- audit-secondary
-
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
- binutils
-
- Add binutils-revert-rela.diff to revert back to old behaviour
of not ignoring the in-section content of to be relocated
fields on x86-64, even though that's a RELA architecture.
Compatibility with buggy object files generated by old tools.
[bsc#1198422]
- dhcp
-
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
- gcc11
-
- Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
* includes gcc11-pr104931.patch
* includes fix for Firefox ICE [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
* includes change to adjust gnats idea of the target, fixing
the build of gprbuild. [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
in 0ad on i586. [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
cross-riscv64-gcc11 now provide a fully hosted C (and C++)
cross compiler, not just a freestanding one. I.e. with a cross
glibc. They don't yet support the sanitizer libraries.
Part of [jsc#OBS-124].
- glib2
-
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
- grub2
-
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
* 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
* 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
* 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
* 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
* 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
* 0010-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0011-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0012-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0013-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0014-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0015-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0016-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0017-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0018-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0019-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0020-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0021-net-ip-Do-IP-fragment-maths-safely.patch
* 0022-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0023-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0024-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0025-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0026-net-tftp-Avoid-a-trivial-UAF.patch
* 0027-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0028-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0029-net-http-Error-out-on-headers-with-LF-without-CR.patch
* 0030-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
* 0031-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
* 0032-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
* 0033-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
the root LV is completely in the boot LUN (bsc#1197948)
* 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
- kernel-default
-
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit fbfaf52
- x86: Add straight-line-speculation mitigation (bsc#1201050
CVE-2021-26341).
- Update config files.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit abf0dbf
- x86: Prepare inline-asm for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit 47e61d6
- x86: Prepare asm files for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit 2e5dc3e
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
CVE-2021-26341).
- commit d056830
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit c0eb89c
- CVE Mitigation for CVE-2022-29900 and CVE-2022-29901
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 0fa8239
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 177c8f5
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 7ea97e7
- x86/common: Stamp out the stepping madness (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 7537b64
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit d33e39a
- x86/speculation: Use cached host SPEC_CTRL value for guest
entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 7fd2a83
- x86/speculation: Fix SPEC_CTRL write on SMT state change
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6ba1aad
- x86/speculation: Fix firmware entry SPEC_CTRL handling
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 196832c
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b4ccef5
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 05a6c3a
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 92ac3f9
- intel_idle: Disable IBRS during long idle (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 8ddbed2
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 260ab21
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit cebc589
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 2771938
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 0ac8576
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit a298b6d
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 433f5c3
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 45ecd7f
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit a12be1c
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 87bdc70
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 837cd25
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 64e805b
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 65b37b5
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit eeeb3f7
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 29cd04a
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 2d298bb
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 22cc527
- net: Rename and export copy_skb_header (bsc#1200762,
CVE-2022-33741, XSA-403).
- commit 5e3ad99
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
bsc#1201251).
- commit 6ad5c1f
- xen/netfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33741, XSA-403).
- commit 459e62a
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-33740, XSA-403).
- commit b225a00
- xen/blkfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33742, XSA-403).
- commit 8bcc9cd
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-26365, XSA-403).
- commit f3412de
- Refresh
patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch.
Fix a build warning.
- commit 88f1e54
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
bsc#1200599).
- commit c46afe6
- sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599).
- commit 3cb182d
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
bsc#1199487).
- commit 2c5abda
- exec: Force single empty string when argv is empty
(bsc#1200571).
- commit 4ee3bdd
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
(CVE-2022-20132 bsc#1200619).
- HID: check for valid USB device for many HID drivers
(CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
detection (CVE-2022-20132 bsc#1200619).
- HID: introduce hid_is_using_ll_driver (CVE-2022-20132
bsc#1200619).
- commit fb86cdd
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
CVE-2022-20141).
- commit 5040a6d
- certs: Add EFI_CERT_X509_GUID support for dbx entries
(bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 2e7bde8
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit 9af4e3a
- add mainline tag for a pci-hyperv change
- commit dd0f473
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 996513e
- NFC: netlink: fix sleep in atomic bug when firmware download
timeout (CVE-2022-1975 bsc#1200143).
- commit a8211d8
- nfc: replace improper check device_is_registered() in netlink
related functions (CVE-2022-1974 bsc#1200144).
- commit d539b18
- KVM: x86/speculation: Disable Fill buffer clear within guests
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation: Add a common function for MD_CLEAR mitigation
update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale
Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Add sysfs reporting for Processor
MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127
CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- x86/speculation/srbds: Update SRBDS mitigation selection
(bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123
CVE-2022-21125 CVE-2022-21180).
- Refresh
patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit 96526da
- btrfs: extent-tree: kill the BUG_ON() in
insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 7762823
- btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
(CVE-2019-19377 bsc#1158266).
- commit fa0dbe1
- perf: Fix sys_perf_event_open() race against self
(CVE-2022-1729, bsc#1199507).
- commit fc77f1c
- ext4: avoid cycles in directory h-tree (bsc#1198577
CVE-2022-1184).
- commit ec51c1b
- ext4: verify dir block before splitting it (bsc#1198577
CVE-2022-1184).
- commit 97bfb10
- debug: Lock down kgdb (bsc#1199426 CVE-2022-21499).
- debug: Lock down kgdb (bsc#1199426).
- commit 1cd17a0
- Update patch reference for ACPI fix (CVE-2017-13695 bsc#1055710)
- commit e74f546
- floppy: use a statically allocated error counter (bsc#1199063
CVE-2022-1652).
- commit 7173277
- nfc: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
bsc#1199605).
- commit d9ccce0
- btrfs: relocation: Only remove reloc rb_trees if reloc control
has been initialized (bsc#1199399).
- commit d95d9f9
- bpf: fix panic due to oob in bpf_prog_test_run_skb (bsc#1197219,
CVE-2021-39711).
- commit 51bae76
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit 26d8e0b
- btrfs: relocation: Only remove reloc rb_trees if reloc control
has been initialized (bsc#1199399).
- commit adb6d28
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (bsc#1195612 CVE-2022-24448).
- commit dd7b1a9
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 07098d3
- Fix kernel-vanilla build issue
Fix:
[ 315s] CC [M] fs/fat/namei_vfat.o
[ 315s] CC kernel/elfcore.o
[ 315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
[ 315s] Cannot find symbol for section 1: .text.
[ 315s] kernel/elfcore.o: failed
[ 315s] make[3]: *** [kernel/elfcore.o] Error 1
due to toolchain updates and the patch missing in the vanilla flavor. So
move it there.
- commit 23d6a8f
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
(bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
(bsc#1196426 CVE-2021-33061).
- commit 7ca9841
- net: mana: Remove unnecessary check of cqe_type in
mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- commit a27cea8
- net: mana: Reuse XDP dropped page (bsc#1195651).
- commit c707c23
- net: mana: Add counter for XDP_TX (bsc#1195651).
- commit 9e62047
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- commit e3af7bf
- net: mana: Use struct_size() helper in
mana_gd_create_dma_region() (bsc#1195651).
- commit 2c30991
- net/x25: Fix null-ptr-deref caused by x25_disconnect
(CVE-2022-1516 bsc#1199012).
- commit 70361a9
- ovl: fix missing negative dentry check in ovl_rename()
(CVE-2021-20321 bsc#1191647).
- commit 3e23b63
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
(bsc#1028340 bsc#1198825).
- commit 5e96c61
- net-sysfs: call dev_hold if kobject_init_and_add success
(CVE-2019-20811 bsc#1172456).
- commit 5de8a61
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748).
- commit 25ea790
- Update
patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch
(bsc#1051510 bsc#1084513 CVE-2018-7755).
- commit 371ca37
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit c2b5f0e
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(bsc#1191958 CVE-2021-43389).
- commit 6296574
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect (CVE-2021-38208 bsc#1187055).
- commit 54aed86
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729 bsc#1198660 ltc#197803).
- commit 534ea7f
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit ffb367f
- Update
patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
(bsc#1198400).
- Update
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
(bsc#1198400).
- commit b81f481
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure
(CVE-2021-20292 bsc#1183723).
- commit f1a5fa2
- x86/speculation: Restore speculation related MSRs during S3
resume (bsc#1114648).
- commit 46f1ca5
- fuse: handle kABI change in struct fuse_req (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit e67cd7e
- x86/pm: Save the MSR validity status at context setup
(bsc#1114648).
- commit 87c5893
- livepatch: Don't block removal of patches that are safe to
unload (bsc#1071995).
- commit 2e90af6
- Refresh
patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch.
Fix missplaced qdisc_put()
- commit 883b3be
- linux/dim: Move implementation to .c files (bsc#1197099
jsc#SLE-24124).
- commit 03d416d
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099
jsc#SLE-24124).
- Update config files.
- commit fbae1a9
- net: ena: Change the name of bad_csum variable (bsc#1197099
jsc#SLE-24124).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099
jsc#SLE-24124).
- net: ena: Move reset completion print to the reset function
(bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant return code check (bsc#1197099
jsc#SLE-24124).
- net: ena: Change ENI stats support check to use capabilities
field (bsc#1197099 jsc#SLE-24124).
- net: ena: Add capabilities field with support for ENI stats
capability (bsc#1197099 jsc#SLE-24124).
- net: ena: Change return value of ena_calc_io_queue_size()
to void (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix error handling when calculating max IO queues
number (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix wrong rx request id by resetting device
(bsc#1197099 jsc#SLE-24124).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099
jsc#SLE-24124).
- net: ena: re-organize code to improve readability (bsc#1197099
jsc#SLE-24124).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099
jsc#SLE-24124).
- net: ena: Remove module param and change message severity
(bsc#1197099 jsc#SLE-24124).
- net: ena: add jiffies of last napi call to stats (bsc#1197099
jsc#SLE-24124).
- net: ena: Improve error logging in driver (bsc#1197099
jsc#SLE-24124).
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124).
- net: ena: remove extra words from comments (bsc#1197099
jsc#SLE-24124).
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124).
- ethernet: amazon: ena: A typo fix in the file ena_com.h
(bsc#1197099 jsc#SLE-24124).
- net: ena: aggregate stats increase into a function (bsc#1197099
jsc#SLE-24124).
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124).
- net: ena: store values in their appropriate variables types
(bsc#1197099 jsc#SLE-24124).
- net: ena: add device distinct log prefix to files (bsc#1197099
jsc#SLE-24124).
- net: ena: use constant value for net_device allocation
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix packet's addresses for rx_offset feature
(bsc#1197099 jsc#SLE-24124).
- net: ena: set initial DMA width to avoid intel iommu issue
(bsc#1197099 jsc#SLE-24124).
- net: ena: handle bad request id in ena_netdev (bsc#1197099
jsc#SLE-24124).
- net: ena: Fix all static chekers' warnings (bsc#1197099
jsc#SLE-24124).
- net: ena: Change RSS related macros and variables names
(bsc#1197099 jsc#SLE-24124).
- net: ena: Remove redundant print of placement policy
(bsc#1197099 jsc#SLE-24124).
- net: ena: Capitalize all log strings and improve code
readability (bsc#1197099 jsc#SLE-24124).
- net: ena: Change log message to netif/dev function (bsc#1197099
jsc#SLE-24124).
- net: ena: Change license into format to SPDX in all files
(bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: Add new device statistics (bsc#1197099
jsc#SLE-24124).
- net: ena: ethtool: convert stat_offset to 64 bit resolution
(bsc#1197099 jsc#SLE-24124).
- net: ena: Make missed_tx stat incremental (bsc#1197099
jsc#SLE-24124).
- net: ena: Prevent reset after device destruction (bsc#1197099
jsc#SLE-24124).
- net: ena: support new LLQ acceleration mode (bsc#1197099
jsc#SLE-24124).
- net: ena: move llq configuration from ena_probe to
ena_device_init() (bsc#1197099 jsc#SLE-24124).
- net: ena: enable support of rss hash key and function changes
(bsc#1197099 jsc#SLE-24124).
- net: ena: add support for traffic mirroring (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64
(bsc#1197099 jsc#SLE-24124).
- net: ena: add reserved PCI device ID (bsc#1197099
jsc#SLE-24124).
- net: ena: avoid unnecessary rearming of interrupt vector when
busy-polling (bsc#1197099 jsc#SLE-24124).
- net: ena: Fix using plain integer as NULL pointer in
ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124).
- net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: minor code changes (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: fix spacing issues (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: code reorderings (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary code (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: fix line break issues (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: fix spelling and grammar mistakes in
comments (bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: set queue sizes to u32 for consistency
(bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: rename
ena_update_tx/rx_rings_intr_moderation() (bsc#1197099
jsc#SLE-24124).
- net: ena: simplify ena_com_update_intr_delay_resolution()
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix ena_com_comp_status_to_errno() return value
(bsc#1197099 jsc#SLE-24124).
- net: ena: use explicit variable size for clarity (bsc#1197099
jsc#SLE-24124).
- net: ena: rename ena_com_free_desc to make API more uniform
(bsc#1197099 jsc#SLE-24124).
- net: ena: add support for the rx offset feature (bsc#1197099
jsc#SLE-24124).
- net: ena: cosmetic: extract code to ena_indirection_table_set()
(bsc#1197099 jsc#SLE-24124).
- net: ena: cosmetic: remove unnecessary spaces and tabs in
ena_com.h macros (bsc#1197099 jsc#SLE-24124).
- net: ena: use SHUTDOWN as reset reason when closing interface
(bsc#1197099 jsc#SLE-24124).
- net: ena: drop superfluous prototype (bsc#1197099
jsc#SLE-24124).
- net: ena: add support for reporting of packet drops (bsc#1197099
jsc#SLE-24124).
- net: ena: add unmask interrupts statistics to ethtool
(bsc#1197099 jsc#SLE-24124).
- net: ena: remove code that does nothing (bsc#1197099
jsc#SLE-24124).
- net: ena: changes to RSS hash key allocation (bsc#1197099
jsc#SLE-24124).
- net: ena: change default RSS hash function to Toeplitz
(bsc#1197099 jsc#SLE-24124).
- net: ena: allow setting the hash function without changing
the key (bsc#1197099 jsc#SLE-24124).
- net: ena: fix error returning in ena_com_get_hash_function()
(bsc#1197099 jsc#SLE-24124).
- net: ena: avoid unnecessary admin command when RSS function
set fails (bsc#1197099 jsc#SLE-24124).
- net/ena: Fix build warning in ena_xdp_set() (bsc#1197099
jsc#SLE-24124).
- net: ena: ethtool: clean up minor indentation issue (bsc#1197099
jsc#SLE-24124).
- net: ena: ethtool: remove redundant non-zero check on rc
(bsc#1197099 jsc#SLE-24124).
- net: ena: remove set but not used variable 'hash_key'
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix continuous keep-alive resets (bsc#1197099
jsc#SLE-24124).
- net: ena: avoid memory access violation by validating req_id
properly (bsc#1197099 jsc#SLE-24124).
- net: ena: fix request of incorrect number of IRQ vectors
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect setting of the number of msix vectors
(bsc#1197099 jsc#SLE-24124).
- net: ena: ena-com.c: prevent NULL pointer dereference
(bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: use correct value for crc32 hash (bsc#1197099
jsc#SLE-24124).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099
jsc#SLE-24124).
- net: ena: fix incorrectly saving queue numbers when setting
RSS indirection table (bsc#1197099 jsc#SLE-24124).
- net: ena: rss: store hash function as values and not bits
(bsc#1197099 jsc#SLE-24124).
- net: ena: rss: fix failure to get indirection table (bsc#1197099
jsc#SLE-24124).
- net: ena: rss: do not allocate key when not supported
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix incorrect default RSS key (bsc#1197099
jsc#SLE-24124).
- net: ena: add missing ethtool TX timestamping indication
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix uses of round_jiffies() (bsc#1197099
jsc#SLE-24124).
- net: ena: fix potential crash when rxfh key is NULL (bsc#1197099
jsc#SLE-24124).
- net: ena: Add first_interrupt field to napi struct (bsc#1197099
jsc#SLE-24124).
- net: ena: fix issues in setting interrupt moderation params
in ethtool (bsc#1197099 jsc#SLE-24124).
- net: ena: fix default tx interrupt moderation interval
(bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: support set_channels callback (bsc#1197099
jsc#SLE-24124).
- net: ena: remove redundant print of number of queues
(bsc#1197099 jsc#SLE-24124).
- net: ena: make ethtool -l show correct max number of queues
(bsc#1197099 jsc#SLE-24124).
- net: ena: ethtool: get_channels: use combined only (bsc#1197099
jsc#SLE-24124).
- net: ena: multiple queue creation related cleanups (bsc#1197099
jsc#SLE-24124).
- net: ena: change num_queues to num_io_queues for clarity and
consistency (bsc#1197099 jsc#SLE-24124).
- net: update net_dim documentation after rename (bsc#1197099
jsc#SLE-24124).
- net: ena: clean up indentation issue (bsc#1197099
jsc#SLE-24124).
- lib: dimlib: fix help text typos (bsc#1197099 jsc#SLE-24124).
- dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124).
- net: ena: don't wake up tx queue when down (bsc#1197099
jsc#SLE-24124).
- net: ena: fix incorrect update of intr_delay_resolution
(bsc#1197099 jsc#SLE-24124).
- net: ena: fix retrieval of nonadaptive interrupt moderation
intervals (bsc#1197099 jsc#SLE-24124).
- net: ena: fix update of interrupt moderation register
(bsc#1197099 jsc#SLE-24124).
- net: ena: remove all old adaptive rx interrupt moderation code
from ena_com (bsc#1197099 jsc#SLE-24124).
- net: ena: remove ena_restore_ethtool_params() and relevant
fields (bsc#1197099 jsc#SLE-24124).
- net: ena: remove old adaptive interrupt moderation code from
ena_netdev (bsc#1197099 jsc#SLE-24124).
- net: ena: remove code duplication
in ena_com_update_nonadaptive_moderation_interval _*()
(bsc#1197099 jsc#SLE-24124).
- net: ena: enable the interrupt_moderation in
driver_supported_features (bsc#1197099 jsc#SLE-24124).
- net: ena: reimplement set/get_coalesce() (bsc#1197099
jsc#SLE-24124).
- net: ena: switch to dim algorithm for rx adaptive interrupt
moderation (bsc#1197099 jsc#SLE-24124).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev
and use it (bsc#1197099 jsc#SLE-24124).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099
jsc#SLE-24124).
- linux/dim: Fix overflow in dim calculation (bsc#1197099
jsc#SLE-24124).
- linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099
jsc#SLE-24124).
- linux/dim: Add completions count to dim_sample (bsc#1197099
jsc#SLE-24124).
- linux/dim: Rename externally used net_dim members (bsc#1197099
jsc#SLE-24124).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample()
(bsc#1197099 jsc#SLE-24124).
- linux/dim: Rename externally exposed macros (bsc#1197099
jsc#SLE-24124).
- linux/dim: Remove "/net"/ prefix from internal DIM members
(bsc#1197099 jsc#SLE-24124).
- linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124).
- Documentation/networking: Add net DIM documentation (bsc#1197099
jsc#SLE-24124).
- MAINTAINERS: add entry for Dynamic Interrupt Moderation
(bsc#1197099 jsc#SLE-24124).
- commit 051ce5b
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
(git-fixes CVE-2021-4157 bnc#1194013).
- commit 957ab2c
- powerpc/pseries: extract host bridge from pci_bus prior to
bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803).
- commit b12aafe
- libfastjson
-
- update to 0.99.8:
* make build under gcc7 with strict settings (warning==error)
* bugfix: constant key names not properly handled
* fix potentially invalid return value of fjson_object_iter_begin
* fix small potential memory leak in json_tokener
- update to 0.99.7:
* add option for case-insensitive comparisons
* Remove userdata and custom-serialization functions
- update to 0.99.6:
* fixes for platforms other than GNU/Linux
- update to 0.99.5:
* fix floating point representation when fractional part is missing
* m4: fix detection of atomics
* add fjson_object_dump() and fjson_object_write() functions
- libtirpc
-
- fix memory leak in params.r_addr assignement (bsc#1198752)
- add 0001-fix-parms.r_addr-memory-leak.patch
- libxml2
-
- Security fix: [bsc#1069689, CVE-2017-16932]
* parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion inparameter entities.
* Add libxml2-CVE-2017-16932.patch
- Sync and fix changelog entries between libxml2 and
python-libxml2.
- Security fix: [bsc#1199132, CVE-2022-29824]
* Integer overflow leading to out-of-bounds write in buf.c
(xmlBuf*) and tree.c (xmlBuffer*)
* Add libxml2-CVE-2022-29824.patch
* Add libxml2-CVE-2022-23308.patch
* Add libxml2-CVE-2021-3541.patch
- Version update to 2.9.7 release:
* Bug Fixes:
+ xmlcatalog: restore ability to query system catalog easily
+ Fix comparison of nodesets to strings
* Improvements:
+ Add Makefile rules to rebuild HTML man pages
+ Remove generated file python/setup.py from version control
+ Fix mixed decls and code in timsort.h
+ Rework handling of return values in thread tests
+ Fix unused variable warnings in testrecurse
+ Fix -Wimplicit-fallthrough warnings
+ Upgrade timsort.h to latest revision
+ Fix a couple of warnings in dict.c and threads.c
+ Fix unused variable warnings in nanohttp.c
+ Don't include winsock2.h in xmllint.c
+ Use __linux__ macro in generated code
* Portability:
+ Add declaration for DllMain
+ Fix preprocessor conditional in threads.h
+ Fix macro redefinition warning
+ many Windows specific improvements
* Documentation:
+ xmlcatalog: refresh man page wrt. quering system catalog easily
- Includes bug fixes from 2.9.6:
* Fix XPath stack frame logic
* Report undefined XPath variable error message
* Fix regression with librsvg
* Handle more invalid entity values in recovery mode
* Fix structured validation errors
* Fix memory leak in LZMA decompressor
* Set memory limit for LZMA decompression
* Handle illegal entity values in recovery mode
* Fix debug dump of streaming XPath expressions
* Fix memory leak in nanoftp
* Fix memory leaks in SAX1 parser
- Drop libxml2-bug787941.patch
* upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
- Update package summaries and RPM groups. Trim descriptions for
size on secondary subpackages. Replace install call by a
commonly-used macro.
- Add patch to fix TW integration:
* libxml2-bug787941.patch
- Version update to 2.9.5 release:
* Merged all the previous cve fixes that were patched in
* Few small tweaks
- Remove merged patches:
* libxml2-CVE-2016-4658.patch
* libxml2-CVE-2017-0663.patch
* libxml2-CVE-2017-5969.patch
* libxml2-CVE-2017-9047.patch
* libxml2-CVE-2017-9048.patch
* libxml2-CVE-2017-9049.patch
* libxml2-2.9.4-fix_attribute_decoding.patch
- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
XPointer ranges. Namespace nodes must be copied to avoid
use-after-free errors. But they don't necessarily have a physical
representation in a document, so simply disallow them in XPointer
ranges [bsc#1005544] [CVE-2016-4658]
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
push parser that fails with bogus UTF-8 encoding error when
multi-byte character in large CDATA section is split across
buffer [bnc#962796]
- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix
that doesn't break other applications
- buildignore python to avoid build cycle
- fix version
- renamed to python-libxml2 to follow python naming expectations
- do not require python but let rpm figure it out
- buildrequire python-xml to fix build
- libyajl
-
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
- logrotate
-
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
* enforce stricter parsing to avoid CVE-2021-3864
* Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
* Added patch logrotate-dont_warn_on_size=_syntax.patch
- mozilla-nss
-
- Mozilla NSS 3.68.4 (bsc#1200027)
* Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
(bmo#1767590)
- openldap2
-
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
* 0225-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1198383 - Resolve issue with SASL init
* 0224-ITS-8648-init-SASL-library-in-global-init.patch
- openssl-1_0_0
-
- Added openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
- Fixed error in openssl-CVE-2022-1292.patch resulting in misnamed
variable.
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
- pcre
-
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
* bsc#1199232
* CVE-2022-1586
* Fixes unicode property matching issue
- python
-
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- python-PyJWT
-
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
CVE-2022-29217 (bsc#1199756), which disallows use of blocked
pubkeys (heavily modified from upstream).
- python-base
-
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- python3
-
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
(bsc#1070738, bsc#1199441), as the relevant feature (REPL
history) is now built into Python itself.
- python3-base
-
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
(bsc#1070738, bsc#1199441), as the relevant feature (REPL
history) is now built into Python itself.
- rsyslog
-
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
syslog reception (bsc#1199061)
* add CVE-2022-24903.patch
- salt
-
- Fix for CVE-2022-22967 (bsc#1200566)
- Added:
* fix-for-cve-2022-22967-bsc-1200566.patch
- zypper
-
- Return ZYPPER_EXIT_INF_RPM_SCRIPT_FAILED (107) also if %posttrans
script failed. Requires ZYPPER_ON_CODE12_RETURN_107=1 being set
in the environment (bsc#1198139)
- version 1.13.62
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- version 1.13.61