238463).
- Update patches.suse/crypto-qat-add-param-check-for-DH.patch
(jsc#PED-1073 CVE-2022-49564 bsc#1238789).
- Update patches.suse/crypto-qat-add-param-check-for-RSA.patch
(jsc#PED-1073 CVE-2022-49563 bsc#1238787).
- Update patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch
(git-fixes CVE-2022-49566 bsc#1238266).
- Update patches.suse/dlm-fix-plock-invalid-read.patch (git-fixes
CVE-2022-49407 bsc#1238180).
- Update
patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
(git-fixes CVE-2022-49673 bsc#1238933).
- Update
patches.suse/dmaengine-idxd-Fix-the-error-handling-path-in-idxd_c.patch
(git-fixes CVE-2022-49422 bsc#1237784).
- Update
patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch
(git-fixes CVE-2022-49652 bsc#1238871).
- Update
patches.suse/dmaengine-zynqmp_dma-In-struct-zynqmp_dma_chan-fix-d.patch
(git-fixes CVE-2022-49320 bsc#1238394).
- Update
patches.suse/dpaa2-ptp-Fix-refcount-leak-in-dpaa2_ptp_probe.patch
(git-fixes CVE-2022-49088 bsc#1237724).
- Update
patches.suse/drbd-Fix-five-use-after-free-bugs-in-get_initial_state
(git-fixes CVE-2022-49085 bsc#1238036).
- Update
patches.suse/driver-base-fix-UAF-when-driver_attach-failed.patch
(git-fixes CVE-2022-49385 bsc#1237951).
- Update
patches.suse/driver-core-Fix-wait_for_device_probe-deferred_probe.patch
(git-fixes CVE-2022-49379 bsc#1238446).
- Update
patches.suse/driver-core-fix-deadlock-in-__device_attach.patch
(git-fixes CVE-2022-49371 bsc#1238546).
- Update
patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch
(git-fixes CVE-2022-49442 bsc#1238243).
- Update
patches.suse/drivers-staging-rtl8192bs-Fix-deadlock-in-rtw_joinbs.patch
(git-fixes CVE-2022-49311 bsc#1238632).
- Update
patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch
(git-fixes CVE-2022-49315 bsc#1238638).
- Update
patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch
(git-fixes CVE-2022-49305 bsc#1238645).
- Update
patches.suse/drivers-staging-rtl8723bs-Fix-deadlock-in-rtw_survey.patch
(git-fixes CVE-2022-49309 bsc#1238640).
- Update
patches.suse/drivers-tty-serial-Fix-deadlock-in-sa1100_set_termio.patch
(git-fixes CVE-2022-49304 bsc#1238639).
- Update
patches.suse/drivers-usb-host-Fix-deadlock-in-oxu_bus_suspend.patch
(git-fixes CVE-2022-49313 bsc#1238633).
- Update
patches.suse/drm-amd-amdgpu-amdgpu_cs-fix-refcount-leak-of-a-dma_.patch
(git-fixes CVE-2022-49137 bsc#1238155).
- Update
patches.suse/drm-amd-display-Check-if-modulo-is-0-before-dividing.patch
(git-fixes CVE-2022-49294 bsc#1238147).
- Update
patches.suse/drm-amd-display-Fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2022-49232 bsc#1238139).
- Update patches.suse/drm-amd-display-Fix-memory-leak.patch
(git-fixes CVE-2022-49135 bsc#1238006).
- Update
patches.suse/drm-amdgpu-cs-make-commands-with-0-chunks-illegal-be.patch
(git-fixes CVE-2022-49335 bsc#1238377).
- Update
patches.suse/drm-amdkfd-Check-for-potential-null-return-of-kmallo.patch
(git-fixes CVE-2022-49055 bsc#1237868).
- Update
patches.suse/drm-bridge-Add-missing-pm_runtime_put_sync.patch
(git-fixes CVE-2022-49128 bsc#1237970).
- Update
patches.suse/drm-bridge-anx7625-Fix-overflow-issue-on-reading-EDI.patch
(git-fixes CVE-2022-49222 bsc#1238328).
- Update
patches.suse/drm-etnaviv-check-for-reaped-mapping-in-etnaviv_iomm.patch
(git-fixes CVE-2022-49336 bsc#1238397).
- Update
patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
(git-fixes CVE-2022-49644 bsc#1238235).
- Update
patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch
(git-fixes bsc#1211263 CVE-2023-28410 CVE-2022-49261
bsc#1238462).
- Update
patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch
(git-fixes CVE-2022-49723 bsc#1237997).
- Update
patches.suse/drm-imx-Fix-memory-leak-in-imx_pd_connector_get_mode.patch
(git-fixes CVE-2022-49091 bsc#1237726).
- Update
patches.suse/drm-msm-a6xx-Fix-refcount-leak-in-a6xx_gpu_init.patch
(git-fixes CVE-2022-49462 bsc#1238123).
- Update
patches.suse/drm-msm-disp-dpu1-set-vbif-hw-config-to-NULL-to-avoi.patch
(git-fixes CVE-2022-49489 bsc#1238244).
- Update
patches.suse/drm-msm-dp-populate-connector-of-struct-dp_panel.patch
(git-fixes CVE-2022-49221 bsc#1238326).
- Update
patches.suse/drm-msm-fix-possible-memory-leak-in-mdp5_crtc_cursor.patch
(git-fixes CVE-2022-49467 bsc#1238815).
- Update
patches.suse/drm-msm-hdmi-check-return-value-after-calling-platfo.patch
(git-fixes CVE-2022-49495 bsc#1237932).
- Update
patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch
(git-fixes CVE-2022-49693 bsc#1237954).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_mixer_release.patch
(git-fixes CVE-2022-49488 bsc#1238600).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_pipe_release-.patch
(git-fixes CVE-2022-49490 bsc#1238275).
- Update
patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch
(git-fixes CVE-2022-49645 bsc#1238435).
- Update
patches.suse/drm-rockchip-vop-fix-possible-null-ptr-deref-in-vop_.patch
(git-fixes CVE-2022-49491 bsc#1238539).
- Update
patches.suse/drm-tegra-Fix-reference-leak-in-tegra_dsi_ganged_pro.patch
(git-fixes CVE-2022-49216 bsc#1238338).
- Update
patches.suse/drm-virtio-fix-NULL-pointer-dereference-in-virtio_gp.patch
(git-fixes CVE-2022-49532 bsc#1238925).
- Update
patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch
(git-fixes CVE-2022-49357 bsc#1238631).
- Update
patches.suse/exec-Force-single-empty-string-when-argv-is-empty.patch
(bsc#1200571 CVE-2022-49264 bsc#1237815).
- Update patches.suse/ext4-add-reserved-GDT-blocks-check.patch
(bsc#1202712 CVE-2022-49707 bsc#1239035).
- Update patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch
(bsc#1198577 CVE-2022-1184 CVE-2022-49343 bsc#1238382).
- Update
patches.suse/ext4-filter-out-EXT4_FC_REPLAY-from-on-disk-superblo.patch
(bsc#1202771 CVE-2022-49348 bsc#1238383).
- Update patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch
(bsc#1200810 CVE-2022-49708 bsc#1238599).
- Update patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch
(bsc#1200809 CVE-2022-49409 bsc#1238279).
- Update patches.suse/ext4-fix-bug_on-in-ext4_writepages.patch
(bsc#1200872 CVE-2022-49347 bsc#1238393).
- Update
patches.suse/ext4-fix-ext4_mb_mark_bb-with-flex_bg-with-fast_comm.patch
(bsc#1207593 CVE-2022-49174 bsc#1238091).
- Update
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
(bsc#1200807 CVE-2022-49414 bsc#1238623).
- Update
patches.suse/ext4-fix-use-after-free-in-ext4_rename_dir_prepare.patch
(bsc#1200871 CVE-2022-49349 bsc#1238372).
- Update
patches.suse/ext4-fix-warning-in-ext4_handle_inode_extension.patch
(bsc#1202711 CVE-2022-49352 bsc#1238395).
- Update
patches.suse/extcon-Modify-extcon-device-to-be-created-after-driv.patch
(git-fixes CVE-2022-49308 bsc#1238654).
- Update
patches.suse/filemap-Handle-sibling-entries-in-filemap_get_read_b.patch
(bsc#1202774 CVE-2022-49699 bsc#1238248).
- Update
patches.suse/firmware-arm_scmi-Fix-list-protocols-enumeration-in-.patch
(git-fixes CVE-2022-49451 bsc#1238177).
- Update
patches.suse/firmware-dmi-sysfs-Fix-memory-leak-in-dmi_sysfs_regi.patch
(git-fixes CVE-2022-49370 bsc#1238467).
- Update
patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch
(git-fixes CVE-2022-49283 bsc#1238012).
- Update
patches.suse/ftrace-Clean-up-hash-direct_functions-on-register-failures.patch
(git-fixes CVE-2022-49402 bsc#1238255).
- Update patches.suse/gpio-gpio-xilinx-Fix-integer-overflow.patch
(git-fixes CVE-2022-49570 bsc#1238298).
- Update
patches.suse/habanalabs-fix-possible-memory-leak-in-MMU-DR-fini.patch
(git-fixes CVE-2022-49102 bsc#1238018).
- Update
patches.suse/hwrng-cavium-fix-NULL-but-dereferenced-coccicheck-er.patch
(jsc#SLE-24682 CVE-2022-49177 bsc#1238010).
- Update
patches.suse/i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-support.patch
(git-fixes CVE-2022-49653 bsc#1238664).
- Update
patches.suse/i40e-Fix-call-trace-in-setup_tx_descriptors.patch
(git-fixes CVE-2022-49725 bsc#1238016).
- Update
patches.suse/iavf-Fix-handling-of-dummy-receive-descriptors.patch
(git-fixes CVE-2022-49583 bsc#1237818).
- Update
patches.suse/ibmvnic-fix-race-between-xmit-and-reset.patch
(bsc#1197302 ltc#197259 CVE-2022-49201 bsc#1238256).
- Update patches.suse/ice-Fix-memory-corruption-in-VF-driver.patch
(git-fixes CVE-2022-49722 bsc#1238301).
- Update
patches.suse/ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch
(git-fixes CVE-2022-49063 bsc#1237846).
- Update
patches.suse/ice-fix-scheduling-while-atomic-on-aux-critical-err-.patch
(git-fixes CVE-2022-49193 bsc#1238283).
- Update
patches.suse/igb-fix-a-use-after-free-issue-in-igb_clean_tx_ring.patch
(git-fixes CVE-2022-49695 bsc#1238556).
- Update
patches.suse/igc-Reinstate-IGC_REMOVED-logic-and-implement-it-pro.patch
(jsc#SLE-18377 CVE-2022-49605 bsc#1238433).
- Update
patches.suse/igc-avoid-kernel-warning-when-changing-RX-ring-param.patch
(git-fixes CVE-2022-49227 bsc#1237786).
- Update
patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch
(git-fixes CVE-2022-49285 bsc#1238641).
- Update
patches.suse/iio-adc-adi-axi-adc-Fix-refcount-leak-in-adi_axi_adc.patch
(git-fixes CVE-2022-49683 bsc#1238308).
- Update
patches.suse/iio-trigger-sysfs-fix-use-after-free-on-remove.patch
(git-fixes CVE-2022-49685 bsc#1237963).
- Update
patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch
(git-fixes CVE-2022-49643 bsc#1238663).
- Update
patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch
(git-fixes CVE-2022-49627 bsc#1237798).
- Update
patches.suse/iommu-arm-smmu-fix-possible-null-ptr-deref-in-arm_smmu_device_pr
(git-fixes CVE-2022-49323 bsc#1238400).
- Update
patches.suse/iommu-arm-smmu-v3-check-return-value-after-calling-platform_get_
(git-fixes CVE-2022-49319 bsc#1238374).
- Update patches.suse/iommu-arm-smmu-v3-sva-Fix-mm-use-after-free
(git-fixes CVE-2022-49426 bsc#1238445).
- Update
patches.suse/iommu-mediatek-Fix-NULL-pointer-dereference-when-printing-dev_na
(git-fixes CVE-2022-49424 bsc#1238247).
- Update
patches.suse/iommu-mediatek-Remove-clk_disable-in-mtk_iommu_remove
(git-fixes CVE-2022-49427 bsc#1238246).
- Update
patches.suse/iommu-omap-Fix-regression-in-probe-for-NULL-pointer-dereference
(git-fixes CVE-2022-49083 bsc#1237723).
- Update
patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_update_priori.patch
(git-fixes CVE-2022-49603 bsc#1238867).
- Update
patches.suse/ipv4-Fix-data-races-around-sysctl_fib_multipath_hash.patch
(git-fixes CVE-2022-49579 bsc#1238014).
- Update
patches.suse/ipw2x00-Fix-potential-NULL-dereference-in-libipw_xmi.patch
(git-fixes CVE-2022-49544 bsc#1238721).
- Update
patches.suse/irqchip-gic-realview-Fix-refcount-leak-in-realview_g.patch
(git-fixes CVE-2022-49719 bsc#1238262).
- Update
patches.suse/irqchip-gic-v3-Fix-GICR_CTLR.RWP-polling.patch
(git-fixes CVE-2022-49074 bsc#1237728).
- Update
patches.suse/irqchip-gic-v3-Fix-error-handling-in-gic_populate_pp.patch
(git-fixes CVE-2022-49716 bsc#1238288).
- Update
patches.suse/irqchip-gic-v3-Fix-refcount-leak-in-gic_populate_ppi.patch
(git-fixes CVE-2022-49715 bsc#1238818).
- Update
patches.suse/irqchip-realtek-rtl-Fix-refcount-leak-in-map_interru.patch
(git-fixes CVE-2022-49714 bsc#1238538).
- Update
patches.suse/ixgbe-Add-locking-to-prevent-panic-when-setting-srio.patch
(git-fixes CVE-2022-49584 bsc#1237933).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_fill_super.patch
(git-fixes CVE-2022-49381 bsc#1238112).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_mount_fs.patch
(git-fixes CVE-2022-49277 bsc#1238144).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
(git-fixes CVE-2022-49276 bsc#1238142).
- Update patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
(git-fixes CVE-2022-49670 bsc#1238809).
- Update patches.suse/list-fix-a-data-race-around-ep-rdllist.patch
(git-fixes CVE-2022-49443 bsc#1238434).
- Update
patches.suse/lz4-fix-LZ4_decompress_safe_partial-read-out-of-boun.patch
(git-fixes CVE-2022-49078 bsc#1237736).
- Update
patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch
(git-fixes CVE-2022-49290 bsc#1238156).
- Update
patches.suse/md-Don-t-set-mddev-private-to-NULL-in-raid0-pers-fre.patch
(git-fixes CVE-2022-49400 bsc#1238125).
- Update
patches.suse/md-bitmap-don-t-set-sb-values-if-can-t-pass-sanity-c.patch
(bsc#1197158 CVE-2022-49526 bsc#1238030).
- Update
patches.suse/md-fix-double-free-of-io_acct_set-bioset.patch
(git-fixes CVE-2022-49384 bsc#1237959).
- Update
patches.suse/media-cx25821-Fix-the-warning-when-removing-the-modu.patch
(git-fixes CVE-2022-49525 bsc#1238022).
- Update
patches.suse/media-i2c-max9286-fix-kernel-oops-when-removing-modu.patch
(git-fixes CVE-2022-49509 bsc#1238650).
- Update
patches.suse/media-imx-jpeg-Prevent-decoding-NV12M-jpegs-into-sin.patch
(git-fixes CVE-2022-49165 bsc#1238106).
- Update
patches.suse/media-imx-jpeg-fix-a-bug-of-accessing-array-out-of-b.patch
(git-fixes CVE-2022-49163 bsc#1238105).
- Update
patches.suse/media-pci-cx23885-Fix-the-error-handling-in-cx23885_.patch
(git-fixes CVE-2022-49524 bsc#1238949).
- Update
patches.suse/media-pvrusb2-fix-array-index-out-of-bounds-in-pvr2_.patch
(git-fixes CVE-2022-49478 bsc#1238000).
- Update
patches.suse/media-rga-fix-possible-memory-leak-in-rga_probe.patch
(git-fixes CVE-2022-49502 bsc#1238834).
- Update
patches.suse/media-stk1160-If-start-stream-fails-return-buffers-w.patch
(git-fixes CVE-2022-49247 bsc#1237783).
- Update
patches.suse/media-ti-vpe-cal-Fix-a-NULL-pointer-dereference-in-c.patch
(git-fixes CVE-2022-49254 bsc#1238089).
- Update
patches.suse/media-usb-go7007-s2250-board-fix-leak-in-probe.patch
(git-fixes CVE-2022-49253 bsc#1238420).
- Update
patches.suse/media-venus-hfi-avoid-null-dereference-in-deinit.patch
(git-fixes CVE-2022-49527 bsc#1238013).
- Update
patches.suse/memory-renesas-rpc-if-fix-platform-device-leak-in-er.patch
(git-fixes CVE-2022-49050 bsc#1237892).
- Update
patches.suse/memory-samsung-exynos5422-dmc-Fix-refcount-leak-in-o.patch
(git-fixes CVE-2022-49676 bsc#1237821).
- Update
patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch
(git-fixes CVE-2022-49435 bsc#1238292).
- Update
patches.suse/misc-ocxl-fix-possible-double-free-in-ocxl_file_regi.patch
(git-fixes CVE-2022-49455 bsc#1238229).
- Update
patches.suse/mm-slub-add-missing-TID-updates-on-slab-deactivation.patch
(git-fixes CVE-2022-49700 bsc#1238249).
- Update
patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch
(git-fixes CVE-2022-49522 bsc#1238948).
- Update
patches.suse/module-fix-e_shstrndx-.sh_size-0-OOB-access.patch
(git-fixes CVE-2022-49444 bsc#1238127).
- Update
patches.suse/msft-hv-2554-Drivers-hv-vmbus-Deactivate-sysctl_record_panic_msg-.patch
(bsc#1183682 CVE-2022-49054 bsc#1237931).
- Update
patches.suse/msft-hv-2555-Drivers-hv-vmbus-Fix-initialization-of-device-object.patch
(git-fixes CVE-2022-49099 bsc#1237727).
- Update
patches.suse/msft-hv-2556-Drivers-hv-vmbus-Fix-potential-crash-on-module-unloa.patch
(git-fixes CVE-2022-49098 bsc#1238079).
- Update
patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch
(git-fixes CVE-2022-49112 bsc#1237971).
- Update
patches.suse/mt76-fix-use-after-free-by-removing-a-non-RCU-wcid-p.patch
(git-fixes CVE-2022-49328 bsc#1238391).
- Update
patches.suse/mt76-mt7921-fix-crash-when-startup-fails.patch
(git-fixes CVE-2022-49129 bsc#1237968).
- Update
patches.suse/mtd-rawnand-atmel-fix-refcount-issue-in-atmel_nand_c.patch
(git-fixes CVE-2022-49212 bsc#1238331).
- Update
patches.suse/mtd-rawnand-cadence-fix-possible-null-ptr-deref-in-c.patch
(git-fixes CVE-2022-49494 bsc#1237955).
- Update
patches.suse/mtd-rawnand-denali-Use-managed-device-resources.patch
(git-fixes CVE-2022-49512 bsc#1237986).
- Update
patches.suse/mtd-rawnand-intel-fix-possible-null-ptr-deref-in-ebu.patch
(git-fixes CVE-2022-49487 bsc#1238115).
- Update
patches.suse/net-altera-Fix-refcount-leak-in-altera_tse_mdio_crea.patch
(git-fixes CVE-2022-49351 bsc#1237939).
- Update
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch
(git-fixes CVE-2022-49226 bsc#1238336).
- Update
patches.suse/net-bcmgenet-Use-stronger-register-read-writes-to-as.patch
(git-fixes CVE-2022-49194 bsc#1238453).
- Update
patches.suse/net-bonding-fix-use-after-free-after-802.3ad-slave-u.patch
(git-fixes CVE-2022-49667 bsc#1238282).
- Update
patches.suse/net-dsa-lantiq_gswip-Fix-refcount-leak-in-gswip_gphy.patch
(git-fixes CVE-2022-49346 bsc#1238392).
- Update
patches.suse/net-dsa-microchip-ksz_common-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49591 bsc#1238666).
- Update
patches.suse/net-dsa-mv88e6xxx-Fix-refcount-leak-in-mv88e6xxx_mdi.patch
(git-fixes CVE-2022-49367 bsc#1238447).
- Update
patches.suse/net-ethernet-bgmac-Fix-refcount-leak-in-bcma_mdio_mi.patch
(git-fixes CVE-2022-49342 bsc#1238390).
- Update
patches.suse/net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch
(git-fixes CVE-2022-49368 bsc#1237808).
- Update
patches.suse/net-ethernet-stmmac-fix-altr_tse_pcs-function-when-u.patch
(git-fixes CVE-2022-49061 bsc#1238024).
- Update
patches.suse/net-ethernet-ti-am65-cpsw-nuss-Fix-some-refcount-lea.patch
(git-fixes CVE-2022-49386 bsc#1237826).
- Update
patches.suse/net-hns3-add-vlan-list-lock-to-protect-vlan-list.patch
(git-fixes CVE-2022-49182 bsc#1238260).
- Update
patches.suse/net-ipv4-fix-route-with-nexthop-object-delete-warnin.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-49092 bsc#1237779).
- Update
patches.suse/net-ipv6-unexport-__init-annotated-seg6_hmac_init.patch
(bsc#1201218 CVE-2022-49339 bsc#1238388).
- Update
patches.suse/net-mdio-unexport-__init-annotated-mdio_bus_init.patch
(bsc#1201218 CVE-2022-49350 bsc#1238387).
- Update
patches.suse/net-openvswitch-fix-leak-of-nested-actions.patch
(git-fixes CVE-2022-49086 bsc#1238037).
- Update
patches.suse/net-phy-micrel-Allow-probing-without-.driver_data.patch
(git-fixes CVE-2022-49472 bsc#1238951).
- Update
patches.suse/net-sfc-add-missing-xdp-queue-reinitialization.patch
(git-fixes CVE-2022-49096 bsc#1238077).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereference-in-smc_pnet_find_ib
(git-fixes CVE-2022-49060 bsc#1237845).
- Update
patches.suse/net-stmmac-dwc-qos-Disable-split-header-for-Tegra194.patch
(bsc#1194904 CVE-2022-49642 bsc#1238437).
- Update
patches.suse/net-stmmac-fix-dma-queue-left-shift-overflow-issue.patch
(git-fixes CVE-2022-49592 bsc#1238311).
- Update patches.suse/net-stmmac-fix-leaks-in-probe.patch
(git-fixes CVE-2022-49628 bsc#1238619).
- Update
patches.suse/net-tun-unlink-NAPI-from-device-on-destruction.patch
(git-fixes CVE-2022-49672 bsc#1238816).
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(git-fixes CVE-2022-49051 bsc#1237903).
- Update
patches.suse/net-xfrm-unexport-__init-annotated-xfrm4_protocol_in.patch
(bsc#1201218 CVE-2022-49345 bsc#1238238).
- Update
patches.suse/nfc-nci-add-flush_workqueue-to-prevent-uaf.patch
(git-fixes CVE-2022-49059 bsc#1238007).
- Update
patches.suse/nfc-nfcmrvl-Fix-memory-leak-in-nfcmrvl_play_deferred.patch
(git-fixes CVE-2022-49729 bsc#1239060).
- Update
patches.suse/nfc-st21nfca-fix-memory-leaks-in-EVT_TRANSACTION-han.patch
(git-fixes CVE-2022-49331 bsc#1237813).
- Update
patches.suse/nvme-pci-fix-a-NULL-pointer-dereference-in-nvme_allo.patch
(git-fixes CVE-2022-49492 bsc#1238954).
- Update
patches.suse/ocfs2-dlmfs-fix-error-handling-of-user_dlm_destroy_l.patch
(bsc#1202778 CVE-2022-49337 bsc#1238376).
- Update
patches.suse/ocfs2-fix-crash-when-mount-with-quota-enabled.patch
(bsc#1207640 CVE-2022-49274 bsc#1238668).
- Update
patches.suse/perf-core-Fix-data-race-between-perf_event_set_output-and-perf_mmap_close.patch
(git fixes CVE-2022-49607 bsc#1238817).
- Update
patches.suse/phy-qcom-qmp-fix-reset-controller-leak-on-probe-erro.patch
(git-fixes CVE-2022-49396 bsc#1238289).
- Update
patches.suse/phy-qcom-qmp-fix-struct-clk-leak-on-probe-errors.patch
(git-fixes CVE-2022-49397 bsc#1237823).
- Update
patches.suse/pinctrl-aspeed-Fix-potential-NULL-dereference-in-asp.patch
(git-fixes CVE-2022-49618 bsc#1238957).
- Update
patches.suse/pinctrl-nomadik-Add-missing-of_node_put-in-nmk_pinct.patch
(git-fixes CVE-2022-49185 bsc#1238111).
- Update
patches.suse/pinctrl-renesas-core-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49445 bsc#1238019).
- Update
patches.suse/pinctrl-renesas-rzn1-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49449 bsc#1238936).
- Update
patches.suse/platform-x86-thinkpad_acpi-Fix-a-memory-leak-of-EFCH.patch
(bsc#1210050 CVE-2022-49665 bsc#1238017).
- Update
patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch
(git-fixes CVE-2022-49609 bsc#1238241).
- Update
patches.suse/power-supply-ab8500-Fix-memory-leak-in-ab8500_fg_sys.patch
(git-fixes CVE-2022-49224 bsc#1237998).
- Update
patches.suse/powerpc-64s-Don-t-use-DSISR-for-SLB-faults.patch
(bsc#1194869 CVE-2022-49214 bsc#1238003).
- Update
patches.suse/powerpc-iommu-Add-missing-of_node_put-in-iommu_init_.patch
(bsc#1194869 CVE-2022-49431 bsc#1238899).
- Update
patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803 CVE-2022-49196 bsc#1238274).
- Update
patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch
(bsc#1197174 ltc#196362 CVE-2022-49440 bsc#1238945).
- Update
patches.suse/powerpc-secvar-fix-refcount-leak-in-format_show.patch
(bsc#1194869 CVE-2022-49113 bsc#1237967).
- Update
patches.suse/powerpc-tm-Fix-more-userspace-r13-corruption.patch
(bsc#1065729 CVE-2022-49164 bsc#1238108).
- Update
patches.suse/powerpc-xics-fix-refcount-leak-in-icp_opal_init.patch
(bsc#1194869 CVE-2022-49432 bsc#1238950).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch
(fate#322438 git-fixes CVE-2022-49437 bsc#1238443).
- Update
patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch
(fate#322438 git-fixes CVE-2022-49623 bsc#1239040).
- Update
patches.suse/qede-confirm-skb-is-allocated-before-using.patch
(git-fixes CVE-2022-49084 bsc#1237751).
- Update
patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch
(git-fixes CVE-2022-49631 bsc#1238814).
- Update
patches.suse/regulator-da9121-Fix-uninit-value-in-da9121_assign_c.patch
(git-fixes CVE-2022-49507 bsc#1238811).
- Update
patches.suse/regulator-pfuze100-Fix-refcount-leak-in-pfuze_parse_.patch
(git-fixes CVE-2022-49481 bsc#1238264).
- Update
patches.suse/regulator-scmi-Fix-refcount-leak-in-scmi_regulator_p.patch
(git-fixes CVE-2022-49466 bsc#1238287).
- Update
patches.suse/remoteproc-Fix-count-check-in-rproc_coredump_write.patch
(git-fixes CVE-2022-49278 bsc#1238253).
- Update
patches.suse/remoteproc-qcom_q6v5_mss-Fix-some-leaks-in-q6v5_allo.patch
(git-fixes CVE-2022-49188 bsc#1238138).
- Update
patches.suse/rtc-mt6397-check-return-value-after-calling-platform.patch
(git-fixes CVE-2022-49375 bsc#1238228).
- Update
patches.suse/rtc-pl031-fix-rtc-features-null-pointer-dereference.patch
(git-fixes CVE-2022-49273 bsc#1238140).
- Update
patches.suse/rtl818x-Prevent-using-not-initialized-queues.patch
(git-fixes CVE-2022-49326 bsc#1238646).
- Update
patches.suse/scsi-hisi_sas-Free-irq-vectors-in-order-for-v3-HW.patch
(git-fixes CVE-2022-49118 bsc#1237979).
- Update
patches.suse/scsi-ibmvfc-Allocate-free-queue-resource-only-during.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49701
bsc#1237810).
- Update
patches.suse/scsi-ibmvfc-Store-vhost-pointer-during-subcrq-alloca.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49703
bsc#1238131).
- Update
patches.suse/scsi-libfc-Fix-use-after-free-in-fc_exch_abts_resp.patch
(git-fixes CVE-2022-49114 bsc#1238146).
- Update
patches.suse/scsi-lpfc-Address-NULL-pointer-dereference-after-sta.patch
(bsc#1201193 CVE-2022-49332 bsc#1238236).
- Update
patches.suse/scsi-lpfc-Fix-SCSI-I-O-completion-and-abort-handler-.patch
(bsc#1200045 CVE-2022-49536 bsc#1238838).
- Update
patches.suse/scsi-lpfc-Fix-call-trace-observed-during-I-O-with-CM.patch
(bsc#1200045 CVE-2022-49537 bsc#1238930).
- Update
patches.suse/scsi-lpfc-Fix-null-pointer-dereference-after-failing.patch
(bsc#1200045 CVE-2022-49535 bsc#1238937).
- Update
patches.suse/scsi-lpfc-Fix-resource-leak-in-lpfc_sli4_send_seq_to.patch
(bsc#1200045 CVE-2022-49521 bsc#1238938).
- Update
patches.suse/scsi-lpfc-Inhibit-aborts-if-external-loopback-plug-i.patch
(bsc#1200045 CVE-2022-49504 bsc#1238835).
- Update
patches.suse/scsi-lpfc-Move-cfg_log_verbose-check-before-calling-.patch
(bsc#1200045 CVE-2022-49542 bsc#1238722).
- Update
patches.suse/scsi-lpfc-Protect-memory-leak-for-NPIV-ports-sending.patch
(bsc#1200045 CVE-2022-49534 bsc#1238893).
- Update
patches.suse/scsi-lpfc-Resolve-NULL-ptr-dereference-after-an-ELS-.patch
(bsc#1201193 CVE-2022-49730 bsc#1239070).
- Update patches.suse/scsi-mpi3mr-Fix-memory-leaks.patch
(git-fixes CVE-2022-49126 bsc#1237929).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-in-_scsih_expander_node_remove
(git-fixes CVE-2022-49082 bsc#1237740).
- Update
patches.suse/scsi-pm8001-Fix-abort-all-task-initialization.patch
(git-fixes CVE-2022-49217 bsc#1238313).
- Update
patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_update_req.patch
(git-fixes CVE-2022-49119 bsc#1237925).
- Update patches.suse/scsi-pm8001-Fix-tag-leaks-on-error.patch
(git-fixes CVE-2022-49121 bsc#1237926).
- Update
patches.suse/scsi-pm8001-Fix-task-leak-in-pm8001_send_abort_all.patch
(git-fixes CVE-2022-49120 bsc#1237969).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch
(bsc#1197661 CVE-2022-49160 bsc#1238172).
- Update
patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
(bsc#1195823 CVE-2022-49157 bsc#1238169).
- Update
patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
(bsc#1195823 CVE-2022-49156 bsc#1238168).
- Update
patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
(bsc#1195823 CVE-2022-49158 bsc#1238170).
- Update
patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
(bsc#1195823 CVE-2022-49159 bsc#1238171).
- Update
patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
(bsc#1195823 CVE-2022-49155 bsc#1237941).
- Update
patches.suse/scsi-sd-Fix-potential-NULL-pointer-dereference.patch
(git-fixes CVE-2022-49376 bsc#1238103).
- Update
patches.suse/scsi-zorro7xx-Fix-a-resource-leak-in-zorro7xx_remove_one
(git-fixes CVE-2022-49095 bsc#1237752).
- Update
patches.suse/serial-8250-Fix-PM-usage_count-for-console-handover.patch
(git-fixes CVE-2022-49613 bsc#1238440).
- Update
patches.suse/serial-8250_aspeed_vuart-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49392 bsc#1238113).
- Update
patches.suse/sfc-fix-considering-that-all-channels-have-TX-queues.patch
(git-fixes CVE-2022-49378 bsc#1238286).
- Update patches.suse/sfc-fix-kernel-panic-when-creating-VF.patch
(git-fixes CVE-2022-49625 bsc#1238411).
- Update
patches.suse/sfc-fix-use-after-free-when-disabling-sriov.patch
(git-fixes CVE-2022-49626 bsc#1238270).
- Update
patches.suse/skbuff-fix-coalescing-for-page_pool-fragment-recycli.patch
(bsc#1190336 CVE-2022-49093 bsc#1237737).
- Update
patches.suse/soc-bcm-Check-for-NULL-return-of-devm_kzalloc.patch
(git-fixes CVE-2022-49448 bsc#1238536).
- Update
patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch
(git-fixes CVE-2022-49678 bsc#1238821).
- Update
patches.suse/soc-rockchip-Fix-refcount-leak-in-rockchip_grf_init.patch
(git-fixes CVE-2022-49382 bsc#1238306).
- Update
patches.suse/soc-ti-ti_sci_pm_domains-Check-for-null-return-of-de.patch
(git-fixes CVE-2022-49453 bsc#1239004).
- Update
patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch
(git-fixes CVE-2022-49569 bsc#1238605).
- Update
patches.suse/spi-spi-fsl-qspi-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49475 bsc#1238617).
- Update
patches.suse/staging-rtl8712-fix-a-potential-memory-leak-in-r871x.patch
(git-fixes CVE-2022-49312 bsc#1238157).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-r871xu_drv_init.patch
(git-fixes CVE-2022-49298 bsc#1238718).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-usb_read8-and-fr.patch
(git-fixes CVE-2022-49301 bsc#1238643).
- Update
patches.suse/staging-vchiq_arm-Avoid-NULL-ptr-deref-in-vchiq_dump.patch
(git-fixes CVE-2022-49106 bsc#1237965).
- Update
patches.suse/staging-vchiq_core-handle-NULL-result-of-find_servic.patch
(git-fixes CVE-2022-49104 bsc#1237999).
- Update
patches.suse/staging-wfx-fix-an-error-handling-in-wfx_init_common.patch
(git-fixes CVE-2022-49105 bsc#1237975).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_dou8vec_minmax.patch
(git-fixes CVE-2022-49634 bsc#1237937).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch
(git-fixes CVE-2022-49641 bsc#1237831).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch
(git-fixes CVE-2022-49640 bsc#1237782).
- Update
patches.suse/thermal-core-Fix-memory-leak-in-__thermal_cooling_de.patch
(git-fixes CVE-2022-49468 bsc#1238047).
- Update
patches.suse/thermal-drivers-broadcom-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49459 bsc#1238046).
- Update
patches.suse/thermal-drivers-imx_sc_thermal-Fix-refcount-leak-in-.patch
(git-fixes CVE-2022-49463 bsc#1238428).
- Update
patches.suse/tick-nohz-unexport-__init-annotated-tick_nohz_full_s.patch
(bsc#1201218 CVE-2022-49675 bsc#1238431).
- Update
patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
(CVE-2022-2977 bsc#1202672 CVE-2022-49287 bsc#1238276).
- Update patches.suse/tpm-use-try_get_ops-in-tpm-space.c.patch
(git-fixes CVE-2022-49286 bsc#1238647).
- Update
patches.suse/tracing-Fix-potential-double-free-in-create_var_ref.patch
(git-fixes CVE-2022-49410 bsc#1238441).
- Update
patches.suse/tracing-Fix-sleeping-function-called-from-invalid-context-on-RT-kernel.patch
(git-fixes CVE-2022-49322 bsc#1238396).
- Update
patches.suse/tracing-histograms-Fix-memory-leak-problem.patch
(git-fixes CVE-2022-49648 bsc#1238278).
- Update
patches.suse/tty-Fix-a-possible-resource-leak-in-icom_probe.patch
(git-fixes CVE-2022-49314 bsc#1238158).
- Update
patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch
(git-fixes CVE-2022-49441 bsc#1238263).
- Update patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch
(git-fixes CVE-2022-49724 bsc#1238869).
- Update
patches.suse/tty-goldfish-Use-tty_port_destroy-to-destroy-port.patch
(git-fixes CVE-2022-49399 bsc#1237829).
- Update
patches.suse/tty-synclink_gt-Fix-null-pointer-dereference-in-slgt.patch
(git-fixes CVE-2022-49307 bsc#1238149).
- Update
patches.suse/tunnels-do-not-assume-mac-header-is-set-in-skb_tunne.patch
(git-fixes CVE-2022-49663 bsc#1238442).
- Update
patches.suse/usb-dwc2-Fix-memory-leak-in-dwc2_hcd_init.patch
(git-fixes CVE-2022-49713 bsc#1238419).
- Update
patches.suse/usb-dwc2-gadget-don-t-reset-gadget-s-driver-bus.patch
(git-fixes CVE-2022-49299 bsc#1238184).
- Update
patches.suse/usb-dwc3-gadget-Replace-list_for_each_entry_safe-if-.patch
(git-fixes CVE-2022-49398 bsc#1238621).
- Update
patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch
(git-fixes CVE-2022-49712 bsc#1238239).
- Update
patches.suse/usb-isp1760-Fix-out-of-bounds-array-access.patch
(git-fixes CVE-2022-49551 bsc#1237795).
- Update
patches.suse/usb-usbip-fix-a-refcount-leak-in-stub_probe.patch
(git-fixes CVE-2022-49389 bsc#1238257).
- Update
patches.suse/usbnet-Run-unregister_netdev-before-unbind-again.patch
(git-fixes CVE-2022-49501 bsc#1238830).
- Update patches.suse/usbnet-fix-memory-leak-in-error-case.patch
(git-fixes CVE-2022-49657 bsc#1238269).
- Update
patches.suse/veth-Ensure-eth-header-is-in-skb-s-linear-part.patch
(git-fixes CVE-2022-49066 bsc#1237722).
- Update
patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch
(git-fixes CVE-2022-49421 bsc#1238819).
- Update
patches.suse/video-fbdev-sm712fb-Fix-crash-in-smtcfb_write.patch
(git-fixes CVE-2022-49162 bsc#1238096).
- Update
patches.suse/virtio_console-eliminate-anonymous-module_init-modul.patch
(git-fixes CVE-2022-49100 bsc#1237735).
- Update
patches.suse/virtio_net-fix-xdp_rxq_info-bug-after-suspend-resume.patch
(git-fixes CVE-2022-49687 bsc#1238181).
- Update patches.suse/watch_queue-Actually-free-the-watch.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49256 bsc#1238277).
- Update
patches.suse/watch_queue-Fix-NULL-dereference-in-error-cleanup.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49257 bsc#1237987).
- Update
patches.suse/watch_queue-Free-the-page-array-when-watch_queue-is-.patch
(git-fixes CVE-2022-49148 bsc#1237797).
- Update
patches.suse/watchdog-ts4800_wdt-Fix-refcount-leak-in-ts4800_wdt_.patch
(git-fixes CVE-2022-49373 bsc#1238175).
- Update
patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch
(git-fixes CVE-2022-49646 bsc#1239001).
- Update
patches.suse/wifi-mac80211-fix-use-after-free-in-chanctx-code.patch
(git-fixes CVE-2022-49416 bsc#1238293).
- Update
patches.suse/wireguard-socket-free-skb-in-send6-when-ipv6-is-disa.patch
(git-fixes CVE-2022-49153 bsc#1238166).
- Update
patches.suse/x86-MCE-AMD-Fix-memory-leak-when-threshold_create_ba.patch
(git-fixes CVE-2022-49549 bsc#1238602).
- Update
patches.suse/x86-kexec-fix-memory-leak-of-elf-header-buffer.patch
(bsc#1196444 CVE-2022-49546 bsc#1238750).
- Update
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49611
bsc#1238618).
- Update
patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch
(bsc#1201381 CVE-2022-49649 bsc#1238612).
- Update
patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch
(git-fixes CVE-2022-49321 bsc#1238373).
- commit a27d758
- Update
patches.suse/0011-Revert-Revert-block-bfq-honor-already-setup-queue-merges.patch
(git-fixes CVE-2021-47646 bsc#1237774).
- Update
patches.suse/ARM-davinci-da850-evm-Avoid-NULL-pointer-dereference.patch
(git-fixes CVE-2021-47631 bsc#1237718).
- Update
patches.suse/ASoC-soc-compress-prevent-the-potentially-use-of-nul.patch
(git-fixes CVE-2021-47650 bsc#1237742).
- Update
patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch
(git-fixes CVE-2021-47639 bsc#1237824).
- Update
patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch
(git-fixes CVE-2021-47633 bsc#1237768).
- Update patches.suse/clk-qcom-ipq8074-fix-PCI-E-clock-oops.patch
(git-fixes CVE-2021-47647 bsc#1237775).
- Update
patches.suse/drm-amd-pm-fix-a-potential-gpu_metrics_table-memory-.patch
(git-fixes CVE-2021-4453 bsc#1237753).
- Update
patches.suse/drm-plane-Move-range-check-for-format_count-earlier.patch
(git-fixes CVE-2021-47659 bsc#1237839).
- Update
patches.suse/drm-virtio-Ensure-that-objs-is-not-NULL-in-virtio_gp.patch
(git-fixes CVE-2021-47657 bsc#1237837).
- Update
patches.suse/gpu-host1x-Fix-a-memory-leak-in-host1x_remove.patch
(git-fixes CVE-2021-47648 bsc#1237725).
- Update
patches.suse/jffs2-fix-use-after-free-in-jffs2_clear_xattr_subsystem.patch
(git-fixes CVE-2021-47656 bsc#1237827).
- Update
patches.suse/media-davinci-vpif-fix-use-after-free-on-driver-unbi.patch
(git-fixes CVE-2021-47653 bsc#1237748).
- Update patches.suse/media-ir_toy-free-before-error-exiting.patch
(git-fixes CVE-2021-47643 bsc#1237743).
- Update
patches.suse/media-staging-media-zoran-calculate-the-right-buffer.patch
(git-fixes CVE-2021-47645 bsc#1237767).
- Update
patches.suse/media-staging-media-zoran-move-videodev-alloc.patch
(git-fixes CVE-2021-47644 bsc#1237766).
- Update
patches.suse/powerpc-set_memory-Avoid-spinlock-recursion-in-chang.patch
(bsc#1194869 CVE-2021-47632 bsc#1237755).
- Update
patches.suse/samples-landlock-Fix-path_list-memory-leak.patch
(git-fixes CVE-2021-47654 bsc#1237807).
- Update
patches.suse/soc-qcom-rpmpd-Check-for-null-return-of-devm_kcalloc.patch
(git-fixes CVE-2021-47651 bsc#1237872).
- Update
patches.suse/ubifs-Fix-deadlock-in-concurrent-rename-whiteout-and-inode-writeback.patch
(git-fixes CVE-2021-47637 bsc#1237761).
- Update
patches.suse/ubifs-Fix-read-out-of-bounds-in-ubifs_wbuf_write_nolock.patch
(git-fixes CVE-2021-47636 bsc#1237904).
- Update
patches.suse/ubifs-Fix-to-add-refcount-once-page-is-set-private.patch
(git-fixes CVE-2021-47635 bsc#1237759).
- Update
patches.suse/ubifs-rename_whiteout-Fix-double-free-for-whiteout_ui-data.patch
(git-fixes CVE-2021-47638 bsc#1237763).
- Update patches.suse/udmabuf-validate-ubuf-pagecount.patch
(git-fixes CVE-2021-47649 bsc#1237745).
- Update
patches.suse/video-fbdev-cirrusfb-check-pixclock-to-avoid-divide-.patch
(git-fixes CVE-2021-47641 bsc#1237734).
- Update
patches.suse/video-fbdev-nvidiafb-Use-strscpy-to-prevent-buffer-o.patch
(git-fixes CVE-2021-47642 bsc#1237916).
- Update
patches.suse/video-fbdev-smscufx-Fix-null-ptr-deref-in-ufx_usb_pr.patch
(git-fixes CVE-2021-47652 bsc#1237721).
- commit e92be69
- net: rose: fix timer races against user threads (CVE-2025-21718
bsc#1239073).
- commit 0089650
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 1575e37
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014 bsc#1239109)
- commit a0ab5c3
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 248ffca
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 083fa08
- Sort BHI mitigation patches
- Refresh patches.suse/KVM-x86-Add-BHI_NO.patch.
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- commit 2ed304e
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (bsc#1217339 CVE-2024-2201).
- commit 3e06375
- libapparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- freetype2
-
- enable brotli support (jsc#PED-12258)
- Added patch:
* CVE-2025-27363.patch
+ fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
attempting to parse font subglyph structures related to
TrueType GX and variable font files
- mozjs60
-
- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
huffdec.c (bsc#1234837 CVE-2024-56431).
- Explicitly require libicu-devel, rather than using pkgconfig, to
avoid unintentionally building against icu 73.
- ncurses
-
- Modify patch ncurses-5.9-ibm327x.dif
* Backport sclp terminfo description entry if for s390 sclp terminal lines
* Add a further sclp entry for qemu s390 based systems
* Make use of dumb
- python3
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- libsolv
-
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32
- Provide a symbol specific for the ruby-version
so yast does not break across updates (boo#1235598)
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- libxml2
-
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- libxslt
-
- Security fixes:
* Fix use-after-free of XPath context node [bsc#1239625, CVE-2025-24855]
* Fix UAF related to excluded namespaces [bsc#1239637, CVE-2024-55549]
* Make generate-id() deterministic [bsc#1238591, CVE-2023-40403]
Just adding the reference here as this CVE was already fixed
in 0009-Make-generate-id-deterministic.patch
* Rebase patches to use autosetup:
- libxslt-1.1.24-no-net-autobuild.patch
- libxslt-config-fixes.patch
* Add patches:
- libxslt-CVE-2024-55549.patch
- libxslt-CVE-2025-24855.patch
- libzypp
-
- Fix credential handling in HEAD requests (bsc#1244105)
- version 17.37.5 (35)
- RepoInfo: use pathNameSetTrailingSlash (fixes #643)
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- version 17.37.4 (35)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- version 17.37.3 (35)
- Add a note to service maintained .repo file entries (fixes #638)
- Support using %{url} variable in a RIS service's repo section.
- version 17.37.2 (35)
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- version 17.37.1 (35)
- Code16: Enable curl2 backend and parallel package download by
default. In Code15 it's optional.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks (fixes
openSUSE/zypper#605)
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- version 17.37.0 (35)
- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
libxml2 2.14 potentially reads the complete stream, so it may
have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
keeppackages, gpgkey, mirrorlist, and metalink with the same
semantic as in a .repo file.
- version 17.36.7 (35)
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
The default was true in Code12 (libzypp-16.x) and changed to
false with Code15 (libzypp-17.x). Unfortunately this was done by
shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
Ftp actually differs between absolute and relative URL paths.
Absolute path names begin with a double slash encoded as '/%2F'.
This must be preserved when manipulating the path.
- version 17.36.5 (35)
- Add a transaction package preloader (fixes openSUSE/zypper#104)
This patch adds a preloader that concurrently downloads files
during a transaction commit. It's not yet enabled per default.
To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
(fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)
- openssh
-
- Added openssh-bsc1241045-kexalgo-gt-256bits.patch (bsc#1241045)
from upstream, which allows KEX hashes greater than 256 bits.
Thanks to Ali Abdallah <ali.abdallah@suse.com>.
- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
This fixes an upstream logic error handling the DisableForwarding
option.
- Update openssh-7.6p1-audit_race_condition.patch (bsc#1232533),
fixing failures with very large MOTDs. Thanks to Ali Abdallah
<ali.abdallah@suse.com>.
- Updated openssh-8.1p1-audit.patch (bsc#1228634) with modification
from Jaroslav Jindrak (jjindrak@suse.com) to fix the hostname
being left out of the audit output.
- pam
-
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- python-Jinja2
-
- Add security patch CVE-2025-27516.patch (bsc#1238879)
- python-pyzmq
-
- Prevent open files leak by closing sockets on timeout (bsc#1241624)
- Added:
* close-socket-on-timeout.patch
- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- salt
-
- Fix aptpkg 'NoneType object has no attribute split' error
- Detect openEuler as RedHat family OS
- Ensure the correct crypt module is loaded
- Implement multiple inventory for ansible.targets
- Make x509 module compatible with M2Crypto 0.44.0
- Remove deprecated code from x509.certificate_managed test mode
- Move logrotate config to /usr/etc/logrotate.d where possible
- Add DEB822 apt repository format support
- Make Salt-SSH work with all SSH passwords (bsc#1215484)
- Fix issue of using update-alternatives with alts (#105)
- Added:
* fix-deb822-nonetype-object-has-no-attribute-split-71.patch
* detect-openeuler-as-redhat-family-os.patch
* ensure-the-correct-crypt-module-is-loaded.patch
* implement-multiple-inventory-for-ansible.targets.patch
* make-x509-module-compatible-with-m2crypto-0.44.0.patch
* remove-deprecated-code-from-x509.certificate_managed.patch
* add-deb822-apt-source-format-support-692.patch
* remove-password-from-shell-after-functional-text-mat.patch
- Fix virt_query outputter and add support for block devices
- Make _auth calls visible with master stats
- Repair mount.fstab_present always returning pending changes
- Set virtual grain in Podman systemd container
- Fix crash due wrong client reference on `SaltMakoTemplateLookup`
- Enhace batch async and fix some detected issues
- Added:
* repair-virt_query-outputter-655.patch
* make-_auth-calls-visible-with-master-stats-696.patch
* repair-fstab_present-test-mode-702.patch
* set-virtual-grain-in-podman-systemd-container-703.patch
* fixed-file-client-private-attribute-reference-on-sal.patch
* backport-batch-async-fixes-and-improvements-701.patch
- Enhacement of Salt packaging
* Use update-alternatives for all salt scripts
* Use flexible dependencies for the subpackages
* Make salt-minion to require flavored zypp-plugin
* Make zyppnotify to use update-alternatives
* Drop unused yumnotify plugin
* Add dependency to python3-dnf-plugins-core for RHEL based
- Fix tests failures after "repo.saltproject.io" deprecation
- Fix error to stat '/root/.gitconfig' on gitfs
(bsc#1230944) (bsc#1234881) (bsc#1220905)
- Adapt to removal of hex attribute in pygit2 v1.15.0 (bsc#1230642)
- Enhance smart JSON parsing when garbage is present (bsc#1231605)
- Fix virtual grains for VMs running on Nutanix AHV (bsc#1234022)
- Fix issues running on Python 3.12 and 3.13
- Added:
* fix-tests-failures-after-repo.saltproject.io-depreca.patch
* fix-failed-to-stat-root-.gitconfig-issue-on-gitfs-bs.patch
* update-for-deprecation-of-hex-in-pygit2-1.15.0-and-a.patch
* enhance-find_json-garbage-filtering-bsc-1231605-688.patch
* fix-virtual-grains-for-vms-running-on-nutanix-ahv-bs.patch
* fix-issues-that-break-salt-in-python-3.12-and-3.13-6.patch
- python3-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- rsync
-
- Fix bsc#1237187 - broken rsyncd
* Lists digests available in greeting line
* Add rsync-fix-daemon-proto-32.patch
- supportutils
-
- Changes to version 3.2.10
+ network.txt collect all firewalld zones (pr#233)
+ Collects gfs2 info (PED-11853, pr#235, pr#236)
+ Ignore tasks/threads to prevent collecting duplicate fd data in open_files (bsc#1230371, pr#237)
+ Added openldap2_5 support for SLES (pr#238)
+ Collects additional hawk details (pr#239)
+ Optimized filtering D/Z processes (pr#241)
+ Collect firewalld permanent configuration (pr#243)
+ ldap_info: support for multiple DBs and sanitize olcRootPW (bsc#1231838, pr#247)
+ Added dbus_info for dbus.txt (bsc#1222650, pr#248)
- Changes to version 3.2.9
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221)
+ Supportconfig available in current distro (PED-7131)
+ Corrected display issues (bsc#1231396)
+ NFS takes too long, showmount times out (bsc#1231423)
+ Merged sle15 and master branches (bsc#1233726, PED-11669)
- suse-build-key
-
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
- timezone
-
- Update to 2025b:
* New zone for Aysén Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches
* revert-philippines-historical-data.patch
* tzdata-china.diff
- vim
-
- Introduce patch to fix bsc#1235751 (regression).
* vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
* 9.1.1176: wrong indent when expanding multiple lines
* 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
* 9.1.1174: tests: Test_complete_cmdline() may fail
* 9.1.1173: filetype: ABNF files are not detected
* 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
* 9.1.1171: tests: wrong arguments passed to assert_equal()
* 9.1.1170: wildmenu highlighting in popup can be improved
* 9.1.1169: using global variable for get_insert()/get_lambda_name()
* 9.1.1168: wrong flags passed down to nextwild()
* 9.1.1167: mark '] wrong after copying text object
* 9.1.1166: command-line auto-completion hard with wildmenu
* 9.1.1165: diff: regression with multi-file diff blocks
* 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
* 9.1.1163: $MYVIMDIR is set too late
* 9.1.1162: completion popup not cleared in cmdline
* 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
* 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
* 9.1.1159: $MYVIMDIR may not always be set
* 9.1.1158: :verbose set has wrong file name with :compiler!
* 9.1.1157: command completion wrong for input()
* 9.1.1156: tests: No test for what patch 9.1.1152 fixes
* 9.1.1155: Mode message not cleared after :silent message
* 9.1.1154: Vim9: not able to use autoload class accross scripts
* 9.1.1153: build error on Haiku
* 9.1.1152: Patch v9.1.1151 causes problems
* 9.1.1151: too many strlen() calls in getchar.c
* 9.1.1150: :hi completion may complete to wrong value
* 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
* 9.1.1148: Vim9: finding imported scripts can be further improved
* 9.1.1147: preview-window does not scroll correctly
* 9.1.1146: Vim9: wrong context being used when evaluating class member
* 9.1.1145: multi-line completion has wrong indentation for last line
* 9.1.1144: no way to create raw strings from a blob
* 9.1.1143: illegal memory access when putting a register
* 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
* 9.1.1141: Misplaced comment in readfile()
* 9.1.1140: filetype: m17ndb files are not detected
* 9.1.1139: [fifo] is not displayed when editing a fifo
* 9.1.1138: cmdline completion for :hi is too simplistic
* 9.1.1137: ins_str() is inefficient by calling STRLEN()
* 9.1.1136: Match highlighting marks a buffer region as changed
* 9.1.1135: 'suffixesadd' doesn't work with multiple items
* 9.1.1134: filetype: Guile init file not recognized
* 9.1.1133: filetype: xkb files not recognized everywhere
* 9.1.1132: Mark positions wrong after triggering multiline completion
* 9.1.1131: potential out-of-memory issue in search.c
* 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
* 9.1.1129: missing out-of-memory test in buf_write()
* 9.1.1128: patch 9.1.1119 caused a regression with imports
* 9.1.1127: preinsert text is not cleaned up correctly
* 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
* 9.1.1125: cannot loop through pum menu with multiline items
* 9.1.1124: No test for 'listchars' "precedes" with double-width char
* 9.1.1123: popup hi groups not falling back to defaults
* 9.1.1122: too many strlen() calls in findfile.c
* 9.1.1121: Enter does not insert newline with "noselect"
* 9.1.1120: tests: Test_registers fails
* 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
* 9.1.1118: tests: test_termcodes fails
* 9.1.1117: there are a few minor style issues
* 9.1.1116: Vim9: super not supported in lambda expressions
* 9.1.1115: [security]: use-after-free in str_to_reg()
* 9.1.1114: enabling termguicolors automatically confuses users
* 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
* 9.1.1112: Inconsistencies in get_next_or_prev_match()
* 9.1.1111: Vim9: variable not found in transitive import
* 9.1.1110: Vim tests are slow and flaky
* 9.1.1109: cmdexpand.c hard to read
* 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
* 9.1.1107: cannot loop through completion menu with fuzzy
* 9.1.1106: tests: Test_log_nonexistent() causes asan failure
* 9.1.1105: Vim9: no support for protected new() method
* 9.1.1104: CI: using Ubuntu 22.04 Github runners
* 9.1.1103: if_perl: still some compile errors with Perl 5.38
* 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
- zypper
-
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the "metalink" attribute and reflect that the "url" elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
- version 1.14.90
- Updated translations (bsc#1230267)
- version 1.14.89
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88
- Package preloader that concurrently downloads files. It's not yet
enabled per default. To enable the preview set ZYPP_CURL2=1 and
ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires: libzypp-devel >= 17.36.4.
- version 1.14.87
- refresh: add --include-all-archs (fixes #598)
Future multi-arch repos may allow to download only those metadata
which refer to packages actually compatible with the systems
architecture. Some tools however want zypp to provide the full
metadata of a repository without filtering incompatible
architectures.
- info,search: add option to search and list Enhances
(bsc#1237949)
- version 1.14.86