- bind
-
- Update to release 9.16.38
Bug Fixes:
* A constant stream of zone additions and deletions via rndc
reconfig could cause increased memory consumption due to
delayed cleaning of view memory. This has been fixed.
* The speed of the message digest algorithms (MD5, SHA-1, SHA-2),
and of NSEC3 hashing, has been improved.
* Building BIND 9 failed when the --enable-dnsrps switch for
./configure was used. This has been fixed.
[jsc#SLE-24600]
- Updated keyring and signature
- containerd
-
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.0-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.12>
- cpupower
-
- Originally by aabdallah@suse.com:
Don't exist if perf is unavailable.
* Fix for SG#64023, bsc#1202890:
A turbostat-Dont-exist-if-perf-is-unavailable.patch:
- curl
-
- Security fixes:
* [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
* [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
Add curl-CVE-2023-27534.patch
* [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
Add curl-CVE-2023-27535.patch
* [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
Add curl-CVE-2023-27536.patch
* [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
Add curl-CVE-2023-27538.patch
- docker
-
- update to 20.10.23-ce.
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
bsc#1205375 CVE-2022-36109
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
- glibc
-
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
(bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
(CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
(bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
with recent GCC
- gnutls
-
- FIPS: PBKDF2 additional requirements [bsc#1209001]
* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.
* Add gnutls-FIPS-pbkdf2-additional-requirements.patch
- grub2
-
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
(bsc#1205554) (PED-2947)
- kernel-default
-
- Drop build fix patch causing a regression on aarch64 (bsc#1209798)
Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch
- commit cc75cf8
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr
(git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int
(git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
__uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
sad_cfg_iio_topology() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol
(git fixes).
- perf/x86/intel/pt: Fix sampling using single range output
(git fixes).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes
(git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain
(git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of
clear_cpu_cap() (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
PMU (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git
fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default
(git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git
fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL
(git fixes).
- perf/core: Fix data race between perf_event_set_output()
and perf_mmap_close() (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support
(git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding
(git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
(git fixes).
- perf/x86/intel: Don't extend the pseudo-encoding to GP counters
(git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- perf: Always wake the parent event (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
(git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- commit 74e398e
- Refresh patches.suse/NFSv3-handle-out-of-order-write-replies.patch.
Careless typo - might cause bsc#1209457
- commit 1d76618
- ceph: update the time stamps and try to drop the suid/sgid
(bsc#1209504).
- commit e7df378
- supported.conf: Remove duplicate entry.
- commit 2c93f73
- IB/hfi1: Update RMT size calculation (git-fixes)
- commit 46a7a1c
- IB/hfi1: Assign npages earlier (git-fixes)
- commit b6b4a13
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path
(git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation
(git-fixes).
- firmware: xilinx: don't make a sleepable memory allocation
from an atomic context (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses
(git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
due to race condition (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers
(git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order
(git-fixes).
- media: m5mols: fix off-by-one loop termination error
(git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
condition (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly
(git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity
(git-fixes).
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
(git-fixes).
- drm/bridge: Fix returned array size name for
atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors
(git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay
(git-fixes).
- drm/panfrost: Don't sync rpm suspension after mmu flushing
(git-fixes).
- drm/shmem-helper: Remove another errant put in error path
(git-fixes).
- clk: HI655X: select REGMAP instead of depending on it
(git-fixes).
- docs: Correct missing "/d_"/ prefix for dentry_operations member
d_weak_revalidate (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers
for soc15 (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs
(git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how
long a regulator was off (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- PCI: Add SolidRun vendor ID (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on
regulators (git-fixes).
- regulator: Flag uncontrollable regulators as always_on
(git-fixes).
- commit fc61e5c
- Delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch
Resulted in an Oops / hang at boot (bsc#1209436)
- commit 0da96b0
- hwmon: (k10temp): Add support for new family 17h and 19h models
(bsc#1208848).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- commit c3dd9ac
- Update references in
patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
(git-fixes bsc#1209291 CVE-2023-28328).
- commit dc99e31
- rpm/group-source-files.pl: Fix output difference when / is in location
While previous attempt to fix group-source-files.pl in 6d651362c38
"/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
breaks the infinite loop, it does not properly address the issue. Having
prefixed and/or postfixed forward slash still result in different
output.
This commit changes the script to use the Perl core module File::Spec
for proper path manipulation to give consistent output.
- commit 4161bf9
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery
table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824,
bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table
(bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in
uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824,
bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void
(bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file
(bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824,
bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs
(bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on
ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824,
bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824,
bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize IIO topology support
(bsc#1206824, bsc#1206493, bsc#1206492).
- commit 23fd14b
- Require suse-kernel-rpm-scriptlets at all times.
The kernel packages call scriptlets for each stage, add the dependency
to make it clear to libzypp that the scriptlets are required.
There is no special dependency for posttrans, these scriptlets run when
transactions are resolved. The plain dependency has to be used to
support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- mm: memcg: fix NULL pointer in
mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- commit ca9be2b
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
(bsc#1197617).
- commit 34bfa16
- blacklist.conf: Add cgroup locking optimizations
be288169712f cgroup: reduce dependency on cgroup_mutex
671c11f0619e cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
- commit a274f6f
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- commit 49f82de
- blacklist.conf: Add 9360d035a579 panic: Separate sysctl logic from CONFIG_SMP
- commit 70188a8
- blacklist.conf: Add 9df918698408 kernel/panic: move panic sysctls to its own file
- commit 7099ede
- prlimit: do_prlimit needs to have a speculation check
(bsc#1209256).
- commit 90a3f2f
- blacklist.conf: this is very hard to explain. This patch stops a staging
driver from doing something extremely stupid, but it is visible and not
technically a fix
- commit 55006f0
- blacklist.conf: Add c16bdeb5a39f rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user
And also reasoning dependency/guard 2863643fb8b9 ("/set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds"/)
- commit 2a2c4f0
- blacklist.conf: this is very hard to explain. This patch stops a staging
driver from doing something extremely stupid, but it is visible and not
technically a fix
- commit a35c342
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- commit b51985a
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- commit d31c746
- rds: rds_rm_zerocopy_callback() correct order for
list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
(CVE-2023-1078 bsc#1208601).
- commit b467b16
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
bsc#1208598).
- commit 04f7ce9
- blacklist.conf: feature, not fix
- commit 3b9cbfd
- blacklist.conf: duplicate
- commit 082c8b7
- Update patches.suse/hid-bigben_probe-validate-report-count.patch
(bsc#1208605).
Added bugzilla reference to fix already applied
- commit 784a3b2
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
(git-fixes).
- commit 1bde01c
- signal: Implement force_fatal_sig (git-fixes).
- blacklist.conf: remove it
- commit fc01034
- bpf, x64: Factor out emission of REX byte in more cases
(git-fixes).
- blacklist.conf: remove it
- commit 3ad465f
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd
(git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of
calling do_exit (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation
(git-fixes).
- commit 128d44a
- wifi: cfg80211: Partial revert "/wifi: cfg80211: Fix use after
free for wext"/ (git-fixes).
- tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
(git-fixes).
- commit c121561
- NFS: nfsiod should not block forever in mempool_alloc()
(git-fixes).
- commit 3938521
- KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on
referral lookup (git-fixes).
- commit 3fe030b
- ASoC: zl38060 add gpiolib dependency (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update
(git-fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero
(git-fixes).
- PCI: Add ACS quirk for Wangxun NICs (git-fixes).
- PCI: Take other bus devices into account when distributing
resources (git-fixes).
- PCI: Align extra resources for hotplug bridges properly
(git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
mma9551_read_status_word() (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- mei: bus-fixup:upon error print return values of send and
receive (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent()
(git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe
(git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal
(git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
(git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- USB: ene_usb6250: Allocate enough memory for full object
(git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of
using pointer math (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive
warnings (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
(git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string
(git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors
(git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt
leak (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
(git-fixes).
- ASoC: zl38060: Remove spurious gpiolib select (git-fixes).
- Bluetooth: hci_sock: purge socket queues in the destruct()
callback (git-fixes).
- commit 1135294
- kABI workaround for hid quirks (git-fixes).
- commit 2ce6cac
- HID: retain initial quirks set up when creating HID devices
(git-fixes).
- commit 0d98469
- PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- commit ccb0b3a
- thermal/drivers/tsens: Add compat string for the qcom,msm8960
(git-fixes).
- Refresh
patches.suse/thermal-drivers-tsens-Sort-out-msm8976-vs-msm8956-da.patch.
- commit 0c14aac
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code
(git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL
register (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec()
(git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq
(git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already
binded (git-fixes).
- usb: typec: intel_pmc_mux: Don't leak the ACPI device reference
count (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
fails (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
(git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
(git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to
prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
brcmf_c_preinit_dcmds() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
(git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH
(git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero
(git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high
(git-fixes).
- usb: typec: intel_pmc_mux: Use the helper
acpi_dev_get_memory_resources() (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop
body as a ptr (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg
(un)link func (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link()
(git-fixes).
- commit 31f8312
- nfc: fdp: add null check of devm_kmalloc_array in
fdp_nci_i2c_read_device_properties (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
(git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables
(git-fixes).
- PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color
bits (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
(git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad
Duet 3 10IGL5 (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue
(git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown
(git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume
(git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
(git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- HID: multitouch: Add quirks for flipped axes (git-fixes).
- HID: logitech-hidpp: Don't restart communication if not
necessary (git-fixes).
- HID: Add Mapping for System Microphone Mute (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks
(git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays
(git-fixes).
- regulator: max77802: Bounds check regulator id against opmode
(git-fixes).
- KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output
enable (git-fixes).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit
path (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- media: uvcvideo: Check controls flags before accessing them
(git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS
(git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL
(git-fixes).
- commit af57661
- Documentation/hw-vuln: Document the interaction between IBRS
and STIBP (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
(git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step
(git-fixes).
- ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes).
- ASoC: kirkwood: Iterate over array indexes instead of using
pointer math (git-fixes).
- ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes).
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
(git-fixes).
- ACPI: Don't build ACPICA with '-Os' (git-fixes).
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read
latency detected (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible
(git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
(git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node
name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node
names (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button
name (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to
eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to
rng node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid
clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors
compatible (git-fixes).
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
(git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
(git-fixes).
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video
phy (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock
names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON
(git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- ACPI: resource: Add helper function
acpi_dev_get_memory_resources() (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ASoC: codecs: tx-macro: move to individual clks from bulk
(git-fixes).
- ASoC: codecs: rx-macro: move to individual clks from bulk
(git-fixes).
- ASoC: codecs: tx-macro: move clk provider to managed variants
(git-fixes).
- ASoC: codecs: rx-macro: move clk provider to managed variants
(git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- ASoC: codecs: Change bulk clock voting to optional voting in
digital codecs (git-fixes).
- ASoC: fsl_sai: Update to modern clocking terminology
(git-fixes).
- commit 8491e1c
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
(CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
(CVE-2023-1095 bsc#1208777).
- commit 1969911
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit 17b413e
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit bedb569
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- commit 04f9814
- arm64: mm: kfence: only handle translation faults (git-fixes)
- commit 53720ca
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- commit abb3814
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- commit 8ba9b76
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- commit 830c0c2
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- commit bf5800f
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- commit 2dadb72
- blacklist.conf: add some X86 git-fixes
- commit 05ac891
- blacklist.conf: ("/arm64: dts: ten64: remove redundant interrupt declaration for"/)
- commit b0f32f5
- Update patch reference for HID fixes (CVE-2023-25012 bsc#1207560)
- commit ac09f05
- qede: avoid uninitialized entries in coal_entry array
(bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- commit bcd42d6
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- commit da09379
- PCI: qcom: Fix host-init error handling (git-fixes).
- PCI: Unify delay handling for reset and resume (git-fixes).
- PCI/PM: Always disable PTM for all devices during suspend
(git-fixes).
- PCI: mediatek-gen3: Fix refcount leak in
mtk_pcie_init_irq_domains() (git-fixes).
- PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte
X299 (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: mediatek-gen3: Assert resets to ensure expected init state
(git-fixes).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with
sriov_numvfs_store() (git-fixes).
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- PCI: xgene: Revert "/PCI: xgene: Use inbound resources for setup"/
(git-fixes).
- PCI: aardvark: Check return value of generic_handle_domain_irq()
when processing INTx IRQ (git-fixes).
- PCI: Reduce warnings on possible RW1C corruption (git-fixes).
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch.
- PCI: aardvark: Fix link training (git-fixes).
- Refresh
patches.suse/PCI-aardvark-Fix-checking-for-link-up-via-LTSSM-stat.patch.
- commit 3cab0bb
- blacklist.conf: add some PCI git-fixes
- commit 259b001
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending
on it (git-fixes).
- commit b403668
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- NFSD: pass range end to vfs_fsync_range() instead of count
(git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
display (git-fixes).
- NFSD: Finish converting the NFSv3 GETACL result encoder
(git-fixes).
- NFSD: Finish converting the NFSv2 GETACL result encoder
(git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
(git-fixes).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4: Fix a potential state reclaim deadlock (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: fix use-after-free on source server when doing
inter-server copy (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
(git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
(git-fixes).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup
(git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
(git-fixes).
- SUNRPC: Return true/false (not 1/0) from bool functions
(git-fixes).
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
(git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc()
(git-fixes).
- commit 4c29b9b
- blacklist.conf: fixes for bugs we don't have
- commit afbbfc5
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
CVE-2023-23004).
- commit 87efba8
- Delete
patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
This definition was used by kgraft codestreams (SLE12-SP3), but the
livepatch support for such codestreams has ended.
- commit f5aeaad
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- blacklist.conf: false positive
- commit 086f5da
- nvme-auth: fix an error code in
nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: don't use NVMe status codes (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication
(bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to
complete (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication
(bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication
completes (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure
(bsc#1202633).
- nvme-auth: don't keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: don't override ctrl keys before validation
(bsc#1202633).
- nvme-auth: don't ignore key generation failures when
initializing ctrl keys (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: don't re-authenticate if the controller is not LIVE
(bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset
(bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to
nvme_auth[reset|free]_dhchap (bsc#1202633).
- commit 67a47c5
- blacklist.conf: kABI, cosmetic
- commit f03aa8f
- Add cherry-picked id for nouveau patch
- commit d18ab1d
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit a961e32
- KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file
system (Never, kabi).
- commit f615f65
- update internal module version number for cifs.ko (bsc#1193629).
- commit c325c43
- drm/virtio: Fix NULL vs IS_ERR checking in
virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit cd9c832
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
When the source file location provided with -L is either prefixed or
postfixed with forward slash, the script get stuck in a infinite loop
inside calc_dirs() where $path is an empty string.
user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
...
path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
path = /usr/src/linux-5.14.21-150500.41/Documentation
path = /usr/src/linux-5.14.21-150500.41
path = /usr/src
path = /usr
path =
path =
path =
... # Stuck in an infinite loop
This workarounds the issue by breaking out the loop once path is an
empty string. For a proper fix we'd want something that
filesystem-aware, but this workaround should be enough for the rare
occation that this script is ran manually.
Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare()
in imx7_csi_init() (git-fixes).
- commit e70e8d4
- media: platform: ti: Add missing check for devm_regulator_get
(git-fixes).
- commit 08661ee
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
function (CVE-2023-23000 bsc#1208816).
- commit 4632142
- Update patch reference for media fix (CVE-2023-1118 bsc#1208837)
- commit 778b9f2
- media: ti: cal: fix possible memory leak in cal_ctx_create()
(git-fixes).
- commit 2ff7792
- struct uvc_device move flush_status new member to end
(git-fixes).
- commit 8ba3f50
- media: uvcvideo: Fix race condition with usb_kill_urb
(git-fixes).
- commit 9dd8ca0
- media: coda: Add check for kmalloc (git-fixes).
- commit 8c98f78
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit 705609f
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 9b1b9b9
- blacklist.conf: cosmetic, not a bug fix
- commit a1eb9b6
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787).
- commit bad820e
- KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use
xdr_stream_subsegment() (git-fixes).
- commit bd901a6
- KABI FIX FOR: NFS: Further optimisations for 'ls -l'
(git-fixes).
- commit 894aa13
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
(git-fixes).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
(git-fixes).
- NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- NFSD: COMMIT operations must not return NFS?ERR_INVAL
(git-fixes).
- sunrpc: Fix potential race conditions in
rpc_sysfs_xprt_state_change() (git-fixes).
- net/sunrpc: fix reference count leaks in
rpc_sysfs_xprt_state_change (git-fixes).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
(git-fixes).
- NFSv4 handle port presence in fs_location server string
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4.1 query for fs_location attr on a new file system
(git-fixes).
- NFSv4 store server support for fs_location attribute
(git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
(git-fixes).
- NFSD: Have legacy NFSD WRITE decoders use
xdr_stream_subsegment() (git-fixes).
- NFS: Create a new nfs_alloc_fattr_with_label() function
(git-fixes).
- NFS: Always initialise fattr->label in nfs_fattr_alloc()
(git-fixes).
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
(git-fixes).
- NFS: Further optimisations for 'ls -l' (git-fixes).
- commit fc8bee1
- blacklist.conf: NFS updates
- commit 424a052
- selftests/powerpc: Account for offline cpus in perf-hwbreak test
(bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test
(bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- commit cc3db6d
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- commit 6b88ff8
- cifs: improve checking of DFS links over
STATUS_OBJECT_NAME_INVALID (git-fixes).
- commit 2d97db4
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
(bsc#1193629).
- commit aef7d88
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- commit a3d06fc
- cifs: update ip_addr for ses only for primary chan setup
(bsc#1193629).
- commit 9b0633d
- cifs: use tcon allocation functions even for dummy tcon
(git-fixes).
- commit 4cb2b33
- cifs: use the least loaded channel for sending requests
(bsc#1193629).
- commit cfdb032
- smb3: Replace smb2pdu 1-element arrays with flex-arrays
(bsc#1193629).
- commit 8183847
- selftests/ftrace: Convert tracer tests to use 'requires'
to specify program dependency (bsc#1204993 ltc#200103).
- selftests/ftrace: Add check for ping command for trigger tests
(bsc#1204993 ltc#200103).
- commit 11e08ba
- cifs: get rid of dns resolve worker (bsc#1193629).
- commit 2cb37b3
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- commit 5fa5f21
- cifs: Fix lost destroy smbd connection when MR allocate failed
(git-fixes).
- commit f517a17
- cifs: return a single-use cfid if we did not get a lease
(bsc#1193629).
- commit 90e06b0
- cifs: Check the lease context if we actually got a lease
(bsc#1193629).
- commit 8e90bef
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- commit a459269
- cifs: Convert struct fealist away from 1-element array
(bsc#1193629).
- commit da04015
- cifs: fix mount on old smb servers (boo#1206935).
- commit 1f96ba2
- cifs: Fix uninitialized memory reads for oparms.mode
(bsc#1193629).
- commit 54e33cf
- cifs: remove unneeded 2bytes of padding from smb2 tree connect
(bsc#1193629).
- commit be0bd63
- cifs: Fix uninitialized memory read in smb3_qfs_tcon()
(bsc#1193629).
- commit 0882d15
- cifs: don't try to use rdma offload on encrypted connections
(bsc#1193629).
- commit e4e0061
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- commit 04a4e24
- cifs: introduce cifs_io_parms in smb2_async_writev()
(bsc#1193629).
- commit 3e469a4
- cifs: get rid of unneeded conditional in cifs_get_num_sgs()
(bsc#1193629).
- commit 406d57e
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- commit 57b5cfd
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req()
(bsc#1193629).
- commit 1affc8c
- cifs: print last update time for interface list (bsc#1193629).
- commit 77e9288
- cifs: Replace zero-length arrays with flexible-array members
(bsc#1193629).
- commit ccb5ba6
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- commit 782ea60
- cifs: Fix use-after-free in rdata->read_into_pages()
(git-fixes).
- commit 107b2e5
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect
(git-fixes).
- commit fe84ac1
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
which sets the variable for a simple command.
However, the script is no longer a simple command. Export the variable
instead.
- commit 152a069
- Refresh
patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
- Refresh
patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
Fix bug introduced by broken backport (bsc#1208628).
- commit d902e3e
- Move upstreamed i915 and media fixes into sorted section
- commit f79acc7
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit 92f0180
- nvme-fabrics: show well known discovery name (bsc#1200054).
- commit 0dc6ff3
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message
(git-fixes).
- commit cf78232
- ASoC: mchp-spdifrx: Fix uninitialized use of mr in
mchp_spdifrx_hw_params() (git-fixes).
- commit ef46bcf
- ALSA: ice1712: Delete unreachable code in aureon_add_controls()
(git-fixes).
- ALSA: ice1712: Do not left ice->gpio_mutex locked in
aureon_add_controls() (git-fixes).
- ASoC: adau7118: don't disable regulators on device unbind
(git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is
within the limits (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized
memory (git-fixes).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing
free_irq() in error path (git-fixes).
- vc_screen: don't clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k
(git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- VMCI: check context->notify_page after call to
get_user_pages_fast() to avoid GPF (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx
dma case (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at
shutdown (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in
lpuart32_shutdown() (git-fixes).
- USB: serial: option: add support for VW/Skoda "/Carstick LTE"/
(git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M
(git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: mediatek: don't unregister something that wasn't
registered (git-fixes).
- USB: core: Don't hold device lock while reading the
"/descriptors"/ sysfs file (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access
(git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in
fusb300_probe() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
(git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
(git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
is no callback function (git-fixes).
- wifi: mwifiex: fix loop iterator in
mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787
(git-fixes).
- wifi: iwl4965: Add missing check for
create_singlethread_workqueue() (git-fixes).
- wifi: iwl3945: Add missing check for
create_singlethread_workqueue (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in
nl80211_set_rekey_data() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec()
(git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
(git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wl3501_cs: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: libertas: if_usb: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
(git-fixes).
- wifi: brcmfmac: fix potential memory leak in
brcmf_netdev_start_xmit() (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
(git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: don't call dev_kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in
_rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtl8xxxu: don't call dev_kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter()
(git-fixes).
- wifi: iwlegacy: common: don't call dev_kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- commit 795b424
- thermal: intel: BXT_PMIC: select REGMAP instead of depending
on it (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference
(git-fixes).
- rtc: allow rtc_read_alarm without read_alarm callback
(git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io
(git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate
modem headers (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW
(git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region
(git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init
(git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
(git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
(git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning
(git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- soundwire: cadence: Don't overflow the command FIFOs
(git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- PCI: switchtec: Return -EFAULT for copy_to_user() errors
(git-fixes).
- PCI: Fix dropping valid root bus resources with .end = zero
(git-fixes).
- PCI/PM: Observe reset delay irrespective of bridge_d3
(git-fixes).
- PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes).
- PCI: hotplug: Allow marking devices as disconnected during
bind/unbind (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
(git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in
tegra_uart_hw_init() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in
lpuart32_shutdown() (git-fixes).
- printf: fix errname.c list (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: rockchip: Fix refcount leak in
rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
(git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for
wcss pins (git-fixes).
- spi: synquacer: Fix timeout handling in
synquacer_spi_transfer_one() (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC
(git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns
removal (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package
system (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939
(git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
(git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines
(git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
(git-fixes).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not
available (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is
disabled (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU
(git-fixes).
- commit 14a6c6a
- media: saa7134: Use video_unregister_device for radio_dev
(git-fixes).
- media: usb: siano: Fix use after free bugs caused by
do_submit_urb (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned
(git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: v4l2-jpeg: correct the skip count in
jpeg_parse_app14_data (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
(git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls()
(git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls()
(git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register()
(git-fixes).
- Input: iqs626a - drop unused device node references (git-fixes).
- Input: ads7846 - don't check penirq immediately for 7845
(git-fixes).
- Input: ads7846 - always set last command to PWRDOWN (git-fixes).
- Input: ads7846 - don't report pressure for ads7845 (git-fixes).
- Input: iqs269a - configure device with a single block write
(git-fixes).
- Input: iqs269a - increase interrupt handler return delay
(git-fixes).
- Input: iqs269a - drop unused device node references (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32
(git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type
(git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le
(git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in
dfltcc_gdht() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in
pcf50633_adc_async_read() (git-fixes).
- mfd: cs5535: Don't build on UML (git-fixes).
- gpu: host1x: Don't skip assigning syncpoints to channels
(git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned
by of_graph_get_port_by_id() (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan
(git-fixes).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store
(git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- Revert "/HID: logitech-hidpp: add a module parameter to keep
firmware gestures"/ (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- HID: bigben: use spinlock to safely schedule workers
(git-fixes).
- HID: bigben_worker() remove unneeded check on report_field
(git-fixes).
- HID: bigben: use spinlock to protect concurrent accesses
(git-fixes).
- HID: asus: use spinlock to safely schedule workers (git-fixes).
- HID: asus: use spinlock to protect concurrent accesses
(git-fixes).
- gpio: tegra186: remove unneeded loop in
tegra186_gpio_init_route_mapping() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- leds: led-class: Add missing put_device() to led_put()
(git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths
(git-fixes).
- HID: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- HID: elecom: add support for TrackBall 056E:011C (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case
(git-fixes).
- commit ed4a4d9
- drm/i915: Don't use BAR mappings for ring buffers with LLC
(git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells
(git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types
(git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Don't require
charging properties (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF
Kconfig entries (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in
dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in
stratix10_svc_drv_probe() (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init()
(git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A
usb3-phy0 optional (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amd/display: reduce else-if to else in
dcn10_blank_pixel_data() (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in
dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc
(git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
(git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions
back in (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned
(git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm: clean event_thread->worker in case of an error
(git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
(git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path
(git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
(git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer
(git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending
cmd (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
(git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/bridge: megachips: Fix error handling in
i2c_register_driver() (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in
vc4_vec_encoder_enable() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us
dependency (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board
(git-fixes).
- commit 3467b1b
- auxdisplay: hd44780: Fix potential memory leak in
hd44780_remove() (git-fixes).
- Documentation: simplify and clarify DCO contribution example
language (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as
parents (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
(git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
(git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code
(git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if
cpg_mssr_common_init() failed (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function
(git-fixes).
- dmaengine: ptdma: check for null desc before calling
pt_cmd_callback (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure
(git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
(git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation
(git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics
(git-fixes).
- dmaengine: dw-edma: Don't permit non-inc interleaved xfers
(git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved
xfers (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device
links (git-fixes).
- drivers: base: transport_class: fix resource leak when
transport_add_device() fails (git-fixes).
- drivers: base: transport_class: fix possible memory leak
(git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fix potential null-ptr-deref in device_add()
(git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- Revert "/char: pcmcia: cm4000_cs: Replace mdelay with
usleep_range in set_protocol"/ (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name
(git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
(git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
(git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
(git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number
(git-fixes).
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not
declared (git-fixes).
- ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
(git-fixes).
- ASoC: dt-bindings: meson: fix gx-card codec node regex
(git-fixes).
- ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- ASoC: rsnd: fixup #endif position (git-fixes).
- Bluetooth: hci_qca: get wakeup status from serdev device handle
(git-fixes).
- Bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete
(git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- Revert "/crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with
GFP_KERNEL in pkcs1pad_encrypt_sign_complete"/ (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate
sysfs filename (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for
SEV_GET_ID2 (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey()
(git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
(git-fixes).
- drm/amd/display: Properly handle additional cases where DCN
is not supported (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS ==
COMPLETED (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers
(git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap
based IO (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
(git-fixes).
- commit d5e5686
- ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
(git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible
(git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init()
(git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- ASoC: mchp-spdifrx: disable all interrupts in
mchp_spdifrx_dai_remove() (git-fixes).
- ASoC: mchp-spdifrx: fix controls which rely on rsr register
(git-fixes).
- ASoC: soc-compress.c: fixup private_data on
snd_soc_new_compress() (git-fixes).
- ALSA: hda/ca0132: minor fix for allocation size (git-fixes).
- ACPI: battery: Fix missing NUL-termination with large strings
(git-fixes).
- ACPICA: nsrepair: handle cases without a return value correctly
(git-fixes).
- ACPICA: Drop port I/O validation for some regions (git-fixes).
- ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for
IOMMU node (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
(git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC
(git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock
description (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
(git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan
thermal trip (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
(git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit
address (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
(git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name
(git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address
(git-fixes).
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells
(git-fixes).
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4
(git-fixes).
- ARM: dts: exynos: correct wr-active property in Exynos3250
Rinato (git-fixes).
- ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
(git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
(git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output
names (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells
(git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells
(git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt
pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k
instead of 4k (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets
(git-fixes).
- ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init
(git-fixes).
- ARM: imx: Call ida_simple_remove() for ida_simple_get
(git-fixes).
- ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- ARM: OMAP1: call platform_device_put() in error case in
omap1_dm_timer_init() (git-fixes).
- ARM: OMAP2+: Fix memory leak in realtime_counter_init()
(git-fixes).
- ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes).
- ACPI: NFIT: fix a potential deadlock during NFIT teardown
(git-fixes).
- ARM: dts: rockchip: add power-domains property to dp node on
rk3288 (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from
rk3328-roc-cc (git-fixes).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue
(git-fixes).
- ASoC: cs42l56: fix DT probe (git-fixes).
- ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
(git-fixes).
- ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
(git-fixes).
- ALSA: hda: Do not unset preset when cleaning up codec
(git-fixes).
- ACPI / x86: Add support for LPS0 callback handler (git-fixes).
- commit b514cae
- Refresh
patches.suse/ipmi-ssif-Add-a-timer-between-request-retries.patch.
- Refresh patches.suse/ipmi-ssif-Remove-rtc_us_timer.patch.
- Refresh patches.suse/ipmi-ssif-resend_msg-cannot-fail.patch.
- Refresh
patches.suse/ipmi_ssif-Rename-idle-state-and-check.patch.
- commit 39421c5
- KABI fix for: NFSv3: handle out-of-order write replies
(bsc#1205544).
- commit 931f6bd
- NFSv3: handle out-of-order write replies (bsc#1205544).
- commit 96398e7
- locking/rwsem: Disable preemption in all down_write*() and
up_write() code paths (bsc#1207270).
- commit 87b3e0b
- locking/rwsem: Disable preemption in all down_read*() and
up_read() code paths (bsc#1207270).
- commit c4762ff
- locking/rwsem: Prevent non-first waiter from spinning in
down_write() slowpath (bsc#1207270).
- commit 61aa9bc
- locking/rwsem: Disable preemption while trying for rwsem lock
(bsc#1207270).
- commit 164c146
- locking/rwsem: Allow slowpath writer to ignore handoff bit if
not set by first waiter (bsc#1207270).
- commit 05a6130
- locking/rwsem: Always try to wake waiters in out_nolock path
(bsc#1207270).
- commit 2d3049a
- locking/rwsem: Conditionally wake waiters in reader/writer
slowpaths (bsc#1207270).
- commit 6c03884
- locking/rwsem: No need to check for handoff bit if wait queue
empty (bsc#1207270).
- commit 7ef94ea
- locking: Add missing __sched attributes (bsc#1207270).
- commit 241a50d
- locking/rwsem: Make handoff bit handling more consistent
(bsc#1207270).
- commit 68640da
- wifi: ath9k: Fix potential stack-out-of-bounds write in
ath9k_wmi_rsp_callback() (git-fixes).
- commit 4c1ac5d
- blacklist.conf: Add oops_limit accretion disk
- commit b22c6d0
- powerpc/eeh: Set channel state after notifying the drivers
(bsc#1208784 ltc#201612).
- commit c4cafd6
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA
clustering (bsc#1208420).
- commit 30beac0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- commit adff7f2
- IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- commit 3bdf9ca
- RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- commit 878e0eb
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- commit d90e67e
- RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- commit 05d982b
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- commit 7eb2c03
- RDMA/siw: Fix user page pinning accounting (git-fixes)
- commit d72f1f4
- fuse: add inode/permission checks to fileattr_get/fileattr_set
(bsc#1208759).
- commit 91990ec
- usb: gadget: u_serial: Add null pointer check in gserial_resume
(git-fixes).
- commit 4549b2e
- Update
patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch
(bsc#1208741 CVE-2023-22995).
Added CVE reference for fix already present
- commit 3d3f080
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit 7ee1e3a
- RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- commit 364a0c0
- RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- commit 4c3dcae
- iommu/hyper-v: Allow hyperv irq remapping without x2apic
(git-fixes).
- commit 944a8e8
- Avoid deadlock for recursive I/O on dm-thin when used as swap
(bsc#1177529).
- commit 9236175
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- commit 3959431
- [xen] fix "/direction"/ argument of iov_iter_kvec() (git-fixes).
- commit defee4c
- xen/privcmd: Fix a possible warning in
privcmd_ioctl_mmap_resource() (git-fixes).
- commit fca2519
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit d392a17
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
(git-fixes).
- commit cd8f1e2
- blacklist.conf: add "/xen/netback: don't call kfree_skb() under
spin_lock_irqsave()"/
- commit 49e8a38
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 81410eb
- xen/netback: fix build warning (git-fixes).
- Refresh
patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch.
- commit 18cf292
- xen/platform-pci: add missing free_irq() in error path
(git-fixes).
- commit 1274346
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
(git-fixes).
- commit e6b17f1
- xen/netback: do some code cleanup (git-fixes).
- Refresh
patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch.
- commit ea1b704
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
(git-fixes).
- commit 264c043
- block: bio-integrity: Copy flags when bio_integrity_payload
is cloned (bsc#1208541).
- commit 9308710
- scsi: lpfc: Copyright updates for 14.2.0.10 patches
(bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Introduce new attention types for
lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after
FLOGI completion (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs
firmware write (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not
in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in
lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport()
(bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length
(bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used
compiler warnings (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy()
(bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show()
(bsc#1208607).
- commit eecdcbc
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
(bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
(bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
(bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
(bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
(bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
(bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
(bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
(bsc#1208570).
- commit e9e64c0
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
(git-fixes).
- x86/hyperv: Introduce
HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants
(git-fixes).
- PCI: hv: update comment in x86 specific hv_arch_irq_unmask
(git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- commit e18f1a9
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- commit 43b143c
- drm/hyperv : Removing the restruction of VRAM allocation with
PCI bar size (git-fixes).
- commit 6cc703f
- powercap: fix possible name leak in powercap_register_zone()
(git-fixes).
- commit d3806fa
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- commit f901e29
- blacklist.conf: false positive
- commit b59e5d1
- usb: musb: Add and use inline function musb_otg_state_string
(git-fixes).
- commit cd1604d
- usb: musb: Add and use inline functions musb_{get,set}_state
(git-fixes).
- commit 4523590
- usb: musb: remove schedule work called after flush (git-fixes).
- commit f3d8faf
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
(git-fixes).
- commit b3d3528
- usb: dwc3: qcom: clean up icc init (git-fixes).
- commit 88d9416
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- commit b64ea4c
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- commit 2e3d004
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- Refresh
patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit 9b6a3e2
- Revert "/usb: dwc3: qcom: Keep power domain on to retain
controller status"/ (git-fixes).
- commit 2174f55
- usb: dwc3: core: Host wake up support from system suspend
(git-fixes).
- Refresh
patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit f82f88f
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- commit dc0c872
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- commit d9b764b
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit 4cd8f2e
- usb: dwc3: qcom: Keep power domain on to retain controller
status (git-fixes).
- commit f6409bd
- usb: dwc3: qcom: Configure wakeup interrupts during suspend
(git-fixes).
- Refresh patches.suse/usb-dwc3-qcom-fix-runtime-PM-wakeup.patch.
- Refresh
patches.suse/usb-dwc3-qcom-fix-use-after-free-on-runtime-PM-wakeu.patch.
- commit a8bd7ad
- blacklist.conf: kABI
- commit b99a3c8
- s390/dasd: Fix potential memleak in dasd_eckd_init()
(git-fixes).
- commit 4a4e22d
- blacklist.conf: ("/ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer"/)
- commit 5089b86
- ARM: renumber bits related to _TIF_WORK_MASK (git-fixes)
- commit c91243e
- blacklist.conf: ("/ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation"/)
- commit 400cab3
- blacklist.conf: ("/ARM: at91: pm: avoid soft resetting AC DLL"/)
- commit 6bcebc9
- blacklist.conf: ("/ARM: dts: at91: sama7g5: fix signal name of pin PB2"/)
- commit 919e157
- ARM: dts: am5748: keep usb4_tm disabled (git-fixes)
- commit b8d72b7
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: specify proper regulator output ranges"/)
- commit 3ab614b
- blacklist.conf: ("/ARM: at91: pm: fix DDR recalibration when resuming from backup and"/)
- commit 0f7a39d
- blacklist.conf: ("/ARM: at91: pm: fix self-refresh for sama7g5"/)
- commit be8848f
- Update
patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
(CVE-2023-23559 bsc#1207051).
Added CVE reference to patch already merged through git-fixes
- commit a3e1190
- ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- commit 91b832e
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- commit 1de40c0
- blacklist.conf: ("/ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1"/)
- commit fa5a88a
- blacklist.conf: ("/ARM: dts: ux500: Fix Gavini accelerometer mounting matrix"/)
- commit 2b7186a
- blacklist.conf: ("/ARM: dts: ux500: Fix Codina accelerometer mounting matrix"/)
- commit aaa59d4
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- commit 6cae44e
- ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- commit 34357fd
- blacklist.conf: ("/ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt"/)
- commit c94ffa5
- virt: sevguest: Rename the sevguest dir and files to sev-guest
(bsc#1208449).
- Refresh
patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit efc1984
- virt: sevguest: Change driver name to reflect generic SEV
support (bsc#1208449).
- Refresh
patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit 9995360
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto()
(bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver
(bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap()
(bsc#1208449).
- commit 61ff2a0
- blacklist.conf: ("/ARM: versatile: Add missing of_node_put in dcscb_init"/)
- commit 346b599
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 8b7f9eb
- blacklist.conf: ("/ARM: dts: at91: sama7g5: remove interrupt-parent from gic node"/)
- commit 7886324
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- commit 7eff197
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines"/)
- commit 5fe218b
- blacklist.conf: ("/arm/xen: Fix some refcount leaks"/)
- commit e7dd5e5
- blacklist.conf: ("/ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes"/)
- commit 8a32969
- blacklist.conf: ("/ARM: dts: at91: fix low limit for CPU regulator"/)
- commit 51d5738
- ARM: remove some dead code (git-fixes)
- commit f7ced4a
- blacklist.conf: ("/ARM: 9179/1: uaccess: avoid alignment faults in"/)
- commit ac48f9d
- blacklist.conf: ("/ARM: dts: gpio-ranges property is now required"/)
- commit 8e50da0
- blacklist.conf: ("/Revert "/ARM: 9070/1: Make UNWINDER_ARM depend on ld.bfd or ld.lld"/)
- commit 6e45b56
- blacklist.conf: ("/Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH"/)
- commit db21aa5
- blacklist.conf: ("/ARM: dts: at91: update alternate function of signal PD20"/)
- commit 638e70e
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- commit b3c9eb5
- ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- commit 255b829
- kmap_local: don't assume kmap PTEs are linear arrays in memory (git-fixes)
Update config/armv7hl/default too.
- commit 4f3ffba
- ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- commit 9fe9f3d
- blacklist.conf: ("/ARM: 9131/1: mm: Fix PXN process with LPAE feature"/)
- commit 401f82c
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1c4885c
- blacklist: add commit 752f59637128 ("/docs: filesystems: update netfs-api.rst reference"/)
- commit b636a21
- fscache_cookie_enabled: check cookie is valid before accessing
it (bsc#1208429).
- commit eb9d928
- ceph: flush cap releases when the session is flushed
(bsc#1208428).
- commit 6cc818b
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy
(git-fixes).
- block: don't allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed
(git-fixes).
- block: mq-deadline: Do not break sequential write streams to
zoned HDDs (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir
reference (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
(git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- drivers/md/md-bitmap: check the return value of
md_bitmap_get_counter() (git-fixes).
- block/bfq-iosched.c: use "/false"/ rather than "/BLK_RW_ASYNC"/
(git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- commit 1404ba9
- blacklist.conf: add git-fixes commit which won't be backported
- commit 9c78c8a
- net: mana: Assign interrupts to CPUs based on NUMA nodes
(bsc#1208153).
- Refresh
patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit e0863ac
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit b973d25
- drm/amd/display: Fail atomic_check early on normalize_zpos error
(git-fixes).
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
(git-fixes).
- net: openvswitch: fix possible memory leak in
ovs_meter_cmd_set() (git-fixes).
- commit 305b479
- Set references for "/drm/vmwgfx: Validate the box size for the snooped cursor"/ (bsc#1203332 CVE-2022-36280)
- commit 9d6fa3b
- exit: Use READ_ONCE() for all oops/warn limit reads
(bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- commit 75afc24
- panic: Introduce warn_limit (bsc#1207328).
- panic: Consolidate open-coded panic_on_warn checks
(bsc#1207328).
- kasan: no need to unset panic_on_warn in end_report()
(bsc#1207328).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue()
(bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- commit 2d71785
- Update
patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch
(bsc#1207328, bsc#1208290).
- commit d66a2b6
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
(git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- commit d08ee1f
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- blacklist.conf: blacklist fixups for unsupported arches
- exit: Guarantee make_task_dead leaks the tsk when calling
do_task_exit (bsc#1207328).
- objtool: Add a missing comma to avoid string concatenation
(bsc#1207328).
- commit a5e521f
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- sysctl: add a new register_sysctl_init() interface
(bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead
(bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead
(bsc#1207328).
- exit: Add and use make_task_dead (bsc#1207328).
- commit b158add
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit 6452dee
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit da88ecc
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
(git-fixes).
- x86/asm: Fix an assembler warning with current binutils
(git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
(git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with
CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in
kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the
APs (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state
cannot be saved (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- commit e419e31
- blacklist.conf: add some x86 entries
- commit a9b7553
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit e08d6f4
- Fix page corruption caused by racy check in __free_pages
(bsc#1208149).
- commit 28d64fc
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- commit a36b0e7
- Delete
patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch.
- commit 2fa3c94
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- commit af04c13
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- commit c54f45a
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- commit 16b662e
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- commit ccc63fc
- [infiniband] READ is "/data destination"/, not source... (git-fixes)
- commit e72e699
- bpf: Fix a possible task gone issue with
bpf_send_signal[_thread]() helpers (git-fixes).
- commit 6dd7272
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- commit e9da05e
- tracing: Fix poll() and select() do not work on per_cpu
trace_pipe and trace_pipe_raw (git-fixes).
- commit 6d2cfdd
- trace_events_hist: add check for return value of
'create_hist_field' (git-fixes).
- commit 6dd7173
- tracing: Make sure trace_printk() can output as soon as it
can be used (git-fixes).
- commit cac7b63
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- commit 5ea2f7f
- xfs: hoist refcount record merge predicates (bsc#1208183).
- commit 295092d
- usb: typec: altmodes/displayport: Fix probe pin assign check
(git-fixes).
- commit 26849f9
- nvdimm: disable namespace on error (bsc#1166486).
- commit 195740e
- spi: dw: Fix wrong FIFO level setting for long xfers
(git-fixes).
- commit 81770af
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook,
645 G9 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book2 Pro 360 (git-fixes).
- commit 58ec4c2
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
(git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct
IRQ mode (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value
(git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some
Pins (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts
level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller
interrupts level-sensitive (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts
level-sensitive (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure
(git-fixes).
- ALSA: emux: Avoid potential array out-of-bound in
snd_emux_xg_control() (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- commit 1f306c4
- drm/i915: Initialize the obj flags for shmem objects
(git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait
(git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
init/fini (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already
claimed (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL,
internal PHY (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams
zerocopy benchmarking (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx
programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args
are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized'
compiler warning (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device
after use (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
(git-fixes).
- drm/amd/display: Fix timing not changning when freesync video
is enabled (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
(git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type
0x0010 table (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe
(git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place
(git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- commit 3e5740a
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
Also enable module in aarch64 default configuration.
- commit 75d6ed8
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- commit fa7eb4a
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- commit 6fe03db
- blacklist.conf: Add inapplicable ppc fixes
- commit 27b4e1f
- blacklist.conf: Add more unsupported ppc architecture paths
- commit 7ff8dae
- ACPI: x86: s2idle: Stop using AMD specific codepath for
Rembrandt+ (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
(bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table
(bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG
Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7
(bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14
(bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE
(bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID
(bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt
(bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into
structures (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is
unset (bsc#1206224).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008
(bsc#1206224).
- commit 35655fa
- Update tags
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit 7dd4cb0
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- commit 117a059
- ocfs2: ocfs2_mount_volume does cleanup job before return error
(bsc#1207770).
- commit dfd7632
- ocfs2: quota_local: fix possible uninitialized-variable access
in ocfs2_local_read_info() (bsc#1207768).
- commit 4b2997d
- ext4: fix deadlock due to mbcache entry corruption
(bsc#1207653).
- commit ea7e0f8
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- commit 5549473
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- commit c18a79b
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- commit a2d0061
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- commit 29f0a1d
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- commit ed4271e
- mbcache: Avoid nesting of cache->c_list_lock under bit locks
(bsc#1207647).
- commit 947b83a
- jbd2: add miss release buffer head in fc_do_one_pass()
(bsc#1207646).
- commit c61f342
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
(bsc#1207645).
- commit d4e2227
- jbd2: fix potential buffer head reference count leak
(bsc#1207644).
- commit 45a2852
- jbd2: wake up journal waiters in FIFO order, not LIFO
(bsc#1207643).
- commit 8fd722e
- vfs: Check the truncate maximum size in inode_newsize_ok()
(bsc#1207642).
- commit 4685fa4
- jbd2: fix a potential race while discarding reserved buffers
after an abort (bsc#1207641).
- commit b0b81dd
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- commit 5afbf05
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit 1e65abd
- quota: Prevent memory allocation recursion while holding dq_lock
(bsc#1207639).
- commit a7495d2
- blacklist.conf: Blacklist dd5532a4994b
- commit 4bd9a40
- writeback: avoid use-after-free after removing device
(bsc#1207638).
- commit 1776642
- ext4: fix reserved cluster accounting in __es_remove_extent()
(bsc#1207637).
- commit 17f75d7
- ext4: fix inode leak in ext4_xattr_inode_create() on an error
path (bsc#1207636).
- commit 86dbaea
- ext4: allocate extended attribute value in vmalloc area
(bsc#1207635).
- commit 3278f6d
- ext4: avoid unaccounted block allocation when expanding inode
(bsc#1207634).
- commit 587e0b3
- ext4: initialize quota before expanding inode in setproject
ioctl (bsc#1207633).
- commit 09b6e51
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
(bsc#1206894).
- commit e824a9a
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- commit 59e5f40
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc
+ inline (bsc#1207631).
- commit fcf7010
- ext4: fix uninititialized value in 'ext4_evict_inode'
(bsc#1206893).
- commit a4ce862
- ext4: fix error code return to user-space in ext4_get_branch()
(bsc#1207630).
- commit 3052920
- blacklist.conf: Blacklist 89481b5fa8c0
- commit aafc810
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- commit 9d7a800
- ext4: fix off-by-one errors in fast-commit block filling
(bsc#1207628).
- commit b215d68
- ext4: fix unaligned memory access in ext4_fc_reserve_space()
(bsc#1207627).
- commit 5e2318b
- ext4: add missing validation of fast-commit record lengths
(bsc#1207626).
- commit 9374e7a
- ext4: fix leaking uninitialized memory in fast-commit journal
(bsc#1207625).
- commit bea0a27
- ext4: don't set up encryption key during jbd2 transaction
(bsc#1207624).
- commit 94c26c2
- ext4: disable fast-commit of encrypted dir operations
(bsc#1207623).
- commit 8b84b5f
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- commit 868c482
- ext4: don't allow journal inode to have encrypt flag
(bsc#1207621).
- commit fa42934
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit fe391f3
- ext4: fix bug_on in __es_tree_search caused by bad boot loader
inode (bsc#1207620).
- commit b0bf8bc
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
(bsc#1207619).
- commit 0e8c6a3
- ext4: add helper to check quota inums (bsc#1207618).
- commit 710d5f0
- blacklist.conf: Blacklist 78742d4d056d
- commit 510a3a2
- ext4: add inode table check in __ext4_get_inode_loc to aovid
possible infinite loop (bsc#1207617).
- commit 4fac5ac
- blacklist.conf: Blacklist 318cdc822c63
- commit efccaca
- ext4: silence the warning when evicting inode with
dioread_nolock (bsc#1206889).
- commit a2ec490
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 786ae72
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 0e67070
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1206886).
- commit b11568d
- ext4: fix potential out of bound read in ext4_fc_replay_scan()
(bsc#1207616).
- commit 191b92e
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- commit 4278623
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- commit 54601c7
- ext4: update 'state->fc_regions_size' after successful memory
allocation (bsc#1207613).
- commit dca6962
- ext4: fix potential memory leak in ext4_fc_record_regions()
(bsc#1207612).
- commit 65b0d99
- ext4: fix potential memory leak in
ext4_fc_record_modified_inode() (bsc#1207611).
- commit 313959b
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- commit 73881e2
- ext4: fix miss release buffer head in ext4_fc_write_inode
(bsc#1207609).
- commit 60277f8
- ext4: fix dir corruption when ext4_dx_add_entry() fails
(bsc#1207608).
- commit d8d3c16
- ext4: place buffer head allocation before handle start
(bsc#1207607).
- commit 767ca31
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't
uptodate (bsc#1207606).
- commit 7864371
- ext4: don't increase iversion counter for ea_inodes
(bsc#1207605).
- commit 15b3923
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit 0a2f6bf
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit a8218a0
- ext4: don't run ext4lazyinit for read-only filesystems
(bsc#1207603).
- commit d920748
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit efade7c
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit caafbe8
- ext4: limit the number of retries after discarding
preallocations blocks (bsc#1207602).
- commit 550c1e6
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1206881).
- commit 846b339
- blacklist.conf: Blacklist mballoc opimization fixes
- commit 2ee70c1
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit cee3b5d
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 5f27096
- blacklist.conf: Blacklist 51ae846cff56
- commit 8cb8660
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit 7565182
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit 5344160
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 51cff2a
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit 0336ab6
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit b84af9c
- blacklist.conf: Blacklist 4978c659e7b5
- commit a7e7239
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit e6b6979
- blacklist.conf: Blacklist fs/ext2
- commit 1e7297b
- blacklist.conf: Blacklist 4efd9f0d120c
- commit 3b5e25a
- ext4: fix bug_on in start_this_handle during umount filesystem
(bsc#1207594).
- commit 90713b0
- blacklist.conf: Blacklist c864ccd182d6
- commit bc0a035
- blacklist.conf: Blacklist cc5095747edf
- commit 60d47ef
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
(bsc#1207593).
- commit 2407741
- ext4: correct cluster len and clusters changed accounting in
ext4_mb_mark_bb (bsc#1207592).
- commit b2577a3
- ext4: fast commit may miss file actions (bsc#1207591).
- commit ea4e204
- ext4: fast commit may not fallback for ineligible commit
(bsc#1207590).
- commit 5e4d8de
- ext4: simplify updating of fast commit stats (bsc#1207589).
- commit 85414f9
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- commit 62a4d65
- mm/memory.c: fix race when faulting a device private page
(CVE-2022-3523, bsc#1204363).
nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523,
bsc#1204363).
mm/memory: return vm_fault_t result from migrate_to_ram()
callback (CVE-2022-3523, bsc#1204363).
kabi: workaround for migrate_vma.fault_page (CVE-2022-3523,
bsc#1204363).
- commit 14f6a2f
- x86: link vdso and boot with -z noexecstack
- -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
(bsc#1203200).
- commit dc30142
- kexec-tools
-
- kexec-tools-ppc64-remove-rma_top-limit.patch: remove ram_top
restriction (bsc#1203410)
- ldb
-
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
+ CVE-2022-32746 ldb: db: Use-after-free occurring in
database audit logging module; (bso#15009); (bsc#1201490).
+ CVE-2022-32746: samba: ldb: Use-after-free occurring in
database audit logging module; (bso#15009); (bsc#1201490).
- libgcrypt
-
- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
* Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch
- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
* Add libgcrypt-FIPS-ECC-disallow-skip-test.patch
- FIPS: PBKDF2: Add additional checks for the minimum key length,
salt length, iteration count and passphrase length to the kdf
fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926]
* Add libgcrypt-FIPS-pkdf2-Additional-checks.patch
- libsolv
-
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
- libzypp
-
- ProgressData: enforce reporting the INIT||END state
(bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
(bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
(bsc#1203248)
Without enabled repos, the dependent PTF-packages would be
removed (not replaced!) as well. To remove a PTF "/zypper install
- - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
This will update the installed PTF packages to theit latest
version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
This patch hopefully fixes logging on WSL, getsockopt seems to
not be fully supported but the code required it when accepting
new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
(fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
settings.
- Implement geoIP feature for zypp.
This patch adds a feature to rewrite request URLs to the repo
servers by querying a geoIP file from download.opensuse.org. This
file can return a redirection target depending on the clients IP
adress, this way we can directly contact a local mirror of d.o.o
instead. The redir target stays valid for 24hrs.
This feature can be disabled in zypp.conf by setting
'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server
MediaMultiCurl used to fallback to a fixed, relatively small
BLKSIZE. This patch changes the fallback into a dynamic value
based on the filesize using a similar metric as the MirrorCache
implementation on the server side.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to
calculate if a repository needs to be refreshed. This
optimisation only takes place if the repo does specify only
downloading base urls.
- version 17.31.3 (22)
- nfs-utils
-
- Rename all drop-in options.conf files as 10-options.conf
This makes it easier for other packages to over-ride
with a drop-in with a later sequence number.
resource-agents does this.
(bsc#1207843)
- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
Avoid modprobe errors when sysctl is not installed.
(bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Add "/-S scope"/ option to rpc.nfsd to simplify fail-over cluster
config.
(bsc#1203746)
- openssl-1_1
-
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
FIPS: Service-level indicator [bsc#1208998]
* Add additional check required by FIPS 140-3. Minimum values for
PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
iteration count and 20 characters for password.
* Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
- python-PyJWT
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
was fixed upstream in version 2.4.0
- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
- Security
- [CVE-2022-29217] Prevent key confusion through
non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
- Other changes:
- Explicit check the key for ECAlgorithm by @estin in
https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx
in https://github.com/jpadilla/pyjwt/pull/742
- Don't use implicit optionals by @rekyungmin in
https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete()
by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in
https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx
in https://github.com/jpadilla/pyjwt/pull/743
- Add support for Python 3.10 by @hugovk in
https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in
https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey
when encoding by @dmahr1 in
https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in
https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by
@fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx
in https://github.com/jpadilla/pyjwt/pull/744
- Update to 2.3.0
* Revert "/Remove arbitrary kwargs."/ (#701)
* Add exception chaining (#702)
- from version 2.2.0
* Remove arbitrary kwargs. (#657)
* Use timezone package as Python 3.5+ is required. (#694)
* Assume JWK without the "/use"/ claim is valid for signing
as per RFC7517 (#668)
* Prefer `headers["/alg"/]` to `algorithm` in `jwt.encode()`. (#673)
* Fix aud validation to support {'aud': null} case. (#670)
* Make `typ` optional in JWT to be compliant with RFC7519. (#644)
* Remove upper bound on cryptography version. (#693)
* Add support for Ed448/EdDSA. (#675)
- update to 2.1.0:
- Allow claims validation without making JWT signature validation mandatory. `
- Remove padding from JWK test data. `
- Make `kty` mandatory in JWK to be compliant with RFC7517. `
- Allow JWK without `alg` to be compliant with RFC7517. `
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `
- Add caching by default to PyJWKClient `
- Add missing exceptions.InvalidKeyError to jwt module __init__ imports `
- Add support for ES256K algorithm `
- Add `from_jwk()` to Ed25519Algorithm `
- Add `to_jwk()` to Ed25519Algorithm `
- Export `PyJWK` and `PyJWKSet`
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.0.1:
* Drop support for Python 2 and Python 3.0-3.5
* Require cryptography >= 3
* Drop support for PyCrypto and ECDSA
* Drop CLI
* Improve typings
* Dropped deprecated errors
* Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
* Dropped deprecated ``verify`` param in ``jwt.decode(...)``
* Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
* Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
* Introduce better experience for JWKs
* further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
- python-cryptography
-
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
* Don't allow update_into to mutate immutable objects
- python3
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- samba
-
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "/dnsHostname"/ attribute can be
deleted by unprivileged authenticated users; (bso#15276);
(bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
be discovered; (bso#15270); (bsc#1209485).
- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).
- shim
-
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
be merged to v5.19. On the other hand, upstream is working on
improve compressed kernel stage for NX:
[PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
- shim-Enable-TDX-measurement-to-RTMR-register.patch
- Enable TDX measurement to RTMR register (jsc#PED-1273)
- 4fd484e4c2 15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
- Patches (git log --oneline --reverse 15.6..15.7)
0eb07e1 Make SBAT variable payload introspectable
092c2b2 Reference MokListRT instead of MokList
8b59b69 Add a link to the test plan in the readme.
4fd484e Enable TDX measurement to RTMR register
14d6339 Discard load-options that start with a NUL
5c537b3 shim: Flush the memory region from i-cache before execution
2d4ebb5 load_cert_file: Fix stack issue
ea4911c load_cert_file: Use EFI RT memory function
0cf43ac Add -malign-double to IA32 compiler flags
17f0233 pe: Fix image section entry-point validation
5169769 make-archive: Build reproducible tarball
aa1b289 mok: remove MokListTrusted from PCR 7
53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
616c566 More coverity modeling
ea0d0a5 Update shim's .sbat to sbat,3
dd8be98 Bump grub's sbat requirement to grub,3
1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
- 15.7 release note https://github.com/rhboot/shim/releases
Make SBAT variable payload introspectable by @chrisccoulson in #483
Reference MokListRT instead of MokList by @esnowberg in #488
Add a link to the test plan in the readme. by @vathpela in #494
[V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
Discard load-options that start with a NUL by @frozencemetery in #505
load_cert_file bugs by @esnowberg in #523
Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
pe: Fix image section entry-point validation by @iokomin in #518
make-archive: Build reproducible tarball by @julian-klode in #527
mok: remove MokListTrusted from PCR 7 by @baloo in #519
- Drop upstreamed patch:
- shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
- Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify()
- 53509eaf22 15.7
- shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
- For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
- The following patches are merged to 15.7
aa1b289a1a mok: remove MokListTrusted from PCR 7
0cf43ac6d7 Add -malign-double to IA32 compiler flags
ea4911c2f3 load_cert_file: Use EFI RT memory function
2d4ebb5a79 load_cert_file: Fix stack issue
5c537b3d0c shim: Flush the memory region from i-cache before execution
14d6339829 Discard load-options that start with a NUL
092c2b2bbe Reference MokListRT instead of MokList
0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
patches between 15.6 with aa1b289a1a (jsc#PED-127):
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
and shim.changes: (jsc#PED-127)
- Add some change log from SLE shim.changes to Factory shim.changes
Those messages are added "/(sync shim.changes from SLE)"/ tag.
- Add the following changes to shim.spec
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
on openSUSE.
- Enable the AArch64 signature check for SLE:
[#] AArch64 signature
signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
(bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
- shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
which is from upstream grub2.cve_2021_3695.ms keybase channel.
- For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
support efi-app-aarch64 target. So we need the following patches in bintuils:
- binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
- binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
- binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
- Patches (git log --oneline --reverse 15.5~..77144e5a4)
448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
a2da05f shim: implement SBAT verification for the shim_lock protocol
bda03b8 post-process-pe: Fix a missing return code check
af18810 CI: don't cancel testing when one fails
ba580f9 CI: remove EOL Fedoras from github actions
bfeb4b3 Remove aarch64 build tests before f35
38cc646 CI: Add f36 and centos9 CI build tests.
b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
31094e5 tests: also look for system headers in multi-arch directories
4df989a mock-variables.c: fix gcc warning
6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
2670c6a Allow MokListTrusted to be enabled by default
5c44aaf Add code of conduct
d6eb9c6 Modernize aarch64
9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
de87985 make: don't treat cert.S specially
803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
bb4b60e Add verify_image
acfd48f Abstract out image reading
35d7378 Load additional certs from a signed binary
8ce2832 post-process-pe: there is no 's' argument.
465663e Add some missing PE image flag definitions
226fee2 PE Loader: support and require NX
df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
f81a7cc SBAT revocation management
abe41ab make: unbreak scan-build again for gnu-efi
610a1ac sbat.h: minor reformatting for legibility
f28833f peimage.h: make our signature macros force the type
5d789ca Always initialize data/datasize before calling read_image()
a50d364 sbat policy: make our policy change actions symbolic
5868789 load_certs: trust dir->Read() slightly less.
a78673b mok.c: fix a trivial dead assignment
759f061 Fix preserve_sbat_uefi_variable() logic
aa61fdf Give the Coverity scanner some more GCC blinders...
0214cd9 load_cert_file(): don't defererence NULL
1eca363 mok import: handle OOM case
75449bc sbat: Make nth_sbat_field() honor the size limit
c0bcd04 shim-15.6~rc1
77144e5 SBAT Policy latest should be a one-shot
- 15.5 release note https://github.com/rhboot/shim/releases
Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
mok: allocate MOK config table as BootServicesData by @lcp in #361
Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
Relax the check for import_mok_state() by @lcp in #372
SBAT.md: trivial changes by @hallyn in #389
shim: another attempt to fix load options handling by @chrisccoulson in #379
Add tests for our load options parsing. by @vathpela in #390
arm/aa64: fix the size of .rela* sections by @lcp in #383
mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
mok: relax the maximum variable size check by @lcp in #369
Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
Fallback allocation errors by @vathpela in #402
shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
str: remove duplicate parameter check by @xypron in #408
fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
Test mok mirror by @vathpela in #394
Modify sbat.md to help with readability. by @eshiman in #398
csv: detect end of csv file correctly by @xypron in #404
Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
pe: simplify generate_hash() by @xypron in #411
Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
Fallback to default loader if parsed one does not exist by @julian-klode in #393
fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
Better console checks by @vathpela in #416
docs: update SBAT UEFI variable name by @nicholasbishop in #421
Don't parse load options if invoked from removable media path by @julian-klode in #399
fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
Shim 15.5 coverity by @vathpela in #439
Allocate mokvar table in runtime memory. by @vathpela in #447
Remove post-process-pe on 'make clean' by @vathpela in #448
pe: missing perror argument by @xypron in #443
- 15.6-rc1 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
- 15.6 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
SBAT Policy latest should be a one-shot by @jsetje in #481
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
pe: Perform image verification earlier when loading grub by @chriscoulson
Update advertised sbat generation number for shim by @jsetje
Update SBAT generation requirements for 05/24/22 by @jsetje
Also avoid CVE-2022-28737 in verify_image() by @vathpela
- Drop upstreamed patch:
- shim-bsc1184454-allocate-mok-config-table-BS.patch
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- 4068fd42c8 15.5-rc1~70
- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
- Handle ignore_db and user_insecure_mode correctly
- 822d07ad4f07 15.5-rc1~73
- shim-bsc1185621-relax-max-var-sz-check.patch
- Relax the maximum variable size check for u-boot
- 3f327f546c219634b2 15.5-rc1~49
- shim-bsc1185261-relax-import_mok_state-check.patch
- Relax the check for import_mok_state() when Secure Boot is off
- 9f973e4e95b113 15.5-rc1~67
- shim-bsc1185232-relax-loadoptions-length-check.patch
- Relax the check for the LoadOptions length
- ada7ff69bd8a95 15.5-rc1~52
- shim-fix-aa64-relsz.patch
- Fix the size of rela* sections for AArch64
- 34e3ef205c5d65 15.5-rc1~51
- shim-bsc1187260-fix-efi-1.10-machines.patch
- Don't call QueryVariableInfo() on EFI 1.10 machines
- 493bd940e5 15.5-rc1~69
- shim-bsc1185232-fix-config-table-copying.patch
- Avoid buffer overflow when copying the MOK config table
- 7501b6bb44 15.5-rc1~50
- shim-bsc1187696-avoid-deleting-rt-variables.patch
- Avoid deleting the mirrored RT variables
- b1fead0f7c9 15.5-rc1~37
- Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
to make sure all object files gets rebuilt
- reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
in shim-15.6.tar.bz2
- shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
pe: Fix a buffer overflow when SizeOfRawData VirtualSize
- shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
pe: Perform image verification earlier when loading grub
- shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
Update advertised sbat generation number for shim
- shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
Update SBAT generation requirements for 05/24/22
- shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
Also avoid CVE-2022-28737 in verify_image()
- 0006-shim-15.6-rc2.patch
- 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
sbat: add the parsed SBAT variable entries to the debug log
- 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
show the prompt to ask whether the user trusts openSUSE certificate or not
(bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
(sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
- sudo
-
- Fix CVE-2023-28486, sudo does not escape control characters in
log messages, (CVE-2023-28486, bsc#1209362)
* sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
* bsc#1203201
* Do not re-enable the reader when flushing the buffers as part
of pty_finish().
* While sudo-observe-SIGCHLD patch applied earlier prevents a
race condition from happening, this fixes a related buffer hang.
- Added sudo-no-double-free.patch
* bsc#1208595, CVE-2023-27320
* Fix a situation where per-command chroot sudoers rules can cause
a double-free.
- Added sudo-no-passwd-for-nonexisting-cmd.patch
* bsc#1206772
* If NOPASSWD is specified, don't ask for password if command is
not found.
- Added sudo-fix_NULL_deref_RunAs.patch
* bsc#1206483
* Fix a situation where "/sudo -U otheruser -l"/ would dereference
a NULL pointer.
- suse-build-key
-
- Establish multiple new 4096 RSA keys that we will switch
to mid of 2023. (jsc#PED-2777)
- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
new RSA 4096 key for the SUSE registry registry.suse.com, installed as
suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
New PTF container signing key for registry.suse.com/ptf/ space.
- suse-module-tools
-
- Update to version 15.4.16:
* modprobe.conf: s390x: remove softdep on fbcon (boo#1207853)
- systemd
-
- Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16)
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not more needed since udev hwdb was
introduced 11 years ago.
- Move systemd-boot and all components managing (secure) UEFI boot into udev
sub-package: they may deserve a dedicated sub-package in the future but for
now move them to udev so they aren't installed in systemd based containers.
- systemd-presets-common-SUSE
-
- Enable systemd-pstore.service by default (jsc#PED-2663)
- vim
-
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- xen
-
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
- zstd
-
- Fix CVE-2022-4899, bsc#1209533
* Fix buffer underflow when dir1 == "/"/
* Disallow empty string as an argument for --output-dir-flat="/"/
and --output-dir-mirror="/"/.
- Added patches:
* Disallow-empty-output-directory.patch
* Fix-buffer-underflow-for-null-dir1.patch
- zypper
-
- BuildRequires: libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
A remove command which prefers replacing dependant packages to
removing them as well.
A PTF is typically removed as soon as the fix it provides is
applied to the latest official update of the dependant packages.
But you don't want the dependant packages to be removed together
with the PTF, which is what the remove command would do. The
removeptf command however will aim to replace the dependant
packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
(bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires: libzypp-devel >= 17.31.5
- version 1.14.58