- catatonit
-
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
- 99bb9048f.patch
- coreutils
-
- ls: avoid triggering automounts (bsc#1221632)
- add coreutils-ls-avoid-triggering-automounts.patch
- e2fsprogs
-
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
several tests (bsc#1223596)
- kdump
-
- spec: return success from pre, post, preun and postun scriplets
(bsc#1222228, bsc#1191410)
- spec: differentiate between uninstall and upgrade in postun/preun
(bsc#1191410)
- kernel-default
-
- Update
patches.suse/efi-libstub-Implement-support-for-unaccepted-memory.patch
(jsc#PED-7167, bsc#1224169).
- commit a57eb93
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858).
- commit e50ed21
- netfilter: nft_ct: fix l3num expectations with inet pseudo
family (git-fixes).
- commit 87e8a80
- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- commit 8f3269f
- Update
patches.suse/1576-drm-amd-display-fix-memory-leak-when-using-debugfs_l.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48698 bsc#1223956).
- commit a0e3008
- Update patches.suse/ice-Fix-DMA-mappings-leak.patch (jsc#PED-376
CVE-2022-48690 bsc#1223960).
- commit 7e1bf3d
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- Update
patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
(jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
(git-fixes CVE-2022-48692 bsc#1223962).
- Update
patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
(bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
(git-fixes CVE-2022-48704 bsc#1223932).
- Update
patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
(jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
(git-fixes CVE-2022-48673 bsc#1223934).
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
CVE-2022-48697 bsc#1223922).
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- Update
patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
(bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
CVE-2022-48700 bsc#1223957).
- commit c8677b5
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 6e591e7
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit 517d4f7
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505).
Unbreak metadata (References: collides with our internal tracking,
switch to Fixes: when referencing a commit).
- commit cd38265
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in
custom expectations (bsc#1222368 CVE-2024-26673).
- commit 785b7d0
- igc: avoid returning frame twice in XDP_REDIRECT (bsc#1223061
CVE-2024-26853).
- commit 021db33
- net: sparx5: Fix use after free inside sparx5_del_mact_entry
(bsc#1223052 CVE-2024-26856).
- commit fc5c6ad
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993 bsc#1223693)
- commit b0c9830
- Update
patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
(git-fixes CVE-2022-48675 bsc#1223894).
- Update
patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
(git-fixes CVE-2022-48634 bsc#1223501).
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
context management under GEM") bsc#1223505).
- Update
patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
(git-fixes CVE-2022-48632 bsc#1223481).
- Update
patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
(git-fixes CVE-2022-48652 bsc#1223520).
- Update
patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
(git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c
- blacklist.conf: add a not-relevant module-loader patch
- commit 90c64db
- ring-buffer: Only update pages_touched when a new page is
touched (git-fixes).
- commit b42aba1
- kprobes: Fix possible use-after-free issue on kprobe
registration (git-fixes).
- commit e007447
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page
in concurrent environment (git-fixes).
- commit 118cfcd
- tracing/net_sched: Fix tracepoints that save qdisc_dev()
as a string (git-fixes).
- commit a272f90
- tracing: Show size of requested perf buffer (git-fixes).
- commit f8d068b
- Bluetooth: Add new quirk for broken read key length on ATS2851
(git-fixes).
- commit 9ac913a
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE
(git-fixes).
- commit 83cd609
- fuse: don't unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal
(bsc#1223949).
- commit fdf9216
- RDMA/cm: Print the old state when cm_destroy_id gets timeout
(git-fixes).
- commit 9b2934b
- nouveau: lock the client object tree. (bsc#1223834 CVE-2024-27062)
- commit e828498
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- commit 5647172
- drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() (CVE-2024-27041 bsc#1223714)
- commit ae6f7a9
- tun: limit printing rate when illegal packet received by tun
dev (bsc#1223745 CVE-2024-27013).
- net/mlx5e: Prevent deadlock while disabling aRFS (bsc#1223735
CVE-2024-27014).
- octeontx2-af: Use separate handlers for interrupts (bsc#1223790
CVE-2024-27030).
- wireguard: netlink: access device through ctx instead of peer
(bsc#1223661 CVE-2024-26950).
- wireguard: netlink: check for dangling peer via is_dead instead
of empty list (bsc#1223660 CVE-2024-26951).
- wireguard: receive: annotate data-race around
receiving_counter.counter (bsc#1223076 CVE-2024-26861).
- nfp: flower: handle acti_netdevs allocation failure (bsc#1223827
CVE-2024-27046).
- commit b495510
- drm/amd/display: Add a dc_state NULL check in dc_state_release (CVE-2024-26948 bsc#1223664)
- commit 211db77
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation
(git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- usb: typec: tcpm: Check for port partner validity before
consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before
re-registration (bsc#1220569).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual
SuperSpeed device (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup
packets (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic
(git-fixes).
- commit d9cff03
- pstore: inode: Only d_invalidate() is needed (bsc#1223705
CVE-2024-27389).
- commit bbe965a
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
(stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops
(stable-fixes).
- commit 86753e0
- ASoC: meson: axg-tdm-interface: manage formatters in trigger
(git-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe
(git-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of
device_get_named_child_node() (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events
(git-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()
v2 (git-fixes).
- spi: hisi-kunpeng: Delete the dump interface of data registers
in debugfs (git-fixes).
- commit 79c4a57
- wifi: iwlwifi: mvm: ensure offloading TID queue exists
(CVE-2024-27056 bsc#1223822).
- wifi: iwlwifi: mvm: protect TXQ list manipulation
(CVE-2024-27056 bsc#1223822).
- commit 5895d13
- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
bsc#1223824).
- commit e3d9ce5
- clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
(CVE-2024-27039 bsc#1223821).
- commit 70ad74a
- clk: Fix clk_core_get NULL dereference (CVE-2024-27038
bsc#1223816).
- commit bcf8ce4
- Rename to
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch.
- commit e953a9a
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes
bsc#1223879).
- commit 1b0c7f2
- s390/mm: Fix storage key clearing for guest huge pages
(git-fixes bsc#1223878).
- commit fc57acc
- s390/mm: Fix clearing storage keys for huge pages (git-fixes
bsc#1223877).
- commit c73273d
- s390/vdso: Add CFI for RA register to asm macro vdso_func
(git-fixes bsc#1223876).
- commit 15b93ff
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes
bsc#1223875).
- commit c670b5d
- NTB: fix possible name leak in ntb_register_device()
(CVE-2023-52652 bsc#1223686).
- commit 206337a
- mm: swap: fix race between free_swap_and_cache() and swapoff()
(CVE-2024-26960 bsc#1223655).
- commit b6bee56
- swap: comments get_swap_device() with usage rule (CVE-2024-26960
bsc#1223655).
- commit 15510e4
- Refresh patches.suse/powerpc-pseries-iommu-LPAR-panics-when-rebooted-with.patch.
- commit 2ecdc0a
- clk: qcom: mmcc-msm8974: fix terminating of frequency table
arrays (CVE-2024-26965 bsc#1223648).
- commit 1dd34df
- clk: qcom: mmcc-apq8084: fix terminating of frequency table
arrays (CVE-2024-26966 bsc#1223646).
- commit a12a96e
- clk: qcom: gcc-ipq8074: fix terminating of frequency table
arrays (CVE-2024-26969 bsc#1223645).
- commit 8dca0be
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit f5401a7
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit cdd225e
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- commit 87fa6a6
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp
(git-fixes).
- commit 77fb94f
- net: stream: purge sk_error_queue in sk_stream_kill_queues()
(git-fixes).
- commit cb9fa4c
- netfilter: br_netfilter: Drop dst references before setting
(git-fixes).
- commit 28508ef
- net: mld: fix reference count leak in mld_{query |
report}_work() (git-fixes).
- commit 389c7c7
- net: ipv6: ensure we call ipv6_mc_down() at most once
(git-fixes).
- commit e46b1a5
- net: fix a memleak when uncloning an skb dst and its metadata
(git-fixes).
- commit 9e895dd
- net: bridge: vlan: fix memory leak in __allowed_ingress
(git-fixes).
- commit 26122cb
- Update patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch
(bsc#1223380 bsc#1217408 bsc#1223640).
- commit 48bb894
- netfilter: ipt_CLUSTERIP: fix refcount leak in
clusterip_tg_check() (git-fixes).
- commit 014c7bb
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- commit f6e1f81
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests
(jsc#PED-7167 git-fixes).
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit 8eb012f
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit
type (jsc#PED-7167 git-fixes).
- commit 554f303
- Update
patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
(bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c
- clk: qcom: gcc-ipq6018: fix terminating of frequency table
arrays (CVE-2024-26970 bsc#1223644).
- commit 0c0dddd
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
(stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails
(stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
(stable-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
(stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
(git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry
(stable-fixes).
- commit ac12ea7
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
(CVE-2024-26852 bsc#1223057)
- commit d89430d
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- commit 4bfffd4
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- commit 1d62037
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- commit 93fb4e2
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- commit 5fec238
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- commit 8f27cd5
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit d2d22f0
- s390/decompressor: fix misaligned symbol build error (git-fixes
bsc#1223785).
- commit 47fb728
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- commit c7b5bd6
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- commit a134662
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- commit bb84f10
- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
(CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
(CVE-2024-23848 bsc#1219104).
- commit 70ecf73
- mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659
bsc#1223498).
- commit d72759d
- drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (CVE-2023-52585 bsc#1221080).
- commit cde7c84
- bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1223499
CVE-2022-48640).
- commit 9f14266
- media: cec: abort if the current transmit was canceled
(CVE-2024-23848 bsc#1219104).
- commit e51b978
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit 8ad2647
- Update
patches.suse/ubifs-ubifs_symlink-Fix-memleak-of-inode-i_link-in-error-path.patch
(git-fixes CVE-2024-26972 bsc#1223643).
- commit c1d0983
- Update
patches.suse/nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch
(git-fixes CVE-2024-26955 bsc#1223657).
- commit 59db655
- Update
patches.suse/nilfs2-fix-failure-to-detect-DAT-corruption-in-btree.patch
(git-fixes CVE-2024-26956 bsc#1223663).
- commit b968ba7
- Update patches.suse/nilfs2-fix-OOB-in-nilfs_set_de_type.patch
(git-fixes CVE-2024-26981 bsc#1223668).
- commit 7b2eba5
- ASoC: SOF: Add some bounds checking to firmware data
(CVE-2024-26927 bsc#1223525).
- commit 797ef67
- Update
patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
(git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d
- Update
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
(bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545
- Update
patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
(git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
(bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640
- Update
patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
(jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
(bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6
- drm/i915/gem: Really move i915_gem_context.link under ref
protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422
- Update
patches.suse/net-sched-taprio-avoid-disabling-offload-when-it-was.patch
(bsc#1207361 CVE-2022-48644 bsc#1223511).
- commit 32036dc
- Update
patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
jsc#PED-2849a4e7ccdac38e ("drm/i915: Move context management
under GEM") CVE-2022-48662 bsc#1223505).
- commit 16b0082
- netfilter: nf_tables: disallow timeout for anonymous sets
(CVE-2023-52620 bsc#1221825).
- commit 19a9222
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit a4b4019
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c
- Update
patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
(git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a
- Update
patches.suse/sfc-siena-fix-null-pointer-dereference-in-efx_hard_s.patch
(jsc#PED-1565 CVE-2022-48646 bsc#1223502).
- commit 54704c0
- Update
patches.suse/net-sched-fix-possible-refcount-leak-in-tc_new_tfilt.patch
(bsc#1207361 CVE-2022-48639 bsc#1223490).
- commit 1b88973
- Update
patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
(git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811
- Update
patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
(git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659
- Update
patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
(bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952
- Update
patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
(git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3
- netfilter: nf_tables: fix percpu memory leak at
nf_tables_addchain() (bsc#1223478 CVE-2022-48642).
- commit 839888a
- blacklist.conf: code refactoring
- commit f72ed44
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- commit 15c6bc2
- printk: Avoid non-panic CPUs writing to ringbuffer
(bsc#1223574).
- commit d14ad8e
- Update
patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
(git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad
- blacklist.conf: refactoring, not a fix
- commit ef0f94f
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- commit ed11fe0
- printk: Disable passing console lock owner completely during
panic() (bsc#1223574).
- commit d98358d
- s390/zcrypt: fix reference counting on zcrypt card objects
(git-fixes bsc#1223595).
- commit 0483eb1
- Update
patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
(git-fixes CVE-2024-26875 bsc#1223118).
- commit fd5a947
- printk: ringbuffer: Skip non-finalized records in panic
(bsc#1223574).
- commit c9df6e3
- printk: Wait for all reserved records with pr_flush()
(bsc#1223574).
- commit d04f93d
- Update
patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
(git-fixes CVE-2024-26872 bsc#1223115).
- commit 66d99f5
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- commit a92ce86
- printk: Add this_cpu_in_panic() (bsc#1223574).
- commit 0b039ad
- quota: Fix potential NULL pointer dereference (bsc#1223060
CVE-2024-26878).
- commit 93c484c
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
(bsc#1223198 CVE-2024-26901).
- commit a397ff1
- blk-mq: fix IO hang from sbitmap wakeup race (bsc#1222357
CVE-2024-26671).
- commit 9908e06
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_find_by_goal() (bsc#1222613 CVE-2024-26772).
- commit be73fd6
- printk: Rename abandon_console_lock_in_panic() to
other_cpu_in_panic() (bsc#1223574).
- commit 6336c25
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes).
- commit 111a038
- printk: Drop console_sem during panic (bsc#1223574).
- commit 725427c
- clk: meson: Add missing clocks to axg_clk_regmaps
(CVE-2024-26879 bsc#1223066).
- commit 46eee50
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- commit 0f13b5c
- printk: ringbuffer: Do not skip non-finalized records with
prb_next_seq() (bsc#1223574).
- commit 28b403a
- printk: ringbuffer: Improve prb_next_seq() performance
(bsc#1223574).
- commit 6a93375
- Update
patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
(git-fixes CVE-2024-26820 bsc#1223078).
- commit d0bb689
- Update
patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
(git-fixes CVE-2024-26825 bsc#1223065).
- commit 4685711
- wifi: wfx: fix memory leak when starting AP (CVE-2024-26896
bsc#1223042).
- commit f3e25cb
- Update
patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
(git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
- commit f3895d7
- printk: Use prb_first_seq() as base for 32bit seq macros
(bsc#1223574).
- commit e3b59e0
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- commit 6dcabeb
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- commit c13f8d3
- PM / devfreq: Fix buffer overflow in trans_stat_show
(CVE-2023-52614 bsc#1221617).
- commit 43b7d5b
- Update
patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
(git-fixes CVE-2024-26891 bsc#1223037).
- commit 7b52ba2
- Update
patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
(git-fixes CVE-2024-26833 bsc#1223036).
- commit 6c18411
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1223513 CVE-2022-48651).
- commit c96a663
- net: hns3: fix kernel crash when 1588 is received on HIP08
devices (bsc#1223041 CVE-2024-26881).
- net: ice: Fix potential NULL pointer dereference in
ice_bridge_setlink() (bsc#1223051 CVE-2024-26855).
- geneve: make sure to pull inner header in geneve_rx()
(bsc#1223058 CVE-2024-26857).
- ppp_async: limit MRU to 64K (bsc#1222379 CVE-2024-26675).
- commit 61a60e2
- Update
patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
(git-fixes CVE-2024-26843 bsc#1223014).
- commit 3f9577f
- net: usb: ax88179_178a: stop lying about skb->truesize
(git-fixes).
- commit 416a90a
- Update
patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
(git-fixes CVE-2024-26897 bsc#1223323).
- commit 938950f
- drm/amd/display: Fix MST Null Ptr for RV (CVE-2021-47200 bsc#1222838)
- commit 3d0cc91
- Update
patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
(git-fixes CVE-2024-26895 bsc#1223197).
- commit 73cb93c
- amdkfd: use calloc instead of kzalloc to avoid integer overflow (CVE-2024-26817 bsc#1222812)
- commit 5946a4f
- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb
- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in
task context (CVE-2022-48658 bsc#1223496).
- commit 3480d23
- firmware: arm_scmi: Fix double free in SMC transport cleanup
path (CVE-2024-26893 bsc#1223196).
- commit 689202d
- nfsd: use __fput_sync() to avoid delayed closing of files
(bsc#1223380 bsc#1217408).
- commit aa925bb
- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
This reverts commit b92b60703522e3531f77c5af2f34b4b165007b3a.
This commit was reverted upstream by commit 0ecff05e6c59dd82dbcb9706db911f7fd9f40fb8
with note:
ice_check_vf_ready_for_cfg() already contain waiting for reset.
New condition in ice_check_vf_ready_for_reset() causing only problems.
- commit 33e8bb2
- Update patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch
(jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- commit 29ca2f7
- livepatch: Fix missing newline character in
klp_resolve_symbols() (bsc#1223539).
- commit ccf2afb
- blacklist.conf: cosmetic; kind of code documentation
- commit 6c8cbf7
- blacklist.conf: workqueue: prevent false circular dependency by lockdep,
code churn, primary useful when developing new code, lockdep is
disabled on production kernels (bsc#1223536)
- commit 6ab7164
- Update
patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
(git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d
- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
(CVE-2023-52616 bsc#1221612).
- commit 6fa74bc
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone
index (bsc#1222615 CVE-2024-26783).
- commit d2a6383
- mm/vmscan: make sure wakeup_kswapd with managed zone
(bsc#1223473).
- commit c954567
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd
- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48
- hugetlb, userfaultfd: fix reservation restore on userfaultfd
error (bsc#1222710 CVE-2021-47214).
- commit 4a75d88
- drm/amdgpu: fix use-after-free bug (CVE-2024-26656 bsc#1222307)
- commit 2c0e8cb
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
(git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- idma64: Don't try to serve interrupts when device is powered
off (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions
(stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
(stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product
(stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650
(stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models
(stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants
(stable-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume
(stable-fixes).
- thunderbolt: Fix wake configurations after device unplug
(stable-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb
ep transport error (stable-fixes).
- clk: Get runtime PM before walking tree during disable_unused
(git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- arm64: hibernate: Fix level3 translation fault in swsusp_save()
(git-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with
ALC269VC (stable-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/amd/display: Do not recursively call manual trigger
programming (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
(stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages
(stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB
(stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct
(stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- clk: Print an info line before disabling unused clocks
(stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11
(stable-fixes).
- clk: remove extra empty line (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- commit 2a4676e
- i40e: Fix VF MAC filter removal (git-fixes).
- commit 03f8d56
- mmc: sdhci-msm: pervent access to suspended controller
(git-fixes).
- fbdev: fix incorrect address computation in deferred IO
(git-fixes).
- wifi: nl80211: don't free NULL coalescing rule (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
(git-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new
one (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend
(git-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports
(git-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
dev->devc (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow
(git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
(git-fixes).
- commit eb0d29c
- blacklist.conf: Add 246f80a0b17f8 ("sh: push-switch: Reorder cleanup operations to avoid use-after-free bug")
- commit 701f2ea
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33
- i40e: Do not allow untrusted VF to remove administratively
set MAC (git-fixes CVE-2024-26830 bsc#1223012).
- commit 67a5cff
- net: ip_tunnel: make sure to pull inner header in
ip_tunnel_rcv() (git-fixes CVE-2024-26882 bsc#1223034).
- commit 1915836
- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
(CVE-2023-52635 bsc#1222294).
- commit 6f88f1b
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369
ltc#205888).
- powerpc/rtas: define pr_fmt and convert printk call sites
(bsc#1223369 ltc#205888).
- commit 13f68b5
- Update
patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
(bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a
- Renamepatches before cve/linux-5.14-LTSS
- commit 0b096bb
- PCI: rpaphp: Error out on busy status from get-sensor-state
(bsc#1223369 ltc#205888).
- commit f9716ef
- bpf: Fix stackmap overflow check on 32-bit arches (bsc#1223035
CVE-2024-26883).
- bpf: Fix hashtab overflow check on 32-bit arches (bsc#1223189
CVE-2024-26884).
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
(bsc#1223190 CVE-2024-26885).
- commit c435af8
- Update
patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch
(bsc#1222596 cve-2024-26760), updating CVE number.
- commit 0b78c9a
- powerpc/kasan: Don't instrument non-maskable or raw interrupts
(bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- Refresh patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
- commit 8a00767
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt
(bsc#1221645 ltc#205739 bsc#1223191).
- commit caf6e20
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood
(git-fixes).
- serial: mxs-auart: add spinlock around changing cts state
(git-fixes).
- Revert "usb: cdc-wdm: close race between read and workqueue"
(git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow
(git-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- commit 28e1f50
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- commit e92aa40
- blacklist.conf: We don't support FRED
- commit ce7dd35
- clk: Remove prepare_lock hold assertion in __clk_release()
(git-fixes).
- commit 7812d3f
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit 236cddf
- drm/panel: visionox-rm69299: don't unregister DSI device
(git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference
(git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- nouveau: fix instmem race condition around ptr stores
(git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations
more clearly (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit d2ecf52
- pmdomain: mediatek: fix race conditions with genpd
(CVE-2023-52645 bsc#1223033).
- commit 9a65bfe
- spi: spi-fsl-lpspi: remove redundant spi_controller_put call
(CVE-2024-26866 bsc#1223024).
- commit 1408e84
- spi: lpspi: Avoid potential use-after-free in probe()
(CVE-2024-26866 bsc#1223024).
- commit 233d8aa
- platform/x86: think-lmi: Fix password opcode ordering for
workstations (CVE-2024-26836 bsc#1222968).
- platform/x86: think-lmi: Enable opcode support on BIOS settings
(CVE-2024-26836 bsc#1222968).
- commit 13fd3e3
- net: usb: ax88179_178a: avoid writing the mac address before
first reading (git-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed()
(git-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
(stable-fixes).
- nouveau: fix function cast warning (git-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316
(stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
(stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure
(stable-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used
(stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
active (git-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete()
(git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT
(git-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of
probe (git-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack
(stable-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn
establishes (stable-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
(stable-fixes).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not
attached (stable-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode()
(stable-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
(stable-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms
(stable-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and
MM0110113M (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product
(stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100
(stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
(stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
(git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy
(stable-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is
defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible
(stable-fixes).
- ahci: asm1064: asm1166: don't limit reported ports (git-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for
"phys" fails (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- media: cec: core: remove length check of Timer Status
(stable-fixes).
- ALSA: firewire-lib: handle quirk to calculate payload quadlets
as data block counter (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle
by default" (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant
of the Chuwi Vi8 tablet (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle
(stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided
IDs (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini
(stable-fixes).
- drm/vc4: don't check if plane->state->fb == state->fb
(stable-fixes).
- hwmon: (amc6821) add of_match table (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
(stable-fixes).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
(stable-fixes).
- pstore/zone: Add a null pointer check to the psz_kmsg_read
(stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags
(stable-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running
(stable-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- commit 5f4b68d
- Update
patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
(git-fixes CVE-2024-26798 bsc#1222798).
- commit 3f5154a
- Update
patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
(bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
(CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e
- Update
patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
(git-fixes CVE-2021-47207 bsc#1222790).
- Update
patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
(bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
(jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
(git-fixes CVE-2021-47187 bsc#1222703).
- Update
patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
(git-fixes CVE-2021-47194 bsc#1222829).
- Update
patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
(git-fixes CVE-2021-47205 bsc#1222888).
- Update
patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
(git-fixes CVE-2021-47200 bsc#1222838).
- Update
patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
(jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
(jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
(git-fixes CVE-2021-47217 bsc#1222836).
- Update
patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
(git-fixes CVE-2021-47204 bsc#1222787).
- Update
patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
(jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
(jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
(jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
(bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
(git-fixes CVE-2021-47216 bsc#1222876).
- Update
patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
(git-fixes CVE-2021-47192 bsc#1222867).
- Update
patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
(bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
(bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
(git-fixes CVE-2021-47193 bsc#1222879).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(git-fixes CVE-2021-47191 bsc#1222866).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
(git-fixes CVE-2021-47188 bsc#1222671).
- Update
patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
(git-fixes CVE-2021-47218 bsc#1222791).
- Update
patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
(stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185 bsc#1222669).
- Update
patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
(git-fixes CVE-2021-47206 bsc#1222894).
- Update
patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
(git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
(git-fixes).
- Refresh
patches.suse/coresight-etm-Override-TRCIDR3.CCITMIN-on-errata-affected-cpus.patch.
- commit d93f0f0
- Update
patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
(git-fixes CVE-2024-26779 bsc#1222772).
- commit c8c8675
- wifi: wfx: fix possible NULL pointer dereference in
wfx_set_mfp_ap() (CVE-2023-52593 bsc#1221042).
- commit 846e85e
- iommu/mediatek: Flush IOTLB completely only if domain has
been attached (git-fixes).
- commit 623c929
- media: rkisp1: Fix IRQ disable race issue (CVE-2023-52589
bsc#1221084).
- commit e4627b0
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- commit b3bdbef
- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
- commit 9b2027c
- iommu/amd: Don't block updates to GATag if guest mode is on
(git-fixes).
- commit 9ffdfc7
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- commit c8c9239
- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
bsc#1221299).
- commit e7967c5
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- commit 6d1aa27
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c
(git-fixes).
- commit 452d862
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
(git-fixes).
- commit 161366f
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- commit b3ada40
- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
bsc#1222435).
- commit eb41ab9
- xen/xenbus: document will_handle argument for
xenbus_watch_path() (git-fixes).
- commit c749895
- blacklist.conf: Append 'drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()''
- commit f765ec7
- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d
- blacklist.conf: Append 'drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()''
- commit 182dade
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- libceph: init the cursor when preparing sparse read in msgr2
(bsc#1222247 CVE-2023-52636).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap
(bsc#1223067).
- libceph: just wait for more data to be available on the socket
(bsc#1222247 CVE-2023-52636).
- libceph: rename read_sparse_msg_*() to
read_partial_sparse_msg_*() (bsc#1222247 CVE-2023-52636).
- commit c683288
- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap
functions for FIFO (bsc#1221162 CVE-2023-52488).
- commit 0ac4803
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- commit aa65491
- less
-
- Fix CVE-2024-32487, mishandling of \n character in paths when
LESSOPEN is set leads to OS command execution
(CVE-2024-32487, bsc#1222849)
* CVE-2024-32487.patch
- util-linux
-
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- glib2
-
- Add patches to fix CVE-2024-34397 (boo#1224044):
glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
- openssl-1_1
-
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- tpm2-0-tss
-
- add 0001-FAPI-Fix-check-of-magic-number-in-verify-quote.patch: fixes
CVE-2024-29040 (bsc#1223690): Missing verification of the magic number in
Fapi_VerifyQuote(), which might allow an attacker to generate arbitrary
quote data, which would not be detected by Fapi_VerifyQuote().
- perl
-
- fix space calculation issues in pp_pack.c [bnc#1082216]
[CVE-2018-6913]
* new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
[CVE-2018-6798]
new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
new patch: perl-net-ftp-tls13.diff
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:SLES-release
-
n/a
- suseconnect-ng
-
- Update to version 1.9.0
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
- systemd-presets-branding-SLE
-
- Enable sysctl-logger (jsc#PED-5024)
- tpm2.0-tools
-
- Add 0001-tpm2_checkquote-Fix-check-of-magic-number.patch: tpm2_checkquote
did not check whether the magic number in the attest is equal to
TPM2_GENERATED_VALUE, which might allow a malicious actor to generate
arbitrary quote data, undetected by tpm2_checkquote (bsc#1223687, CVE-2024-29038).
- Add 0001-tpm2_checkquote-Add-comparison-of-pcr-selection.patch:
tpm2_checkquote did not compare the --pcr parameter passed to the tool with
the attest. A malicious actor might thus be able to fake a valid
attestation (bsc#1223689, CVE-2024-29039).
- util-linux-systemd
-
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- wicked
-
- client: fix ifreload to pull UP ports/links again when the config
of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
[+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
[- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
[- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
[- 0003-move-all-attribute-definitions-to-compiler-h.patch]
[- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
[- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]