- avahi
-
- Add avahi-CVE-2023-1981.patch: emit error if requested service
is not found (boo#1210328 CVE-2023-1981).
- cloud-regionsrv-client
-
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
- Removes a warning about system_token entry present in the credentials
file.
- Adds logrotate configuration for log rotation.
- containerd
-
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.19>
Includes fixes for:
- CVE-2023-25153 bsc#1208423
- CVE-2023-25173 bsc#1208426
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.12>
- curl
-
- Security fixes:
* [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
* [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
* [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
Add curl-CVE-2023-27535.patch
* [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
Add curl-CVE-2023-27536.patch
* [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
* HTTP multi-header compression denial of service
* Add curl-CVE-2023-23916.patch
- dmidecode
-
4 dependencies from upstream to be able to apply one more fix:
- util-dont-leak-a-file-descriptor-in-read_file.patch: If memory
allocation fails, we should close the file descriptor before
returning the error.
- util-let-callers-pass-an-offset-to-read_file.patch: Make the
read_file() function more versatile.
- dmidecode-fix-reading-from-smbios-3-dump-files.patch: Use the
sysfs code path when reading from a dump file, as the
requirements are similar.
- util-dont-close-the-same-file-descriptor-twice.patch: Close file
descriptor once and only once on error
Fix a potential regression:
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
which would prevent root from using the --from-dump option since
the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
Clean up function dmi_table so that it does only one thing
(bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
- -dump-bin is used, write the whole dump file at once, instead of
opening and closing the file separately for the table and then
for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
Make sure that the file passed to option --dump-bin does not
already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
check on the type of the mem device file we are asked to read
from, if we are root (bsc#1210418).
4 dependencies from upstream to be able to apply the above fixes:
- avoid-sigbus-on-mmap-failure.patch: Prevent a crash when reading
non-existent portion of memory device file.
- fix-error-paths-in-mem_chunk.patch: Prevent a memory and file
descriptor leak.
- dmidecode-add-support-for-3-digit-versions.patch: Support
3-digit SMBIOS specification version comparison.
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Don't
attempt to read from /dev/mem on non-x86 systems.
6 recommended fixes from upstream:
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
the SMBIOS entry point is long enough to include all the fields
we need.
- dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray
tabulation before the name of DMI record type 25.
- dmidecode-print-type-33-name-unconditionally.patch: Display the
name of DMI record type 33 even if we can't decode it.
- dmidecode-validate-structure-completeness-before-decoding.patch:
Ensure that the whole DMI structure fits in the announced table
length before performing any action on it.
- dmidecode-avoid-oob-read-on-invalid-entry-point-length.patch:
Don't let the entry point checksum verification run beyond the
end of the buffer holding it.
- dmioem-decode-hpe-uefi-type-219-misc-features.patch: Check the
correct bits to report UEFI support.
- docker
-
- update to 20.10.23-ce.
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
bsc#1205375 CVE-2022-36109
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- dracut
-
- fix handling of omit_dracutmodules parameter (bsc#1208929)
* add 0633-fix-dracut.sh-omission-is-an-addition-to-other-omiss.patch
- glib2
-
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
from upstream to fix normal form handling in GVariant.
(CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
glgo#GNOME/glib!3125)
- grub2
-
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
(bsc#1209234)
* 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810) (bsc#1209667) (bsc#1209372)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
btrfs filesystem. (bsc#1209165)
* grub2-btrfs-05-grub2-mkconfig.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Make linuxefi default command as linux (bsc#1176134) (bsc#1202838)
* 0001-Fix-symbols-appearing-in-several-modules-in-linux.patch
* 0002-linux-fixup.patch
* 0003-cmdline-Provide-cmdline-functions-as-module.patch
* 0004-efi-linux-provide-linux-command.patch
- kernel-default
-
- scsi: qla2xxx: Synchronize the IOCB count to be in order
(bsc#1209292 bsc#1209684 bsc#1209556).
- commit 18dd273
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 58a7e43
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit 4061009
- net: usb: smsc75xx: Move packet length check to prevent kernel
panic in skb_pull (git-fixes).
- commit 904473f
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
[iivanov] Fix Patch-mainline to v6.3-rc5
- commit f23280a
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
CVE-2023-28772).
- commit 6692c8c
- x86/apic: Add name to irq chip (bsc#1206010).
- commit 89bba1e
- ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
- commit e25c3f6
- blacklist.conf: update blacklist
- commit ae3ef0f
- blacklist.conf: update blacklist
- commit 3e5530d
- x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
- x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001
jsc#ECO-3191).
- Refresh
patches.kabi/kABI-Fix-kABI-for-extended-APIC-ID-support.patch.
- Refresh
patches.suse/x86-msi-Force-affinity-setup-before-startup.patch.
Update to upstream patches.
Two easy cleanups added for simpler backports.
- commit 2c2baeb
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
occasionally"/ (bsc#1207001).
- PCI: hv: Remove the useless hv_pcichild_state from struct
hv_pci_dev (bsc#1207001).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
cause panic (bsc#1207001).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
(bsc#1207001).
- commit e9cf69b
- x86/ioapic: Force affinity setup before startup (bsc#1193231).
- blacklist.conf: remove it from there as the prerequisities were
backported already
- commit 67a8716
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 0e57c99
- kvm: initialize all of the kvm_debugregs structure before
sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 27afda9
- powerpc/xics: fix refcount leak in icp_opal_init()
(bsc#1065729).
- commit f9aeabf
- powerpc/powernv/ioda: Skip unallocated resources when mapping
to PE (bsc#1065729).
- commit 12e8c49
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
(bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
(bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
(bsc#1109158 ltc#169177 git-fixes).
- commit 4d6673f
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
(git-fixes).
- commit bd0fc95
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 32c7f24
- blacklist.conf: driver not in SLE12
- commit 3fbe4df
- blacklist.conf: driver not present in SLE12
- commit dad4545
- s390/vfio-ap: fix memory leak in vfio_ap device driver
(git-fixes).
- commit 0efdc1f
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
CVE-2023-28464).
- commit ee49c52
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 007f267
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
CVE-2023-1390).
- commit 91c876a
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- commit 03cf48f
- timers: Clear timer_base::must_forward_clk with (bsc#1207890)
- commit 665e881
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d6d271d
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit a0c51f7
- net/sched: tcindex: update imperfect hash filters respecting
rcu (CVE-2023-1281 bsc#1209634).
- rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
(CVE-2023-1281 bsc#1209634).
- commit 79d6cb4
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit 3f3dfdc
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
- commit 11f2537
- arm64: Do not forget syscall when starting a new thread. (git-fixes)
- commit 27dfefa
- arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
- commit 551a661
- arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes)
- commit b2f00e4
- blacklist.conf: ("/arm64: alternatives: Move length validation in alternative_{insn,"/)
- commit 750c32b
- KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
- commit 2e3ed1c
- arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
- commit 66c3a8b
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit add4723
- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
- commit 65bd4cc
- arm64/alternatives: move length validation inside the subsection (git-fixes)
- commit d2aefa8
- arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
- commit 2354853
- arm64/alternatives: don't patch up internal branches (git-fixes)
- commit 259ff6d
- arm64/alternatives: use subsections for replacement sequences (git-fixes)
- commit 206be22
- arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register (git-fixes)
Refresh patches.suse/arm64-cpufeature-Allow-different-PMU-versions-in-ID_DFR0_EL1.patch
- commit a0b4d86
- blacklist.conf: ("/arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]"/)
- commit 99d129d
- blacklist.conf: ("/arm64: Delete the space separator in __emit_inst"/)
- commit e989773
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit eabb21e
- Revert "/arm64: dts: juno: add dma-ranges property"/ (git-fixes)
- commit 472652a
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
- commit 126253f
- blacklist.conf: ("/arm64: fix unreachable code issue with cmpxchg"/)
- commit 27e2384
- arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
- commit ed14da7
- arm64/mm: fix variable 'pud' set but not used (git-fixes)
- commit bb80a31
- arm64: unwind: Prohibit probing on return_address() (git-fixes)
- commit 84859a4
- blacklist.conf: ("/arm64/efi: Mark __efistub_stext_offset as an absolute symbol"/)
- commit 7448304
- arm64: Fix compiler warning from pte_unmap() with (git-fixes)
- commit f112362
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes)
- commit 80aa069
- arm64: kprobe: make page to RO mode when allocate it (git-fixes)
- commit 0375ba2
- usb: typec: altmodes/displayport: Fix probe pin assign check
(git-fixes).
- commit 5ce7845
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
DID_REQUEUE (bsc#1199837).
- commit 2f806c6
- USB: misc: iowarrior: fix up header size for
USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- commit 198956a
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
CVE-2017-5753).
- commit 179a403
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 9bc607c
- tracing/hwlat: Replace sched_setaffinity with
set_cpus_allowed_ptr (git-fixes).
- commit 10ecebb
- ring-buffer: remove obsolete comment for free_buffer_page()
(git-fixes).
- commit fb36562
- ftrace: Fix invalid address access in lookup_rec() when index
is 0 (git-fixes).
- commit 2107853
- blacklist.conf: add not-relevant tracing fixes
- commit 89e5ff0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 59b5ef4
- tracing: Add NULL checks for buffer in
ring_buffer_free_read_page() (git-fixes).
- commit 4ba90d9
- blacklist.conf: might break certifications
- commit bd7ab11
- blacklist.conf: kABI
- commit c99b186
- blacklist.conf: irrelevant in our configs
- commit e0f4fc3
- blacklist.conf: kABI
- commit 9748c72
- blacklist.conf: kABI
- commit abd6f40
- blacklist.conf: blacklist Documentation because we
will not updaten the documentation package in SLE12 anyway
- commit b4fe007
- Refresh
patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit 37fbfe8
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 739342e
- xen/netfront: stop tx queues during live migration (git-fixes).
- commit ac8b9c0
- xen-netfront: fix potential deadlock in xennet_remove()
(git-fixes).
- Refresh
patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch.
- commit 9294dd7
- xen/netfront: fix waiting for xenbus state change (git-fixes).
- commit fe29b44
- xen-netfront: wait xenbus state change when load module manually
(git-fixes).
- commit 0c71330
- xen-netfront: Update features after registering netdev
(git-fixes).
- commit c77bad3
- xen-netfront: Fix mismatched rtnl_unlock (git-fixes).
- commit db4108c
- xen-netfront: Fix race between device setup and open
(git-fixes).
- Refresh
patches.suse/xen-netfront-don-t-trust-the-backend-response-data-b.patch.
- commit a087822
- blacklist.conf: add 9e6246518592 ("/xen/netback: don't call kfree_skb() under spin_lock_irqsave()"/)
- commit cae7fc6
- blacklist.conf: add 7dfa764e0223 ("/xen/netback: fix build warning"/)
- commit 31b3ee5
- blacklist.conf: add 5834e72eda0b ("/xen/netback: do some code cleanup"/)
- commit 6487e56
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit 4ce0c85
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
(git-fixes).
- commit 36249b4
- xen/platform-pci: add missing free_irq() in error path
(git-fixes).
- commit dd25a55
- xen-netfront: enable device after manual module load
(git-fixes).
- commit 6ce0b56
- blacklist.conf: add ce6f7d087e2b ("/Input: xen-kbdfront - fix multi-touch XenStore node's locations"/)
- commit 9866d94
- blacklist.conf: added 02a0d9216d4da ("/Input: xen-kbdfront - do not advertise multi-touch pressure support"/)
- commit 4d70cca
- x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
- Refresh
patches.suse/x86-prepare-inline-asm-for-straight-line-speculation.patch.
- commit be50a99
- SUNRPC: Fix a server shutdown leak (git-fixes).
- commit b391b37
- Revert "/mei: me: enable asynchronous probing"/ (bsc#1208048,
bsc#1209126).
- commit 9a95c7f
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
(bsc#1209291 CVE-2023-28328).
- commit 0a0d765
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
(git-fixes).
- commit a77868e
- Bluetooth: btusb: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- commit 0b2e609
- blacklist.conf: false positive
- commit 7dfc594
- ima: Fix function name error in comment (git-fixes).
- commit 889bacc
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit efc9af2
- blacklist.conf: irrelevant in our configurations
- commit fcaf3c0
- blacklist.conf: kABI
- commit 5f50816
- blacklist.conf: changes exported defaults
- commit 6e19056
- PM: hibernate: flush swap writer after marking (git-fixes).
- commit d5d514d
- blacklist.conf: false positive
- commit bcee6d7
- blacklist.conf: kABI
- commit ee8665f
- blacklist.conf: false positive
- commit 38a7585
- kgdb: Drop malformed kernel doc comment (git-fixes).
- commit 16f0840
- blacklist.conf: kABI
- commit 836cdb8
- dt-bindings: reset: meson8b: fix duplicate reset IDs
(git-fixes).
- commit 758f2cb
- timers/sched_clock: Prevent generic sched_clock wrap caused
by tick_freeze() (git-fixes).
- commit c1996c6
- blacklist.conf: irrelevant documentation
- commit 14b48ad
- blacklist.conf: false positive
- commit 24553f6
- usb: dwc3: gadget: Stop processing more requests on IMI
(git-fixes).
- commit 1e1ba8c
- Update patches.suse/net_sched-add-__rcu-annotation-to-netdev-qdisc.patch.
- fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
- commit 005c9da
- prlimit: do_prlimit needs to have a speculation check
(bsc#1209256 CVE-2017-5753).
- commit fca254e
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- commit 1162027
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit c85689a
- blacklist.conf: duplicate
- commit 9a30402
- blacklist.conf: false positive
- commit 6886a4a
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
(git-fixes).
- commit 64d8c67
- Update
patches.suse/l2tp-fix-race-in-pppol2tp_release-with-session-objec.patch
(bsc#1076830 bsc#1208850 CVE-2022-20567).
- commit 47065bb
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
(CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
(CVE-2023-1095 bsc#1208777).
- commit c4928a4
- Delete
patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
This definition was used by kgraft codestreams (SLE12-SP3), but the
livepatch support for such codestreams has ended.
- commit 4fbaecf
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
(git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
(git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request
(git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler
(git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI/PM: Avoid using device_may_wakeup() for runtime PM
(git-fixes).
- Refresh
patches.suse/0002-PCI-PM-Use-the-NEVER_SKIP-driver-flag.patch.
- commit 7a5a840
- media: platform: ti: Add missing check for devm_regulator_get
(git-fixes).
- commit 38e97d5
- media: coda: Add check for kmalloc (git-fixes).
- commit 95a83e8
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit da6b661
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
When the source file location provided with -L is either prefixed or
postfixed with forward slash, the script get stuck in a infinite loop
inside calc_dirs() where $path is an empty string.
user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
...
path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
path = /usr/src/linux-5.14.21-150500.41/Documentation
path = /usr/src/linux-5.14.21-150500.41
path = /usr/src
path = /usr
path =
path =
path =
... # Stuck in an infinite loop
This workarounds the issue by breaking out the loop once path is an
empty string. For a proper fix we'd want something that
filesystem-aware, but this workaround should be enough for the rare
occation that this script is ran manually.
Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- vxlan: changelink: Fix handling of default remotes (git-fixes).
- commit 353bf78
- vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
- commit 4d54675
- net: aquantia: fix RSS table and key sizes (git-fixes).
- commit 3b040c8
- bonding: fix 802.3ad state sent to partner when unbinding slave
(git-fixes).
- commit 45191af
- vlan: Fix vlan insertion for packets without ethernet header
(git-fixes).
- commit 95ac5e1
- vlan: Fix out of order vlan headers with reorder header off
(git-fixes).
- commit 59cf369
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(CVE-2023-1118 bsc#1208837).
- commit e793953
- xfrm: Copy policy family in clone_policy (git-fixes).
- commit 9d47068
- netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
- commit 8eff166
- netfilter: xt_connlimit: don't store address in the conn nodes
(git-fixes).
- commit b335237
- icmp: don't fail on fragment reassembly time exceeded
(git-fixes).
- commit ba8013a
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 6206180
- PCI: Unify ACS quirk desired vs provided checking (git-fixes).
- PCI: Make ACS quirk implementations more uniform (git-fixes).
- commit 6452eb0
- KABI FIX FOR: NFS: Pass error information to the pgio error
cleanup routine (git-fixes).
- commit 00c859b
- KABI FIX FOR - SUNRPC: Fix priority queue fairness (git-fixes).
- commit 91b67c9
- README.BRANCH: Adding myself to the maintainer list
- commit 8fc11b2
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
which sets the variable for a simple command.
However, the script is no longer a simple command. Export the variable
instead.
- commit 152a069
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit c0b9b40
- kabi/severities: add l2tp local symbols
- commit 63a39ae
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit ef8f012
- l2tp: fix race in duplicate tunnel detection (bsc#1205711
CVE-2022-4129).
- commit 6a8247c
- l2tp: fix races in tunnel creation (bsc#1205711 CVE-2022-4129).
- commit 4e92c0b
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit d76f4ba
- nfsd: fix race to check ls_layouts (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
(git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
(git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
failure (git-fixes).
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
(git-fixes).
- NFS: Pass error information to the pgio error cleanup routine
(git-fixes).
- SUNRPC: Fix priority queue fairness (git-fixes).
- commit 24274be
- blacklist.conf: updates
- commit 79d0f01
- scripts/sequence-patch.sh: remove obsolete egrep
Avoids a warning and prepares for ultimate removal - boo#1203092
- commit 7a787f7
- PCI: aardvark: Don't touch PCIe registers if no card connected
(git-fixes).
- PCI: aardvark: Indicate error in 'val' when config read fails
(git-fixes).
- PCI: aardvark: Improve link training (git-fixes).
- PCI: aardvark: Don't blindly enable ASPM L0s and don't write
to read-only register (git-fixes).
- PCI: aardvark: Train link immediately after enabling training
(git-fixes).
- PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
(git-fixes).
- PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
- PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
- PCI: endpoint: Fix for concurrent memory allocation in OB
address region (git-fixes).
- kabi: PCI: endpoint: Fix for concurrent memory allocation in
OB address region (git-fixes).
- PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
- PCI: aardvark: Remove PCIe outbound window configuration
(git-fixes).
- PCI: aardvark: Introduce an advk_pcie_valid_device() helper
(git-fixes).
- commit 36c0f12
- PCI: aardvark: Don't rely on jiffies while holding spinlock
(git-fixes).
- PCI: aardvark: Wait for endpoint to be ready before training
link (git-fixes).
- PCI/PM: Always return devices to D0 when thawing (git-fixes).
- PCI: tegra: Fix OF node reference leak (git-fixes).
- commit d6e8f39
- applicom: Fix PCI device refcount leak in applicom_init()
(git-fixes).
- PCI: Add ACS quirk for iProc PAXB (git-fixes).
- Refresh
patches.suse/PCI-Add-ACS-quirk-for-Amazon-Annapurna-Labs-root-por.patch.
- Refresh
patches.suse/PCI-Add-ACS-quirk-for-Broadcom-BCM57414-NIC.patch.
- PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
(git-fixes).
- PCI: aardvark: Fix a leaked reference by adding missing
of_node_put() (git-fixes).
- commit 5dd1a12
- blacklist.conf: powerpc math emulation is not used
- commit 7904b57
- blacklist.conf: 8e1278444446 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
- commit 1292ac8
- powerpc/fscr: Enable interrupts earlier before calling
get_user() (bsc#1065729).
- Refresh patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch
- powerpc/powernv: Fix build error in opal-imc.c when NUMA=n
(bsc#1065729).
- commit 9101ec0
- powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
- powerpc/powernv: IMC fix out of bounds memory access at shutdown
(bsc#1065729).
- commit f7b6c1a
- blacklist.conf: Add oops_limit accretion disk
- commit 26414f9
- blacklist.conf: fda31c50292a signal: avoid double atomic counter increments for user accounting
- commit ad47077
- blacklist.conf: Add 11e31f608b49 watchdog/softlockup: Enforce that timestamp is valid on boot
- commit 312b206
- ipmi: fix initialization when workqueue allocation fails
(git-fixes).
- commit 62cff13
- ipmi: msghandler: Make symbol 'remove_work_wq' static
(git-fixes).
- commit f48a444
- blacklist.conf: Add 0e48f51cbbfb Revert "/libata, freezer: avoid block device removal while system is frozen"/
- commit 3b5d052
- net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
- commit 354903d
- net: bmac: Fix read of MAC address from ROM (git-fixes).
- commit f260cf5
- net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
- commit b08ffb4
- Refresh patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit e51ef45
- Revert "/af_unix: fix races in sk_peer_pid and sk_peer_cred accesses"/
This reverts commit e49e1b0f7e662d5b071015f05ead8185cb31f049
since it breaks the kernel.
- commit f1351a4
- Revert "/sock.h: hide new member (bsc#1194535 CVE-2021-4203)."/
This reverts commit 3cef23f4011eda051233a2e9572ae1d789313f41
since it breaks the kernel
- commit f66a3cf
- SUNRPC: make lockless test safe (bsc#1207201).
- commit 155aec2
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit 3cef23f
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit e49e1b0
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit ec6bedc
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit b12b939
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit b1becb2
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit d61392c
- blacklist.conf: add few PCI patches
- commit 52e540a
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- refresh patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch.
- commit 6cab2a4
- block: bio-integrity: Copy flags when bio_integrity_payload
is cloned (bsc#1208541).
- commit 1c1919f
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
(bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
(bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
(bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
(bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
(bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
(bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
(bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
(bsc#1208570).
- commit 649e0ec
- git_sort: tests: do not disable package repository GPG check
This adds the Kernel repository key and enables GPG check for package
installation inside containers.
- commit b2615b2
- git_sort: tests: Adjust to new net repository location
- commit de2dc43
- git_sort: tests: Fix tests failing on SLE15
Use the correct base image, pygit2 is not found by pythong otherwise.
- commit 1088359
- git_sort: tests: exit on error
- commit 767bb07
- blacklist.conf: feature not a fix
- commit 1443bd3
- blacklist.conf: feature not a fix
- commit ee1e977
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- commit d05158b
- blacklist.conf: cosmetic fix
- commit 4b9f79b
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- commit 2d46d95
- git_sort: tests: Use 15.4, 15.3 is EOL
- commit 3624818
- git_sort: tests: Kernel:tools does not have Leap repos, use SLE
- commit 46626b0
- scripts/renamepatches: Fix grep warning
grep: warning: stray before /
- commit 20e6e67
- scripts/renamepatches: Exclude search in irrelevant files
Especially large files in kabi/ can be simply avoided on slow devices
(or NFS).
- commit 9e1b932
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
- commit 4c304c0
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- commit 7662fa0
- net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans
(git-fixes).
- commit ae05a84
- blacklist.conf: add blacklist
- commit d1dd69b
- blacklist.conf: update blacklist
- commit 8b2622c
- blacklist.conf: update blacklist
- commit 50d7ebf
- blacklist.conf: update blacklist
- commit a32c2b4
- blacklist.conf: update blacklist
- commit 941a0ae
- blacklist.conf: update blacklist
- commit ac031d8
- x86/power: Fix 'nosmt' vs hibernation triple fault during resume
(git-fixes).
- Refresh
patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 3ddadd1
- x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
(git-fixes).
- x86/build: Add 'set -e' to mkcapflags.sh to delete broken
capflags.c (git-fixes).
- x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
- x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
vmalloc_fault() (git-fixes).
- x86/irq/64: Limit IST stack overflow check to #DB stack
(git-fixes).
- x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
- x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
- commit 4fdbd92
- blacklist.conf: add some x86 commits
- commit 89c0d93
- scripts/renamepatches: Optimize search
Use bash hashmap instead of grepping list file.
sample:
5.0s -> 2.5s
Composed result with previous commit on SLE15-SP4->SLE15-SP5:
original
Executed in 207.82 secs fish external
usr time 263.64 secs 459.00 micros 263.64 secs
sys time 60.61 secs 185.00 micros 60.61 secs
optimized
Executed in 65.73 secs fish external
usr time 49.16 secs 639.00 micros 49.16 secs
sys time 18.52 secs 0.00 micros 18.52 secs
- commit 68e276c
- scripts/renamepatches: Optimize forks
Use single awk instead of multiple utilites.
sample:
6.4s -> 5.0s
- commit c44b590
- blacklist.conf: kABI
- commit 6c2dd7a
- blacklist.conf: false positive from stable
- commit 4cb1a8d
- net: allwinner: Fix use correct return type for ndo_start_xmit()
(git-fixes).
- commit a06fb6c
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
- commit 8e95e4e
- net: systemport: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit 34c447d
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit e3d888b
- net/mlx5e: Set of completion request bit should not clear
other adjacent bits (git-fixes).
- commit 1fccfde
- net: stmmac: Fix sub-second increment (git-fixes).
- commit 7bcb4c9
- blacklist.conf: regression due to missing feature in boot loader
- commit d40e68d
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- commit 60f17f0
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- commit e9ada32
- USB: serial: ch341: fix disabled rx timer on older devices
(git-fixes).
- commit 1f1a3d6
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit f44e5ac
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(git-fixes).
- commit c8ee3cd
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(git-fixes).
- commit d5892e7
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 3dadb30
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- commit 9a54c12
- blacklist.conf: remove duplicated entry
- commit 09dbb7d
- Update SUSE Root certificate file
Pull the root certificate from a later bundle where it is correctly
marked as CA certificate. Without this the certificate won't be added
into CA bundle.
- commit b2e67d7
- prlimit: do_prlimit needs to have a speculation check
(git-fixes).
- signal handling: don't use BUG_ON() for debugging (git-fixes).
- panic: unset panic_on_warn inside panic() (git-fixes).
- ptrace: make ptrace() fail if the tracee changed its pid
unexpectedly (git-fixes).
- don't dump the threads that had been already exiting when zapped
(git-fixes).
- kernel/sys.c: avoid copying possible padding bytes in
copy_to_user (git-fixes).
- commit b9bfdd9
- kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
- Refresh patches.suse/supported-flag.
- commit d60d0fc
- blacklist.conf: add couple CORE patches
- commit 40318d8
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit 381f355
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- commit 4a8728c
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- commit 7a53afd
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(git-fixes).
- commit 4eade98
- net: usb: lan78xx: don't modify phy_device state concurrently
(git-fixes).
- commit 6ef7677
- blacklist.conf: add a cleanup to disable -Wmaybe-uninitialized
- commit 5840861
- blacklist.conf: duplicate
- commit 59bea49
- blacklist.conf: add a mips-only specific revert
- commit 2cf8eeb
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
(git-fixes).
- commit 4e09bf9
- blacklist.conf: add a not-strictly needed fw-loading fix
- commit 229946b
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- commit 4cc9e19
- net: usb: sr9700: Handle negative len (git-fixes).
- commit e4e2a28
- usb: rndis_host: Secure rndis_query check against int overflow
(CVE-2023-23559 bsc#1207051).
- commit e207be8
- xfs: Fix unreferenced object reported by kmemleak in
xfs_sysfs_init() (git-fixes).
- commit 8137300
- xfs: fix realtime bitmap/summary file truncation when growing
rt volume (git-fixes).
- commit e4116fa
- xfs: make sure the rt allocator doesn't run off the end
(git-fixes).
- commit 6e43199
- xfs: initialize the shortform attr header padding entry
(git-fixes).
- commit 362da99
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
- commit 80c6365
- xfs: fix partially uninitialized structure in
xfs_reflink_remap_extent (git-fixes).
- commit 9049b82
- xfs: fix mount failure crash on invalid iclog memory access
(git-fixes).
- commit 1d08499
- xfs: fix attr leaf header freemap.size underflow (git-fixes).
- commit 1653047
- xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
- commit ab6f871
- xfs: require both realtime inodes to mount (git-fixes).
- commit 2e5ec52
- xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
- commit fcdc154
- xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
- commit 2114c43
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit e1a86c1
- blacklist.conf: Blacklist the patch below
- Delete
patches.suse/ext4-don-t-BUG-if-someone-dirty-pages-without-asking.patch
to replace it with a better alternative we have in other branches
- commit d1f6219
- x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
- Refresh
patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch.
- commit 04b9b60
- cpu/hotplug: Fix "/SMT disabled by BIOS"/ detection for KVM
(git-fixes).
- kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
- Refresh
patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 450f659
- x86/hpet: Prevent potential NULL pointer dereference
(git-fixes).
- x86/mm: Don't leak kernel addresses (git-fixes).
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
(git-fixes).
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15
models (git-fixes).
- x86/kexec: Don't setup EFI info if EFI runtime is not enabled
(git-fixes).
- x86/fpu: Add might_fault() to user_insn() (git-fixes).
- commit 5915eb8
- x86/speculation: Remove SPECTRE_V2_IBRS in enum
spectre_v2_mitigation (bsc#1068032 CVE-2017-5754).
- Refresh
patches.suse/x86-retpoline-remove-minimal-retpoline-support.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
patches.suse/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch.
Make IBRS patches closer to upstream.
- commit 4cf6d38
- x86/speculation: Add support for STIBP always-on preferred mode
(git-fixes).
- x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch.
- Refresh
patches.suse/x86-speculation-avoid-force-disabling-ibpb-based-on-stibp-and-enhanced-ibrs.patch.
- Refresh
patches.suse/x86-speculation-merge-one-test-in-spectre_v2_user_select_mitigation.patch.
- Refresh
patches.suse/x86-speculation-pr_spec_force_disable-enforcement-for-indirect-branches.patch.
Update STIBP patches to be closer to upstream.
- commit 1ef4c9a
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit 9894e8b
- x86/earlyprintk: Add a force option for pciserial device
(git-fixes).
- x86/mce-inject: Reset injection struct after injection
(git-fixes).
- kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not
fault on bad stack (git-fixes).
- x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
- commit f94b2cc
- blk-mq: fix possible memleak when register 'hctx' failed
(git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
(git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- commit e68f2dc
- blacklist.conf: add non-backport git-fixes commit
- commit b53530a
- x86: boot: Fix EFI stub alignment (git-fixes).
- commit 35efa28
- x86/bugs: Move the l1tf function and define pr_fmt properly
(git-fixes).
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0007-x86-kvm-Allow-runtime-control-of-L1D-flush.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
- Refresh
patches.suse/x86-speculation-mds-add-mitigation-control-for-mds.patch.
- Refresh
patches.suse/x86-speculation-reorder-the-spec_v2-code.patch.
- Refresh
patches.suse/x86-speculation-support-mitigations-cmdline-option.patch.
- commit 1843a69
- Refresh patches.suse/x86-l1tf-06-add-sysfs-report.patch.
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
Update to upstream version (X86_FEATURE_L1TF_PTEINV).
- commit 89f9e4a
- blacklist.conf: Add 86989c41b5ea signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- commit bed9df8
- scripts/osc_wrapper: Assign spec with *.spec file when building
Commit 270fc6884c5b ("/scripts/osc_wrapper: Pass more options to osc"/),
decided that only the last argument of osc_wrapper can be the spec file.
But on commit 30f26fbbe86c ("/scripts/osc_wrapper: Accept --ibs | --obs
as the first parameter"/), it swaps the order of arguments, leaving
- -ibs/--obs as the last ones.
This creates a problem when running osc_wrapper with --ibs
kernel-default.spec, since it'll add the specfile in osc_args, and
letting spec variable empty. Later on, if spec if empty, the find_spec
function is called, setting the spec automatically. The end result is
messy:
$ ./scripts/osc_wrapper --ibs kernel-source/kernel-default.spec
osc -A https://api.suse.de build --no-service --local-package --alternative-project=Devel:Kernel:SLE15-SP4 + kernel-source/kernel-default.spec + <some other options here...> + - -define klp_symbols 1 standard kernel-source/kernel-default.spec
The osc command contains two spec definitions, which is wrong. The first
one is wrongly assumed to be an argument to be used for osc or
osc_wrapper.
The fix is to respect the argument of *.spec and assign it to spec
variable, and let other options to be handled by the code that is
currently present.
- commit 86d0aae
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit a63545b
- blacklist.conf: Add a4055888629b mm/memcg: warning on !memcg after readahead page charged
- commit df06b7b
- blacklist.conf: Add 9a137153fc87 mm/memcg: fix device private memcg accounting
- commit 633912b
- blacklist.conf: Add d477f8c202d1 cpuset: restore sanity to cpuset_cpus_allowed_fallback()
- commit 53f3608
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit b36fcf8
- x86/asm: Add instruction suffixes to bitops (git-fixes).
- x86/entry/64: Add instruction suffix (git-fixes).
- kprobes, x86/alternatives: Use text_mutex to protect
smp_alt_modules (git-fixes).
- x86/asm: Remove unnecessary nt in front of CC_SET() from
asm templates (git-fixes).
- blacklist.conf: remove it from there
- commit 42cc16d
- blacklist.conf: add some x86 commits
- commit 9547ab1
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit 18b587b
- tracing: Make sure trace_printk() can output as soon as it
can be used (git-fixes).
- commit 15c6ed8
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
- commit 720bed5
- jbd2: use the correct print format (git-fixes).
- commit 022b5a0
- tracing: Avoid adding tracer option before update_tracer_options
(git-fixes).
- commit 3c24529
- tracing: Fix sleeping function called from invalid context on
RT kernel (git-fixes).
- commit f5a6b6f
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(git-fixes).
- commit d9419a4
- tracing: Ensure trace buffer is at least 4096 bytes large
(git-fixes).
- commit 73dee6a
- tracing: Fix tp_printk option related with
tp_printk_stop_on_boot (git-fixes).
- commit 9ae70c5
- tracing: Fix a kmemleak false positive in tracing_map
(git-fixes).
- commit 146abd5
- scsi: target: core: Add CONTROL field for trace events
(git-fixes).
- commit 5f4b9f3
- blacklist.conf: add not-relevant tracing fixes
- commit 6dbf1ea
- blacklist.conf: add qcom one thanks to present workaround
- commit 56b5e15
- Refresh
patches.suse/PCI-ACPI-Allow-D3-only-if-Root-Port-can-signal-and-w.patch.
Avoid compiler warning:
drivers/pci/pci-acpi.c: In function ‘acpi_pci_bridge_d3’:
drivers/pci/pci-acpi.c:549:5: warning: unused variable ‘val’ [-Wunused-variable]
u8 val;
^~~
- commit 94c9b34
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
(git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes).
- commit 1a1e3cb
- blacklist.conf: Add guards
- d6810d730022 ("/memcg, THP, swap: make mem_cgroup_swapout() support THP"/)
- 00f3ca2c2d66 ("/mm: memcontrol: per-lruvec stats infrastructure"/)
- 1f4aace60b0e ("/fs/seq_file.c: simplify seq_file iteration code and interface"/)
- commit fd302dd
- virtio_console: eliminate anonymous module_init & module_exit
(git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit 04f33be
- Update
patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
(bsc#1206664 CVE-2022-4662).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662).
- commit 3097f42
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
bsc#1207795).
- commit 880415e
- blacklist.conf: 8219d31effa7 powerpc/lib/sstep: Fix build errors with newer binutils
Always building for at least POWER8
- commit 224de10
- blacklist.conf: Add fb5bf31722d0 fork: fix some -Wmissing-prototypes warnings
- commit dcf40c8
- blacklist.conf: Add 22839869f21a signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
- commit 4599dd7
- blacklist.conf: Ad db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit 6b34bd8
- memcg: remove memcg_cgroup::id from IDR on
mem_cgroup_css_alloc() failure (bsc#1208108).
- commit f958549
- blacklist.conf: Remove spurious whitespace
- commit 79063d5
- blacklist.conf: Add d08afa149acf mm, memcg: fix mem_cgroup_swapout() for THPs
- commit 0c330fd
- blacklist.conf: Add 4eaf431f6f71 memcg: fix per_node_info cleanup
- commit fb05fe9
- blacklist.conf: Add more unsupported ppc architecture paths
- commit e6a4392
- blacklist.conf: PCI bus numbering fixes for unsupported architectures
- commit 507eeac
- Update patches.suse/lightnvm-remove-lightnvm-implemenation.patch
(bsc#1191881 bsc#1201420 CVE-2022-2991).
- commit 125ae88
- blacklist.conf: not a fix, but a cleanup
- commit 6c62aaf
- blacklist.conf: cosmetic
- commit 89c1ac7
- blacklist.conf: feature, not a fix
- commit 7abc364
- blacklist.conf: false positive
- commit 89c7fc0
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
(git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
(git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
(git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
(git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
and queue is idle"/ (git-fixes).
- drbd: dynamically allocate shash descriptor (git-fixes).
- drbd: Change drbd_request_detach_interruptible's return type
to int (git-fixes).
- drbd: fix print_st_err()'s prototype to match the definition
(git-fixes).
- drbd: do not block when adjusting "/disk-options"/ while IO is
frozen (git-fixes).
- drbd: reject attach of unsuitable uuids even if connected
(git-fixes).
- drbd: ignore "/all zero"/ peer volume sizes in handshake
(git-fixes).
- commit 0a624a5
- blacklist.conf: Add powerpc inapplicable fixes.
- commit 7e5ff14
- blacklist.conf: Add more unsupported architecture paths
- commit a9d28f3
- blacklist.conf: Giving up on memtrace on 4.12 kernel
It's hopelessly outdated. It may work for some uses but definitely
cannot be fixed to work reliably. It's only available on powernv, anyway.
- commit 52370b2
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 850359a
- blacklist.conf: remove git-fix commit
Added before but now the context appears present.
- commit ca7ebf0
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
Since it is not upstream.
- commit 71b544b
- scsi: smartpqi: use processor ID for hwqueue for non-mq case .
- commit f7c419d
- Revert "/scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)"/
This reverts commit 10f3936c627ef942dd3b1e94d001f74978249b48.
- commit 08dc3b9
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- commit 4f27069
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- commit 297ccbe
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
Heavily modified, as prerequisites for taking it as is would
utterly ruin kABI
- commit f6a5968
- iforce: restore old iforce_dump_packet (git-fixes).
- commit 4231d1c
- Input: iforce - reformat the packet dump output (git-fixes).
- commit dc68ca6
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
- commit 234f459
- blacklist.conf: designed to break kABI
- commit 8b4ffca
- parisc: Fix HP SDC hpa address output (git-fixes).
- commit 810aa94
- parisc: Fix serio address output (git-fixes).
- commit 0f57ebf
- Input: do not use WARN() in input_alloc_absinfo() (git-fixes).
- commit 84da185
- Input: replace hard coded string with __func__ in pr_err()
(git-fixes).
- commit cda312b
- Input: convert autorepeat timer to use timer_setup()
(git-fixes).
- commit cbdf2f3
- Input: switch to using sizeof(*type) when allocating memory
(git-fixes).
- commit 8f71a2f
- Input: use seq_puts() in input_devices_seq_show() (git-fixes).
- commit 1b69f50
- Input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
- commit f2b9cd4
- blacklist.conf: blacklist drivers/input/touchscreen/stmfts.c
Support for this driver has been added in v4.13 with
78bcac7b2ae1e4f6e96c68ff353c140669ea231c, which we have
not taken in SLE12. Silence the scripts.
- commit 86c295f
- struct dwc3: move new members to the end (git-fixes).
- commit 09b2302
- usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init
during suspend/resume (git-fixes).
- Refresh
patches.suse/usb-dwc3-Disable-phy-suspend-after-power-on-reset.patch.
- commit d6a4fb0
- usb: dwc3: core: Call dwc3_core_get_phy() before initializing
phys (git-fixes).
- commit f2e20db
- usb: dwc3: core: initialize ULPI before trying to get the PHY
(git-fixes).
- commit ca7dae7
- README: remove copy of config and update the text (bsc#1191924)
* the config is copied by sequence_patch.
* it makes no sense to copy a file called "/default"/ to the build tree
anyway.
* update the text, so that prerequisites are pre-installed.
- commit aef2a28
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit ba1784c
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
(git-fixes).
- commit 6fe5958
- tracing: Fix stack trace event size (git-fixes).
- commit 6ddfce9
- ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
- commit f3f9c2c
- tracing: Use address-of operator on section symbols (git-fixes).
- commit ff93892
- trigger_next should increase position index (git-fixes).
- commit 6f1b4bf
- ftrace: fpid_next() should increase position index (git-fixes).
- commit c8a082f
- tracing: Set kernel_stack's caller size properly (git-fixes).
- commit b0151c0
- tracing: Adding NULL checks for trace_array descriptor pointer
(git-fixes).
- commit 08a9d55
- ftrace: Enable trampoline when rec count returns back to one
(git-fixes).
- Refresh
patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch.
- Refresh
patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch.
- commit c714737
- ftrace: Fix NULL pointer dereference in
free_ftrace_func_mapper() (git-fixes).
- commit 5646431
- blacklist.conf: add not-relevant ftrace fixes
- commit 5961e96
- blacklist.conf: add a kdb fix which breaks kABI
- commit 7191d79
- blacklist.conf: add a kbuild compiler options cleanup
- commit 5e6755f
- blacklist.conf: add not-relevant fixes for the switch_sched event
- commit ebfa63d
- blacklist.conf: Add upstream config paths.
- commit 55c391f
- xen-netfront: Fix hang on device removal (bsc#1206698).
- commit 619f87d
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 0c3e451
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(git-fixes, bsc#1207186).
- commit 29e41ae
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit b716c1e
- git_sort: add usb-linus branch for gregkh/usb
- commit ea34985
- audit: ensure userspace is penalized the same as the kernel
when under pressure (bsc#1204514).
- commit 424bf73
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 55a788e
- audit: improve robustness of the audit queue handling
(bsc#1204514).
- commit 6afddf3
- blacklist.conf: Add memcg unusable fixes
- Add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
- Add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers
- Add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
- Add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
- commit 6350151
- dm thin: Use last transaction's pmd->root when commit failed
(git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
(git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
enabled (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm btree: add a defensive bounds check to insert_at()
(git-fixes).
- floppy: Add max size check for user space request (git-fixes).
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (git-fixes).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(git-fixes).
- cryptoloop: add a deprecation warning (git-fixes).
- virtio-blk: Fix memory leak among suspend/resume procedure
(git-fixes).
- dm space maps: don't reset space map allocation cursor when
committing (git-fixes).
- block: only update parent bi_status when bio fail (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- Revert "/dm cache: fix arm link errors with inline"/ (git-fixes).
- nbd: fix a block_device refcount leak in nbd_release
(git-fixes).
- blk-cgroup: Pre-allocate tree node on blkg_conf_prep
(git-fixes).
- blk-cgroup: Fix memleak on error path (git-fixes).
- nbd: make the config put is called before the notifying the
waiter (git-fixes).
- blk-mq: insert request not through ->queue_rq into sw/scheduler
queue (git-fixes).
- bcache: fix super block seq numbers comparision in
register_cache_set() (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- blktrace: break out of blktrace setup on concurrent calls
(git-fixes).
- blktrace: fix endianness for blk_log_remap() (git-fixes).
- blktrace: fix endianness in get_pdu_int() (git-fixes).
- blktrace: use errno instead of bi_status (git-fixes).
- block/bio-integrity: don't free 'buf' if
bio_integrity_add_page() failed (git-fixes).
- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to
find a zone (git-fixes).
- ps3disk: use the default segment boundary (git-fixes).
- null_blk: fix spurious IO errors after failed past-wp access
(git-fixes).
- Revert "/blkdev: check for valid request queue before issuing
flush"/ (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq
(git-fixes).
- null_blk: Handle null_add_dev() failures properly (git-fixes).
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (git-fixes).
- dm bio record: save/restore bi_end_io and bi_integrity
(git-fixes).
- brd: check and limit max_part par (git-fixes).
- nbd: add a flush_workqueue in nbd_start_device (git-fixes).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
(git-fixes).
- block: fix memleak when __blk_rq_map_user_iov() is failed
(git-fixes).
- nbd: fix shutdown and recv work deadlock v2 (git-fixes).
- nbd:fix memory leak in nbd_get_socket() (git-fixes).
- rsxx: add missed destroy_workqueue calls in remove (git-fixes).
- nbd: verify socket is supported during setup (git-fixes).
- nbd: handle racing with error'ed out commands (git-fixes).
- nbd: fix possible sysfs duplicate warning (git-fixes).
- commit 13f6ec9
- nbd: fix max number of supported devs (git-fixes).
- Refresh for the above change,
patches.suse/0006-nbd-don-t-update-block-size-after-device-is-started.patch.
- commit 0c94304
- nbd: add missing config put (git-fixes).
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
- block/bio-integrity: fix a memory leak bug (git-fixes).
- nbd: fix crash when the blksize is zero (git-fixes).
- dm verity: use message limit for data block corruption message
(git-fixes).
- blk-mq: move cancel of requeue_work into blk_mq_release
(git-fixes).
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
- block, bfq: increase idling for weight-raised queues
(git-fixes).
- dm thin: add sanity checks to thin-pool and external snapshot
creation (git-fixes).
- zram: fix double free backing device (git-fixes).
- dm flakey: Properly corrupt multi-page bios (git-fixes).
- dm crypt: use u64 instead of sector_t to store iv_offset
(git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
- sunvdc: Do not spin in an infinite loop when vio_ldc_send()
returns EAGAIN (git-fixes).
- dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
- amiflop: clean up on errors during setup (git-fixes).
- swim: fix cleanup on setup error (git-fixes).
- drivers/block/zram/zram_drv.c: fix bug storing backing_dev
(git-fixes).
- nbd: handle unexpected replies better (git-fixes).
- nbd: don't requeue the same request twice (git-fixes).
- nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag
(git-fixes).
- commit 687c872
- block: add a lower-level bio_add_page interface (git-fixes).
- Refresh for the above change,
patches.suse/block-remove-bvec_to_phys.patch.
- commit 1c0212c
- dm: Use kzalloc for all structs with embedded biosets/mempools
(git-fixes).
- block/swim: Select appropriate drive on device open (git-fixes).
- block/swim: Fix IO error at end of medium (git-fixes).
- block/swim: Check drive type (git-fixes).
- block/swim: Rename macros to avoid inconsistent inverted logic
(git-fixes).
- block/swim: Don't log an error message for an invalid ioctl
(git-fixes).
- m68k/mac: Don't remap SWIM MMIO region (git-fixes).
- commit 7216c12
- blacklist.conf: Add hung task detector optimizations
- Add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
- Add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
- Add 168e06f7937d kernel/hung_task.c: force console verbose before panic
- Add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
- commit 106657e
- blacklist.conf: Add de5b55c1d4e3 stop_machine: Use raw spinlocks
- commit 70e34be
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit a70de61
- blacklist.conf: remove the following commits which will be
backported as git-fixes,
- f01b411f41f91fc3196eae4317cf8b4d872830a6
- 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit f91ec99
- blacklist.conf: add git-fixes commits which won't be backported
- commit b06014b
- blacklist.conf: Blacklist 307af6c87937
- commit c4d1659
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit e12f310
- mbcache: don't reclaim used entries (bsc#1198971).
- commit f6dfab7
- Update tags
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b091c25
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- blacklist.conf: Blacklist c915fb80eaa6
- commit 4862158
- blacklist.conf: Blacklist 7159a986b420
- commit 8b03a93
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit ef0b25b
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 903c6ab
- udf: Check LVID earlier (bsc#1207108).
- commit 015783c
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit a391f82
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit 1573f9a
- udf: Limit sparing table size (bsc#1206643).
- commit 458f745
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit ae4803c
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit a21c3d0
- udf: Fix BUG on corrupted inode (bsc#1207107).
- commit 142aae1
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit 1fd21c3
- blacklist.conf: Blacklist dd5532a4994b
- commit 1a95452
- blacklist.conf: Blacklist 10f04d40a9fa
- commit 9db6570
- blacklist.conf: Blacklist 6fcbcec9cfc7
- commit a38aa89
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF}
quotactls (bsc#1207104).
- commit 9272ca4
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 9135482
- blacklist.conf: Blacklist 28ce50f8d96e
- commit 4884298
- isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
- commit e46cdb2
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 6127981
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 8e6d6a5
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
(bsc#1207102).
- commit 7338cee
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).
- commit d71d0e3
- blacklist.conf: Blacklist 5c099c4fdc43
- commit 665ce36
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 7faea59
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 0eea07e
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 7a14dda
- blacklist.conf: Blacklist d1052d236edd
- commit 0c9fa3b
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit bc2f14a
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 9a43afd
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit b5cdb98
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 49d324e
- blacklist.conf: Blacklist 613c5a85898d
- commit 54c3380
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit b7ada6c
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit c7f8ba9
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1198971).
- commit cd983c4
- blacklist.conf: Blacklist 6bc0d63dad7f
- commit eaa9493
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 7e9aa45
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- commit 2f31cd1
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit 84de60f
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit 65f415c
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 3e25d04
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit cc87a22
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit ede473e
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4f9eee6
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit 22a4adc
- ext4: don't BUG if someone dirty pages without asking ext4 first
(bsc#1207097).
- blacklist.conf: Blacklist ea_inode related commits
- commit 9502092
- blacklist.conf: Blacklist 5dccdc5a1916
- commit 4f5adf1
- blacklist.conf: Blacklist b5776e7524af
- commit f1a0a1a
- ext4: Detect already used quota file early (bsc#1206873).
- commit 87720a2
- blacklist.conf: Blacklist 11215630aada
- commit eb3396e
- blacklist.conf: Blacklist 8418897f1bf8
- commit 16639ef
- blacklist.conf: Blacklist 907ea529fc4c
- commit 6a4fc32
- blacklist.conf: Blacklist a17a9d935dc4
- commit a76a169
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit aba337c
- blacklist.conf: Blacklist c96e2b8564ad
- commit 49f777f
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 1cd40a2
- blacklist.conf: Blacklist f629afe3369e
- commit 2a1b322
- blacklist.conf: Blacklist 64d4ce892383
- commit ab3ecba
- blacklist.conf: Blacklist 65db869c754e
- commit bd9d268
- blacklist.conf: Blacklist 8c380ab4b7b5
- commit 6d50017
- ext4: prohibit fstrim in norecovery mode (bsc#1207094).
- commit 968ac45
- blacklist.conf: Blacklist 6c7328400e04
- commit 192eee8
- blacklist.conf: Blacklist ddccb6dbe780
- commit b7b4229
- ext4: clear mmp sequence number when remounting read-only
(bsc#1207093).
- commit 7957fbf
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
- commit 9556f87
- blacklist.conf: Blacklist couple of commits
- commit d7f2f6c
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- Add Tegra repository to git_sort.
- commit a3bc12e
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 707f425
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- scripts/git_sort/git_sort.py: Add arm-soc for-next tree.
- commit e5f5f10
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
- commit cab7952
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- scripts/CKC: don't output from shopt
shopt outputs the status of the flag, so that git grep looks like:
git grep -qi 'nocasematch off
^References:.*bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches.*'
I don't know how it can work (it does -- maybe thanks to ^), but it's
not definitely OK.
So make shopt in term2regex() quiet.
- commit 9ca71fb
- scripts/CKC: store local branches with $USER prefix
So that on shared machines, it can be overwritten when expires.
- commit 1dae151
- scripts/CKC: speed up the git-grep
Search only in patches.*. I.e. skip especially all those large kabi
files.
The speedup is significant:
real 1m28,309s
to:
real 0m57,260s
- commit 2ea817a
- scripts/CKC: simplify print_branch
AFAIU, it's simply:
printf "/%-23s"/
- commit ec10bb9
- scripts/CKC: test accepts only =, not ==
And put $1 into "/"/ too.
- commit acae7f9
- scripts/CKC: Don't use empty branches file
Don't use it and don't write neither.
- commit 311b204
- scripts/python/suse_git/header.py: Catch the use of "/Not yet, submitted"/
Also add a test case for it.
For submitted patches, you should use "/Patch-mainline: Submitted"/
rather than "/Not yet, submitted"/. Enforce this in check-patchhdr so
that such mistakes are caught earlier.
- commit 475b64b
- scripts/CKC: Search also CVE and generic references
Sometimes it's useful to check that references exits, not the commit
itself.
- commit c34e0ed
- scripts/CKC: Make checker more specific
- commit 5cdb9a3
- scripts/CKC: Make checker script download branches.conf
Requires curl, downloads and caches the branches.conf file.
- commit e7c8885
- scripts/CKC: Modify check-kernel-commit to parse branches.conf
Thus we can use the same source of truth.
- commit 0c2b4b3
- scripts: Add helper script to search commit presence in kernel-source
The helper can have various uses. Checking for CVE patches is on of the
existing use cases.
This version of the script relies on file with branches to check.
It will be modified to be interoperable with branches.conf.
- commit 809939e
- x86: link vdso and boot with -z noexecstack
- -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
(bsc#1203200).
- commit 7e1d602
- git_sort: update netfilter repositories
The official URL of netfilter repositories (nf and nf-next) was changed by
mainline commit 1f6339e034d5 ("/MAINTAINERS: netfilter: update git links"/)
and the old repositories (with "/pablo"/) have not been updated since
May 2022.
- commit 33c6a43
- scripts/wd-functions.sh: fix get_branch_name() in worktree
Instead of using a hard-coded path for the git directory, use git
rev-parse with --git-dir flag, introduced since 0.99.7, to find the git
directory so branch name can be correctly detected while in git
worktrees.
- commit 283838a
- krb5
-
- Update logrotate script, call systemd to reload the services
instead of init-scripts; (bsc#1206152);
- libX11
-
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
* fixes regression introduced with security update for
CVE-2022-3555 (bsc#1204425, bsc#1208881)
- libseccomp
-
- Speed up database handling when handling lots of rules like in docker
(bsc#1209407)
Added backported patches:
- 01-21b98d85e8bfdb701a5f9afd54ff5175af910a45.patch
- 02-19af04da86e9a4168a443f3563fc7aec8839edf0.patch
- libxml2
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- libxslt
-
- Security Fix: [bsc#1208574, CVE-2021-30560]
* Use after free in Blink XSLT
* Add libxslt-CVE-2021-30560.patch
- lvm2
-
- LVM volume groups are not being cleaned up after kiwi image build (bsc#1142550)
+ bug-1142550_02-LVM-vg-are-not-being-cleaned-up-after-kiwi-image-build.patch
- mozilla-nss
-
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
fixes to PBKDF2 parameter validation.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
validate extra PBKDF2 parameters according to FIPS 140-3.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
update session->lastOpWasFIPS before destroying the key after
derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
excess code.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
checks. Thanks to Martin for the DHKey parts.
- Add manpages to mozilla-nss-tools (bsc#1208242)
- update to NSS 3.79.4 (bsc#1208138)
* Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
(CVE-2023-0767)
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- openssl-1_0_0
-
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Fix DH key generation in FIPS mode, add support for constant BN for
DH parameters [bsc#1202062]
* Add patch: openssl-fips_fix_DH_key_generation.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- openssl-Groundwork-for-a-perl-based-testing-framework.patch
- openssl-Add-recipes-for-the-larger-protocols.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add openssl-CVE-2022-4304.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- openssl-1_1
-
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
* Double free after calling PEM_read_bio_ex()
* Add patches:
- openssl-CVE-2022-4450-1of2.patch
- openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
- permissions
-
* mariadb: settings for new auth_pam_tool (bsc#1160285)
- Update to version 20170707:
- python-cffi
-
- Add require-writable.patch to support the optional argument
"/require_writable"/ in "/from_buffer"/ method, that's used by the
python-cryptography security fix gh#pyca/cryptography@9fbf84efc861
(bsc#1208036, CVE-2023-23931)
The upstream patch can be found here:
https://foss.heptapod.net/pypy/cffi/-/commit/c5c4d32c3e3ec0fbaabc4b9890fd17c9c58407d2
- python-cryptography
-
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
* Don't allow update_into to mutate immutable objects
- python-py-doc
-
- Add patch CVE-2022-42969-remove-svn-traces.patch:
* Stop using or advertising svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Remove the _path testing configuration file too, so the testsuite runs.
(bsc#1208181)
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- python-rsa
-
- Add cve_2020-25658.patch (CVE-2020-25658 bsc#1178676)
+ Reduce timing sensitivity on decryption for false ciphers
- python3
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- python3-base
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- python36
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
email.generator.py from replacing a non-existent header
(bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- qemu
-
- Fix bsc#1172033 (CVE-2020-13253)
* Patches added:
0268-hw-sd-sdcard-Update-coding-style-to.patch
0269-hw-sd-sdcard-Do-not-switch-to-Recei.patch
- Fix bsc#1180207 (CVE-2020-14394)
* Patches added:
0267-hw-usb-hcd-xhci-Fix-unbounded-loop-.patch
- Fix bsc#1172382 (CVE-2020-13754)
* Patches added:
0261-libqos-usb-hcd-ehci-use-32-bit-writ.patch
0262-libqos-pci-pc-use-32-bit-write-for-.patch
0263-memory-Revert-memory-accept-mismatc.patch
0264-xhci-fix-valid.max_access_size-to-a.patch
0265-acpi-accept-byte-and-word-access-to.patch
0266-hw-char-bcm2835_aux-Allow-less-than.patch
- Fix bsc#1198038 (CVE-2022-0216)
* Patches added:
0260-scsi-lsi53c895a-really-fix-use-afte.patch
- Fix bsc#1193880 (CVE-2021-3929)
* Patches added:
0259-hw-nvme-fix-CVE-2021-3929.patch
- Fix: bsc#1197653 (CVE-2022-1050)
* Patches added:
0258-hw-pvrdma-Protect-against-buggy-or-.patch
- Fix: bsc#1205808 (CVE-2022-4144), bsc#1198712 (CVE-2022-26354)
* Patches added:
0251-display-qxl-render-fix-race-conditi.patch
0252-vhost-vsock-detach-the-virqueue-ele.patch
0253-hw-display-qxl-Have-qxl_log_command.patch
0254-hw-display-qxl-Document-qxl_phys2vi.patch
0255-hw-display-qxl-Pass-requested-buffe.patch
0256-hw-display-qxl-Avoid-buffer-overrun.patch
0257-hw-display-qxl-Assert-memory-slot-f.patch
- Fix: bsc#1175144 (CVE-2020-17380, CVE-2020-25085, CVE-2021-3409),
bsc#1185000 (CVE-2021-3507), bsc#1201367, CVE-2022-35414
- About bsc#1175144, see also bsc#1182282 (CVE-2021-3409)
* Patches added:
0244-hw-sd-sdhci-Don-t-transfer-any-data.patch
0245-hw-sd-sdhci-Don-t-write-to-SDHC_SYS.patch
0246-hw-sd-sdhci-Correctly-set-the-contr.patch
0247-hw-sd-sdhci-Limit-block-size-only-w.patch
0248-hw-sd-sdhci-Reset-the-data-pointer-.patch
0249-hw-block-fdc-Prevent-end-of-track-o.patch
0250-softmmu-Always-initialize-xlat-in-a.patch
- Fix: bsc#1198035, CVE-2021-4206
* Patches added:
0243-ui-cursor-fix-integer-overflow-in-c.patch
- runc
-
- Update to runc v1.1.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
Includes fixes for the following CVEs:
- CVE-2023-25809 bsc#1209884
- CVE-2023-27561 bsc#1208962
- CVE-2023-28642 bsc#1209888
* Fix the inability to use `/dev/null` when inside a container.
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1). bsc#1168481
* Fix rare runc exec/enter unshare error on older kernels.
* nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
- samba
-
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).
- shadow
-
- bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch
- shim
-
- add CVE number against bsc#
+ (bsc#1198458, CVE-2022-28737)
- Update shim to 15.7-150300.4.11.1 from SLE15-SP3
+ Version: 15.7, "/Thu Mar 17 2023"/
+ Update the SLE signatures
+ Include the fixes for bsc#1205588, bsc#1202120, bsc#1201066,
bsc#1198458, bsc#1198101, bsc#1193315, bsc#1193282
- sudo
-
- Fix CVE-2023-28486, sudo does not escape control characters in
log messages, (CVE-2023-28486, bsc#1209362)
* Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
* bsc#1203201
* Do not re-enable the reader when flushing the buffers as part
of pty_finish().
* While sudo-observe-SIGCHLD patch applied earlier prevents a
race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
* bsc#1206483
* Fix a situation where "/sudo -U otheruser -l"/ would dereference
a NULL pointer.
- systemd
-
- Import commit 95ad6444b8d4c9cbd6c745ba9b4463264109ee11
acb6da7b4a pager: make pager secure when under euid is changed or explicitly requested
7c8bbe16a2 pager: set $LESSSECURE whenver we invoke a pager (bsc#1208958 CVE-2023-26604)
e931881112 core: if the start command vanishes during runtime don't hit an assert (bsc#1206985)
- tar
-
* bsc1202436-1.patch
* bsc1202436-2.patch
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
results in use of uninitialized memory for a conditional jump
(CVE-2022-48303, bsc#1207753)
* fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
- timezone
-
- timezone update 2023c:
* Revert changes made in 2023b
- timezone update 2023b:
* Lebanon delays the start of DST this year.
- timezone update 2023a:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- vim
-
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- xen
-
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
speculative security issues (XSA-422)
xsa422-01.patch
xsa422-02.patch
- zlib
-
- Add DFLTCC support for using inflate() with a small window,
fixes bsc#1206513
* bsc1206513.patch