- Mesa
-
- u_mesa-CVE-2023-45913.patch
* NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId()
(CVE-2023-45913, bsc#1222040)
- u_mesa-CVE-2023-45919.patch
* buffer over-read in glXQueryServerString()
(CVE-2023-45919, bsc#1222041)
- u_mesa-CVE-2023-45922.patch
* segmentation violation in __glXGetDrawableAttribute()
(CVE-2023-45922, bsc#1222042)
- aaa_base
-
- Add patch git-50-845b509c9a005340a0455cb8a7fe084d1b8f1946.patch
* Add mc helpers for both tcsh and bash resources (boo#1203617)
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to also fix the typo to set JAVA_BINDIR in the csh variant
of the alljava profile script (bsc#1221361)
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
make sure the script does not exit with 1 if a file
with content is found (bsc#1222547)
- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- autofs
-
- autofs-5.1.6-remove-intr-hosts-map-mount-option.patch
Don't use the intr option on NFS mounts by default, it's been
ignored by the kernel for a long time now. (bsc#1225130)
- aws-cli
-
- Reconfigure the spec file support builds better in Factory and SLE
supporting different Python interpreter versions
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
- Switch to Python 3.11 build in SLE 15 SP4 and openSUSE Leap 15.4 and
later (jsc#PCT-371)
- Switch to wheel build
- Update to version 1.32.31
* Forward port ac_update-docutils.patch
* api-change:``datazone``: Add new skipDeletionCheck to DeleteDomain. Add
new skipDeletionCheck to DeleteProject which also automatically deletes
dependent objects
* api-change:``route53``: Update the SDKs for text changes in the APIs.
- From 1.32.30
* api-change:``autoscaling``: EC2 Auto Scaling customers who use attribute
based instance-type selection can now intuitively define their Spot
instances price protection limit as a percentage of the lowest priced
On-Demand instance type.
* api-change:``comprehend``: Comprehend PII analysis now supports Spanish
input documents.
* api-change:``ec2``: EC2 Fleet customers who use attribute based
instance-type selection can now intuitively define their Spot instances
price protection limit as a percentage of the lowest priced On-Demand
instance type.
* api-change:``mwaa``: This release adds MAINTENANCE environment status for
Amazon MWAA environments.
* api-change:``rds``: Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS
RestoreDBClusterFromSnapshot and RestoreDBClusterToPointInTime API methods.
This provides enhanced error handling, ensuring a more robust experience.
* api-change:``snowball``: Modified description of createaddress to include
direction to add path when providing a JSON file.
- From 1.32.29
* api-change:``connect``: Update list and string length limits for predefined
attributes.
* api-change:``inspector2``: This release adds ECR container image scanning
based on their lastRecordedPullTime.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now
provides an API to programmatically delete tuning jobs.
- From 1.32.28
* api-change:``acm-pca``: AWS Private CA now supports an option to omit the
CDP extension from issued certificates, when CRL revocation is enabled.
* api-change:``lightsail``: This release adds support for IPv6-only instance
plans.
- From 1.32.27
* api-change:``ec2``: Introduced a new clientToken request parameter on
CreateNetworkAcl and CreateRouteTable APIs. The clientToken parameter
allows idempotent operations on the APIs.
* api-change:``ecs``: Documentation updates for Amazon ECS.
* api-change:``outposts``: DeviceSerialNumber parameter is now optional in
StartConnection API
* api-change:``rds``: This release adds support for Aurora Limitless Database.
* api-change:``storagegateway``: Add DeprecationDate and SoftwareVersion to
response of ListGateways.
- From 1.32.26
* api-change:``inspector2``: This release adds support for CIS scans on EC2
instances.
- From 1.32.25
* bugfix:``s3 sync``: Disable S3 Express support for s3 sync command
- From 1.32.24
* api-change:``appconfigdata``: Fix FIPS Endpoints in aws-us-gov.
* api-change:``cloud9``: Doc-only update around removing AL1 from list of
available AMIs for Cloud9
* api-change:``cloudfront-keyvaluestore``: This release improves upon the
DescribeKeyValueStore API by returning two additional fields, Status of the
KeyValueStore and the FailureReason in case of failures during creation of
KeyValueStore.
* api-change:``connectcases``: This release adds the ability to view audit
history on a case and introduces a new parameter, performedBy, for
CreateCase and UpdateCase API's.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``ecs``: This release adds support for Transport Layer Security
(TLS) and Configurable Timeout to ECS Service Connect. TLS facilitates
privacy and data security for inter-service communications, while
Configurable Timeout allows customized per-request timeout and idle timeout
for Service Connect services.
* api-change:``finspace``: Allow customer to set zip default through command
line arguments.
* api-change:``organizations``: Doc only update for quota increase change
* api-change:``rds``: Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS CreateDBCluster API
method. This provides enhanced error handling, ensuring a more robust
experience when creating database clusters with insufficient instance
capacity.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.23
* api-change:``athena``: Introducing new NotebookS3LocationUri parameter to
Athena ImportNotebook API. Payload is no longer required and either Payload
or NotebookS3LocationUri needs to be provided (not both) for a successful
ImportNotebook API call. If both are provided, an InvalidRequestException
will be thrown.
* api-change:``codebuild``: Release CodeBuild Reserved Capacity feature
* api-change:``dynamodb``: This release adds support for including
ApproximateCreationDateTimePrecision configurations in
EnableKinesisStreamingDestination API, adds the same as an optional field
in the response of DescribeKinesisStreamingDestination, and adds support
for a new UpdateKinesisStreamingDestination API.
* api-change:``qconnect``: Increased Quick Response name max length to 100
- From 1.32.22
* api-change:``b2bi``: Increasing TestMapping inputFileContent file size
limit to 5MB and adding file size limit 250KB for TestParsing input file.
This release also includes exposing InternalServerException for Tag APIs.
* api-change:``cloudtrail``: This release adds a new API
ListInsightsMetricData to retrieve metric data from CloudTrail Insights.
* api-change:``connect``: GetMetricDataV2 now supports 3 groupings
* api-change:``drs``: Removed invalid and unnecessary default values.
* api-change:``firehose``: Allow support for Snowflake as a Kinesis Data
Firehose delivery destination.
* api-change:``sagemaker-featurestore-runtime``: Increase BatchGetRecord
limits from 10 items to 100 items
- From 1.32.21
* api-change:``dynamodb``: Updating note for enabling streams for UpdateTable.
* api-change:``keyspaces``: This release adds support for Multi-Region
Replication with provisioned tables, and Keyspaces auto scaling APIs
- From 1.32.20
* api-change:``iot``: Revert release of LogTargetTypes
* api-change:``iotfleetwise``: Updated APIs: SignalNodeType query parameter
has been added to ListSignalCatalogNodesRequest and ListVehiclesResponse
has been extended with attributes field.
* api-change:``macie2``: This release adds support for analyzing Amazon S3
objects that are encrypted using dual-layer server-side encryption with
AWS KMS keys (DSSE-KMS). It also adds support for reporting DSSE-KMS
details in statistics and metadata about encryption settings for S3 buckets
and objects.
* api-change:``payment-cryptography``: Provide an additional option for key
exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and
ExportKey operations. Added new key usage (type)
TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane
operations with ISO9797 Algorithm 1 MAC calculations.
* api-change:``personalize-runtime``: Documentation updates for Amazon
Personalize
* api-change:``personalize``: Documentation updates for Amazon Personalize.
* api-change:``rekognition``: This release adds ContentType and TaxonomyLevel
attributes to DetectModerationLabels and GetMediaAnalysisJob API responses.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
- From 1.32.19
* api-change:``sagemaker``: This release will have ValidationException thrown
if certain invalid app types are provided. The release will also throw
ValidationException if more than 10 account ids are provided in
VpcOnlyTrustedAccounts.
- From 1.32.18
* api-change:``connect``: Supervisor Barge for Chat is now supported through
the MonitorContact API.
* api-change:``connectparticipant``: Introduce new Supervisor participant
role
* api-change:``location``: Location SDK documentation update. Added missing
fonts to the MapConfiguration data type. Updated note for the
SubMunicipality property in the place data type.
* api-change:``mwaa``: This Amazon MWAA feature release includes new fields
in CreateWebLoginToken response model. The new fields IamIdentity and
AirflowIdentity will let you match identifications, as the Airflow identity
length is currently hashed to 64 characters.
* api-change:``s3control``: S3 On Outposts team adds dualstack endpoints
support for S3Control and S3Outposts API calls.
* api-change:``supplychain``: This release includes APIs
CreateBillOfMaterialsImportJob and GetBillOfMaterialsImportJob.
* api-change:``transfer``: AWS Transfer Family now supports static IP
addresses for SFTP & AS2 connectors and for async MDNs on AS2 servers.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.17
* api-change:``ec2``: This release adds support for adding an
ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``ecs``: This release adds support for adding an
ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``events``: Update events command to latest version
* api-change:``iot``: Add ConflictException to Update APIs of AWS IoT
Software Package Catalog
* api-change:``iotfleetwise``: The following dataTypes have been removed:
CUSTOMER_DECODED_INTERFACE in NetworkInterfaceType;
CUSTOMER_DECODED_SIGNAL_INFO_IS_NULL in SignalDecoderFailureReason;
CUSTOMER_DECODED_SIGNAL_NETWORK_INTERFACE_INFO_IS_NULL in
NetworkInterfaceFailureReason; CUSTOMER_DECODED_SIGNAL in SignalDecoderType
* api-change:``secretsmanager``: Doc only update for Secrets Manager
* api-change:``workspaces``: Added AWS Workspaces RebootWorkspaces
API - Extended Reboot documentation update
- From 1.32.16
* api-change:``connectcampaigns``: Minor pattern updates for Campaign and
Dial Request API fields.
* api-change:``location``: This release adds API support for custom layers
for the maps service APIs: CreateMap, UpdateMap, DescribeMap.
* api-change:``logs``: Add support for account level subscription filter
policies to PutAccountPolicy, DescribeAccountPolicies, and
DeleteAccountPolicy APIs. Additionally, PutAccountPolicy has been modified
with new optional "selectionCriteria" parameter for resource selection.
* api-change:``qconnect``: QueryAssistant and GetRecommendations will be
discontinued starting June 1, 2024. To receive generative responses after
March 1, 2024 you will need to create a new Assistant in the Connect
console and integrate the Amazon Q in Connect JavaScript library
(amazon-q-connectjs) into your applications.
* api-change:``redshift-serverless``: Updates to ConfigParameter for RSS
workgroup, removal of use_fips_ssl
* api-change:``route53``: Route53 now supports geoproximity routing in AWS
regions
* api-change:``wisdom``: QueryAssistant and GetRecommendations will be
discontinued starting June 1, 2024. To receive generative responses after
March 1, 2024 you will need to create a new Assistant in the Connect
console and integrate the Amazon Q in Connect JavaScript library
(amazon-q-connectjs) into your applications.
- From 1.32.15
* api-change:``codebuild``: Aws CodeBuild now supports new compute type
BUILD_GENERAL1_XLARGE
* api-change:``ec2``: Amazon EC2 R7iz bare metal instances are powered by
custom 4th generation Intel Xeon Scalable processors.
* api-change:``route53resolver``: This release adds support for query type
configuration on firewall rules that enables customers for granular action
(ALLOW, ALERT, BLOCK) by DNS query type.
- From 1.32.14
* api-change:``connect``: Minor trait updates for User APIs
* api-change:``kms``: Documentation updates for AWS Key Management Service
(KMS).
* api-change:``redshift-serverless``: use_fips_ssl and require_ssl parameter
support for Workgroup, UpdateWorkgroup, and CreateWorkgroup
- From 1.32.13
* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config in November and December 2023.
* api-change:``docdb``: Adding PerformanceInsightsEnabled and
PerformanceInsightsKMSKeyId fields to DescribeDBInstances Response.
* api-change:``ecs``: This release adds support for managed instance
draining which facilitates graceful termination of Amazon ECS instances.
* api-change:``es``: This release adds support for new or existing Amazon
OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward
secrecy cipher suites for domain endpoints.
* api-change:``lightsail``: This release adds support to set up an HTTPS
endpoint on an instance.
* api-change:``opensearch``: This release adds support for new or existing
Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward
secrecy cipher suites for domain endpoints.
* api-change:``sagemaker``: Adding support for provisioned throughput mode
for SageMaker Feature Groups
* api-change:``servicecatalog``: Added Idempotency token support to Service
Catalog AssociateServiceActionWithProvisioningArtifact,
DisassociateServiceActionFromProvisioningArtifact, DeleteServiceAction API
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.12
* api-change:``connect``: Amazon Connect, Contact Lens Evaluation API
increase evaluation notes max length to 3072.
* api-change:``mediaconvert``: This release includes video engine updates
including HEVC improvements, support for ingesting VP9 encoded video in
MP4 containers, and support for user-specified 3D LUTs.
- From 1.32.11
* api-change:``apprunner``: AWS App Runner adds Python 3.11 and Node.js 18
runtimes.
* api-change:``location``: This release introduces a new parameter to
bypasses an API key's expiry conditions and delete the key.
* api-change:``quicksight``: Add LinkEntityArn support for different
partitions; Add UnsupportedUserEditionException in UpdateDashboardLinks
API; Add support for New Reader Experience Topics
- From 1.32.10
* api-change:``codestar-connections``: New integration with the GitLab
self-managed provider type.
* api-change:``kinesis-video-archived-media``: NoDataRetentionException
thrown when GetImages requested for a Stream that does not retain data
(that is, has a DataRetentionInHours of 0).
* api-change:``sagemaker``: Amazon SageMaker Studio now supports Docker
access from within app container
- From 1.32.9
* api-change:``emr``: Update emr command to latest version
- From 1.32.8
* api-change:``iam``: Documentation updates for AWS Identity and Access
Management (IAM).
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.7
* api-change:``bedrock-agent``: Adding Claude 2.1 support to Bedrock Agents
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
* api-change:``glue``: This release adds additional configurations for Query
Session Context on the following APIs: GetUnfilteredTableMetadata,
GetUnfilteredPartitionMetadata, GetUnfilteredPartitionsMetadata.
* api-change:``lakeformation``: This release adds additional configurations
on GetTemporaryGlueTableCredentials for Query Session Context.
* api-change:``mediaconnect``: This release adds the DescribeSourceMetadata
API. This API can be used to view the stream information of the flow's
source.
* api-change:``networkmonitor``: CloudWatch Network Monitor is a new service
within CloudWatch that will help network administrators and operators
continuously monitor network performance metrics such as round-trip-time
and packet loss between their AWS-hosted applications and their on-premises
locations.
* api-change:``omics``: Provides minor corrections and an updated description
of APIs.
* api-change:``secretsmanager``: Update endpoint rules and examples.
- From 1.32.6
* api-change:``amp``: This release updates Amazon Managed Service for
Prometheus APIs to support customer managed KMS keys.
* api-change:``appintegrations``: The Amazon AppIntegrations service adds
DeleteApplication API for deleting applications, and updates APIs to
support third party applications reacting to workspace events and make
data requests to Amazon Connect for agent and contact events.
* api-change:``bedrock-agent``: This release introduces Amazon Aurora as a
vector store on Knowledge Bases for Amazon Bedrock
* api-change:``codecommit``: AWS CodeCommit now supports customer managed
keys from AWS Key Management Service. UpdateRepositoryEncryptionKey is
added for updating the key configuration. CreateRepository, GetRepository,
BatchGetRepositories are updated with new input or output parameters.
* api-change:``connect``: Adds APIs to manage User Proficiencies and
Predefined Attributes. Enhances StartOutboundVoiceContact API input.
Introduces SearchContacts API. Enhances DescribeContact API. Adds an API to
update Routing Attributes in QueuePriority and QueueTimeAdjustmentSeconds.
* api-change:``medialive``: MediaLive now supports the ability to configure
the audio that an AWS Elemental Link UHD device produces, when the device
is configured as the source for a flow in AWS Elemental MediaConnect.
* api-change:``neptune-graph``: Adds Waiters for successful creation and
deletion of Graph, Graph Snapshot, Import Task and Private Endpoints for
Neptune Analytics
* api-change:``rds-data``: This release adds support for using RDS Data API
with Aurora PostgreSQL Serverless v2 and provisioned DB clusters.
* api-change:``rds``: This release adds support for using RDS Data API with
Aurora PostgreSQL Serverless v2 and provisioned DB clusters.
* api-change:``sagemaker``: Amazon SageMaker Training now provides model
training container access for debugging purposes. Amazon SageMaker Search
now provides the ability to use visibility conditions to limit resource
access to a single domain or multiple domains.
- From 1.32.5
* api-change:``appstream``: This release introduces configurable clipboard,
allowing admins to specify the maximum length of text that can be copied by
the users from their device to the remote session and vice-versa.
* api-change:``eks``: Add support for cluster insights, new EKS capability
that surfaces potentially upgrade impacting issues.
* api-change:``guardduty``: This release 1) introduces a new API:
GetOrganizationStatistics , and 2) adds a new UsageStatisticType
TOP_ACCOUNTS_BY_FEATURE for GetUsageStatistics API
* api-change:``managedblockchain-query``: Adding Confirmation Status and
Execution Status to GetTransaction Response.
* api-change:``mediatailor``: Adds the ability to configure time shifting on
MediaTailor channels using the TimeShiftConfiguration field
* api-change:``route53``: Amazon Route 53 now supports the Canada West
(Calgary) Region (ca-west-1) for latency records, geoproximity records,
and private DNS for Amazon VPCs in that region.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.4
* api-change:``appsync``: This release adds additional configurations on
GraphQL APIs for limits on query depth, resolver count, and introspection
* api-change:``chime-sdk-meetings``: Add meeting features to specify a
maximum camera resolution, a maximum content sharing resolution, and a
maximum number of attendees for a given meeting.
* api-change:``ec2``: Provision BYOIPv4 address ranges and advertise them by
specifying the network border groups option in Los Angeles, Phoenix and
Dallas AWS Local Zones.
* api-change:``fsx``: Added support for FSx for OpenZFS on-demand data
replication across AWS accounts and/or regions.Added the IncludeShared
attribute for DescribeSnapshots.Added the CopyStrategy attribute for
OpenZFSVolumeConfiguration.
* api-change:``marketplace-catalog``: AWS Marketplace now supports a new API,
BatchDescribeEntities, which returns metadata and content for multiple
entities.
* api-change:``rds``: RDS - The release adds two new APIs:
DescribeDBRecommendations and ModifyDBRecommendation
- From 1.32.3
* api-change:``cognito-idp``: Amazon Cognito now supports trigger versions
that define the fields in the request sent to pre token generation Lambda
triggers.
* api-change:``eks``: Add support for EKS Cluster Access Management.
* api-change:``quicksight``: A docs-only release to add missing entities to
the API reference.
* api-change:``route53resolver``: Add DOH protocols in resolver endpoints.
- From 1.32.2
* enhancement:``cloudformation package``: Add support for intrinsic
Fn:ForEach (fixes `#8075 <https://github.com/aws/aws-cli/issues/8075>`__)
* api-change:``cloud9``: Updated Cloud9 API documentation for AL2023 release
* api-change:``connect``: Adds relatedContactId field to
StartOutboundVoiceContact API input. Introduces PauseContact API and
ResumeContact API for Task contacts. Adds pause duration, number of pauses,
timestamps for last paused and resumed events to DescribeContact API
response. Adds new Rule type and new Rule action.
* api-change:``connectcases``: Increase number of fields that can be included
in CaseEventIncludedData from 50 to 200
* api-change:``kms``: Documentation updates for AWS Key Management Service
* api-change:``rds``: Updates Amazon RDS documentation by adding code examples
* api-change:``sagemaker``: This release 1) introduces a new API:
DeleteCompilationJob , and 2) adds InfraCheckConfig for Create/Describe
training job API
- From 1.32.1
* api-change:``appstream``: This release includes support for images of
Windows Server 2022 platform.
* api-change:``b2bi``: Documentation updates for AWS B2B Data Interchange
* api-change:``billingconductor``: Billing Conductor is releasing a new API,
GetBillingGroupCostReport, which provides the ability to retrieve/view the
Billing Group Cost Report broken down by attributes for a specific billing
group.
* api-change:``connect``: This release adds support for more granular
billing using tags (key:value pairs)
* api-change:``controltower``: Documentation updates for AWS Control Tower.
* api-change:``firehose``: This release, 1) adds configurable buffering hints
for the Splunk destination, and 2) reduces the minimum configurable
buffering interval for supported destinations
* api-change:``gamelift``: Amazon GameLift adds the ability to add and update
the game properties of active game sessions.
* api-change:``iot``: This release adds the ability to self-manage
certificate signing in AWS IoT Core fleet provisioning using the new
certificate provider resource.
* api-change:``neptune-graph``: This is the initial SDK release for Amazon
Neptune Analytics
* api-change:``opensearch``: Updating documentation for Amazon OpenSearch
Service support for new zero-ETL integration with Amazon S3.
* api-change:``quicksight``: Update Dashboard Links support;
SingleAxisOptions support; Scatterplot Query limit support.
* api-change:``workspaces``: Updated note to ensure customers understand
running modes.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- From 1.32.0
* feature:Python: End of support for Python 3.7
* api-change:``drs``: Adding AgentVersion to SourceServer and
RecoveryInstance structures
* feature:Python: End of support for Python 3.7
- From 1.31.13
* api-change:``imagebuilder``: This release adds the Image Workflows feature
to give more flexibility and control over the image building and testing
process.
* api-change:``location``: This release 1) adds sub-municipality field in
Places API for searching and getting places information, and 2) allows
optimizing route calculation based on expected arrival time.
* api-change:``logs``: This release introduces the StartLiveTail API to tail
ingested logs in near real time.
- From 1.31.12
* api-change:``neptune``: This release adds a new parameter configuration
setting to the Neptune cluster related APIs that can be leveraged to
switch between the underlying supported storage modes.
* api-change:``pinpoint``: This release includes Amazon Pinpoint API
documentation updates pertaining to campaign message sending rate limits.
* api-change:``securityhub``: Added new resource detail objects to ASFF,
including resources for AwsDynamoDbTable, AwsEc2ClientVpnEndpoint,
AwsMskCluster, AwsS3AccessPoint, AwsS3Bucket
* api-change:``endpoint-rules``: Update endpoint-rules command to latest
version
- Update to version 1.31.11
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.31.11/CHANGELOG.rst
- Add patch to update docutils dependency (bsc#1217336)
+ ac_update-docutils.patch
- Update Requires in spec file from setup.py
- Update to version 1.30.6
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.30.6/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.29.61
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.29.61/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.29.36
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.29.27/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.29.27
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.29.27/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.29.2
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.29.2/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.163
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.163/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.153
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.153/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.130
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.130/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.115
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.115/CHANGELOG.rst
- Update Requires in spec file from setup.py
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- bind
-
- Upgrade to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- binutils
-
- Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
- Adjusted binutils-2.43-branch.diff.gz.
- Disable zstd-by-default again (needs adjustments in at least
golang,llvm15,llvm17 first)
- Add binutils-fix-branch.diff.
- Check non-changing of flex/bison inputs only after applying
branch and fix-branch diffs.
- drop ld-relro.diff (relro is the default for some time)
and it warns on avr spuriously (bsc#1233520)
- Add loongarch64 as new target
- Enable zstd compression algorithm (instead of zlib)
for debug info sections by default.
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- catatonit
-
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
- 99bb9048f.patch
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-init
-
- Add cloud-init-skip-rename.patch (bsc#1219680)
+ Brute force appraoch to skip renames if the device is already present
- Add cloud-init-usr-sudoers.patch (bsc#1223469)
+ Handle the existence of /usr/etc/sudoers to search for the expected
include location
- Update cloud-init-no-openstack-guess.patch
+ Do not enable cloud-init on systems where there is no DMI just
because no data source has been found. No data source means
cloud-init will not run.
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Revert noarch for devel subpackage for SLE 15
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- coreutils
-
- ls: avoid triggering automounts (bsc#1221632)
- add coreutils-ls-avoid-triggering-automounts.patch
- cups
-
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
which was added in CUPS 2.2.8 that
fixed a parsing bug in cups_auth_find() in cups/auth.c
which lead to cupsd failing to authenticate users
when group membership is required by cupsd configuration
like 'Require user @GROUP' which lead to CUPS related commands
requesting password from group users even if it is not needed
(bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
for what should be ' - ' by ASCII to avoid RPMLINT warning
about 'non-break-space' which "can lead to obscure errors".
- Require the exact matching version-release of all libcups*
sub-packages (bsc#1226192)
- cups-2.2.7-CVE-2024-35235.patch is derived
from the upstream patch against master (CUPS 2.5)
to behave backward compatible for CUPS 2.2.7
in SLE15 and openSUSE Leap 15 to fix CVE-2024-35235
"cupsd Listen port arbitrary chmod 0140777"
without the more secure but backward-incompatible behaviour
of the upstream patch for CUPS 2.5
that ignores domain sockets specified in 'Listen' entries
in /etc/cups/cupsd.conf when cupsd is lauched via systemd
(in particular when launched on-demand by systemd)
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
bsc#1225365
- cups-2.2.7-web-ui-kerberos-authentication.patch, update
patch to handle local 'Negotiate' authentication response
for cli clients. (bsc#1223179).
- Remove '--enable-debug-printfs' from configure options, see
https://github.com/OpenPrinting/cups/issues/875
(bsc#1217119).
- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- lvm2
-
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
+ bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- docker
-
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
bsc#1232999
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 26.0.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.0/#2601>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update --add-runtime to point to correct binary path.
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
- dracut
-
- Update to version 055+suse.396.g701c6212:
* fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)
- Update to version 055+suse.394.ga838b0c7:
* fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
- Update to version 055+suse.392.g7930ab23:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- Update to version 055+suse.388.g70c21afa:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
several tests (bsc#1223596)
- fdupes
-
- Do not use sqlite, as this pulls sqlite into Ring0 at no real
benefit performance wise: the cache is not reused between runs.
+ Drop sqlite-devel BuildRequires
+ Pass --without-sqlite to configure
- Update to 2.3.0:
* Add --cache option to speed up file comparisons.
* Use nanosecond precision for file times, if available.
* Fix compilation issue on OpenBSD.
* Other changes like fixing typos, wording, etc.
- update to 2.2.1:
* Fix bug in code meant to skip over the current log file when --log option is given.
* Updates to copyright notices in source code.
* Add --deferconfirmation option.
* Check that files marked as duplicates haven't changed during program execution before deleting them.
* Update documentation to indicate units for SIZE in command-line options.
* Move some configuration settings to configure.ac file.
- Fixes for the new wrapper:
* Order duplicates by name, to get a reproducible file set
(boo#1197484).
* Remove redundant order parameter from fdupes invocation.
* Modernize code, significantly reduce allocations.
* Exit immediately when mandatory parameters are missing.
* Remove obsolete buildroot parameter
* Add some tests for the wrapper
- A more correct approach to creating symlinks (old bug actually):
Do not link the files as given by fdupes, but turn them into
relative links (it works by chance if given a buildroot, but
fails if running on a subdirectory)
- Support multiple directories given (as glob to the macro)
- Handle symlinks (-s argument) correctly
- Simplify macros.fdupes with a call to a C++ program that does
the same within a fraction of a second what the shell loop did
in many seconds (bsc#1195709)
- gdk-pixbuf
-
- Enable test suite on x86_64 (other arches seem too flaky for now):
+ Add %check section and call %meson_test
+ Add gdk-pixbuf-jpeg-slow.patch: allow pixbuf-jpeg to run for
more than 30s, by marking it as a slow test
(glgo#GNOME/gdk-pixbuf!174).
- Migrate package to a regular obs_scm service, no longer password
protecting a zip file. The originally reported bsc#1159337 seems
no longer be applicable and we prefer the easier route.
- Drop unzip BuildRequires and pre_checkin.sh script.
- Update to version 2.42.12:
+ Fix a build failure,
+ Fix occasional build failures,
+ ani: Reject files with multiple INA or IART chunks,
+ ani: Reject files with multiple anih chunks (CVE-2022-48622),
+ ani: validate chunk size,
+ Updated translations.
- Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed
upstream.
- Pass -Dothers=enabled to meson: enable other image loaders (most
notably beeded seems xpm,xbm). This is in line with upstreams
recommendation for now, but won't be working past version 2.43.x.
The loaders will likely be split out into a separate repo.
(boo#1223903, glgo#GNOME/gdk-pixbuf!169).
- Add 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: Fix test
suite with other loaders enabled.
- Update to version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Fix path to gdk-pixbuf-query-loader in pkg-config file: we rename
the loader to be multi-arch compatible and thus also need to
adjust the .pc file to have build-systems find it.
- Update to version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Drop patch fixed upstream (with different limit):
+ 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- Add patches to fix CVE-2024-34397 (boo#1224044):
glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
for _start routine (bsc#1221940)
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
nscd: Stack-based buffer overflow in netgroup cache
(CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
nscd: Do not send missing not-found response in addgetnetgrentX
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
CVE-2024-33602, bsc#1223425, BZ #31680)
- grub2
-
- Fix xen package contains debug_info files with the .module suffix by moving
them to a separate xen-debug subpackage (bsc#1232573)
- Fix not a directory error from the minix filesystem, as leftover data on disk
may contain its magic header so it gets misdetected (bsc#1231604)
* grub2-install-fix-not-a-directory-error.patch
- Fix OOM error in loading loopback file (bsc#1230840)
* 0001-tpm-Skip-loopback-image-measurement.patch
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
- gtk2
-
- Add CVE-2024-6655.patch: CVE-2024-6655 Stop looking for modules
in cwd (bsc#1228120).
- ipset
-
- Fix build with latest kernel, bsc#1223370
* bsc1223370.patch
- iputils
-
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
- Backport upstream fix for bsc#1224877
4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
- kdump
-
- spec: return success from pre, post, preun and postun scriplets
(bsc#1222228, bsc#1191410)
- spec: differentiate between uninstall and upgrade in postun/preun
(bsc#1191410)
- kernel-default
-
- sch/netem: fix use after free in netem_dequeue (CVE-2024-46800
bsc#1230827).
- commit 4fa3f93
- vp_vdpa: fix id_table array not null terminated error
(CVE-2024-53110 bsc#1234085).
- commit d161a67
- idpf: fix UAFs when destroying the queues (CVE-2024-44932
bsc#1229808).
- idpf: fix memory leaks and crashes while performing a soft reset
(CVE-2024-44964 bsc#1230220).
- commit 4316b61
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit 1c41c2f
- can: j1939: j1939_session_new(): fix skb reference counting
(git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state()
even if cf is NULL (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb
allocation fails (git-fixes).
- HID: wacom: fix when get product name maybe null pointer
(git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart() (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
(git-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed
values (git-fixes).
- commit 6f2f0c6
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (git-fixes)
Refresh patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch.
- commit 8fb43aa
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- commit c8e82c2
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5a7c927
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- commit ce86139
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- commit 11b60ab
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- commit 834680b
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- commit 49b56be
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- commit e8b197c
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- commit 019ef42
- powerpc/kexec: Fix return of uninitialized variable
(bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling
hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
(bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init()
(bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions
(bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal
(bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- commit 2d82b73
- net/mlx5: Unregister notifier on eswitch init failure
(git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter
(git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer used by representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver
(git-fixes).
- commit c073e57
- net: ena: Fix potential sign extension issue (git-fixes).
- Refresh
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch.
- commit f3d6416
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- Refresh patches.suse/0001-idpf-extend-tx-watchdog-timeout.patch.
- commit 3fa63a5
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- Refresh patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch.
- commit dbac474
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- Refresh
patches.suse/net-mlx5-Register-devlink-first-under-devlink-lock.patch.
- commit fa0f96d
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- Refresh
patches.suse/iavf-fix-a-deadlock-caused-by-rtnl-and-driver-s-lock.patch.
- commit 39965fe
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- Refresh
patches.suse/net-mlx5-Fix-missing-lock-on-sync-reset-reload.patch.
- commit 0f9e3d5
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface
is down (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
(git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- ice: change q_index variable type to s16 to store -1 value
(git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock
(git-fixes).
- ice: fix accounting for filters shared by multiple VSIs
(git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling
elements (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type
(git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows
(git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset
(git-fixes).
- net/mlx5e: Add a check for the return value from
mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5: Lag, don't use the hardcoded value of the first port
(git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's
(git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow
(git-fixes).
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is
disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver
(git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in
mlx5e_priv_cleanup() (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
(git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO
headers (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP
(non-VXLAN) packets (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- idpf: don't enable NAPI and interrupts prior to allocating Rx
buffers (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for
reporting buffer exhaustion (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check
(git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state
(git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- Revert "ixgbe: Manual AN-37 for troublesome link partners for
X550 SFI" (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld()
function (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec
(git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config
(git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll
(git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash
LAG deactivation (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
(git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset
(git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
(git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or
registers (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets
(git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not
supported (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling
xsk_pool (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
(git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings
(git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled
(git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct
(git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled
(git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period
mode for ASO (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action
(git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
(git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid
values (git-fixes).
- ice: Shut down VSI with "link-down-on-close" enabled
(git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key
struct (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode
(git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups
(git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in
mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- iavf: Introduce new state machines for flow director
(git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work
(git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is
zero (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer for representors (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages
(git-fixes).
- iavf: initialize waitqueues before starting watchdog_task
(git-fixes).
- tun: prevent negative ifindex (git-fixes).
- net/mlx5e: Don't offload internal port if filter device is
out device (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC
(git-fixes).
- net/mlx5: E-switch, register event handler before arming the
event (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
(git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK
is set (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- ice: avoid executing commands on other ports when driving sync
(git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling
buffer (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa
(git-fixes).
- sfc: don't unregister flow_indr if it was never registered
(git-fixes).
- net/mlx5: Skip clock update work when device is in error state
(git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG
(git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet
size limit (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
(git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple
offload is set (git-fixes).
- net/mlx5e: fix return value check in
mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
(git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
(git-fixes).
- net/mlx5e: fix double free in
macsec_fs_tx_create_crypto_table_groups (git-fixes).
- commit 8552b15
- tcp: Fix use-after-free of nreq in reqsk_timer_handler()
(CVE-2024-50154 bsc#1233070).
- commit 9c54dc2
- netdevsim: Add trailing zero to terminate the string
in nsim_nexthop_bucket_activity_write() (CVE-2024-50259
bsc#1233214).
- commit 3b589d0
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 624f722
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/KVM-arm64-vgic-v2-Check-for-non-NULL-vCPU-in-vgic_v2.patch
(git-fixes CVE-2024-36953 bsc#1225812).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update patches.suse/arm64-tlb-Fix-TLBI-RANGE-operand.patch
(bsc#1229585 CVE-2024-35980 bsc#1224574).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/erofs-fix-pcluster-use-after-free-on-UP-platforms.patch
(git-fixes CVE-2022-48674 bsc#1223942).
- Update
patches.suse/filelock-fix-potential-use-after-free-in-posix_lock_inode.patch
(git-fixes CVE-2024-41049 bsc#1228486).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-dvb-usb-v2-af9035-Fix-null-ptr-deref-in-af9035.patch
(stable-fixes CVE-2023-52915 bsc#1230270).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/net-drop-bad-gso-csum_start-and-offset-in-virtio_net.patch
(git-fixes CVE-2024-43897 bsc#1229752).
- Update patches.suse/net-missing-check-virtio.patch (git-fixes
CVE-2024-43817 bsc#1229312).
- Update
patches.suse/net-relax-socket-state-check-at-accept-time.patch
(git-fixes CVE-2024-36484 bsc#1226872).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/rcu-tasks-Fix-show_rcu_tasks_trace_gp_kthread-buffer-overflow.patch
(bsc#1226631 CVE-2024-38577).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/tpm-Lock-TPM-chip-in-tpm_pm_suspend-first.patch
(bsc#1082555 git-fixes CVE-2024-53085 bsc#1233577).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 5ad850f
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- Refresh
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch.
Revert Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch to the upstream
version of the patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit 965f18d
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
(bsc#1234108).
- Revert "cgroup: Fix memory leak caused by missing
cgroup_bpf_offline" (bsc#1234108).
- commit bb8ec61
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- commit 67db122
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit b8c1415
- signal: restore the override_rlimit logic (CVE-2024-50271
bsc#1233460).
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
(bsc#1233460).
- commit 180784c
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- commit 47836ea
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
(bsc#1234098).
+KABI restoration patch
- commit e4b780d
- signal: Replace BUG_ON()s (bsc#1234093).
- commit 2e26a2c
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit c59cd01
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit 6c88f14
- nvme-fabrics: fix kernel crash while shutting down controller
(git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and
nvme_dev_disable() (git-fixes bsc#1232888 CVE-2024-50135).
- commit 9354fff
- mm/hugetlb: fix nodes huge page allocation when there are
surplus pages (bsc#1234012).
- commit 57caf06
- Update config files.
Enabled IDPF for ARM64 (bsc#1221309)
- commit 5ae56f6
- btrfs: fix a NULL pointer dereference when failed to start a
new trasacntion (CVE-2024-49868 bsc#1232272).
- commit d310176
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie"
compatible (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS
milliseconds (git-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in
pci_epc_remove_epf() (git-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- commit ae00716
- mm/thp: fix deferred split unqueue naming and locking
(CVE-2024-53079 bsc#1233570).
- commit 12f4be0
- scsi: lpfc: Copyright updates for 14.4.0.6 patches
(bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask
(bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure
(bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in
dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset
(bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting
follow up FDMI (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE
before BSG flag (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod
paths (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale
NDLP ptrs (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on
EDC response (bsc#1233241).
- commit b4b5aa0
- net: esp: fix bad handling of pages from page_pool
(CVE-2024-26953 bsc#1223656).
Back-port by using `page_pool_return_skb_page()`.
Original patch uses `napi_pp_put_page()` which was only introduced later
and is a renamed and slightly extended version of
`page_pool_return_skb_page()`.
- commit 533a05f
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 086ff16
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit 008fbbf
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042
quirk table (git-fixes).
- commit afbd0bc
- Input: i8042 - add another board name for TUXEDO Stellaris
Gen5 AMD line (git-fixes).
- commit 5a2b5e0
- btrfs: reinitialize delayed ref list after deleting it from
the list (bsc#1233462 CVE-2024-50273).
- commit b55957a
- net: arc: fix the device for dma_map_single/dma_unmap_single
(CVE-2024-50295 bsc#1233484).
- net: enetc: allocate vf_state during PF probes (CVE-2024-50298
bsc#1233487).
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
SKB data (CVE-2024-53058 bsc#1233552).
- commit 56d9e2a
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit 9dd8cd5
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk
table (git-fixes).
- commit d68dfa0
- Update
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch
(CVE-2024-50124 bsc#1232926).
Revert to upstream version of patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit f3fab2d
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(git-fixes).
- commit 0792816
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- commit 64769ef
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit f9d799e
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- commit 8c6ab5e
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 2084c99
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 82c5a0a
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- rtc: ab-eoz9: don't fail temperature reads on undervoltage
notification (git-fixes).
- rtc: check if __rtc_read_time was successful in
rtc_timer_do_work() (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register
(git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- commit 1d73f32
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- commit 8c1d928
- arm64: Force position-independent veneers (git-fixes).
- commit 037de2c
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
(git-fixes).
- commit 8a46fef
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
(git-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- =?UTF-8?q?iio:=20accel:=20kxcjk-1013:=20Remove=20redundan?=
=?UTF-8?q?t=20I=C2=B2C=20ID?= (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
(git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match'
(git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe()
(git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left
(git-fixes).
- Revert "usb: gadget: composite: fix OS descriptors w_value
logic" (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines
(git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in
get_serial_info() (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in
TxFIFO resizing logic (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
(git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible
(git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in
iowarrior_read() (git-fixes).
- commit 75ee7d4
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(bsc#1233548 CVE-2024-53052).
- commit db98042
- pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558
CVE-2024-46681).
- commit 79a3f5c
- Bluetooth: MGMT: Fix slab-use-after-free Read in
set_powered_sync (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid
WoL configuration (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing
PHY device (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging
function (git-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from
power_supply_put() (git-fixes).
- commit 01635d8
- Refresh
patches.suse/initramfs-avoid-filename-buffer-overrun.patch.
- commit 145c949
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 290f973
- media: av7110: fix a spectre vulnerability (CVE-2024-50289
bsc#1233478).
- commit 79acfeb
- net: relax socket state check at accept time (git-fixes).
- commit 75020f0
- Drop OCFS2 patch causing a regression (bsc#1233255)
Deleted:
patches.suse/ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch
- commit 751a2bd
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
(CVE-2024-36905 bsc#1225742).
- commit f693405
- net: fix out-of-bounds access in ops_init (CVE-2024-36883
bsc#1225725).
- commit eb0ac08
- efi/memattr: Ignore table if the size is clearly bogus
(bsc#1231465).
- commit ee06f84
- idpf: avoid vport access in idpf_get_link_ksettings
(CVE-2024-50274 bsc#1233463).
- commit 8971b65
- i40e: fix race condition by adding filter's intermediate sync
state (CVE-2024-53088 bsc#1233580).
- i40e: fix i40e_count_filters() to count only active/new filters
(CVE-2024-53088 bsc#1233580).
- commit 2251801
- hwmon: (tps23861) Fix reporting of negative temperatures
(git-fixes).
- i3c: master: Fix miss free init_dyn_addr at
i3c_master_put_i3c_addrs() (git-fixes).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming
(git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
(git-fixes).
- commit eb819fb
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(bsc#1232187 CVE-2024-47757).
- commit d813a1d
- net: hns3: fix a deadlock problem when config TC during
resetting (CVE-2024-44995 bsc#1230231).
- commit 8f3de3e
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- commit 7022fa5
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 52a90e5
- netrom: fix possible dead-lock in nr_rt_ioctl() (CVE-2024-38589
bsc#1226748).
- commit bee9469
- mptcp: never allow the PM to close a listener subflow
(CVE-2021-47594 bsc#1226560).
- commit 639c494
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555
git-fixes).
- commit 478dbbb
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
(git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current
state (git-fixes).
- commit 502ca69
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit aef5475
- firmware: arm_scmi: Fix slab-use-after-free in
scmi_bus_notifier() (CVE-2024-53068 bsc#1233561).
- commit e507b37
- tipc: fix UAF in error path (CVE-2024-36886 bsc#1225730).
- commit 295f12e
- ibmvnic: Ensure login failure recovery is safe from other resets
(bsc#1233150).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release
functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail
(bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response
(bsc#1233150).
- commit 10ef085
- tipc: fix a possible memleak in tipc_buf_append (CVE-2024-36954
bsc#1225764).
- commit c051ffd
- erspan: make sure erspan_base_hdr is present in skb->head
(CVE-2024-35888 bsc#1224518).
- commit a36710a
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- commit 6e3e371
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- commit 4fc8465
- RDMA/hns: Use macro instead of magic number (git-fixes)
- commit e4ebf0e
- RDMA/hns: Add mutex_destroy() (git-fixes)
- commit cb1de76
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- commit b00cfa9
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- commit 69e0eee
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- commit a102dfe
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- commit 1c672f5
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- commit 0d8596e
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- commit e895eca
- RDMA/hns: Remove unnecessary QP type checks (git-fixes)
- commit 5a2c4d9
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- commit 1c5f525
- RDMA/hns: Add clear_hem return value to log (git-fixes)
- commit ff0016c
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- commit e774e20
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- commit e2ba602
- drm/amd: Fix initialization mistake for NBIO 7.7.0
(stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook
645 G10 (stable-fixes).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
(stable-fixes).
- commit 46d58c4
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
(git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model
(git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off
(git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/sti: avoid potential dereference of error pointers
(git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
function (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry
pointer (git-fixes).
- drm/vc4: hvs: Don't write gamma luts on 2711 (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with
__maybe_unused (git-fixes).
- ASoC: codecs: Fix atomicity violation in
snd_soc_component_get_drvdata() (git-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- commit 4ce629c
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- commit 332e968
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- thermal: core: Initialize thermal zones before registering them
(git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode
performance gov (git-fixes).
- crypto: cavium - Fix an error handling path in
cpt_ucode_load_fw() (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function
(git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form
(git-fixes).
- crypto: inside-secure - Fix the return value of
safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout
(git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
(git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
(git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference
decrement (git-fixes).
- commit 5f244c5
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit 9c28790
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning
(git-fixes).
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger
than 4K" (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
(stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
(stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/
Casa touchpad (stable-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
(stable-fixes).
- HID: multitouch: Add support for B2402FVA track point
(stable-fixes).
- commit 8da6f10
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (CVE-2024-50124
bsc#1232926).
- commit a1432ce
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 8efc3a7
- bpf: Use raw_spinlock_t in ringbuf (CVE-2024-50138 bsc#1232935)
- commit 6bb77e6
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (CVE-2024-50171 bsc#1233057)
- commit b70ca2e
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073 bsc#1232520)
- commit 3e72b22
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
(stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition
(stable-fixes).
- drm/amdgpu: add missing size check in
amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
(stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not
supported (git-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
(stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (stable-fixes).
- commit 8316036
- add bugreference to a hv_netvsc patch (bsc#1232413).
- commit c98c418
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (CVE-2024-50205 bsc#1233293).
- commit d31c5c9
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
(CVE-2024-50153 bsc#1233061).
- commit 3b8c091
- net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128
bsc#1232905).
- commit e39a4e6
- xfrm: fix one more kernel-infoleak in algo dumping
(CVE-2024-50110 bsc#1232885).
- commit 0993db8
- scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
(CVE-2024-50098 bsc#1232881).
- commit f8c4b7b
- thermal: intel: int340x: processor: Fix warning during module
unload (CVE-2024-50093 bsc#1232877).
- commit ef3b2be
- net: phy: dp83869: fix memory corruption when enabling fiber
(CVE-2024-50188 bsc#1233107).
- commit a27c339
- net: explicitly clear the sk pointer, when pf->create fails
(CVE-2024-50186 bsc#1233110).
- commit 3fff4c4
- secretmem: disable memfd_secret() if arch cannot set direct map
(CVE-2024-50182 bsc#1233129).
- commit 729f64d
- Update
patches.suse/0001-PCI-keystone-Fix-if-statement-expression-in-ks_pcie_.patch
(git-fixes CVE-2024-47756 bsc#1232185).
- Update
patches.suse/0002-x86-mm-ident_map-Use-gbpages-only-where-full-GB-page.patch
(bsc#1220382 CVE-2024-50017 bsc#1232312).
- Update
patches.suse/0544-drm-amdgpu-fix-use-after-free-during-gpu-recovery.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48990 bsc#1232028).
- Update
patches.suse/0551-drm-amd-display-fix-array-index-out-of-bound-error-i.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48979 bsc#1232293).
- Update patches.suse/ACPI-PAD-fix-crash-in-exit_round_robin.patch
(stable-fixes CVE-2024-49935 bsc#1232370).
- Update
patches.suse/ACPI-PRM-Find-EFI_MEMORY_RUNTIME-block-for-PRM-handl.patch
(git-fixes CVE-2024-50141 bsc#1233065).
- Update
patches.suse/ALSA-asihpi-Fix-potential-OOB-array-access.patch
(stable-fixes CVE-2024-50007 bsc#1232394).
- Update
patches.suse/ALSA-firewire-lib-Avoid-division-by-zero-in-apply_co.patch
(git-fixes CVE-2024-50205 bsc#1233293).
- Update
patches.suse/ALSA-hda-cs8409-Fix-possible-NULL-dereference.patch
(git-fixes CVE-2024-50160 bsc#1233074).
- Update
patches.suse/ASoC-qcom-Fix-NULL-Dereference-in-asoc_qcom_lpass_cp.patch
(git-fixes CVE-2024-50103 bsc#1232878).
- Update
patches.suse/Bluetooth-Call-iso_exit-on-module-unload.patch
(git-fixes CVE-2024-50078 bsc#1232503).
- Update
patches.suse/Bluetooth-Fix-crash-when-replugging-CSR-fake-control.patch
(git-fixes CVE-2022-48982 bsc#1231978).
- Update
patches.suse/Bluetooth-ISO-Fix-multiple-init-when-debugfs-is-disa.patch
(git-fixes CVE-2024-50077 bsc#1232504).
- Update
patches.suse/Bluetooth-RFCOMM-FIX-possible-deadlock-in-rfcomm_sk_.patch
(git-fixes CVE-2024-50044 bsc#1231904).
- Update
patches.suse/Bluetooth-bnep-fix-wild-memory-access-in-proto_unreg.patch
(git-fixes CVE-2024-50148 bsc#1233063).
- Update
patches.suse/HID-amd_sfh-Switch-to-device-managed-dmam_alloc_cohe.patch
(git-fixes CVE-2024-50189 bsc#1233105).
- Update
patches.suse/IB-core-Fix-ib_cache_setup_one-error-flow-cleanup.patch
(git-fixes CVE-2024-47693 bsc#1232013).
- Update
patches.suse/Input-adp5589-keys-fix-NULL-pointer-dereference.patch
(git-fixes CVE-2024-49871 bsc#1232287).
- Update
patches.suse/PCI-keystone-Add-workaround-for-Errata-i2037-AM65x-S.patch
(stable-fixes CVE-2024-47667 bsc#1231481).
- Update
patches.suse/RDMA-bnxt_re-Add-a-check-for-memory-allocation.patch
(git-fixes CVE-2024-50209 bsc#1233114).
- Update
patches.suse/RDMA-cxgb4-Added-NULL-check-for-lookup_atid.patch
(git-fixes CVE-2024-47749 bsc#1232180).
- Update
patches.suse/RDMA-hns-Fix-spin_unlock_irqrestore-called-with-IRQs.patch
(git-fixes CVE-2024-47735 bsc#1232111).
- Update
patches.suse/RDMA-iwcm-Fix-WARNING-at_kernel-workqueue.c-check_fl.patch
(git-fixes CVE-2024-47696 bsc#1231864).
- Update
patches.suse/RDMA-mad-Improve-handling-of-timed-out-WRs-of-mad-ag.patch
(git-fixes CVE-2024-50095 bsc#1232873).
- Update
patches.suse/RDMA-rtrs-clt-Reset-cid-to-con_num-1-to-stay-in-boun.patch
(git-fixes CVE-2024-47695 bsc#1231931).
- Update
patches.suse/RDMA-rtrs-srv-Avoid-null-pointer-deref-during-path-e.patch
(git-fixes CVE-2024-50062 bsc#1232232).
- Update patches.suse/USB-usbtmc-prevent-kernel-usb-infoleak.patch
(git-fixes CVE-2024-47671 bsc#1231541).
- Update
patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch
(git-fixes CVE-2024-50194 bsc#1233111).
- Update
patches.suse/arm64-probes-Remove-broken-LDR-literal-uprobe-support.patch
(git-fixes CVE-2024-50099 bsc#1232887).
- Update
patches.suse/bpf-Fix-helper-writes-to-read-only-maps.patch
(git-fixes CVE-2024-49861 bsc#1232254).
- Update
patches.suse/bpf-Zero-former-ARG_PTR_TO_-LONG-INT-args-in-case-of.patch
(git-fixes CVE-2024-47728 bsc#1232076).
- Update
patches.suse/bpf-correctly-handle-malformed-BPF_CORE_TYPE_ID_LOCA.patch
(git-fixes CVE-2024-49850 bsc#1232189).
- Update
patches.suse/cachefiles-fix-dentry-leak-in-cachefiles_open_file.patch
(bsc#1231181 CVE-2024-49870 bsc#1232279).
- Update
patches.suse/can-bcm-Clear-bo-bcm_proc_read-after-remove_proc_ent.patch
(git-fixes CVE-2024-47709 bsc#1232048).
- Update
patches.suse/ceph-remove-the-incorrect-Fw-reference-check-when-dir.patch
(bsc#1231180 CVE-2024-50179 bsc#1233123).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2830-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47697 bsc#1231858).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2832-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47698 bsc#1231859).
- Update
patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch
(git-fixes CVE-2024-50117 bsc#1232897).
- Update
patches.suse/drm-amd-amdgpu-Check-tbo-resource-pointer.patch
(stable-fixes CVE-2024-46807 bsc#1231138).
- Update
patches.suse/drm-amd-display-Add-array-index-check-for-hdcp-ddc-a.patch
(stable-fixes CVE-2024-46804 bsc#1231132).
- Update
patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch
(stable-fixes bsc#1232335 CVE-2024-49908 CVE-2024-49905
bsc#1232357).
- Update
patches.suse/drm-amd-display-Check-null-pointers-before-using-dc-.patch
(stable-fixes CVE-2024-49907 bsc#1232334).
- Update
patches.suse/drm-amd-display-Correct-the-defined-value-for-AMDGPU.patch
(stable-fixes CVE-2024-46871 bsc#1231434).
- Update
patches.suse/drm-amd-display-Fix-system-hang-while-resume-with-TB.patch
(stable-fixes CVE-2024-50003 bsc#1232385).
- Update
patches.suse/drm-amd-display-Skip-inactive-planes-within-ModeSupp.patch
(stable-fixes CVE-2024-46812 bsc#1231187).
- Update
patches.suse/drm-amd-display-added-NULL-check-at-start-of-dc_vali.patch
(stable-fixes CVE-2024-46802 bsc#1231111).
- Update
patches.suse/drm-amd-pm-Fix-negative-array-index-read.patch
(stable-fixes CVE-2024-46821 bsc#1231169).
- Update
patches.suse/drm-amdgpu-Fix-smatch-static-checker-warning.patch
(stable-fixes CVE-2024-46835 bsc#1231098).
- Update
patches.suse/drm-amdgpu-fix-the-waring-dereferencing-hive.patch
(stable-fixes CVE-2024-46805 bsc#1231135).
- Update
patches.suse/drm-amdgpu-the-warning-dereferencing-obj-for-nbio_v7.patch
(stable-fixes CVE-2024-46819 bsc#1231202).
- Update
patches.suse/drm-bridge-tc358767-Check-if-fully-initialized-befor.patch
(stable-fixes CVE-2024-46810 bsc#1231178).
- Update
patches.suse/drm-msm-Avoid-NULL-dereference-in-msm_disp_state_pri.patch
(git-fixes CVE-2024-50156 bsc#1233073).
- Update
patches.suse/drm-omapdrm-Add-missing-check-for-alloc_ordered_work.patch
(git-fixes CVE-2024-49879 bsc#1232349).
- Update patches.suse/drm-radeon-Fix-encoder-possible_clones.patch
(git-fixes CVE-2024-50201 bsc#1233104).
- Update
patches.suse/drm-v3d-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50031 bsc#1231947).
- Update
patches.suse/drm-vc4-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50187 bsc#1233108).
- Update
patches.suse/exfat-fix-memory-leak-in-exfat_load_bitmap.patch
(git-fixes CVE-2024-50013 bsc#1232080).
- Update
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update patches.suse/fbdev-sisfb-Fix-strbuf-array-overflow.patch
(stable-fixes CVE-2024-50180 bsc#1233125).
- Update patches.suse/firmware_loader-Block-path-traversal.patch
(git-fixes CVE-2024-47742 bsc#1232126).
- Update
patches.suse/fscache-Fix-oops-due-to-race-with-cookie_lru-and-use_cookie.patch
(jsc#SES-1880 CVE-2022-48989 bsc#1232027).
- Update
patches.suse/i2c-stm32f7-Do-not-prepare-unprepare-clock-during-ru.patch
(git-fixes CVE-2024-49985 bsc#1232094).
- Update
patches.suse/i3c-mipi-i3c-hci-Error-out-instead-on-BUG_ON-in-IBI-.patch
(stable-fixes CVE-2024-47665 bsc#1231452).
- Update
patches.suse/iio-light-veml6030-fix-IIO-device-retrieval-from-emb.patch
(git-fixes CVE-2024-50198 bsc#1233100).
- Update patches.suse/jfs-Fix-uaf-in-dbFreeBits.patch (git-fixes
CVE-2024-49903 bsc#1232362).
- Update
patches.suse/jfs-Fix-uninit-value-access-of-new_ea-in-ea_buffer.patch
(git-fixes CVE-2024-49900 bsc#1232359).
- Update
patches.suse/jfs-check-if-leafidx-greater-than-num-leaves-per-dmap-tree.patch
(git-fixes CVE-2024-49902 bsc#1232378).
- Update
patches.suse/jfs-fix-out-of-bounds-in-dbNextAG-and-diAlloc.patch
(git-fixes CVE-2024-47723 bsc#1232050).
- Update
patches.suse/mailbox-bcm2835-Fix-timeout-during-suspend-mode.patch
(git-fixes CVE-2024-49963 bsc#1232147).
- Update
patches.suse/media-venus-fix-use-after-free-bug-in-venus_remove-d.patch
(git-fixes CVE-2024-49981 bsc#1232098).
- Update
patches.suse/msft-hv-3054-x86-hyperv-fix-kexec-crash-due-to-VP-assist-page-cor.patch
(git-fixes CVE-2024-46864 bsc#1231108).
- Update
patches.suse/nbd-fix-race-between-timeout-and-normal-completion.patch
(bsc#1230918 CVE-2024-49855 bsc#1232195).
- Update
patches.suse/net-test-for-not-too-small-csum_start-in-virtio_net_.patch
(git-fixes CVE-2024-49947 bsc#1232162).
- Update
patches.suse/netdevsim-use-cond_resched-in-nsim_dev_trap_report_w.patch
(git-fixes CVE-2024-50155 bsc#1233035).
- Update
patches.suse/nfsd-call-cache_put-if-xdr_reserve_space-returns-NULL.patch
(git-fixes CVE-2024-47737 bsc#1232056).
- Update
patches.suse/nfsd-map-the-EBADMSG-to-nfserr_io-to-avoid-warning.patch
(git-fixes CVE-2024-49875 bsc#1232333).
- Update
patches.suse/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch
(git-fixes CVE-2024-50116 bsc#1232892).
- Update
patches.suse/nilfs2-fix-potential-null-ptr-deref-in-nilfs_btree_insert.patch
(git-fixes CVE-2024-47699 bsc#1231916).
- Update
patches.suse/nilfs2-fix-potential-oob-read-in-nilfs_btree_check_delete.patch
(git-fixes CVE-2024-47757 bsc#1232187).
- Update
patches.suse/nilfs2-fix-state-management-in-error-path-of-log-writing-function.patch
(git-fixes CVE-2024-47669 bsc#1231474).
- Update
patches.suse/nouveau-dmem-Fix-vulnerability-in-migrate_to_ram-upo.patch
(git-fixes CVE-2024-50096 bsc#1232870).
- Update
patches.suse/ntb-intel-Fix-the-NULL-vs-IS_ERR-bug-for-debugfs_cre.patch
(git-fixes CVE-2023-52917 bsc#1231849).
- Update
patches.suse/nvmet-auth-assign-dh_key-to-NULL-after-kfree_sensiti.patch
(git-fixes CVE-2024-50215 bsc#1233189).
- Update
patches.suse/ocfs2-add-bounds-checking-to-ocfs2_xattr_find_entry.patch
(bsc#1228410 CVE-2024-41016 CVE-2024-47670 bsc#1231537).
- Update
patches.suse/ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch
(git-fixes CVE-2024-49966 bsc#1232141).
- Update
patches.suse/ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
(git-fixes CVE-2024-49957 bsc#1232152).
- Update
patches.suse/ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
(git-fixes CVE-2024-49877 bsc#1232339).
- Update
patches.suse/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overflow.patch
(git-fixes CVE-2024-50218 bsc#1233191).
- Update
patches.suse/ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
(git-fixes CVE-2024-49965 bsc#1232142).
- Update
patches.suse/parport-Proper-fix-for-array-out-of-bounds-access.patch
(git-fixes CVE-2024-50074 bsc#1232507).
- Update
patches.suse/platform-x86-panasonic-laptop-Fix-SINF-array-out-of-.patch
(git-fixes CVE-2024-46859 bsc#1231089).
- Update
patches.suse/scsi-elx-libefc-Fix-potential-use-after-free-in-efc_nport_vport_del.patch
(git-fixes CVE-2024-49852 bsc#1232819).
- Update
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch
(bsc#1230055 CVE-2024-50025 bsc#1231953).
- Update
patches.suse/scsi-lpfc-Ensure-DA_ID-handling-completion-before-de.patch
(bsc#1232757 CVE-2024-50183 bsc#1233130).
- Update
patches.suse/scsi-lpfc-Handle-mailbox-timeouts-in-lpfc_get_sfp_in.patch
(bsc#1228857 CVE-2024-46842 bsc#1231101).
- Update
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch
(bsc#1229429 CVE-2024-49891 bsc#1232218).
- Update
patches.suse/scsi-sd-Fix-off-by-one-error-in-sd_read_block_charac.patch
(bsc#1223848 CVE-2024-47682 bsc#1231856).
- Update
patches.suse/scsi-wd33c93-Don-t-use-stale-scsi_pointer-value.patch
(git-fixes CVE-2024-50026 bsc#1231952).
- Update
patches.suse/spi-nxp-fspi-fix-the-KASAN-report-out-of-bounds-bug.patch
(git-fixes CVE-2024-46853 bsc#1231083).
- Update
patches.suse/staging-iio-frequency-ad9834-Validate-frequency-para.patch
(git-fixes CVE-2024-47663 bsc#1231441).
- Update
patches.suse/tpm-Clean-up-TPM-space-after-command-failure.patch
(git-fixes CVE-2024-49851 bsc#1232134).
- Update
patches.suse/tracing-Consider-the-NULL-character-when-validating-the-event-length.patch
(git-fixes CVE-2024-50131 bsc#1232896).
- Update
patches.suse/uprobe-avoid-out-of-bounds-memory-access-of-fetching-args.patch
(git-fixes CVE-2024-50067 bsc#1232416).
- Update
patches.suse/usb-typec-altmode-should-keep-reference-to-parent.patch
(git-fixes CVE-2024-50150 bsc#1233051).
- Update
patches.suse/vhost-scsi-null-ptr-dereference-in-vhost_scsi_get_re.patch
(git-fixes CVE-2024-49863 bsc#1232255).
- Update
patches.suse/wifi-ath9k_htc-Use-__skb_set_length-for-resetting-ur.patch
(stable-fixes CVE-2024-49938 bsc#1232552).
- Update
patches.suse/wifi-mac80211-use-two-phase-skb-reclamation-in-ieee8.patch
(git-fixes CVE-2024-47713 bsc#1232016).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(stable-fixes CVE-2024-50008 bsc#1232317).
- Update
patches.suse/wifi-rtw88-always-wait-for-both-firmware-loading-att.patch
(git-fixes CVE-2024-47718 bsc#1232015).
- Update
patches.suse/wifi-wilc1000-fix-potential-RCU-dereference-issue-in.patch
(git-fixes CVE-2024-47712 bsc#1232017).
- commit e33d75f
- virtio_pmem: Check device status before requesting flush
(CVE-2024-50184 bsc#1233135).
- commit 82ce64b
- Update tags in
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- commit ad996bf
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
- commit 2430e1b
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch (bsc#1233350)
- add commit message for the kABI patch
- adapt same struct naming as similar kABI workaround in SLE15-SP6
(prefixed with "suse_" to make it more obvious its a downstream thing.
- commit b6821d4
- unicode: Don't special case ignorable code points
(CVE-2024-50089 bsc#1232860).
- commit ba47e72
- mm/memory: add non-anonymous page check in the
copy_present_page() (bsc#1231646).
- commit 9f5cb06
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on
GIC v4.1 (git-fixes).
- commit 1fa30cf
- irqchip/gic-v4: Correctly deal with set_affinity on
lazily-mapped VPEs (CVE-2024-50192 bsc#1233106).
- commit 6b39f7a
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
(CVE-2024-50192 bsc#1233106).
- kABI: Don't allow a VMOVP on a dying VPE (kabi CVE-2024-50192
bsc#1233106).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack
(git-fixes).
- commit 1772267
- README.BRANCH: drop explicit maintainers
kbuild already recognizes all downstream branch maintainers an
merge their PRs so we do not need explicit maintainers for the cve
branch itself.
- commit cd6f8fb
- macsec: Fix use-after-free while sending the offloading packet
(CVE-2024-50261 bsc#1233253).
- commit 918342c
- io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
(CVE-2022-48983 bsc#1231959).
- commit cb16389
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 4c6b1da
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
(cherry picked from commit 03ac3f085c702ef308481c09b021887b5a01d52b)
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
- commit 7f40404
- drm/amd/display: Check null pointers before used (bsc#1232371 CVE-2024-49921)
- commit 956721a
- nilfs2: fix kernel bug due to missing clearing of checked flag
(bsc#1233206 CVE-2024-50230).
- commit e84e612
- nilfs2: fix potential deadlock with newly created symlinks
(bsc#1233205 CVE-2024-50229).
- commit 22257d1
- Update
patches.suse/iio-adc-ad7124-fix-division-by-zero-in-ad7124_set_ch.patch
(CVE-2024-50232 bsc#1233209 git-fixes).
- commit c0912d0
- Update patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch (git-fixes bsc#1232897 CVE-2024-50117).
- commit 4fc44d0
- Update
patches.suse/wifi-ath10k-Fix-memory-leak-in-management-tx.patch
(CVE-2024-50236 bsc#1233212 git-fixes).
- Update
patches.suse/wifi-iwlegacy-Clear-stale-interrupts-before-resuming.patch
(CVE-2024-50234 bsc#1233211 stable-fixes).
- Update
patches.suse/wifi-mac80211-do-not-pass-a-stopped-vif-to-the-drive.patch
(CVE-2024-50237 bsc#1233216 git-fixes).
- commit bb693c7
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890 CVE-2024-50134)
- commit f5103e7
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit a2d88b4
- net: sched: fix use-after-free in taprio_change()
(CVE-2024-50127 bsc#1232907).
- commit 88b0d06
- Fix regression on AMDGPU driver (bsc#1233134)
Drop a hunk in an AMDGPU fix patch that caused the missing VT console
and possibly other side-effects.
Refreshed:
patches.suse/drm-amd-display-Check-null-pointers-before-using-the.patch.
- commit c4d3cf0
- Update tags
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-42131 bsc#1228650).
- commit 42963b8
- USB: serial: io_edgeport: fix use after free in debug printk
(git-fixes).
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove (git-fixes).
- ALSA: firewire-lib: fix return value on fail in
amdtp_tscm_init() (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup()
(git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: adv7604: prevent underflow condition when reporting
colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: don't play tricks with underflow values
(git-fixes).
- media: dvbdev: prevent the risk of out of memory access
(git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero
(git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
(git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission
(git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
(git-fixes).
- usb: typec: fix unreleased fwnode_handle in
typec_port_register_altmodes() (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event
(git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
(git-fixes).
- usbip: tools: Fix detach_port() invalid port error path
(git-fixes).
- iio: adc: ad7124: fix division by zero in
ad7124_set_channel_odr() (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg() (git-fixes).
- iio: light: veml6030: fix microlux value calculation
(git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc()
(git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
(git-fixes).
- wifi: iwlwifi: mvm: Fix response handling in
iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode
(git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
(git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
(git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in
.get_txpower (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
(git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device
(stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6
mb1 (stable-fixes).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
(git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform
(stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications
(stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix
initial lid detection issue (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
(stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
(stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module
unload (git-fixes).
- platform/x86: dell-sysman: add support for alienware products
(stable-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
(stable-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
(stable-fixes).
- ASoC: codecs: lpass-rx-macro: add missing
CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- drm/vboxvideo: Replace fake VLA at end of
vbva_mouse_pointer_shape with real VLA (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is
destroyed in probe (git-fixes).
- HID: wacom: Defer calculation of resolution until
resolution_code is known (git-fixes).
- XHCI: Separate PORT and CAPs macros into dedicated file
(stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return
(stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
(stable-fixes).
- commit 4f83ccb
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- commit f7bbf8d
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (git-fixes).
- commit ebda297
- pinctrl: ocelot: fix system hang on level based interrupts
(CVE-2024-50196 bsc#1233113).
- commit 722d7d5
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return
value (CVE-2024-50009 bsc#1232318).
- commit e472c58
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a
- cpufreq: exit() callback is optional (CVE-2024-38615
bsc#1226592).
- commit de52ec2
- cpufreq: Rearrange locking in cpufreq_remove_dev()
(CVE-2024-38615 bsc#1226592).
- commit f83b7ff
- cpufreq: Split cpufreq_offline() (CVE-2024-38615 bsc#1226592).
- commit 71730ce
- cpufreq: Reorganize checks in cpufreq_offline() (CVE-2024-38615
bsc#1226592).
- commit c8f486b
- cpufreq: amd-pstate: fix memory leak on CPU EPP exit
(CVE-2024-40997 bsc#1227853).
- commit bd37b8f
- ext4: fix error message when rejecting the default hash
(bsc#1232264 CVE-2024-49968).
- commit 4678448
- sched/deadline: Fix task_struct reference leak (CVE-2024-41023
bsc#1228430).
- commit 65da526
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167
bsc#1233049).
- net/mlx5e: Don't call cleanup on profile rollback failure
(CVE-2024-50146 bsc#1233056).
- net/mlx5: Fix command bitmask initialization (CVE-2024-50147
bsc#1233067).
- commit 30967e3
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- commit ef49fc2
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082 bsc#1232500)
- commit 0de9297
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (CVE-2024-50108 bsc#1232884)
- commit e6eb1e9
- drm/amd/display: fix double free issue during amdgpu module unload (CVE-2024-49989 bsc#1232483)
- commit 6aee3e2
- Refresh
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch.
- commit c3feb06
- ext4: explicitly exit when ext4_find_inline_entry returns an
error (bsc#1231920 CVE-2024-47701).
- commit dbc663c
- ext4: return error on ext4_find_inline_entry (bsc#1231920
CVE-2024-47701).
- commit 9f6ca1a
- ext4: ext4_search_dir should return a proper error (bsc#1231920
CVE-2024-47701).
- commit 92b7975
- fs/inode: Prevent dump_mapping() accessing invalid
dentry.d_name.name (bsc#1232387 CVE-2024-49934).
- commit 93af37f
- ext4: filesystems without casefold feature cannot be mounted
with siphash (bsc#1232264 CVE-2024-49968).
- commit 84a2529
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid
double-free (bsc#1232096 CVE-2024-49983).
- commit 8cb0c2e
- vfs: fix race between evice_inodes() and find_inode()&iput()
(bsc#1231930 CVE-2024-47679).
- commit 479d388
- ext4: avoid OOB when system.data xattr changes underneath the
filesystem (bsc#1231920 CVE-2024-47701).
- commit 9e7d0c7
- wifi: cfg80211: check A-MSDU format more carefully (stable-fixes
CVE-2024-35937 bsc#1224526).
- blacklist.conf: remove the entry that we're just adding
- commit 81bb44e
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (bsc#1223202 CVE-2024-26906).
- commit 35585b4
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (bsc#1223202 CVE-2024-26906).
- commit fd679d8
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
- Removed the duplicated check of
static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- commit d99887e
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
Ensure that the free_after_mult_rcu_gp field fits into struct hole on
all architecture by cloning struct bpf_map then use static_assert() to
check.
- commit 9056822
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit ed25954
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055 bsc#1232329).
- commit 90fa355
- blk-mq: setup queue ->tag_set before initializing hctx
(CVE-2024-50081 bsc#1232501).
- commit 47f15a1
- block: Avoid leaking hctx->nr_active counter on batched
completion (bsc#1231923).
- commit 06a9b00
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit c192a62
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit 6ba5342
- vhost_vdpa: assign irq bypass producer token correctly
(bsc#1232174 CVE-2024-47748).
- commit 51b6257
- octeontx2-af: avoid off-by-one read from userspace
(CVE-2024-36957 bsc#1225762).
- commit 82a42a7
- Update
patches.suse/scsi-lpfc-Restrict-support-for-32-byte-CDBs-to-specific-HBAs.patch
(git-fixes bsc#1232757 bsc#1228119).
- commit ba604a8
- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit 7dec126
- Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- commit 147923a
- uprobes: fix kernel info leak via "[uprobes]" vma (bsc#1232104
CVE-2024-49975).
- commit 98e2376
- module: abort module loading when sysfs setup suffer errors
(git-fixes).
- Refresh patches.suse/add-suse-supported-flag.patch.
- commit 38f1b15
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 05a71d8
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled
(bsc#1232757).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR
to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting
an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo
handler (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending
CMF_SYNC_WQE (bsc#1232757).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline
(bsc#1232757).
- commit acff620
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
(git-fixes).
- commit 23dff14
- tracing: Consider the NULL character when validating the event
length (git-fixes).
- commit a6be5ae
- uprobe: avoid out-of-bounds memory access of fetching args
(git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer
(git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper
(git-fixes).
- commit c9bed4e
- fgraph: Change the name of cpuhp state to "fgraph:online"
(git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph()
(git-fixes).
- commit 25b5fcd
- fgraph: Use CPU hotplug mechanism to initialize idle shadow
stacks (git-fixes).
- commit 7b587c7
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- commit da4b9b4
- sched: sch_cake: fix bulk flow accounting logic for host
fairness (bsc#1231114 CVE-2024-46828).
- commit 2eff83f
- static_call: Replace pointless WARN_ON() in
static_call_module_notify() (bsc#1232155 CVE-2024-49954).
- commit b3b712c
- static_call: Handle module init failure correctly in
static_call_del_module() (bsc#1232083 CVE-2024-50002).
- commit 14d0312
- static_call: Don't make __static_call_return0 static
(git-fixes).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit e74c3f0
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit bb02e87
- nvmet-auth: assign dh_key to NULL after kfree_sensitive
(git-fixes).
- nvme-multipath: system fails to create generic nvme device
(git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- commit 50acd8c
- mm: split critical region in remap_file_pages() and invoke
LSMs in between (CVE-2024-47745 bsc#1232135 git-fix).
- commit 1436986
- PCI: Fix pci_enable_acs() support for the ACS quirks
(bsc#1229019).
- commit d675594
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- commit 9122478
- NFSv3: only use NFS timeout for MOUNT when protocols are
compatible (bsc#1231016).
- commit 9522cfb
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766 bsc#1230620).
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(git-fixes CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80
- Update
patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
(bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
(git-fixes CVE-2022-48994 bsc#1232119).
- Update
patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
(git-fixes CVE-2022-48951 bsc#1231929).
- Update
patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
(git-fixes CVE-2022-49005 bsc#1232150).
- Update
patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
(git-fixes CVE-2022-48992 bsc#1232071).
- Update
patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
(git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
(CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
(git-fixes CVE-2022-48978 bsc#1232038).
- Update
patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
(git-fixes CVE-2022-48995 bsc#1232120).
- Update
patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
(git-fixes CVE-2022-48967 bsc#1232304).
- Update
patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
(git-fixes CVE-2022-49012 bsc#1232005).
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
(bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
(git-fixes CVE-2022-49024 bsc#1232001).
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(git-fixes CVE-2022-48997 bsc#1232035).
- Update
patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
(git-fixes CVE-2022-48981 bsc#1232229).
- Update
patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
(git-fixes CVE-2022-49026 bsc#1231997).
- Update
patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
(git-fixes CVE-2022-48973 bsc#1232039).
- Update
patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
(git-fixes CVE-2022-48975 bsc#1231885).
- Update
patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
(git-fixes CVE-2022-49010 bsc#1232172).
- Update
patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
(git-fixes CVE-2022-49011 bsc#1232006).
- Update
patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
(git-fixes CVE-2022-49029 bsc#1231995).
- Update
patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
(jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
(git-fixes CVE-2022-49031 bsc#1231992).
- Update
patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
(git-fixes CVE-2022-49032 bsc#1231991).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
(git-fixes CVE-2022-49002 bsc#1232133).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
(git-fixes CVE-2022-49000 bsc#1232123).
- Update
patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
(git-fixes CVE-2022-49028 bsc#1231996).
- Update
patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
(git-fixes CVE-2022-48972 bsc#1232025).
- Update
patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
(git-fixes CVE-2022-48987 bsc#1232067).
- Update
patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
(git-fixes CVE-2022-49019 bsc#1231940).
- Update
patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
(git-fixes CVE-2022-48961 bsc#1232108).
- Update
patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
(git-fixes CVE-2022-49016 bsc#1231937).
- Update
patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
(jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
(git-fixes CVE-2022-49021 bsc#1231939).
- Update
patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
(git-fixes CVE-2022-48955 bsc#1231892).
- Update
patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
(git-fixes CVE-2022-49014 bsc#1231890).
- Update
patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
(git-fixes CVE-2022-49007 bsc#1232170).
- Update
patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
(git-fixes CVE-2022-49003 bsc#1232136).
- Update
patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
(jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
(git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
(bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
(git-fixes CVE-2022-49006 bsc#1232163).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
(git-fixes CVE-2022-48948 bsc#1231896).
- Update
patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
(git-fixes CVE-2022-49023 bsc#1231961).
- Update
patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
(git-fixes CVE-2022-49022 bsc#1231962).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
(CVE-2024-49974 bsc#1232383).
- commit e488dd4
- drm/amd/display: Check null pointers before using them (CVE-2024-49922 bsc#1232374)
- commit 0fa5eef
- Update references in patches.suse/drm-amd-display-Handle-null-stream_status-in-planes_.patch (CVE-2024-49912 bsc#1232367 stable-fixes)
- commit 82ff3c5
- drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (CVE-2024-49911 bsc#1232366)
- commit 647f0fb
- drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (CVE-2024-49923 bsc#1232361)
- commit cd7d6eb
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-DCN30-deg.patch (CVE-2024-49895 bsc#1232352 stable-fixes)
- commit 30b332b
- drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899 bsc#1232358)
- commit debe055
- drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897 bsc#1232355)
- commit 6e6c48e
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-degamma-h.patch (CVE-2024-49894 bsc#1232354 stable-fixes)
- commit 31682a2
- drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (CVE-2024-49909 bsc#1232337)
- commit 40ccde2
- Update references for patches.suse/drm-amd-display-Add-null-check-for-top_pipe_to_progr.patch (CVE-2024-49913 bsc#1232307 stable-fixes)
- commit 809100c
- drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (CVE-2024-49901 bsc#1232305)
- commit 28f4c23
- Update references in patches.suse/drm-amd-display-Check-null-pointer-before-dereferenc.patch (CVE-2024-50049 bsc#1232309 stable-fixes)
- commit dbbbdf6
- Rename to
patches.suse/scsi-pm8001-Do-not-overwrite-PCI-queue-mapping.patch.
An upstream git-fix replaces an existing SUSE-only patch. The
contents are essentially the same, but the meta-data and patch
filename have changed.
- commit 658b404
- Update patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch (stable-fixes bsc#1232335 CVE-2024-49908).
- commit d6e1a21
- drm/amd/display: Check null pointer before try to access it (bsc#1232332 CVE-2024-49906)
- commit afdfd36
- drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369 CVE-2024-49914)
- commit 3d890ab
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- commit a6a7d8b
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- commit 122bc1e
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- commit e1d0f0a
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- commit 9ec5789
- scsi: wd33c93: Don't use stale scsi_pointer value (git-fixes).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs
(git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: elx: libefc: Fix potential use after free in
efc_nport_vport_del() (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup
(git-fixes).
- scsi: mac_scsi: Disallow bus errors during PDMA send
(git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
(git-fixes).
- scsi: smartpqi: revert
propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit
(git-fixes).
- drbd: Add NULL check for net_conf to prevent dereference in
state validation (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count()
(git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure
scanned in again after probe failed (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: core: Handle devices which return an unusually large
VPD page count (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use
(git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions
(git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data
(git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address
to port (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- commit 2156f82
- ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014 bsc#1232446)
- commit a229d89
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006 bsc#1232442)
- commit 5cc362b
- iommu/vt-d: Fix potential lockup if qi_submit_sync called
with 0 count (bsc#1232316 CVE-2024-49993).
- commit add20c9
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959 bsc#1232149)
- commit 6f60278
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881 bsc#1232201)
- commit 0088c10
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- commit 070f449
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit 1bb3615
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info()
in walk_down_proc() (CVE-2024-46841 bsc#1231094).
- commit bf46df8
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883 bsc#1232199)
- commit 2b05f4c
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (git-fixes).
- commit cf1f6ea
- blk_iocost: fix more out of bound shifts (CVE-2024-49933 bsc#1232368)
- commit c639728
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929 bsc#1232253)
- commit 58431d9
- Update references in patches.suse/efistub-tpm-Use-ACPI-reclaim-memory-for-event-log-to.patch (CVE-2024-49858 bsc#1232251 stable-fixes)
- commit 643a630
- tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866 bsc#1232259)
- commit 5a5e6bb
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (CVE-2024-50048 bsc#1232310)
- commit 58eb9a7
- ACPI: PRM: Clean up guid type in struct prm_handler_info
(git-fixes).
- commit 3b24754
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and
context (git-fixes).
- ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (git-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method
(git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions
(stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL
(stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on
HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
(stable-fixes).
- commit 738bedb
- Revert PM changes that caused a regression on S4 resume (bsc#1231578)
The recent PM fixes seem causing a regression and broke the resume from
suspend-to-disk. Revert those temporarily as a workaround.
- commit 214736e
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
(git-fixes bsc#1232632).
- commit c1f0a53
- KVM: s390: Change virtual to physical address access in diag
0x258 handler (git-fixes bsc#1232631).
- commit ff68f2a
- KVM: s390: gaccess: Check if guest address is in memslot
(git-fixes bsc#1232630).
- commit 31c3558
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
(git-fixes).
- commit d909d0d
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- commit cd82099
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058 bsc#1232285).
- commit 34995da
- smb: client: fix UAF in async decryption (bsc#1232418
CVE-2024-50047).
- commit dcba7ec
- Update references in patches.suse/ACPICA-check-null-return-of-ACPI_ALLOCATE_ZEROED-in-.patch (CVE-2024-49962 bsc#1232314 stable-fixes)
- commit f0fdf4d
- Update references in patches.suse/drm-amd-display-Check-stream-before-comparing-them.patch (CVE-2024-49896 bsc#1232221 stable-fixes).
- commit 0424fac
- Update references in patches.suse/drm-amd-pm-ensure-the-fw_info-is-not-null-before-usi.patch (CVE-2024-49890 bsc#1232217 stable-fixes)
- commit 10dd27d
- Update references in patches.suse/drm-amd-display-Initialize-get_bytes_per_element-s-d.patch (CVE-2024-49892 bsc#1232220 stable-fixes)
- commit 53b7a11
- ACPI: battery: Fix possible crash when unregistering a battery hook (CVE-2024-49955 bsc#1232154)
- commit 9b71864
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- commit fe3f1c8
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- commit 3384bbc
- padata: use integer wrap around to prevent deadlock on seq_nr overflow (CVE-2024-47739 bsc#1232124)
- commit d49e07a
- drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (CVE-2024-47720 bsc#1232043)
- commit c17fe2d
- iommu/vt-d: Always reserve a domain ID for identity setup
(git-fixes).
- commit b9c8f77
- btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840 bsc#1231105)
- commit 82b0718
- drm/amd/display: Check null pointers before multiple uses (bsc#1232313 CVE-2024-49920)
- commit 5963a7b
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- commit 28c98ef
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944 CVE-2024-47704)
- commit a3d6750
- selftests/bpf: Add test for lsm tail call (CVE-2024-50063
bsc#1232435).
- bpf: Prevent tail call between progs attached to different hooks
(CVE-2024-50063 bsc#1232435).
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch
- selftests/bpf: Add a test for using a cpumap from an
freplace-to-XDP program (CVE-2024-50063 bsc#1232435).
- bpf: Resolve fext program type when checking map compatibility
(CVE-2024-50063 bsc#1232435).
- Refresh patches.suse/bpf-Fix-null-pointer-dereference-in-resolve_prog_typ.patch
- Refresh patches.suse/bpf-Fix-updating-attached-freplace-prog-in-prog_arra.patch
- commit 0f72f86
- net: mvneta: Fix an out of bounds check (CVE-2022-48966
bsc#1232191).
- commit 8b86532
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit 0f23f49
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035
bsc#1232392).
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949 bsc#1232160).
- net: dsa: sja1105: avoid out of bounds access in
sja1105_init_l2_policing() (CVE-2022-48980 bsc#1232233).
- net: mvneta: Prevent out of bounds read in mvneta_config_rss()
(CVE-2022-48966 bsc#1232191).
- net/9p: Fix a potential socket leak in p9_socket_open
(CVE-2022-49020 bsc#1232175).
- commit f80d8c6
- wifi: rtw89: avoid to add interface to list twice when SER
(CVE-2024-49939 bsc#1232381).
- commit 11b12a3
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- Makefile.compiler: replace cc-ifversion with compiler-specific
macros (bsc#1230414 bsc#1229450).
- commit 333c031
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- commit 18e56f7
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- commit 5011da4
- filelock: fix potential use-after-free in posix_lock_inode
(git-fixes).
- commit a756cfc
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
(git-fixes).
- commit 2d51bab
- debugfs: fix automount d_fsdata usage (git-fixes).
- commit f411859
- erofs: avoid infinite loop in z_erofs_do_read_page() when
reading beyond EOF (git-fixes).
- commit 974bef0
- erofs: fix potential overflow calculating xattr_isize
(git-fixes).
- commit 4298ffd
- erofs: stop parsing non-compact HEAD index if clusterofs is
invalid (git-fixes).
- commit 7d6a607
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- Refresh
patches.suse/mount-warn-only-once-about-timestamp-range-expiratio.patch.
- commit eb6d674
- exportfs: use pr_debug for unreachable debug statements
(git-fixes).
- commit 6f07ce6
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- commit bc3c731
- erofs: avoid consecutive detection for Highmem memory
(git-fixes).
- commit 1f8a3b1
- afs: Revert "afs: Hide silly-rename files from userspace"
(git-fixes).
- commit 514f9ab
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- commit d46e58b
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- commit d50701c
- Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- commit 9eb10ce
- Update patch reference for NTB fix (CVE-2024-50059 bsc#1232345)
- commit 7e7191a
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
(CVE-2024-47745 bsc#1232135).
- commit 20b76bc
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
(CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit 3ab8533
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525
- mm/khugepaged: take the right locks for page table retraction
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4
- mm: gup: fix the fast GUP race against THP collapse
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e
- Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950
bsc#1232159).
- commit 640a739
- net: seeq: Fix use after free vulnerability in ether3 Driver
Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1
- ext4: fix double brelse() the buffer of the extents path
(bsc#1232200 CVE-2024-49882).
- ext4: no need to continue when the number of entries is 1
(bsc#1232140 CVE-2024-49967).
- commit 52da641
- ppp: do not assume bh is held in ppp_channel_bridge_input()
(CVE-2024-49946 bsc#1232164).
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
(CVE-2024-50000 bsc#1232085).
- net/mlx5: Fix error path in multi-packet WQE transmit
(CVE-2024-50001 bsc#1232084).
- ethernet: aeroflex: fix potential skb leak in greth_init_rings()
(CVE-2022-48958 bsc#1231889).
- commit 25ee2f4
- jfs: Fix sanity check in dbMount (git-fixes).
- commit 35da5b4
- drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (CVE-2024-46811 bsc#1231179).
- commit 1bc47f7
- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2
- i3c: master: cdns: Fix use after free vulnerability in
cdns_i3c_master Driver Due to Race Condition (CVE-2024-50061
bsc#1232263).
- commit 6ed9c96
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973 bsc#1232105)
- commit 4e4fc3c
- crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730 bsc#1232075)
- commit 9699bc1
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- commit 368c724
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- commit 0b80db6
- sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710 bsc#1232049)
- commit 5cc4002
- cifs: Fix buffer overflow when parsing NFS reparse points
(bsc#1232089, CVE-2024-49996).
- commit 629d06c
- tipc: re-fetch skb cb after tipc_msg_validate (CVE-2022-49017 bsc#1232004)
- commit b9d33e0
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685 bsc#1231998)
- commit d7fe249
- net: Fix an unsafe loop on the list (CVE-2024-50024 bsc#1231954)
- commit f700b14
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707 bsc#1231935)
- commit 64e3b6a
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045 bsc#1231903)
- commit 727e945
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- commit 3e74daa
- wifi: ath11k: fix array out-of-bound access in SoC stats
(CVE-2024-49930 bsc#1232260).
- commit e11de4c
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
(CVE-2024-49886 bsc#1232196).
- commit b27a545
- Refresh
patches.suse/gpio-pca953x-fix-pca953x_irq_bus_sync_unlock-race.patch.
The gpio-pca953x driver wasn't yet converted to guard-style locking
in kernel v5.14, so use traditional locking directives.
- commit 3464b98
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- commit 105bb8d
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- commit d94196b
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- commit eda3a0b
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- commit 1391273
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- commit 4aef76b
- drm/amd/display: Add null check for head_pipe in
dcn32_acquire_idle_pipe_for_head_pipe_in_layer (CVE-2024-49918
bsc#1231967).
- commit a445095
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- commit b215a2f
- arm64: Add Cortex-715 CPU part definition (git-fixes)
Refresh patches.suse/arm64-Add-Cortex-A520-CPU-part-definition.patch.
Refresh patches.suse/arm64-cputype-Add-Cortex-X4-definitions.patch.
- commit 5d98446
- wifi: mac80211: don't use rate mask for offchannel TX either
(CVE-2024-47738 bsc#1232114).
- wifi: mac80211: don't use rate mask for scanning (CVE-2024-47738
bsc#1232114).
- commit 67fbe82
- drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs
in dcn30_init_hw (bsc#1231965 CVE-2024-49917).
- commit c6bb88b
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (CVE-2024-39476 bsc#1227437).
- commit ee734c0
- ocfs2: reserve space for inline xattr before attaching reflink
tree (bsc#1232151 CVE-2024-49958).
- commit 8a206c2
- kthread: unpark only parked kthread (git-fixes, bsc#1231990,
CVE-2024-50019).
- commit ad67452
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- commit 6a38280
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- commit d16b07d
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- commit 6ee6f75
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- commit 783b4c0
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- commit f222561
- x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116 CVE-2024-47727).
- commit c381359
- fat: fix uninitialized variable (git-fixes).
- commit 457698b
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8
- drm/amd/display: Add null check for head_pipe in
dcn201_acquire_free_pipe_for_layer (CVE-2024-49919 bsc#1231968).
- commit afcb4c9
- dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add()
and dpaa2_switch_acl_entry_remove() (CVE-2022-48957
bsc#1231973).
- commit b3f573c
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033 bsc#1231914).
- i40e: Fix macvlan leak by synchronizing access to
mac_filter_hash (CVE-2024-50041 bsc#1231907).
- commit bf7bdd1
- net: dsa: sja1105: fix memory leak in
sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- commit 0e442b9
- thermal: core: Reference count the zone in
thermal_zone_get_by_id() (CVE-2024-50028 bsc#1231950).
- commit cae3a79
- kabi fix for NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 2c3b231
- NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 8c78cbf
- drm/amdgpu: prevent BO_HANDLES error from being overwritten
(git-fixes).
- commit 33d2548
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- Revert "usb: yurex: Replace snprintf() with the safer
scnprintf() variant" (stable-fixes).
- usb: xhci: Fix problem with xhci resume from suspend
(stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB
sound chip (stable-fixes).
- USB: misc: yurex: fix race between read and write
(stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer
(stable-fixes).
- USB: appledisplay: close race between probe and completion
handler (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020
(stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt
Registration in the Crashkernel Scenario (stable-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset
(stable-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
(git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk
(stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset
fails (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
(git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb
before resubmit (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries
(git-fixes).
- wifi: ath9k: fix possible integer overflow in
ath9k_get_et_stats() (stable-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats
(stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01
(git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error
(stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
(stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination
(stable-fixes).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read()
(git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf()
variant (stable-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug()
(stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe
(stable-fixes).
- commit f956c13
- parport: Proper fix for array out-of-bounds access (git-fixes).
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency() (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in
Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: proximity: mb1232: add missing select
IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: opt3001: add missing full-scale range value
(git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work()
(git-fixes).
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put() (stable-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (stable-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for
debugfs_create_dir() (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
(stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(stable-fixes).
- Input: ads7846 - ratelimit the spi_sync error message
(stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper
(stable-fixes).
- commit dcfb1af
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- Refresh
patches.kabi/restore-renamed-device-IDs-for-USB-HID-devices.patch.
- commit 3c7db56
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- Refresh patches.suse/i2c-xiic-Make-bus-names-unique.patch.
- commit a465fd8
- Bluetooth: btusb: Fix regression with fake CSR controllers
0a12:0001 (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
(git-fixes).
- Bluetooth: Remove debugfs directory on module init failure
(git-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded
device (git-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory
systems (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
(git-fixes).
- drm/msm/dpu: don't always program merge_3d block (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
(git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
(git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized
(git-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume
key (stable-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime
suspend/resume (git-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor
(stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- drm/amd/display: Allow backlight to go below
`AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Validate backlight caps are sane
(stable-fixes).
- drm/amd/display: Check null pointer before dereferencing se
(stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store
invalid bus attribute (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid
corruption (stable-fixes).
- comedi: ni_routing: tools: Check when the file could not be
opened (stable-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters
(stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout
(git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue
(stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC
Determination (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer
(stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it
(stable-fixes).
- drm/amd/display: Add null check for 'afb' in
amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr
(stable-fixes).
- drm/radeon/r100: Handle unknown family in
r100_cp_init_microcode() (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
(stable-fixes).
- drm/amd/display: Handle null 'stream_status' in
'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware
format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma
hardware format translation (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
(stable-fixes).
- drm/amd/display: Check stream before comparing them
(stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd
Portfolio (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
(git-fixes).
- i2c: xiic: improve error message when transfer fails to start
(stable-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
(git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member
(stable-fixes).
- drm/radeon: Replace one-element array with flexible-array member
(stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- commit 9daeadb
- Bluetooth: ISO: Fix multiple init when debugfs is disabled
(git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[] (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X
(stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u
(stable-fixes).
- ALSA: core: add isascii() check to card ID generator
(stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
(stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
(stable-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer
the error (git-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk
(stable-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros
(stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries
(stable-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard
types (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
(stable-fixes).
- ACPI: EC: Do not release locks during operation region accesses
(stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
(stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
(stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package() (stable-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids
(stable-fixes).
- commit f59a49f
- block: fix potential invalid pointer dereference in
blk_add_partition (bsc#1231872 CVE-2024-47705).
- block: print symbolic error name instead of error code
(bsc#1231872).
- commit 629456f
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692
bsc#1231857).
- commit 3ec0b50
- nilfs2: fix kernel bug due to missing clearing of buffer delay
flag (git-fixes).
- commit fa778cc
- Refresh
patches.suse/KVM-Reject-overly-excessive-IDs-in-KVM_CREATE_VCPU.patch
(fix build warning).
- commit 4509600
- ethtool: fail closed if we can't get max channel used in
indirection tables (CVE-2024-46834 bsc#1231096).
- commit 92f1041
- vmxnet3: update to version 9 (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads
(bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3
(bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- commit 11f0889
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes CVE-2024-44931
bsc#1229837).
- commit fd874e3
- gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
(stable-fixes CVE-2024-42253 bsc#1229005).
- commit 1b7d3e6
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- commit e96d6b6
- NFSD: Mark filecache "down" if init fails (git-fixes).
- commit 2bc13b1
- nfs: fix memory leak in error path of nfs4_do_reclaim
(git-fixes).
- commit 78b8702
- nfsd: fix delegation_blocked() to block correctly for at least
30 seconds (git-fixes).
- commit a755d72
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- commit c0a4772
- nfsd: call cache_put if xdr_reserve_space returns NULL
(git-fixes).
- commit bea413a
- nfsd: fix refcount leak when file is unhashed after being found
(git-fixes).
- commit a3bda73
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
(git-fixes).
- commit 1bee667
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (git-fixes).
- commit 5a9ecaa
- NFSv4: Fix clearing of layout segments in layoutreturn
(git-fixes).
- commit 21968b2
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
(git-fixes).
- commit 2bcef50
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- commit 894e3e9
- jfs: check if leafidx greater than num leaves per dmap tree
(git-fixes).
- commit 2a190ef
- jfs: Fix uaf in dbFreeBits (git-fixes).
- commit 77fee8f
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- commit bdbc194
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- commit 06d0a1f
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- commit a59c1e5
- RDMA/hns: Refactor the abnormal interrupt handler function (git-fixes)
Refresh patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- commit 16f4f98
- RDMA/hns: Fix the wrong type of return value of the interrupt handler (git-fixes)
Refresh:
- patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
- commit 10cd6d3
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- commit 05afe22
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit 9910e8f
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- commit bc97910
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- commit d91cca2
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- commit 530c748
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- commit 04af073
- RDMA/srpt: Make slab cache names unique (git-fixes)
- commit d1c01aa
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- commit 5a68e97
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- commit e2cb15f
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- commit a888491
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- commit 21e34e7
- udf: Avoid excessive partition lengths (bsc#1230773
CVE-2024-46777).
- commit 43cca3d
- fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439
CVE-2024-47660).
- commit 66d4cf0
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- commit 2e9108a
- net: test for not too small csum_start in
virtio_net_hdr_to_skb() (git-fixes).
- commit 78a3945
- KVM: fix memoryleak in kvm_init() (git-fixes).
- commit 066c2d8
- kabi: fix after KVM: arm64: mixed-width check should be skipped
for uninitialized vCPUs (git-fixes).
- commit bbf2daf
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff()
(git-fixes).
- commit baf8de4
- kab: fix after net: add more sanity check in
virtio_net_hdr_to_skb() (git-fixes).
- commit e85c3fa
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- commit 880c9eb
- nbd: fix race between timeout and normal completion
(bsc#1230918).
- commit 3f6c035
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
(git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller
is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- commit 27bf420
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C
(git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C
(git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source
(git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete
(git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy
error (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed
(git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed
(git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in
rfcomm_sk_state_change (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
(git-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace
if SND=m (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
(git-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257
(git-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
(git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched
(git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
(git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos
(stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
(stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
(stable-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
(git-fixes).
- commit 05e9a52
- perf/x86/intel: Limit the period on Haswell (bsc#1231072,
CVE-2024-46848).
- commit f8c2996
- sched/smt: Fix unbalance sched_smt_present dec/inc
(CVE-2024-44958 bsc#1230179).
- commit 2c63e21
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(CVE-2024-47673 bsc#1231539).
- commit 775f803
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672 bsc#1231540).
- commit 01e4e8b
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- commit 56416b7
- spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (CVE-2024-47664 bsc#1231442)
- commit c0024fd
- drm/amd/display: Avoid overflow from uint32_t to uint8_t (CVE-2024-47661 bsc#1231496)
- commit 8f65382
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3
- dn_route: set rt neigh to blackhole_netdev instead of
loopback_dev in ifdown (bsc#1216813).
- commit 44138e3
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
in ifdown (bsc#1216813).
- commit 89c7a24
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit faf59f1
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 13cc498
- selftests/bpf: Add a test case to write mtu result into .rodata
(git-fixes).
- commit c1c2650
- selftests/bpf: Add a test case to write strtol result into
.rodata (git-fixes).
- commit 1de69ac
- selftests/bpf: Rename ARG_PTR_TO_LONG test description
(git-fixes).
- commit 6cf4336
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test
(git-fixes).
- commit fd06ef1
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
(git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
(git-fixes).
- commit 6b5690f
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul
helpers (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
(git-fixes).
- bpf: Allow helpers to accept pointers with a fixed size
(git-fixes).
- Refresh patches.suse/bpf-Tidy-up-verifier-check_func_arg.patch
- commit b017693
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL
relocation (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
(git-fixes).
- commit 262d8c3
- KVM: x86: Use a stable condition around all VT-d PI paths
(git-fixes).
- Refresh
patches.suse/KVM-VMX-Don-t-unblock-vCPU-w-Posted-IRQ-if-IRQs-are-.patch.
- commit d33f58c
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- commit fe7fa3e
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k
(git-fixes).
- Refresh
patches.suse/KVM-x86-mmu-Remove-spurious-TLB-flushes-in-TDP-MMU-z.patch.
- commit 6e463a6
- bpf, net: Fix a potential race in do_sock_getsockopt()
(git-fixes).
- net: socket: suppress unused warning (git-fixes).
- commit 62fee56
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- commit 9bc72d6
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
(CVE-2024-45025 bsc#1230456).
- commit 19343d1
- Update kabi files.
Based on October maintenance update:
kernel-64kb-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.ppc64le.rpm
kernel-default-devel-5.14.21-150500.55.83.1.s390x.rpm
kernel-default-devel-5.14.21-150500.55.83.1.x86_64.rpm
so that we can track newly added symbols.
- commit 8427d2e
- KVM: SVM: Disallow guest from changing userspace's
MSR_AMD64_DE_CFG value (git-fixes).
- commit 0b0882c
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM
support is missing (git-fixes).
- commit 26a295a
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE
and MSR_GS_BASE (git-fixes).
- commit 4b12471
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while
single-step is enabled (git-fixes).
- commit 29756fe
- RDMA/mana_ib: use the correct page size for mapping user-mode
doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware
page size (git-fixes).
- commit 4a96266
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- commit ab13605
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step
is enabled (git-fixes).
- commit 9b95067
- add bug reference for a mana change (bsc#1229769).
- commit 279dcec
- KVM: arm64: mixed-width check should be skipped for
uninitialized vCPUs (git-fixes).
- commit 39f0f9f
- bpf, verifier: Correct tail_call_reachable for bpf prog
(git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- commit 41df3fb
- usb: xhci: prevent potential failure in handle_tx_event()
for Transfer events without TRB (CVE-2024-42226 bsc#1228709).
- commit e76988e
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- commit 96c07ae
- bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801
CVE-2024-46754).
- commit 8b4a412
- kvm/arm64: rework guest entry logic (git-fixes).
- Refresh
patches.suse/KVM-arm64-Treat-PMCR_EL1.LC-as-RES1-on-asymmetric-systems.patch.
- commit dfd24e5
- KVM: Pre-allocate cpumasks for
kvm_make_all_cpus_request_except() (git-fixes).
- Refresh
patches.suse/Revert-KVM-set-owner-of-cpu-and-vm-file-operations.patch.
- commit 83b6823
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- commit 709720b
- KVM: Write the per-page "segment" when clearing (part of)
a guest page (git-fixes).
- commit 9811c1e
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace
exit (git-fixes).
- commit 5a089f5
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags
hits ZONE_DEVICE (git-fixes).
- commit a55326d
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe
hyp init (git-fixes).
- commit 2e75c88
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- commit b54be89
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
(git-fixes).
- commit 7476735
- KVM: arm64: Fix AArch32 register narrowing on userspace write
(git-fixes).
- commit 517e742
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in
vgic_v2_parse_attr() (git-fixes).
- commit 9f76023
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
(git-fixes).
- commit 8fff566
- KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table() (git-fixes).
- commit b695d86
- KVM: arm64: Add missing memory barriers when switching to
pKVM's hyp pgd (git-fixes).
- commit 606dda9
- KVM: arm64: vgic-v4: Restore pending state on host userspace
write (git-fixes).
- commit c4e4df2
- Revert "KVM: Prevent module exit until all VMs are freed"
(git-fixes).
- commit 5f68725
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI
(git-fixes).
- commit 1f3e21a
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
(git-fixes).
- commit 89273cb
- KVM: Grab a reference to KVM for VM and vCPU stats file
descriptors (git-fixes).
- commit d99dedf
- kvm: Add support for arch compat vm ioctls (git-fixes).
- commit c1d9461
- KVM: Unconditionally get a ref to /dev/kvm module when creating
a VM (git-fixes).
- commit 7df3401
- KVM: Fix lockdep false negative during host resume (git-fixes).
- commit 72fbff6
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- commit a76a2b9
- net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244 bsc#1226797)
- commit 39420f6
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- commit ddff31f
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
(git-fixes).
- commit 46f17cb
- bpf: Add --skip_encoding_btf_inconsistent_proto,
- -btf_gen_optimized to pahole flags for v1.25 (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- Update config files.
- commit 536f189
- virtio_console: fix misc probe bugs (git-fixes).
- commit 2cea93c
- vhost_vdpa: assign irq bypass producer token correctly
(git-fixes).
- commit e82b017
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- commit aa85f12
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit e949a45
- virtio_net: fixing XDP for fully checksummed packets handling
(git-fixes).
- commit f3d52ed
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- commit 50a25ba
- kbuild,bpf: Add module-specific pahole flags for distilled
base BTF (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414
bsc#1229450).
- kbuild, bpf: Use test-ge check for v1.25-only pahole
(bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26
and later (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: avoid too many execution of scripts/pahole-flags.sh
(bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- commit 05f7b0b
- Use pahole -j1 option for reproducible builds (bsc#1230414
bsc#1229450).
- commit 486aef8
- net: add more sanity check in virtio_net_hdr_to_skb()
(git-fixes).
- commit c9cb665
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- commit 61990ab
- Update
patches.suse/usb-typec-ucsi-Fix-null-pointer-dereference-in-trace.patch
(CVE-2024-46719 bsc#1230722).
Added CVE
- commit 04ed2dd
- efi: fix NULL-deref in init error path (bsc#1229556
CVE-2022-48879).
- commit 41e1770
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit fd93435
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86
- ice: Unbind the workqueue (bsc#1231344).
- commit fa8a96c
- drm/amd/display: Validate function returns (bsc#1230774 CVE-2024-46775)
- commit a72450c
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356
- Delete some more obsolete scripts
- commit 0d4cf12
- char: tpm: Fix possible memory leak in
tpm_bios_measurements_open() (git-fixes).
- commit e53c1af
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- commit a3438e4
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- commit 670f96b
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
(bsc#1226631).
- commit 2c24b8c
- scsi: fnic: Move flush_work initialization out of if block
(bsc#1230055).
- commit 3f71444
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- commit 2a22cf9
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- commit ab862e0
- net: mana: Improve mana_set_channels() in low mem conditions
(bsc#1230289).
- net: mana: Implement get_ringparam/set_ringparam for mana
(bsc#1229891).
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- bonding: change ipsec_lock from spin lock to mutex
(CVE-2024-46678 bsc#1230550).
- bonding: extract the use of real_device into local variable
(CVE-2024-46678 bsc#1230550).
- bonding: implement xdo_dev_state_free and call it after deletion
(CVE-2024-46678 bsc#1230550).
- commit 057bf3f
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- KVM: s390: Fix SORTL and DFLTCC instruction format error in
__insn32_query (git-fixes bsc#1231277).
- commit cce5574
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
(bsc#1228747).
- commit 41a09b7
- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d
- ELF: fix kernel.randomize_va_space double read (CVE-2024-46826 bsc#1231115)
- commit d14eaf0
- powerpc: Allow clearing and restoring registers independent
of saved breakpoint state (bsc#1194869).
- commit fab6193
- powerpc/tlb: Add local flush for page given mm_struct and psize
(bsc#1194869).
- commit 819e69d
- net/mlx5: Fix bridge mode operations when there are no VFs (CVE-2024-46857 bsc#1231087)
- commit b275110
- netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855 bsc#1231085)
- commit b9b2afb
- powerpc/imc-pmu: Use the correct spinlock initializer
(bsc#1054914 fate#322448 git-fixes).
- commit 1a80d47
- powerpc/code-patching: introduce patch_instructions()
(bsc#1194869).
- commit ce19d55
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX
(bsc#1194869).
- commit 347af82
- powerpc/code-patching: Fix oops with DEBUG_VM enabled
(bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching
context (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU
(bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init
(bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping
(bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init()
is done (bsc#1194869).
- powerpc/code-patching: Don't call is_vmalloc_or_module_addr()
without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction()
to ease error handling (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling
(bsc#1194869).
- powerpc/code-patching: Fix error handling in
do_patch_instruction() (bsc#1194869).
- commit 630a906
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages
and fix check() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions
(bsc#1194869).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- commit d1c574c
- powerpc/code-patching: Add generic memory patching
(bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction()
in case of failure (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly
(bsc#1194869).
- commit 358e581
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 1cf5de8
- Refresh sorted patches.
- commit c7484f7
- powerpc/64: Convert patch_instruction() to patch_u32()
(bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc()
(bsc#1194869).
- powerpc/xics: Check return value of kasprintf in
icp_native_map_one_cpu (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root
time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory
(bsc#1194869).
- Refresh patches.suse/powerpc-vdso-Remove-cvdso_call_time-macro.patch
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object
files (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build
(bsc#1194869).
- commit 319aee2
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
(bsc#1054914 fate#322448 git-fixes).
- commit 3f22c10
- cachefiles: fix dentry leak in cachefiles_open_file()
(bsc#1231181).
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231180).
- commit 47c22dc
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
(CVE-2024-46830 bsc#1231116).
- commit 5d5e02e
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- commit 1b1ffa2
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- commit 901f16d
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- commit 0627e93
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- commit e8a76c0
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809 bsc#1231148).
- commit 8c8b606
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- tomoyo: fallback to realpath if symlink's pathname does not
exist (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
(git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
(git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
(git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
(git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
(git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
(stable-fixes).
- commit b15f073
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
(git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
mutexes (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: ilitek_ts_i2c - add report id message validation
(git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
(git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
(git-fixes).
- media: venus: fix use after free bug in venus_remove due to
race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (stable-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
(git-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- commit 0120ced
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/nvme-auth-retry-command-if-DNR-bit-is-not-set.patch
- commit 4effcb1
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit 2398294
- Refresh
patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit ba454fb
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 1959490
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 867d207
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit ec589da
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit fb3eb08
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
(bsc#1199769).
- commit 8283ab9
- scsi: sd: Fix off-by-one error in
sd_read_block_characteristics() (bsc#1223848).
- commit 04f7eb0
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit b81ed11
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b544cf
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
PWM frequency (git-fixes).
- commit 3f7057a
- arm64: dts: rockchip: Correct the Pinebook Pro battery design
capacity (git-fixes).
- commit 7f351fe
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- commit 3d80de5
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (git-fixes).
- commit 293aaa9
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
(bsc#1227885 CVE-2024-40965).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
(bsc#1227885).
- clk: Add a devm variant of clk_rate_exclusive_get()
(bsc#1227885).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk doesn't
work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- commit f4066a3
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 24cf4b5
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
Move patch into the sorted section.
- commit 790aa5a
- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
(stable-fixes CVE-2024-44954 bsc#1230176).
- Update
patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
(git-fixes CVE-2024-46798 bsc#1230830).
- Update
patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
(stable-fixes CVE-2024-46746 bsc#1230751).
- Update
patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
(stable-fixes CVE-2024-46747 bsc#1230752).
- Update
patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
(stable-fixes CVE-2024-46745 bsc#1230748).
- Update
patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
(git-fixes CVE-2024-46744 bsc#1230747).
- Update
patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
(git-fixes CVE-2024-46738 bsc#1230731).
- Update
patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
(bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
(git-fixes CVE-2024-46771 bsc#1230766).
- Update
patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
(git-fixes CVE-2024-46791 bsc#1230821).
- Update
patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
(git-fixes CVE-2024-45011 bsc#1230440).
- Update
patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
(stable-fixes CVE-2024-46732 bsc#1230711).
- Update
patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
(stable-fixes CVE-2024-46773 bsc#1230791).
- Update
patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
(stable-fixes CVE-2024-46726 bsc#1230706).
- Update
patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
(stable-fixes CVE-2024-46714 bsc#1230699).
- Update
patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
(git-fixes CVE-2024-46694 bsc#1230511).
- Update
patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46731 bsc#1230709).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
(stable-fixes CVE-2024-46724 bsc#1230725).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
(stable-fixes CVE-2024-46725 bsc#1230705).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
(stable-fixes CVE-2024-44977 bsc#1230217).
- Update
patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
(stable-fixes CVE-2024-46720 bsc#1230724).
- Update
patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46722 bsc#1230712).
- Update
patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46723 bsc#1230702).
- Update
patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
(git-fixes CVE-2024-44967 bsc#1230224).
- Update
patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
(git-fixes CVE-2024-44982 bsc#1230204).
- Update
patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
(bsc#1229453 CVE-2024-45000 bsc#1230170).
- Update
patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
(bsc#1230592 CVE-2024-46786 bsc#1230813).
- Update
patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
(stable-fixes CVE-2024-46759 bsc#1230814).
- Update
patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
(stable-fixes CVE-2024-46758 bsc#1230812).
- Update
patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
(stable-fixes CVE-2024-46756 bsc#1230806).
- Update
patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
(git-fixes CVE-2024-45028 bsc#1230450).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
(bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
(git-fixes CVE-2024-46676 bsc#1230535).
- Update
patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
(git-fixes CVE-2024-46781 bsc#1230768).
- Update
patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
(git-fixes CVE-2024-46780 bsc#1230808).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
(stable-fixes CVE-2024-46761 bsc#1230761).
- Update
patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
(git-fixes bsc#1229573 CVE-2024-45026 bsc#1230454).
- Update
patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
(git-fixes bsc#1229572 CVE-2024-44969 bsc#1230200).
- Update
patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
(git-fixes CVE-2024-46675 bsc#1230533).
- Update
patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
(git-fixes CVE-2024-46674 bsc#1230507).
- Update
patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
(stable-fixes CVE-2024-46755 bsc#1230802).
- Update
patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
(git-fixes CVE-2024-44948 bsc#1230174).
- Update
patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
(git-fixes CVE-2024-45006 bsc#1230247).
- commit 3ab4fc7
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit 731ca61
- cachefiles: Fix non-taking of sb_writers around set/removexattr
(bsc#1231013).
- commit 8d75b42
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- commit afe0b92
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
(git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
(git-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe
(git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- Refresh
patches.suse/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch.
- commit 1275322
- Update
patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
(stable-fixes CVE-2024-46750 bsc#1230783).
- commit c259807
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit bfe7fd1
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(git-fixes).
- commit 644bf81
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- net: tunnels: annotate lockless accesses to dev->needed_headroom
(CVE-2024-26804 bsc#1222629).
- commit 319c5b5
- kabi: add __nf_queue_get_refs() for kabi compliance.
(bsc#1229633, CVE-2022-48911)
(cherry picked from commit 09526c9424a7fbc2a4d656f79c4ad7878f435ecb)
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
(cherry picked from commit 758c6b1299c09ef730f452c74ec7f72a9327354f)
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 0bf9c36
- drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703 CVE-2024-46728)
- commit 6a51cab
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit e49b867
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 50d4a10
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 813af9f
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit 2bb823b
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit f6fcd8c
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 328d52f
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 33ac85f
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 01729dd
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit 68948b5
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit 65bf6d4
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit dfdb2f8
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 97307dd
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 65fd2b1
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- net: tighten bad gso csum offset check in virtio_net_hdr
(git-fixes).
- commit 34aa4c1
- udp: fix receiving fraglist GSO packets (git-fixes).
- commit fa1c6cd
- xen/swiotlb: fix allocated size (git-fixes).
- commit 6131ead
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit eee6dcc
- xen: tolerate ACPI NVS memory overlapping with Xen allocated
memory (bsc#1226003).
- commit c0747b9
- xen: allow mapping ACPI data using a different physical address
(bsc#1226003).
- commit c94b5d0
- xen: add capability to remap non-RAM pages to different PFNs
(bsc#1226003).
- commit 489b422
- xen: move max_pfn in xen_memory_setup() out of function scope
(bsc#1226003).
- commit 88edee6
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 6843c76
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- commit 262114a
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (git-fixes).
- commit 1d6cee4
- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 305f805
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- commit 8a8aa4d
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit de593a5
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- commit 28bc636
- xen: introduce generic helper checking for memory map conflicts
(bsc#1226003).
- commit b5a62b0
- xen: use correct end address of kernel for conflict checking
(bsc#1226003).
- commit 864cea2
- x86/xen: Convert comma to semicolon (git-fixes).
- commit aea0e48
- net: drop bad gso csum_start and offset in virtio_net_hdr
(git-fixes).
- commit 89b9f35
- crypto: virtio - Wait for tasklet to complete on device remove
(git-fixes).
- commit 3c716ae
- x86/kaslr: Expose and use the end of the physical memory
address space (bsc#1230405).
- commit 3201b4e
- Update references for patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch (CVE-2024-46761 bsc#1230761)
- commit dcc7841
- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit c8c34cc
- Update references for patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch (CVE-2024-46759 bsc#1230814)
- commit 246b51d
- Update references for patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch (CVE-2024-46747 bsc#1230752)
- commit d22b00d
- Update references for patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch (CVE-2024-46745 bsc#1230748)
- commit 584f3d0
- Update references for patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch (CVE-2024-46746 bsc#1230751)
- commit 20864a7
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit 72de3c2
- Update references for patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch (CVE-2024-46786 bsc#1230592 bsc#1230813)
- commit b23da3a
- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit a2b9776
- scsi: lpfc: Copyright updates for 14.4.0.4 patches
(bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology
(bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
attached topology (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
(bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building
an abort request (bsc#1229429).
- scsi: lpfc: Change diagnostic log flag during receipt of
unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- commit 6dfc9ed
- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit dcc83f4
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
(bsc#1230794 CVE-2024-46752).
- btrfs: sink parameter is_data to btrfs_set_disk_extent_flags
(bsc#1230794 CVE-2024-46752).
- commit c2d0eaf
- kABI, crypto: virtio - Handle dataq logic with tasklet
(git-fixes).
- commit 7b17b1c
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl()
(git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps
(git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 14b1d67
- drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701 CVE-2024-46730)
- commit 45e46f9
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd2cc38
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(git-fixes).
- commit 157099e
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 657f164
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(git-fixes).
- commit 24419a8
- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit d0ab63e
- btrfs: do not start relocation until in progress drops are done
(bsc#1229607 CVE-2022-48901).
- Refresh
patches.suse/btrfs-sysfs-update-fs-features-directory-asynchronou.patch.
- commit a5756e7
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 2dc0a89
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit f3e346f
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 2d8f102
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit e09cbac
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 25c83fa
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit 2205648
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit 44ce0f3
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
(git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
occurs (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
(git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
(git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
(git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
(git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
(git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
(git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
(git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
radeon_add_common_modes (git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
(git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
(git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
(git-fixes).
- commit a7fb7f8
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 3bf0292
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit 25632eb
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit 16fd035
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 0a04e5e
- soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689 bsc#1230524)
- commit d574d3c
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit eecf85c
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 23b1681
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 02a056d
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit e4c4047
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 12d1e30
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
(git-fixes).
- commit a4cc5f2
- net: missing check virtio (git-fixes).
- commit 5c4c37d
- virtio_net: checksum offloading handling fix (git-fixes).
- commit d5e193e
- virtio: delete vq in vp_find_vqs_msix() when request_irq()
fails (CVE-2024-37353 bsc#1226875).
- commit 7853f36
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- commit 1d51d93
- virtio: reenable config if freezing device failed (git-fixes).
- commit 92899fb
- virtio-blk: Ensure no requests in virtqueues before deleting
vqs (git-fixes).
- commit 5677525
- virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into
a region of size 10" warnings (git-fixes).
- commit c6eef4e
- virtio/vsock: fix logic which reduces credit update messages
(git-fixes).
- commit ba4fb58
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- commit a7e32aa
- vsock/virtio: remove socket from connected/bound list on
shutdown (git-fixes).
- commit 0f347cf
- virtio_net: use u64_stats_t infra to avoid data-races
(git-fixes).
- commit 463733f
- vsock/virtio: initialize the_virtio_vsock before using VQs
(git-fixes).
- commit 1fec77b
- tools/virtio: fix build (git-fixes).
- commit e7f47cc
- xfs: don't include bnobt blocks when reserving free block pool
(git-fixes).
- commit 3c9db4e
- vsock/virtio: add support for device suspend/resume (git-fixes).
- commit 010c69d
- vsock/virtio: factor our the code to initialize and delete VQs
(git-fixes).
- commit 21a4d2a
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
(git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
(git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
(git-fixes).
- mtd: slram: insert break after errors in parsing the map
(git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
(git-fixes).
- power: supply: Drop use_cnt check from
power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
voltage (git-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
(stable-fixes).
- commit 392a8e2
- Update patches.suse/NFS-never-reuse-a-NFSv4-0-lock-owner.patch
(bsc#1227726 bsc#1230733).
- commit c293534
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit 0e4e6bb
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- Refresh
patches.suse/0001-drm-amdgpu-don-t-use-BACO-for-reset-in-S3.patch.
Add alternative commit ID.
- commit c139057
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- commit daa2cc5
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- commit 1a96576
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- commit 99a4208
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- commit 9dc3dba
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
bcm2835_rng_init (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
(git-fixes).
- Bluetooth: hci_sync: Ignore errors from
HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
(git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
(git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
(git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
measurements (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
(git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit b2930fe
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit bb45424
- x86/xen: Convert comma to semicolon (git-fixes).
- commit f308bb3
- Refresh
patches.suse/virtio-blk-scsi-use-block-layer-helpers-to-calculate.patch.
The compiler is unhappy with the types. Add a cast to tell what the
compiler should do.
- commit aba9465
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(git-fixes).
- commit b3f5137
- usb: uas: set host status byte on data completion error
(git-fixes).
- commit 842e02d
- fscache: delete fscache_cookie_lru_timer when fscache exits
to avoid UAF (bsc#1230592).
- virtiofs: forbid newlines in tags (bsc#1230591).
- commit 03e6dba
- x86/hyperv: fix kexec crash due to VP assist page corruption
(git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
(git-fixes).
- commit f7a5c89
- NFSv4: Add missing rescheduling points in
nfs_client_return_marked_delegations (git-fixes).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
(git-fixes).
- commit 6327192
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- commit 3824ded
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
(git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
(stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145
(stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers
on Sirius devices (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc()
(git-fixes).
- Input: uinput - reject requests with unreasonable number of
slots (stable-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- HID: amd_sfh: free driver_data after destroying hid device
(stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
(stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
(git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
(stable-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA
setup (stable-fixes).
- devres: Initialize an uninitialized struct member
(stable-fixes).
- pcmcia: Use resource_size function on resource object
(stable-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
(stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
(stable-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- usb: uas: set host status byte on data completion error
(stable-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace
(stable-fixes).
- usbip: Don't submit special requests twice (stable-fixes).
- ASoC: topology: Properly initialize soc_enum values
(stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map
controls (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails
(stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in
check_tiling_flags_gfx6 (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used
(stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
(stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
(stable-fixes).
- media: vivid: don't set HDMI TX controls if there are no HDMI
outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane
(stable-fixes).
- media: uvcvideo: Enforce alignment of frame and interval
(stable-fixes).
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (stable-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
(stable-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit
attributes (stable-fixes).
- ACPI: processor: Fix memory leaks in error paths of
processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info()
fails in processor_add() (stable-fixes).
- commit c0216a0
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 5ac8578
- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 12f7852
- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 25df9d1
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- commit 4fb379d
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- usbnet: ipheth: race between ipheth_close and error handling
(git-fixes).
- commit 7ee6be8
- Refresh
patches.suse/USB-serial-option-add-MeiG-Smart-SRM825L.patch.
- commit 7c21712
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit d21e438
- Squashfs: sanity check symbolic link size (git-fixes).
- commit 38be121
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444 CVE-2024-45015)
- commit baea6a3
- media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269 CVE-2023-52916)
- commit 1c1f90d
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- commit 63b4ff1
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- commit 9995679
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (CVE-2024-44971 bsc#1230211)
- commit 6f30d53
- bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989 bsc#1230193)
- commit 656ad24
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 9c6f084
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
(CVE-2024-44970 bsc#1230209).
- commit 204a351
- bonding: fix null pointer deref in bond_ipsec_offload_ok
(CVE-2024-44990 bsc#1230194).
- commit caaca9d
- blk-mq: issue warning when offlining hctx with online isolcpus
(bsc#1229034).
- commit c169848
- Refresh
patches.suse/net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch.
- commit 0ae4275
- media: Revert "media: dvb-usb: Fix unexpected infinite loop
in dvb_usb_read_remote_control()" (git-fixes).
- commit 69c4bbe
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- commit 5094611
- drm/amd/display: fixed integer types and null check locations
(CVE-2024-26767 bsc#1230339).
- commit 91909ca
- Fix KABI for
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- Update
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- commit cbecb11
- net: dsa: mv88e6xxx: Fix out-of-bound access (CVE-2024-44988 bsc#1230192)
- commit e74f32c
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit fd19d1b
- ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986 bsc#1230230)
- commit 6ffd49a
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit e1f3131
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- commit fac58ad
- mm/swap: fix race when skipping swapcache (CVE-2024-26759
bsc#1230340).
- commit 8d9f1de
- filemap: remove use of wait bookmarks (bsc#1224085).
- commit a120011
- VMCI: Fix use-after-free when removing resource in
vmci_resource_remove() (git-fixes).
- iio: fix scale application in
iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error
(git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter
value (git-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
(stable-fixes).
- drm/amd/display: Correct the defined value for
AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream
(stable-fixes).
- drm/bridge: tc358767: Check if fully initialized before
signalling HPD event via IRQ (stable-fixes).
- commit fae29ce
- ALSA: hda/conexant: Mute speakers at suspend / shutdown
(stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at
suspend/shutdown (stable-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions
(stable-fixes).
- drm/amd/pm: check negtive return for table entries
(stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4
(stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode
setting on legacy SOCs (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in
struct kfd_topology_device (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning
(stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
(stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
(stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
(stable-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow
(stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
dal_gpio_service_create (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation
(stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing
reader_wm_sets[] (stable-fixes).
- drm/amd/display: Add array index check for hdcp ddc access
(stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums
greater than 6 (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index
(stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
(stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of
max_vid_step (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
(stable-fixes).
- drm/amdgpu: fix overflowed array index read warning
(stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
amdgpu_afmt_acr (stable-fixes).
- commit 22196ae
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- commit 392d522
- usb: dwc3: st: add missing depopulate in probe error path
(git-fixes).
- commit 5abd1b6
- usb: dwc3: st: fix probed platform device ref count on probe
error path (git-fixes).
- commit 7faef21
- usb: dwc3: omap: add missing depopulate in probe error path
(git-fixes).
- commit 50650b1
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL
is disabled (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate
API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
(git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload
(git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
(git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
(git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with
__maybe_unused (git-fixes).
- commit 3d813e4
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 58d7754
- Restore dropped fields for bluetooth MGMT/SMP structs
(git-fixes).
- commit 697b5de
- usbnet: modern method to get random MAC (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type
(git-fixes).
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP
over BREDR/LE" (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during
mcp251x_open (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered
(git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
(git-fixes).
- commit 2df245a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 85db03a
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- char: xillybus: Check USB endpoints when probing device
(git-fixes).
- char: xillybus: Refine workqueue handling (CVE-2024-45007
bsc#1230175).
- char: xillybus: Don't destroy workqueue from work item running
on it (CVE-2024-45007 bsc#1230175).
- commit 47704bc
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit 6ff419f
- ACPI: SBS: manage alarm sysfs attribute through psy core
(git-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
(git-fixes).
- commit 272cbf0
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- commit 9dc4a6f
- driver core: Add missing parameter description to
__fwnode_link_add() (git-fixes).
- commit b36a347
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit 5e594a9
- ext4: fix infinite loop when replaying fast_commit (bsc#1229394
CVE-2024-43828).
- commit c02cd83
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit 461fe08
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 1129dda
- ext4: make sure the first directory block is not a hole
(bsc#1229364 CVE-2024-42304).
- commit 26f77f8
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit 0d8efe8
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- commit ea6216f
- tcp: add sanity checks to rx zerocopy (CVE-2024-26640
bsc#1221650).
- commit 57d4108
- driver core: fw_devlink: Consolidate device link flag
computation (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being
part of a cycle (git-fixes).
- driver core: fw_devlink: Don't purge child fwnode's consumer
links (git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add wait_for_init_devices_probe helper function
(git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add debug logs when fwnode links are added/deleted
(git-fixes).
- driver core: Create __fwnode_link_del() helper function
(git-fixes).
- driver core: Set deferred probe reason when deferred by driver
core (git-fixes).
- commit 164932e
- net: bridge: switchdev: Skip MDB replays of deferred events
on offload (CVE-2024-26837 bsc#1222973).
- commit 3cf54c6
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- commit 7b935d7
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
(git-fixes).
- commit 2395491
- usb: dwc3: core: Prevent USB core invalid event buffer address
access (git-fixes).
- commit 55d4338
- usb: dwc3: core: Skip setting event buffers for host only
controllers (git-fixes).
- commit 352e074
- nilfs2: fix state management in error path of log writing
function (git-fixes).
- commit d45c3fc
- nilfs2: fix missing cleanup on rollforward recovery error
(git-fixes).
- commit 819efb5
- nilfs2: protect references to superblock parameters exposed
in sysfs (git-fixes).
- commit 85cfeab
- nilfs2: Constify struct kobj_type (git-fixes).
- commit 157952f
- nilfs2: use default_groups in kobj_type (git-fixes).
- commit 9ed2d62
- nilfs2: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 137f088
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 3d57dce
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- commit a8ffc3d
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- commit 264a15d
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- commit e2ccb4d
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- commit 0534ffe
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- commit 21c5e59
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- commit a1743f6
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- commit 823cdf8
- net/sched: act_ct: fix skb leak and crash on ooo frags
(CVE-2023-52610 bsc#1221610).
- commit 57db46f
- netfilter: ctnetlink: use helper function to calculate expect ID
(CVE-2024-44944 bsc#1229899).
- commit 744b379
- sctp: Fix null-ptr-deref in reuseport_add_sock()
(CVE-2024-44935 bsc#1229810).
- commit d4709fe
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: update stats for pages in dropped aux writeback list
(bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230129).
- commit 32e32b0
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 6d0732e
- efi/unaccepted: touch soft lockup during memory accept
(bsc#1225773 CVE-2024-36936).
- commit 29d2eb8
- vdpa: ifcvf: Do proper cleanup if IFCVF init fails (bsc#1225524
CVE-2022-48706).
- commit 023b108
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 717d839
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit b02e597
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 07bd1e3
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- ocfs2: use coarse time for new created files (git-fixes).
- commit 82dc1eb
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit acc20fb
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit c1bc9ca
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit f65ae14
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 3005438
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit b060763
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 264a4ea
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ALSA-usb-audio-Fix-possible-NULL-pointer-dereference.patch
(git-fixes CVE-2023-52904 bsc#1229529).
- Update
patches.suse/ASoC-Intel-sof-nau8825-fix-module-alias-overflow.patch
(git-fixes CVE-2022-48889 bsc#1229545).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update patches.suse/bpf-Add-schedule-points-in-batch-ops.patch
(jsc#PED-1377 CVE-2022-48939 bsc#1229616).
- Update
patches.suse/bpf-Fix-crash-due-to-incorrect-copy_map_value.patch
(jsc#PED-1377 CVE-2022-48940 bsc#1229615).
- Update
patches.suse/btrfs-prevent-copying-too-big-compressed-lzo-segment.patch
(git-fixes CVE-2022-48923 bsc#1229662).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch
(bsc#1206843 CVE-2023-52908 bsc#1229525).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-Fixed-bug-on-error-when-unloading-amdgpu.patch
(bsc#1206843 CVE-2023-52912 bsc#1229588).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update patches.suse/drm-i915-Fix-potential-context-UAFs.patch
(git-fixes CVE-2023-52913 bsc#1229521).
- Update
patches.suse/drm-i915-gt-Cleanup-partial-engine-discovery-failure.patch
(git-fixes CVE-2022-48893 bsc#1229576).
- Update
patches.suse/drm-msm-dpu-Fix-memory-leak-in-msm_mdss_parse_data_b.patch
(git-fixes CVE-2022-48888 bsc#1229546).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
(bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457
bsc#1213632 CVE-2022-48887 bsc#1229547).
- Update
patches.suse/drop_monitor-replace-spin_lock-by-raw_spin_lock.patch
(References: CVE-2021-47546 bsc#1227937 CVE-2024-40980).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update patches.suse/ice-Add-check-for-kzalloc.patch (jsc#PED-376
CVE-2022-48886 bsc#1229548).
- Update
patches.suse/ice-Fix-potential-memory-leak-in-ice_gnss_tty_write.patch
(jsc#PED-376 CVE-2022-48885 bsc#1229564).
- Update
patches.suse/iommu-iova-Fix-alloc-iova-overflows-issue.patch
(git-fixes CVE-2023-52910 bsc#1229523).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-ipv6-ensure-we-call-ipv6_mc_down-at-most-once.patch
(git-fixes CVE-2022-48910 bsc#1229632).
- Update
patches.suse/net-ks8851-Fix-deadlock-with-the-SPI-chip-variant.patch
(git-fixes CVE-2024-41036 bsc#1228496).
- Update
patches.suse/net-ks8851-Queue-RX-packets-in-IRQ-handler-instead-o.patch
(CVE-2024-35971 bsc#1224578 CVE-2024-36962 bsc#1225827).
- Update
patches.suse/net-mlx5-Fix-command-stats-access-after-free.patch
(jsc#PED-1549 CVE-2022-48884 bsc#1229562).
- Update
patches.suse/net-mlx5e-Fix-macsec-possible-null-dereference-when-.patch
(jsc#PED-1549 CVE-2022-48882 bsc#1229558).
- Update
patches.suse/net-mlx5e-IPoIB-Block-PKEY-interfaces-with-less-rx-q.patch
(jsc#PED-1549 CVE-2022-48883 bsc#1229560).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfsd-fix-handling-of-cached-open-files-in-nfsd4_open.patch
(git-fixes CVE-2023-52909 bsc#1229524).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/platform-x86-amd-Fix-refcount-leak-in-amd_pmc_probe.patch
(bsc#1210644 CVE-2022-48881 bsc#1229559).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229190 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- commit 777a4e3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 7d81a29
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit f13afd4
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- Revert "drm/amd/display: Validate hw_points_num before using it"
(stable-fixes).
- drm/amd/display: Validate hw_points_num before using it
(stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all
possible values can be stored (stable-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings
(stable-fixes).
- commit 91b4876
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit d3f6894
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit e13b213
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit 427ff01
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 6961c54
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit 9927afc
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit ff5617f
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit c954239
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- jfs: fix null ptr deref in dtInsertEntry (bsc#1229820
CVE-2024-44939).
- commit 02ccaa1
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit a4daba4
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit d450d98
- drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904 bsc#1229768)
- commit c2331c0
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- commit 2e1b5f5
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ca65d0a
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 32a510a
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 13ec104
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit a558155
- net/sched: act_mpls: Fix warning during failed attribute
validation (CVE-2023-52906 bsc#1229527).
- commit 5be67dc
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit f5f318d
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 5a53e2c
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 31be414
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 9d86cff
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 4342cf9
- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large (CVE-2022-48906 bsc#1229605)
- commit a7a3da6
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit af12745
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 78df5c8
- Reapply "drm/vc4: hdmi: Enforce the minimum rate at
This reverts commit 048f829d4b52520058c31bae2ef1ec08563c460a.
- commit 5126762
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- commit b3fe404
- Add exception protection processing for vd in
axi_chan_handle_err function (CVE-2023-52899 bsc#1229569).
- commit 510675c
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit ccfe5a9
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit 297df1b
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit f41507c
- vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873 bsc#1229488)
- commit d4e35ee
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 91482e3
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9ac27bb
- netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (CVE-2021-47106 bsc#1220962)
- commit e6e6065
- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
is set via ethtool (CVE-2021-47517 bsc#1225428).
- commit f131073
- ethtool: do not perform operations on net devices being
unregistered (CVE-2021-47517 bsc#1225428).
- ethtool: return error from ethnl_ops_begin if dev is NULL
(CVE-2021-47517 bsc#1225428).
- ethtool: runtime-resume netdev parent in ethnl_ops_begin
(CVE-2021-47517 bsc#1225428).
- ethtool: move netif_device_present check from
ethnl_parse_header_dev_get to ethnl_ops_begin (CVE-2021-47517
bsc#1225428).
- ethtool: move implementation of ethnl_ops_begin/complete to
netlink.c (CVE-2021-47517 bsc#1225428).
- commit 2e58867
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 134cc98
- exfat: fix potential deadlock on __exfat_get_dentry_set
(git-fixes).
- commit 2294924
- afs: Don't cross .backup mountpoint from backup volume
(git-fixes).
- commit b94ac2d
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- commit c10d9f9
- ubifs: dbg_orphan_check: Fix missed key type checking
(git-fixes).
- commit aca23b0
- ubifs: Fix adding orphan entry twice for the same inode
(git-fixes).
- commit e42f9e0
- ubifs: Fix unattached xattr inode if powercut happens after
deleting (git-fixes).
- commit ed1af4c
- exfat: fix inode->i_blocks for non-512 byte sector size device
(git-fixes).
- commit a3a46dd
- exfat: redefine DIR_DELETED as the bad cluster number
(git-fixes).
- commit 52b33f6
- exfat: support dynamic allocate bh for exfat_entry_set_cache
(git-fixes).
- commit dd685aa
- nilfs2: Remove check for PageError (git-fixes).
- commit cd97d8f
- drop_monitor: replace spin_lock by raw_spin_lock (References:
CVE-2021-47546 bsc#1227937).
- commit dd4f366
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- commit b7df97b
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- commit 0a0202d
- supported.conf: Sort with tool
No functional change intended
- commit 4d22f17
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 31787dd
- supported.conf: Fix comment placement.
We have a script for automated sorting of this file.
However, it can only work with comments that are placed together with
the module name on the same line, not with comments on their own line.
- commit d1c37d4
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- commit 6daa607
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: disable toggling dormant table state
more than once (CVE-2024-35897 bsc#1224510).
- commit c138803
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit 15b1876
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 081f6b0
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit 4e175b8
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit 4b042b0
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 7074520
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 5731bf5
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 3f2b4eb
- kabi: hide include of ppp files from genksyms (CVE-2024-27016
bsc#1223807).
- commit db3abd4
- net: phy: phy_device: Prevent nullptr exceptions on ISR
(CVE-2024-35945 bsc#1224639).
- net: phy: allow a phy to opt-out of interrupt handling
(CVE-2024-35945 bsc#1224639).
- net: phy: Deduplicate interrupt disablement on PHY attach
(CVE-2024-35945 bsc#1224639).
- commit 2a46e5f
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit f901f47
- netfilter: flowtable: validate pppoe header (CVE-2024-27016
bsc#1223807).
- commit ad249c6
- netfilter: flowtable: Fix QinQ and pppoe support for inet table
(CVE-2024-27016 bsc#1223807).
- commit 0b940a3
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 11d3282
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit 886bbe9
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit 99e9416
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 230ddc2
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 4c196fd
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 52bf670
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 3e4f173
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit ff5170b
- s390/pkey: Wipe sensitive data on failure (bsc#1228727
CVE-2024-42157 git-fixes).
- commit bfb03ba
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229573).
- commit 5bbca6e
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229572).
- commit de7864e
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit 256d260
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit aa78187
- ceph: periodically flush the cap releases (bsc#1225162).
- ceph: issue a cap release immediately if no cap exists
(bsc#1225162).
- commit 3fe7ed5
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- commit 03a8502
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- commit af4907d
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- commit 7de02e0
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- commit 7da24f6
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit 82fce1f
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 7943dda
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit 2f1fd70
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 3e19d8c
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 51cef10
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- commit 87f8b26
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit fa634c1
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit c8788c0
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0f7f361
- arm64: cpufeature: Always specify and use a field width for capabilities (git-fixes)
Refresh patches.suse/arm64-cpufeature-Fix-field-sign-for-DIT-hwcap-detection.patch.
Refresh patches.suse/arm64-cpufeature-Force-HWCAP-to-be-based-on-the-sysreg-visible-to-user-space.patch.
- commit 8d157b0
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- commit 817012e
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit 8e189b9
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit a85e801
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- commit a7d20d9
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 9ffdd2d
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 828e8df
- net: enetc: move enetc_set_psfp() out of the common
enetc_set_features() (CVE-2022-48645 bsc#1223508).
- commit 995bd04
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 7e08cca
- net: tcp: fix unexcepted socket die when snd_wnd is 0
(CVE-2024-41007 bsc#1227863).
- commit 226da79
- net: nsh: Use correct mac_offset to unwind gso skb in
nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit a887eae
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 765d56f
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit ac167d3
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit 245f980
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit eabaf05
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit a2d18fc
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit dabff04
- arm64: errata: Unify speculative SSBS errata logic (git-fixes)
Also update default configuration.
- commit c115971
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 9e86d7f
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit cca3066
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit b5d9595
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh capability reservation patch and enable workarounds.
- commit f1638b8
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 5592cab
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit e63daa2
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 525b096
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 9d204de
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- commit ed48e5e
- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
devm_pm_runtime_enable() (CVE-2024-42319 bsc#1229350).
- commit 7de6296
- remoteproc: imx_rproc: Skip over memory region when node value
is NULL (CVE-2024-43860 bsc#1229319).
- commit eb0027b
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit bb0530e
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 5fa7be4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 0be5a80
- soc: qcom: pdr: protect locator_addr with the main mutex
(CVE-2024-43849 bsc#1229307).
- commit 2a0434d
- wifi: virt_wifi: don't use strlen() in const context
(CVE-2024-43841 bsc#1229304).
- wifi: virt_wifi: avoid reporting connection success with wrong
SSID (CVE-2024-43841 bsc#1229304).
- commit 4c3129e
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 681a377
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- can: mcp251xfd: fix infinite loop when xmit fails
(CVE-2024-41088 bsc#1228469).
- can: mcp251xfd: move TX handling into separate file
(CVE-2024-41088 bsc#1228469).
- commit 11bb8df
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 9abb2d6
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229453).
- commit 803fe7f
- Refresh patches.suse/drm-amd-display-Fix-vs-typos.patch (git-fixes)
Alt-commit
- commit c32dc85
- drm/amd/display: Fix && vs || typos (git-fixes).
- commit e43afc5
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/platform-x86-intel-uncore-freq-Prevent-driver-loading-in-guests.patch.
- commit 90be679
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch.
- commit 7b2122f
- Refresh patches.suse/drm-amd-display-fix-cursor-offset-on-rotation-180.patch (git-fixes)
Alt-commit
- commit 9bfc3c1
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 050ccc2
- Refresh patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch (git-fixes)
Alt-commit
- commit b9a2ae1
- Refresh patches.suse/drm-amd-Flush-GFXOFF-requests-in-prepare-stage.patch (git-fixes)
Alt-commit
- commit 5d001ff
- Refresh patches.suse/drm-amd-display-Preserve-original-aspect-ratio-in-cr.patch (git-fixes)
Alt-commit
- commit 7a0957e
- Refresh patches.suse/0001-drm-amd-display-Implement-bounds-check-for-stream-en.patch (git-fixes)
Alt-commit
- commit 83a8df8
- Refresh patches.suse/0001-drm-amd-display-Add-NULL-test-for-timing-generator-i.patch (git-fixes)
Alt-commit
- commit 96ead93
- Refresh patches.suse/drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch (git-fixes)
Alt-commit
- commit c97f053
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 6eeb5fc
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229418).
- commit e9340b2
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit f56b67a
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit 66923e5
- net/rds: fix possible cp null dereference (git-fixes).
- commit 266afb9
- Refresh
patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git commit and move to sorted section.
- commit 89d3015
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- commit 06d3b72
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- commit fdf3d9e
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- commit 582ab23
- Subject: RDMA/rxe: Handle zero length rdma (git-fixes)
- commit d8ea1d2
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit 6cb46c4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 6a10c09
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 3d017fc
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit 587e4e9
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- commit 1158708
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 79ff759
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit 3aa0f11
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc: Fail build if using recordmcount with binutils v2.37
(bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed()
(bsc#1194869).
- Refresh patches.suse/powerpc-vmlinux.lds-Add-an-explicit-symbol-for-the-S.patch
- powerpc: Mark .opd section read-only (bsc#1194869).
- commit 2160944
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229190).
- commit 8da5fb8
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229188).
- commit f8287f7
- s390/cpacf: Make use of invalid opcode produce a link error
(git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes
bsc#1229187).
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079
bsc#1229187).
- commit ef080ed
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
(stable-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam
Deck revisions (stable-fixes).
- commit e806b26
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab
3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
(stable-fixes).
- commit f4c5b8f
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit e5ad6b1
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void
(git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c
(git-fixes).
- commit d462b94
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit d553d97
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit 1be5f1f
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 06e9d31
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 5b03027
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 1a47b84
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 3ebff38
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 3876087
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 1c4efdd
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit f11ea1a
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit ec733e8
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit dfa3da1
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit c01d7b5
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit 7ba0b5e
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit e8c18c1
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit 4c817e3
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 2c5d7b8
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 430794a
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 9456b6b
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- commit 64f81fd
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 04f92b6
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit aac2b6a
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- commit 7560f66
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- commit 8b41557
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 358a165
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 082b3ea
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit ae18577
- genirq: Take the proposed affinity at face value if force==true
(git-fixes).
- commit 01fe9f9
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit 3bff740
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- net: ks8851: Fix potential TX stall after interface reopen
(git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag
handling (git-fixes).
- commit 7cb23d2
- net: ks8851: Queue RX packets in IRQ handler instead of
disabling BHs (CVE-2024-35971 bsc#1224578).
- net: ks8851: Handle softirqs at the end of IRQ thread to fix
hang (CVE-2024-35971 bsc#1224578).
- net: ks8851: Inline ks8851_rx_skb() (CVE-2024-35971
bsc#1224578).
- net: ks8851: Fix TX stall caused by TX buffer overrun
(gix-fixes).
- commit a0911e3
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled
(bsc#1229034).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs
(bsc#1229034).
- virtio: blk/scsi: use block layer helpers to calculate num of
queues (bsc#1229034).
- scsi: use block layer helpers to calculate num of queues
(bsc#1229034).
- nvme-pci: use block layer helpers to calculate num of queues
(bsc#1229034).
- blk-mq: add number of queue calc helper (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with
blk_mq_dev_map_queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- commit 8efabbc
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC
(git-fixes).
- commit dc74872
- ACPI: bus: Indicate support for the Generic Event Device thru
_OSC (git-fixes).
- Refresh
patches.suse/ACPI-Fix-Generic-Initiator-Affinity-_OSC-bit.patch.
- commit 5e88627
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in
group_cpus_evenly (bsc#1229031).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP
kernels (bsc#1229031).
- blk-mq: Build default queue map via group_cpus_evenly()
(bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/
(bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as
group_cpus_evenly (bsc#1229031).
- genirq/affinity: Don't pass irq_affinity_desc array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty()
where appropriate (bsc#1229031).
- commit 614293b
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
(git-fixes).
- commit 39678ad
- ACPI: x86: s2idle: Post-increment variables when getting
constraints (git-fixes).
- Refresh
patches.suse/ACPI-x86-s2idle-Fix-a-logic-error-parsing-AMD-constr.patch.
- commit f30def6
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/block-add-check-that-partition-length-needs-to-be-aligned-with-block-size.patch
(bsc#1227867 CVE-2024-41000 CVE-2023-52458 bsc#1220428).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
(git-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 05086b1
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- commit 5de370b
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 9250a1e
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- commit 29bbfef
- ACPI: bus: Rework system-level device notification handling
(git-fixes).
- Refresh
patches.suse/ACPI-bus-Ensure-that-notify-handlers-are-not-running.patch.
- commit 7dcab46
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- kernel/irq/irqdomain.c: fix memory leak with using
debugfs_lookup() (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- genirq: Don't return error on missing optional
irq_request_resources() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable
affinities (git-fixes).
- commit 2fd5320
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- commit 096fa1d
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 9870725
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit 2f9875a
- PM: sleep: Fix possible deadlocks in core system-wide PM code
(bsc#1221269 CVE-2023-52498).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- commit 14accb2
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit 77769f2
- net: dsa: fix panic when DSA master device unbinds on shutdown
(CVE-2022-48808 bsc#1227958).
- commit 1e672d7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 082abd5
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit f99b96f
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit ddec32c
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 0d8cf49
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit db1c6e2
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit 13bca15
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- block: add check that partition length needs to be aligned
with block size (bsc#1227867 CVE-2024-41000).
- commit f6a3a4f
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 52582b0
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3fdab8d
- netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042
bsc#1228526).
- Refresh
patches.kabi/netfilter-KABI-workaround-for-CVE-2023-3610-bsc-1213.patch.
- commit 05a5b4a
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit 8a881f9
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit a738a53
- tipc: force a dst refcount before doing decryption (CVE-2024-40983 bsc#1227819).
- commit af53498
- Refresh
patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
Fix KABI restoration also in tracing event message format.
- commit 3bd4a56
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit 6410fe4
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d
- Drop doubly defined References in sound patches
- commit 46ad1df
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
(stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
(git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
format (stable-fixes).
- commit b91fd99
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 8359d86
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1194869).
- commit cc22863
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- ax25: merge repeat codes in ax25_dev_device_down()
(git-fixes CVE-2024-38602 bsc#1226613).
- commit 99f40ab
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit b8cf562
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit 21ebef1
- ax25: Fix reference count leak issue of net_device
(CVE-2024-38554 bsc#1226742).
- commit 802e6bf
- ax25: Fix reference count leak issues of ax25_dev
(CVE-2024-38602 bsc#1226613).
- commit 1e21ae9
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90
- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 51e6ff5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit f28c110
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
CVE-2024-39493).
- commit 14b61d5
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
(git-fixes CVE-2024-40956 bsc#1227810).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
(git-fixes CVE-2024-38588 bsc#1226837).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb
- Update
patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48852 bsc#1228067).
- Update
patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
(jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
(jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48730 bsc#1226713).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
(git-fixes CVE-2022-48809 bsc#1227947).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
(jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6
- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit cd7215b
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit 507f516
- nsh: Restore skb->{protocol,data,mac_header} for outer header
in nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit 6bef246
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- net: core: reject skb_copy(_expand) for fraglist GSO skbs
(CVE-2024-36929 bsc#1225814).
- commit 9a1b478
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
(bsc#1224548 CVE-2024-36000).
- commit bb54a15
- net: enetc: deny offload of tc-based TSN features on VF
interfaces (CVE-2022-48645 bsc#1223508).
- commit 020db72
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit d1b1ed5
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 9249ead
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit a021822
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit d6c3d9d
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 8c80fa1
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit ba6e5c8
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit c3c9515
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845
- blk-cgroup: dropping parent refcount after pd_free_fn() is done
(bsc#1224573).
- commit 87d4ac6
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 3c731c9
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 43f2501
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 568c7dd
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 65556f4
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- commit 3b8e93d
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 4f042e1
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit e559e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
is paused (git-fixes).
- commit 81d45da
- wifi: mac80211: handle tasklet frames before stopping
(stable-fixes).
- commit 51c6566
- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
(stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
(stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
(git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
(stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
(stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
(stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
(stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
(stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
(stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
(stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
(stable-fixes).
- mei: demote client disconnect warning on suspend to debug
(stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
(stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
(stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
(stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
(stable-fixes).
- commit 38d8033
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit 9b9175d
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 3a2120b
- jfs: don't walk off the end of ealist (bsc#1228403
CVE-2024-41017).
- commit 553b2ef
- ext4: do not create EA inode under buffer lock (bsc#1227910
CVE-2024-40972).
- commit aacd3b6
- ext4: fold quota accounting into
ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857
- ext4: fix mb_cache_entry's e_refcnt leak in
ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749
- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- ceph: fix incorrect kmalloc size of pagevec mempool
(bsc#1228418).
- commit 2230e72
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 80ce1bf
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 38c1d39
- mptcp: remove tcp ulp setsockopt support
(CVE-2021-47591 bsc#1226570).
- commit 2079fc2
- Refresh
patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 05ae86a
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 875e673
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e
- devres: Fix memory leakage caused by driver API
devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
(git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b
- bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512
- drm/radeon: check bo_va->bo is non-NULL before using it
(stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
(stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
(stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
(stable-fixes).
- commit a18e5d0
- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
bsc#1227919).
- commit 6169baf
- wifi: mt76: mt7921s: fix potential hung tasks during chip
recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4
- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
bsc#1227899).
- commit 713bbc3
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2
- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67
- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558
- net/rds: fix WARNING in rds_conn_connect_if_down (CVE-2024-27024
bsc#1223777).
- commit eedb0bb
- smb: client: fix use-after-free in smb2_query_info_compound()
(bsc#1225489, CVE-2023-52751).
- commit a32502b
- bpf: Set run context for rawtp test_run callback (bsc#1227783
CVE-2024-40908).
- commit 3bc3979
- ipv6: prevent possible NULL dereference in rt6_probe()
(CVE-2024-40960 bsc#1227813).
- commit 33bfa43
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
(git-fixes).
- commit e67818e
- cachefiles: flush all requests after setting CACHEFILES_DEAD
(bsc#1227797 CVE-2024-40935).
- commit f7e6672
- xfs: Add cond_resched to block unmap range and reflink remap
path (bsc#1228226).
- commit 398a1d5
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6
- PCI: Introduce cleanup helpers for device reference counts
and locks (git-fixes).
- commit 4645732
- PCI: tegra194: Set EP alignment restriction for inbound ATU
(git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- commit b5dfbee
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit f84afd1
- ipv6: prevent possible NULL deref in fib6_nh_init()
(CVE-2024-40961 bsc#1227814).
- commit 09176fe
- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56
- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
(bsc#1227732 CVE-2024-39508).
- commit 9c3b469
- mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f
- usb: typec: tcpm: clear pd_event queue in PORT_RESET
(git-fixes).
- commit 8782764
- netrom: Fix a memory leak in nr_heartbeat_expiry()
(CVE-2024-41006 bsc#1227862).
- commit fa76ffa
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
(git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
(git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
and locks (stable-fixes).
- commit a5ba589
- usb: gadget: call usb_gadget_check_config() to verify UDC
capability (git-fixes).
- commit a789eca
- usb: cdns3: fix iso transfer error when mult is not zero
(git-fixes).
- commit 24ef45f
- usb: cdns3: fix incorrect calculation of ep_buf_size when more
than one config (git-fixes).
- commit 1aee554
- usb: cdns3: allocate TX FIFO size according to composite EP
number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228190).
- commit 7cce822
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
is true (git-fixes).
- Refresh
patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84
- usb: cdns3: optimize OUT transfer by copying only actual
received data (git-fixes).
- commit 909f26f
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- commit 82de9d3
- usb: cdns3: improve handling of unaligned address case
(git-fixes).
- commit ada0d19
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
(bsc#1227121 ltc#207129).
- commit 2fe1c33
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Input: elan_i2c - do not leave interrupt disabled on suspend
failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
(git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
(stable-fixes).
- crypto: ecdsa - Fix the public key format description
(git-fixes).
- commit daf9e8d
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
(git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
(git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
(stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
(stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
(stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
(stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
(stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
(stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
(stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
(stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
(stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
(stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
(stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
(stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
(stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
(stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd
- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
(git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
prepare() (git-fixes).
- commit 7e23de0
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
(stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
(stable-fixes).
- commit df254fc
- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 39544d5
- mptcp: ensure snd_una is properly initialized on connect
(CVE-2024-40931 bsc#1227780).
- commit 8410912
- bnxt_en: Adjust logging of firmware messages in case of released
token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7
- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a
- nilfs2: fix incorrect inode allocation from reserved inodes
(git-fixes).
- commit 84d8b23
- nilfs2: convert persistent object allocator to use kmap_local
(git-fixes).
- commit 5ccbbbd
- nilfs2: add missing check for inode numbers on directory entries
(git-fixes).
- commit 907b3f0
- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa
- jffs2: Fix potential illegal address access in jffs2_free_inode
(git-fixes).
- commit 03a6330
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24
- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit 2476f39
- Refresh
patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759
- xfs: fix log recovery buffer allocation for the legacy h_size
fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
(git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
(git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
(git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
(git-fixes).
- leds: triggers: Flush pending brightness before activating
trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee
- Update
patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
(CVE-2024-36889 bsc#1225746).
- commit cf8a3ad
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8
- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9
- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8
- mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889).
- commit d97efaf
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff
- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
bsc#1225851).
- commit f863dba
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977
- r8169: Fix possible ring buffer corruption on fragmented Tx
packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- commit cee3770
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94
- wifi: rtw89: Fix array index mistake in
rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
(git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
(git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
(git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
(git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
(git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
(git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
(git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
(git-fixes).
- drm/gma500: fix null pointer dereference in
cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
(git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
(git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
(git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
(git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
(git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
(git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
(git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
(git-fixes).
- nfsd: don't free files unconditionally in
__nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
(git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
(git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
(git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
(git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
(git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
(git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
(git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
(git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
(git-fixes).
- NFSD: verify the opened dentry after setting a delegation
(git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
(git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
(git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
(git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
(git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
(git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
(git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
(git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
(git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
(git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
(git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(git-fixes).
- commit e973410
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug# reference
- commit 354086f
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- commit b5e215c
- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370
- net/mlx5: Always stop health timer during driver removal
(CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c
- usb: dwc3: gadget: Synchronize IRQ between soft
connect/disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2
- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c
- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc
- hfsplus: fix to avoid false alarm of circular locking
(git-fixes).
- commit 88f4150
- net/mlx5: Register devlink first under devlink lock
(CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
bsc#1222799).
- commit b9232bb
- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
bsc#1221010).
- commit 6ef4a6c
- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
bsc#1226565).
- commit 994eb84
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841
- ionic: fix use after netif_napi_del() (CVE-2024-39502
bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
race (git-fixes).
- commit f8dee1e
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e
- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
(CVE-2024-35853 bsc#1224604).
- commit e216456
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9
- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
bsc#1224414).
- commit 3644194
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 4ab465a
- tracing/net_sched: NULL pointer dereference in
perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5
- tracing: Build event generation tests only as modules
(git-fixes).
- commit 383ccf7
- cachefiles: add output string to
cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c
- ftrace: Fix possible use-after-free issue in ftrace_location()
(git-fixes).
- commit f6aba47
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b
- netfilter: nf_tables: do not compare internal table flags on
updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba
- csky: ftrace: Drop duplicate implementation of
arch_check_ftrace_location() (git-fixes).
- commit c9c9bba
- net/smc: avoid data corruption caused by decline (bsc#1225088
CVE-2023-52775).
- commit 7b97698
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7
- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
bsc#1223806).
- commit 6af6de1
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947
- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
bsc#1220952).
- commit 3d5c321
- tipc: check for null after calling kmemdup (CVE-2021-47186
bsc#1222702).
- commit 34af8f8
- i2c: rcar: bring hardware to known state when probing
(git-fixes).
- i2c: testunit: avoid re-issued work after read message
(git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0
- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
(git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
(git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
(stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
(stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
(stable-fixes).
- drm/amd/display: Check index msg_id before read or write
(stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
(stable-fixes).
- commit 7c70cdc
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit eaeef60
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
is out-of-bounds (git-fixes).
- commit 9ec2217
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
(git-fixes).
- commit 8bd778f
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1227162).
- commit 71773a0
- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
IDs (git-fixes).
- commit bf2b1de
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942 bsc#1225843).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944 bsc#1225847).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
(git-fixes CVE-2024-39475 bsc#1227435).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950 bsc#1225895).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947 bsc#1225856).
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
invalid target (git-fixes).
- commit 112065d
- KVM: x86: Purge "highest ISR" cache when updating APICv state
(git-fixes).
- commit a129b88
- KVM: x86: Disable APIC logical map if vCPUs are aliased in
logical mode (git-fixes).
- commit 8d68b06
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: x86: Disable APIC logical map if logical ID covers multiple
MDAs (git-fixes).
- commit 0357410
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
setup (git-fixes).
- commit 288a73b
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- KVM: x86: Explicitly track all possibilities for APIC map's
logical modes (git-fixes).
- commit 2cf1fb4
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
LDR==0 (git-fixes).
- commit d6f5973
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
routes (git-fixes).
- commit a815f21
- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
in CPUID (git-fixes).
- commit ccf2508
- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- commit ee1e789
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
Misconfig (git-fixes).
- commit 0d2641d
- KVM: VMX: Report up-to-date exit qualification to userspace
(git-fixes).
- commit 606216a
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- commit 7f61c0e
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
(git-fixes).
- commit eea9593
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6
- Refresh
patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 69cbb3f
- Refresh
patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 8238035
- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d
- btrfs: use dev_t to match device in device_matched
(bsc#1227162).
- commit 4a1fa42
- btrfs: add device major-minor info in the struct btrfs_device
(bsc#1227162).
- commit 297d7e5
- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd
- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c
- btrfs: remove the cross file system checks from remap
(bsc#1227157).
- commit b30d559
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
In order to apply current patch need to refresh:
arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d
- selftests/bpf: test case for callback_depth states pruning logic
(bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
(bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
(bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
(bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
(bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
(bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
(bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
(bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
(bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
expected messages (bsc#1225903).
- commit d974185
- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit dccf281
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit a961424
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(CVE-2024-36939 bsc#1225838).
- commit 1e7c712
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272).
- commit a570654
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- netfilter: conntrack: ignore overly delayed tcp packets
(bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
(bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
(bsc#1223180).
- commit f482451
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557
- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
fixed incorrect bug number reference
- commit 999a0f9
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit a6082a0
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
CVE-2023-52580).
- commit 0ff3299
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
(sched)).
- commit 27be692
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(git-fixes).
- commit 4c4245d
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1
- drm/nouveau: fix null pointer dereference in
nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
(stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
(stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
(stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
(git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
(stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
(stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
(stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
(stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
(stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
(stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
(stable-fixes).
- commit 7f3043b
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef
- bpf: check bpf_func_state->callback_depth when pruning states
(bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
func exit (bsc#1225903).
- commit d19d633
- bcache: fix variable length array abuse in btree_iter
(CVE-2024-39482 bsc#1227447).
- commit 17815f2
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 450645b
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 2baf830
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit 47079b2
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
(git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(git-fixes).
- commit 2b22fa3
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
(bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
(bsc#1225903).
- commit c363b0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505 CVE-2021-47547).
- commit 9f2e6d7
- Update
patches.suse/arm64-mm-Batch-dsb-and-isb-when-populating-pgtables.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-for-allocate-vs-populate.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-per-cont-pte-pmd-block.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-don-t-acquire-mutex-when-rewriting-swapper.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch
(jsc#PED-8690 bsc#1226202).
- commit 6a3ad32
- Update
patches.suse/usb-gadget-printer-fix-races-against-disable.patch
(CVE-2024-25741 bsc#1219832).
- commit ad103cc
- md: fix resync softlockup when bitmap size is less than array
size (CVE-2024-38598, bsc#1226757).
- commit 63bdd4c
- Replaced by upstream version and add CVE-2024-35979 bsc#1224572 References,
patches.suse/raid1-fix-use-after-free-for-original-bio-in-raid1_w-fcf3.patch.
- commit b286e82
- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
CVE-2024-35805).
- commit cd48313
- llc: make llc_ui_sendmsg() more robust against bonding changes
(CVE-2024-26636 bsc#1221659).
- commit ecb089c
- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
bsc#1221656).
- commit 1100e9f
- usb: gadget: u_audio: Fix race condition use of controls after
free during gadget unbind (CVE-2024-38628 bsc#1226911).
- commit 9098f97
- usb: gadget: u_audio: clean up some inconsistent indenting
(CVE-2024-38628 bsc#1226911).
- commit 59d56d9
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
(CVE-2024-26641 bsc#1221654).
- commit 41bffae
- hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021
CVE-2024-26863).
- commit f065753
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633 bsc#1221647).
- commit f5f5027
- gfs2: Fix potential glock use-after-free on unmount (bsc#1226775
CVE-2024-38570).
- gfs2: Rename sd_{ glock => kill }_wait (bsc#1226775
CVE-2024-38570).
- gfs2: Use container_of() for gfs2_glock(aspace) (bsc#1226775
CVE-2024-38570).
- commit 1854bb6
- io_uring: check for non-NULL file pointer in io_file_can_poll()
(bsc#1226990 CVE-2024-39371).
- commit f9fcf1f
- fs/9p: fix uninitialized values during inode evict (bsc#1225815
CVE-2024-36923).
- commit 40f7a6e
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot
of subvolume being deleted (bsc#1221282).
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1221282 CVE-2024-26644 bsc#1222072).
- commit 7829d14
- btrfs: fix crash on racing fsync and size-extending write into
prealloc (bsc#1227101 CVE-2024-37354).
- commit 899b45b
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit f847397
- kbuild: do not include include/config/auto.conf from shell
scripts (bsc#1227274).
- commit c743753
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an
assertion msg (git-fixes).
- commit d600a63
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected
(git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND
identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper
layers (git-fixes).
- commit 69e8827
- bpf: keep track of max number of bpf_loop callback iterations
(bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- commit 4740932
- bpf: verify callbacks as if they are called unknown number of
times (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: clean up visit_insn()'s instruction processing
(bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- bpf: Remove unused insn_cnt argument from
visit_[func_call_]insn() (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- commit 4cfaa45
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in
strobemeta (bsc#1225903).
- bpf: print full verifier states on infinite loop detection
(bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- commit 319cd93
- Update
patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
(git-fixes CVE-2021-47600 bsc#1226575).
- Update
patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
(bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
(git-fixes CVE-2021-47618 bsc#1226644).
- Update
patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
(git-fixes CVE-2022-48739 bsc#1226675).
- Update
patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
(git-fixes CVE-2022-48717 bsc#1226679).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
(git-fixes CVE-2022-48736 bsc#1226721).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
(git-fixes CVE-2022-48737 bsc#1226762).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
(git-fixes CVE-2022-48738 bsc#1226674).
- Update
patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
(git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
(git-fixes CVE-2022-48728 bsc#1226691).
- Update
patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
(jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
(git-fixes CVE-2022-48765 bsc#1226697).
- Update
patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
(git-fixes CVE-2022-48727 bsc#1226690).
- Update
patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
(git-fixes CVE-2022-48763 bsc#1226628).
- Update
patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
(git-fixes CVE-2021-47617 bsc#1226614).
- Update
patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
(jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
(jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
(jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
(jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
(git-fixes CVE-2022-48726 bsc#1226686).
- Update
patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
(git-fixes CVE-2022-48760 bsc#1226712).
- Update
patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
(git-fixes CVE-2021-47582 bsc#1226559).
- Update
patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
(git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
(bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
(git-fixes CVE-2021-47607 bsc#1226580).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
(bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
bsc#1226569).
- Update
patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
(bsc#1224488 CVE-2024-35905).
- Update
patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
(bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
(bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
(bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-48730 bsc#1226713).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(git-fixes CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(git-fixes CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(git-fixes CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
(CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
(git-fixes CVE-2022-48769 bsc#1226629).
- Update
patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
(bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
(git-fixes CVE-2021-47609 bsc#1226562).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
(git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
(jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
(git-fixes CVE-2021-47597 bsc#1226553).
- Update
patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
(bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
(git-fixes CVE-2022-48724 bsc#1226624).
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
(stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
CVE-2021-4439 bsc#1226670).
- Update
patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
(git-fixes CVE-2021-47602 bsc#1226554).
- Update
patches.suse/mac80211-validate-extended-element-ID-is-present.patch
(git-fixes CVE-2021-47611 bsc#1226583).
- Update
patches.suse/media-mxl111sf-change-mutex_init-location.patch
(git-fixes CVE-2021-47583 bsc#1226563).
- Update
patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
(git-fixes CVE-2022-48743 bsc#1226705).
- Update
patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
(bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48722 bsc#1226619).
- Update
patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
(git-fixes CVE-2022-48720 bsc#1226683).
- Update
patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
(git-fixes CVE-2022-48745 bsc#1226702).
- Update
patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
(git-fixes CVE-2022-48744 bsc#1226696).
- Update
patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
(git-fixes CVE-2022-48746 bsc#1226703).
- Update
patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
(git-fixes CVE-2022-48721 bsc#1226685).
- Update
patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
(git-fixes CVE-2022-48751 bsc#1226653).
- Update
patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
(git-fixes CVE-2021-47586 bsc#1226561).
- Update
patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
(git-fixes CVE-2021-47592 bsc#1226572).
- Update
patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
(git-fixes CVE-2021-47587 bsc#1226567).
- Update
patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
(git-fixes CVE-2021-47612 bsc#1226585).
- Update
patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
(bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
(git-fixes CVE-2022-48754 bsc#1226692).
- Update
patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
(bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
(git-fixes CVE-2022-48759 bsc#1226711).
- Update
patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
(git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
(git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
(git-fixes CVE-2021-47578 bsc#1226539).
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(git-fixes CVE-2021-47580 bsc#1226550).
- Update
patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
(git-fixes CVE-2021-47576 bsc#1226537).
- Update
patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
(git-fixes CVE-2022-48740 bsc#1226699).
- Update
patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
(git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
(jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
(bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
(git-fixes CVE-2022-48768 bsc#1226720).
- Update
patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
(git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- commit cc322a0
- X.509: Fix the parser of extended key usage for length
(bsc#1218820).
- commit c5d6d23
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- bpf: correct loop detection for iterators convergence
(bsc#1225903).
- commit c7253b6
- bpf: exact states comparison for iterator convergence checks
(bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c
(bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids()
(bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- commit 7f3ee03
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- commit 3786246
- Update
patches.suse/1203-drm-mxsfb-Fix-NULL-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48718 bsc#1226616).
- Update
patches.suse/1250-drm-amd-display-Wrap-dcn301_calculate_wm_and_dlg-for.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48766 bsc#1226704).
- Update
patches.suse/1327-drm-msm-Fix-null-ptr-access-msm_ioctl_gem_submit.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47610 bsc#1226581).
- Update
patches.suse/ALSA-Fix-deadlocks-with-kctl-removals-at-disconnecti.patch
(stable-fixes CVE-2024-38600 bsc#1226864).
- Update
patches.suse/ALSA-core-Fix-NULL-module-pointer-assignment-at-card.patch
(git-fixes CVE-2024-38605 bsc#1226740).
- Update
patches.suse/ALSA-hda-cs_dsp_ctl-Use-private_free-for-control-cle.patch
(git-fixes CVE-2024-38388 bsc#1226890).
- Update
patches.suse/ALSA-timer-Set-lower-bound-of-start-tick-time.patch
(stable-fixes git-fixes CVE-2024-38618 bsc#1226754).
- Update
patches.suse/ASoC-kirkwood-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-38550 bsc#1226633).
- Update
patches.suse/Input-cyapa-add-missing-input-core-locking-to-suspen.patch
(git-fixes CVE-2023-52884 bsc#1226764).
- Update
patches.suse/KEYS-trusted-Do-not-use-WARN-when-encode-fails.patch
(git-fixes CVE-2024-36975 bsc#1226520).
- Update
patches.suse/KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch
(git-fixes CVE-2024-36967 bsc#1226131).
- Update
patches.suse/RDMA-hns-Fix-deadlock-on-SRQ-async-events.patch
(git-fixes CVE-2024-38591 bsc#1226738).
- Update
patches.suse/RDMA-hns-Modify-the-print-level-of-CQE-error.patch
(git-fixes CVE-2024-38590 bsc#1226839).
- Update
patches.suse/RDMA-rxe-Fix-seg-fault-in-rxe_comp_queue_pkt.patch
(git-fixes CVE-2024-38544 bsc#1226597).
- Update
patches.suse/block-fix-memory-leak-in-disk_register_independent_a.patch
(jsc#PED-1183 CVE-2022-48753 bsc#1226693).
- Update
patches.suse/bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch
(git-fixes CVE-2024-38540 bsc#1226582).
- Update
patches.suse/bpf-Guard-against-accessing-NULL-pt_regs-in-bpf_get_.patch
(jsc#PED-1377 CVE-2022-48770 bsc#1226730).
- Update
patches.suse/bpf-Use-VM_MAP-instead-of-VM_ALLOC-for-ringbuf.patch
(jsc#PED-1377 CVE-2022-48714 bsc#1226622).
- Update
patches.suse/btrfs-fix-use-after-free-after-failure-to-create-a-s.patch
(git-fixes CVE-2022-48733 bsc#1226718).
- Update
patches.suse/cppc_cpufreq-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38573 bsc#1226739).
- Update patches.suse/crypto-bcm-Fix-pointer-arithmetic.patch
(git-fixes CVE-2024-38579 bsc#1226637).
- Update
patches.suse/drm-amd-display-Fix-division-by-zero-in-setup_dsc_co.patch
(stable-fixes CVE-2024-36969 bsc#1226155).
- Update
patches.suse/drm-amd-display-Fix-potential-index-out-of-bounds-in.patch
(git-fixes CVE-2024-38552 bsc#1226767).
- Update
patches.suse/drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
(stable-fixes CVE-2024-39471 bsc#1227096).
- Update
patches.suse/drm-amdgpu-mes-fix-use-after-free-issue.patch
(stable-fixes CVE-2024-38581 bsc#1226657).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548).
- Update
patches.suse/drm-mediatek-Add-0-size-check-to-mtk_drm_gem_obj.patch
(git-fixes CVE-2024-38549 bsc#1226735).
- Update
patches.suse/drm-msm-a6xx-Avoid-a-nullptr-dereference-when-speedb.patch
(git-fixes CVE-2024-38390 bsc#1226891).
- Update
patches.suse/drm-vc4-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38546 bsc#1226593).
- Update
patches.suse/drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-event.patch
(git-fixes CVE-2024-36960 bsc#1225872).
- Update
patches.suse/efi-libstub-only-free-priv.runtime_map-when-allocate.patch
(git-fixes CVE-2024-33619 bsc#1226768).
- Update
patches.suse/io-wq-check-for-wq-exit-after-adding-new-worker-task.patch
(bsc#1205205 CVE-2021-47577 bsc#1226538).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848).
- Update
patches.suse/media-atomisp-ssh_css-Fix-a-null-pointer-dereference.patch
(git-fixes CVE-2024-38547 bsc#1226632).
- Update
patches.suse/media-lgdt3306a-Add-a-check-against-null-pointer-def.patch
(stable-fixes CVE-2022-48772 bsc#1226976).
- Update
patches.suse/media-stk1160-fix-bounds-checking-in-stk1160_copy_vi.patch
(git-fixes CVE-2024-38621 bsc#1226895).
- Update
patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
(git-fixes CVE-2022-48748 bsc#1226647).
- Update
patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
(bsc#1207361 CVE-2021-47595 bsc#1226552).
- Update
patches.suse/netfilter-complete-validation-of-user-input.patch
(CVE-2024-35896 bsc#1224662 git-fixes CVE-2024-35962
bsc#1224583).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch
(stable-fixes CVE-2024-38582 bsc#1226658).
- Update
patches.suse/nilfs2-fix-use-after-free-of-timer-for-log-writer-th.patch
(git-fixes CVE-2024-38583 bsc#1226777).
- Update
patches.suse/powerpc64-bpf-Limit-ldbrx-to-processors-compliant-wi.patch
(jsc#PED-1377 CVE-2022-48755 bsc#1226706).
- Update
patches.suse/remoteproc-mediatek-Make-sure-IPI-buffer-fits-in-L2T.patch
(git-fixes CVE-2024-36965 bsc#1226149).
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893 CVE-2024-38601 bsc#1226876).
- Update
patches.suse/scsi-qla2xxx-Fix-off-by-one-in-qla_edif_app_getstats.patch
(git-fixes CVE-2024-36025 bsc#1225704).
- Update
patches.suse/serial-max3100-Lock-port-lock-when-calling-uart_hand.patch
(git-fixes CVE-2024-38634 bsc#1226868).
- Update
patches.suse/serial-max3100-Update-uart_driver_registered-on-driv.patch
(git-fixes CVE-2024-38633 bsc#1226867).
- Update
patches.suse/soundwire-cadence-fix-invalid-PDI-offset.patch
(stable-fixes CVE-2024-38635 bsc#1226863).
- Update patches.suse/speakup-Fix-sizeof-vs-ARRAY_SIZE-bug.patch
(git-fixes CVE-2024-38587 bsc#1226780).
- Update
patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
(bsc#1224331 CVE-2024-35814 bsc#1224602).
- Update
patches.suse/thermal-drivers-tsens-Fix-null-pointer-dereference.patch
(git-fixes CVE-2024-38571 bsc#1226737).
- Update
patches.suse/tpm_tis_spi-Account-for-SPI-header-when-allocating-TPM-SPI-xfer-buffer.patch
(bsc#1225535 CVE-2024-36477 bsc#1226840).
- Update
patches.suse/usb-storage-alauda-Check-whether-the-media-is-initia.patch
(git-fixes CVE-2024-38619 bsc#1226861).
- Update
patches.suse/vduse-check-that-offset-is-within-bounds-in-get_conf.patch
(jsc#PED-1549 CVE-2021-47604 bsc#1226566).
- Update
patches.suse/vduse-fix-memory-corruption-in-vduse_dev_ioctl.patch
(jsc#PED-1549 CVE-2021-47605 bsc#1226579).
- Update
patches.suse/watchdog-cpu5wdt.c-Fix-use-after-free-bug-caused-by-.patch
(git-fixes CVE-2024-38630 bsc#1226908).
- Update
patches.suse/wifi-ar5523-enable-proper-endpoint-verification.patch
(git-fixes CVE-2024-38565 bsc#1226747).
- Update
patches.suse/wifi-carl9170-add-a-proper-sanity-check-for-endpoint.patch
(git-fixes CVE-2024-38567 bsc#1226769).
- Update
patches.suse/wifi-carl9170-re-fix-fortified-memset-warning.patch
(git-fixes CVE-2024-38616 bsc#1226852).
- commit efd69a4
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- bpf: support precision propagation in the presence of subprogs
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- bpf: fix mark_all_scalars_precise use in mark_chain_precision
(bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames
(bsc#1225903).
- bpf: maintain bitmasks across all active frames in
__mark_chain_precision (bsc#1225903).
- bpf: take into account liveness when propagating precision
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-propagation-verbose-logging.patch
- commit c5f7596
- net: ena: Fix redundant device NUMA node override
(jsc#PED-8690).
- commit 629130c
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error
(git-fixes).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst
(git-fixes).
- iio: chemical: bme680: Fix sensor data read operation
(git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions
(git-fixes).
- iio: chemical: bme680: Fix calibration data variable
(git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
(git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget
suspend/resume to avoid deadlock (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- commit 201a936
- i2c: testunit: discard write requests while old command is
running (git-fixes).
- i2c: testunit: don't erase registers after STOP (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
(git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- commit 958e336
- gpiolib: cdev: Disallow reconfiguration without direction
(uAPI v1) (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- commit dc60c09
- net/9p: fix uninit-value in p9_client_rpc() (CVE-2024-39301
bsc#1226994).
- commit b325415
- arm64: mm: Don't remap pgtables for allocate vs populate
(jsc#PED-8690).
- arm64: mm: Batch dsb and isb when populating pgtables
(jsc#PED-8690).
- arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
(jsc#PED-8690).
- arm64: mm: don't acquire mutex when rewriting swapper
(jsc#PED-8690).
- commit 911eabe
- smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103,
CVE-2024-39468).
- commit ef9e40f
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping
(bsc#1225903).
- Refresh patches.suse/bpf-Fix-precision-tracking-for-BPF_ALU-BPF_TO_BE-BPF.patch
- bpf: mark relevant stack slots scratched for register read
instructions (bsc#1225903).
- commit acd95d8
- bpf: Improve verifier u32 scalar equality checking
(bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites
(bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
(bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in
regsafe() (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves
parent/live fields (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range
info (bsc#1225903).
- commit 6ef5769
- bpf: reject non-exact register type matches in regsafe()
(bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping
(bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id
(bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock
(bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across
all frames (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames
(bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id()
(bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- selftests/bpf: make test_align selftest more robust
(bsc#1225903).
- bpf: aggressively forget precise markings during state
checkpointing (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs
(bsc#1225903).
- Remove f655badf2a8f "bpf: fix propagate_precision() logic for inner
frames" from blacklist.conf, which is a fix for this
- commit 605166e
- iommu: mtk: fix module autoloading (git-fixes).
- commit 8d5ca45
- iommu: Return right value in iommu_sva_bind_device()
(git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- commit 89e035d
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit ad48400
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit 71e0b41
- Fix new build warnings regarding unused variables:
Changed build warnings:
* **** 2 warnings *****
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work':
../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable]
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work':
../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- Refresh
patches.suse/ceph-add-ceph_cap_unlink_work-to-fire-check_caps-imme.patch.
- Refresh
patches.suse/ceph-switch-to-use-cap_delay_lock-for-the-unlink-dela.patch.
- commit 0e2186a
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820
(git-fixes).
- commit 7df4f37
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes).
- drm/panel: simple: Add missing display timing flags for KOE
TX26D202VM0BWA (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table
(git-fixes).
- batman-adv: Don't accept TT entries for out-of-spec VIDs
(git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during
BAM transmission (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one()
(git-fixes).
- net: can: j1939: enhanced error handling for tightly received
RTS messages in xtp_rx_rts_session_new (git-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in
acp_i2s_probe() (git-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure
(git-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
(git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
(git-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
(git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
445/465 G11 (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset
(stable-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP
execution (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution
(stable-fixes).
- commit 8b51ea0
- kfence: fix memory leak when cat kfence objects (bsc#1220958,
CVE-2021-47089).
- commit 10017b7
- nilfs2: fix potential kernel bug due to lack of writeback flag
waiting (bsc#1227066 CVE-2024-37078).
- commit f38d6d3
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on
I/O errors (bsc#1226992 CVE-2024-39469).
- commit 6b2d7ad
- kABI workaround for FPGA changes (CVE-2024-35247 bsc#1226948
CVE-2024-36479 bsc#1226949 CVE-2024-37021 bsc#1226950).
- commit 34bcd8e
- fpga: region: add owner module and take its refcount
(CVE-2024-35247 bsc#1226948).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 2206f02
- fpga: manager: add owner module and take its refcount
(CVE-2024-37021 bsc#1226950).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 9371d28
- fpga: bridge: add owner module and take its refcount
(CVE-2024-36479 bsc#1226949).
- commit 8710b3c
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources
after upload (bsc#1224767 CVE-2024-36919).
- commit 0e530b8
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- commit bacb90a
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Add sockopt case to verify prog_type (bsc#1226789
CVE-2024-38564).
- selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
(bsc#1226789 CVE-2024-38564).
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Check whether to run selftest (bsc#1226789
CVE-2024-38564).
- bpf: Force kprobe multi expected_attach_type for kprobe_multi
link (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Convert sockopt test to ASSERT_* macros
(bsc#1226789 CVE-2024-38564).
- commit fec2539
- s390/ap: Fix crash in AP internal function modify_bitmap()
(CVE-2024-38661 bsc#1226996 git-fixes).
- commit bd5322c
- null_blk: Fix return value of nullb_device_power_store()
(bsc#1226841 CVE-2024-36478).
- commit c3dfa05
- null_blk: fix null-ptr-dereference while configuring 'power'
and 'submit_queues' (bsc#1226841 CVE-2024-36478).
- commit 0589f0b
- block: fix overflow in blk_ioctl_discard() (bsc#1225770
CVE-2024-36917).
- commit 8cdaac1
- epoll: be better about file lifetimes (bsc#1226610
CVE-2024-38580).
- commit e0be089
- Kabi fix for ipv6: fix memory leak in fib6_rule_suppress
(CVE-2021-47546 bsc#1225504).
- ipv6: fix memory leak in fib6_rule_suppress (CVE-2021-47546
bsc#1225504).
- commit 589556f
- cifs: fix hang in wait_for_response() (bsc#1220812,
bsc#1220368).
- commit b9be417
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- Update
patches.suse/io_uring-fix-race-between-timeout-flush-and-removal.patch
(bsc#1205205 CVE-2022-29582).
I accidentally dropped the CVE reference when updating this backport.
Re-add it.
- commit f2446ba
- mptcp: clear 'kern' flag from fallback sockets
(CVE-2021-47593 bsc#1226551).
- commit 2659f40
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit bc93665
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(CVE-2024-36974 bsc#1226519).
- commit 433e33d
- xhci: Simplify event ring dequeue pointer update for port
change events (git-fixes).
- commit 3185bc8
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- commit b938861
- mm: Avoid overflows in dirty throttling logic (bsc#1222364
CVE-2024-26720).
- commit 6a8050a
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- enic: Validate length of nl attributes in enic_set_vf_port
(CVE-2024-38659 bsc#1226883).
- net: fec: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38553 bsc#1226744).
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- net/mlx5: Add a timeout to acquire the command queue semaphore
(CVE-2024-38556 bsc#1226774).
- net/mlx5: Reload only IB representors upon lag disable/enable
(CVE-2024-38557 bsc#1226781).
- net/mlx5e: Fix netif state handling (CVE-2024-38608
bsc#1226746).
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38597 bsc#1226749).
- net: stmmac: move the EST lock to struct stmmac_priv
(CVE-2024-38594 bsc#1226734).
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove
unused args (CVE-2024-38608 bsc#1226746).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- commit 2ae4454
- usb: xhci: address off-by-one in xhci_num_trbs_free()
(git-fixes).
- commit 841d39b
- usb: xhci: improve debug message in xhci_ring_expansion_needed()
(git-fixes).
- commit d2b5f1e
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- commit 1a2e96b
- xhci: fix matching completion events with TDs (git-fixes).
- commit aca914a
- xhci: update event ring dequeue pointer position to controller
correctly (git-fixes).
- commit 93be17d
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
(CVE-2024-38780 bsc#1226886).
- commit 43f7b44
- nvmet-passthru: propagate status from id override functions
(git-fixes).
- nvme: find numa distance only if controller has valid numa id
(git-fixes).
- commit cdc1f02
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- commit 5d3e24c
- stm class: Fix a double free in stm_register_device()
(CVE-2024-38627 bsc#1226857).
- commit 050e247
- Input: ili210x - fix ili251x_read_touch_data() return value
(git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
(git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
(git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support
(git-fixes).
- commit 6e807ea
- drivers/perf: hisi: hns3: Actually use
devm_add_action_or_reset() (CVE-2024-38603 bsc#1226842).
- commit 1bb22d3
- usb: xhci: Implement xhci_handshake_check_state() helper
(git-fixes).
- commit cb838be
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- commit 63fa513
- xhci: Fix failure to detect ring expansion need (git-fixes).
- commit 113690d
- usb: typec: ucsi: Never send a lone connector change ack
(git-fixes).
- commit 7ee9645
- xhci: restre deleted trb fields for tracing (git-fixes).
- commit 93cf02b
- xhci: Stop unnecessary tracking of free trbs in a ring
(git-fixes).
- commit a2d1e46
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- commit 896ce4e
- xhci: remove unused stream_id parameter from
xhci_handle_halted_endpoint() (git-fixes).
- commit 98ef3b9
- xhci: simplify event ring dequeue tracking for transfer events
(git-fixes).
- commit 53c9c00
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- commit 212d0e7
- usb: typec: ucsi: Ack also failed Get Error commands
(git-fixes).
- commit 39df22a
- net: usb: ax88179_178a: improve reset check (git-fixes).
- commit a9cd82a
- net: usb: rtl8150 fix unintiatilzed variables in
rtl8150_get_link_ksettings (git-fixes).
- commit 331f817
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- commit 208be97
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap"
undefined (git-fixes).
- commit 67d8d3b
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- commit d13a032
- drm/i915/mso: using joiner is not possible with eDP MSO
(git-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
(git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle
(git-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs
(stable-fixes).
- commit 2ec7855
- ASoC: codecs: wcd938x: fix incorrect used of portid
(CVE-2022-48716 bsc#1226678).
- Refresh
patches.suse/ASoC-codecs-wcd938x-fix-return-value-of-mixer-put-fu.patch.
- commit 72e80ef
- drivers/perf: hisi: hns3: Fix out-of-bound access when valid
event group (CVE-2024-38568 bsc#1226771).
- commit 8713f77
- sched/core: Fix incorrect initialization of the 'burst'
parameter in cpu_max_write() (bsc#1226791).
- commit b41cbc1
- bsc#1225894: Fix patch references
- commit eaa0db4
- net/mlx5: Properly link new fs rules into the tree (bsc#1224588
CVE-2024-35960).
- commit e25590c
- net/mlx5e: fix a potential double-free in fs_any_create_groups
(bsc#1224603 CVE-2023-52667).
- commit df4661c
- net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605
CVE-2024-35835).
- commit 60e8562
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- Update config files.
- supported.conf:
- commit 875ffbb
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: ena: Fix incorrect descriptor free behavior (bsc#1224677
CVE-2024-35958).
- commit 5e978bb
- net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716
CVE-2024-27432).
- commit d64a6b1
- Revert "net/mlx5: Block entering switchdev mode with ns
inconsistency" (bsc#1224719 CVE-2023-52658).
- commit a900e45
- bonding: stop the device in bond_setup_by_slave() (bsc#1224946
CVE-2023-52784).
- commit e6d4b4f
- cachefiles: remove requests from xarray during flushing requests
(bsc#1226588).
- commit 3613d54
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(git-fixes bsc#1225823 CVE-2024-36945 bsc#1226548).
- commit 1725fed
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- commit 11a4ad4
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- commit 4f86e97
- amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872 CVE-2024-36949)
- commit 0c17d54
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- commit a9a84c1
- nfsd: optimise recalculate_deny_mode() for a common case
(bsc#1217912).
- commit 49675fb
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
bsc#1226226).
- commit 8203342
- Revert "Add remote for nfs maintainer"
This reverts commit 9de16b6543dde7651ef5da514ebf6f29e7eac94b.
This came in through the wrong tree - sorry.
- commit 3905117
- Rename to
patches.suse/fs-9p-only-translate-RWX-permissions-for-plain-9P200.patch.
by scripts/renamepatches
- commit 0b4b132
- x86/mce: Dynamically size space for machine check records
(bsc#1222241).
- commit 96985c9
- seg6: fix the iif in the IPv6 socket control block
(CVE-2021-47515 bsc#1225426).
- commit 07e18ce
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
(CVE-2021-47572 bsc#1225389).
- commit 87d2dc4
- netfilter: nf_tables: reject new basechain after table flag update
(CVE-2024-35900 bsc#1224497).
- commit e2ad7db
- ipv6: Fix infinite recursion in fib6_dump_done() (CVE-2024-35886
bsc#1224670).
- commit 8bfad13
- Update references
- commit b8183f9
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- commit 0b50d79
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- commit a3c495c
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized
address translation (bsc#1225300).
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- commit 4a3a73c
- i2c: designware: Fix the functionality flags of the slave-only
interface (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only
interface (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- usb-storage: alauda: Check whether the media is initialized
(git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
(git-fixes).
- usb: typec: tcpm: fix use-after-free case in
tcpm_register_source_caps (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
(git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent()
(git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call
(git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value
(git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- mei: me: release irq in mei_me_pci_resume error path
(git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- spi: stm32: Don't warn about spurious interrupts (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer()
(stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table
(stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot
not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: core: Add mmc_gpiod_set_cd_config() function
(stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
(git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints
(git-fixes).
- media: lgdt3306a: Add a check against null-pointer-def
(stable-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes
(stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection
(stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
(stable-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
(stable-fixes).
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
(stable-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
(stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts
floating (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- wifi: cfg80211: fix the order of arguments for trace events
of the tx_rx_evt class (stable-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions
(stable-fixes).
- mmc: core: Do not force a retune before RPMB switch
(stable-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
(stable-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
(stable-fixes).
- media: flexcop-usb: clean up endpoint sanity checks
(stable-fixes).
- media: ipu3-cio2: Use temporary storage for struct device
pointer (stable-fixes).
- commit aace7d0
- netfilter: complete validation of user input
(CVE-2024-35896 bsc#1224662 git-fixes).
- commit 58a4873
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when
no EDID found (git-fixes).
- drm/bridge/panel: Fix runtime warning on panel bridge release
(git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- commit e843af8
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914 bsc#1225757).
- commit 9393875
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
(git-fixes).
- HID: logitech-dj: Fix memory leak in
logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: core: remove unnecessary WARN_ON() in implement()
(git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value
(git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits
(git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory
(git-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
(git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect
problem (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set
element (git-fixes).
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of
debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
(git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
(git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(git-fixes).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency
units (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n'
(git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
440/460 G11 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
connected (git-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
(stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process
(stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU
(stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush
(stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
(stable-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts
(stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
(stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- commit 8f779cb
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857 bsc#1225581).
- commit 3f9829b
- drm/amd: check num of link levels when update pcie param (CVE-2023-52812 bsc#1225564).
- commit 86f2ac6
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 212272f
- ext4: correct offset of gdb backup in non meta_bg group to
update_backups (bsc#1224735 CVE-2024-35807).
- commit bec0d72
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit b08e6de
- ext4: remove unnecessary check from alloc_flex_gd() (bsc#1222080
CVE-2023-52622).
- commit f15da02
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- btrfs: lock the inode in shared mode before starting fiemap
(bsc#1225484 CVE-2023-52737).
- commit 613e476
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit ade8b65
- blk-iocost: avoid out of bounds shift (bsc#1225759
CVE-2024-36916).
- commit bc772e8
- lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1225391 CVE-2021-47432).
- commit 3dddaec
- blk-mq: make sure active queue usage is held for
bio_integrity_prep() (bsc#1225105 CVE-2023-52787).
- commit a4bdd9d
- block: prevent division by zero in blk_rq_stat_sum()
(bsc#1224661 CVE-2024-35925).
- commit 8cd7179
- ext4: fix corruption during on-line resize (bsc#1224735
CVE-2024-35807).
- commit d596ce4
- fat: fix uninitialized field in nostale filehandles (git-fixes
CVE-2024-26973 bsc#1223641).
- commit 91c4b39
- ext4: avoid online resizing failures due to oversized flex bg
(bsc#1222080 CVE-2023-52622).
- commit e47e37e
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
(CVE-2023-52882 bsc#1225692).
- commit fe79065
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- supported.conf: mark ufs as unsupported
UFS is an unsupported filesystem, mark it as such. We still keep it
around (not marking as optional), to accommodate any potential
migrations from BSD systems.
- commit 0fea8fe
- supported.conf: mark orangefs as optional
We don't support orangefs at all (and it is already marked as such), but
since there are no SLE consumers of it, mark it as optional.
- commit fa81a2f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- llc: verify mac len before reading mac header
(CVE-2023-52843 bsc#1224951).
- commit ad237fd
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
(CVE-2024-35898 bsc#1224498).
- commit c5fbeed
- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
(CVE-2024-36915 bsc#1225758).
- commit 5137f7b
- net: add copy_safe_from_sockptr() helper
(git-fixes prerequisite CVE-2024-36915 bsc#1225758).
- commit 7b13e3e
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- Kabi workaround for icmp: prevent possible NULL dereferences from
icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d5d7caf
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
(CVE-2021-47539 bsc#1225452).
- Refresh
patches.suse/rxrpc-Fix-race-between-conn-bundle-lookup-and-bundle.patch.
- commit 0d78641
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
(CVE-2021-47538 bsc#1225448).
- commit 6348fbd
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
(CVE-2024-36017 bsc#1225681).
- commit 829fd05
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- net: hns3: fix kernel crash when devlink reload during
initialization (CVE-2024-36900 bsc#1225726).
- net: hns3: release PTP resources if pf initialization failed
(CVE-2024-36900 bsc#1225726).
- commit 59940cd
- netfilter: validate user input for expected length
(CVE-2024-35896 bsc#1224662).
- commit 4582da9
- scsi: sd: Update DIX config every time sd_revalidate_disk()
is called (bsc#1218570).
- commit d99bf25
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
(git-fixes).
- commit a35fad9
- net: mana: Enable MANA driver on ARM64 with 4K page size
(jsc#PED-8491).
- Update config files.
- commit b5a81c3
- bna: ensure the copied buf is NUL terminated (CVE-2024-36934
bsc#1225760).
- i40e: fix vf may be used uninitialized in this function warning
(CVE-2024-36020 bsc#1225698).
- net: hns3: fix kernel crash when devlink reload during pf
initialization (CVE-2024-36021 bsc#1225699).
- commit f146593
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- xdp: use flags field to disambiguate broadcast redirect
(bsc#1225834 CVE-2024-36937).
- commit 7bc6ec5
- NFS: abort nfs_atomic_open_v23 if name is too long
(bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly
(bsc#1219847).
- commit c7a4ea9
- Add remote for nfs maintainer
- commit 9de16b6
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
(CVE-2023-52845 bsc#1225585).
- commit e952257
- fs/pipe: move check to pipe_has_watch_queue() (bsc#1224614
CVE-2023-52672).
- commit 3827adf
- pstore/platform: Add check for kstrdup (bsc#1225050
CVE-2023-52869).
- Refresh
patches.suse/pstore_disable_efi_backend_by_default.patch.
While refreshing of pstore_disable_efi_backend_by_default.patch, also
fix the non-conformant Patch-mainline tag.
- commit 6db9ce6
- pipe: wakeup wr_wait after setting max_usage (bsc#1224614
CVE-2023-52672).
- commit 2e5e06b
- nvme: use ctrl state accessor (bsc#1215492).
- nvme: ensure reset state check ordering (bsc#1215492).
Refresh:
- patches.suse/nvme-tcp-do-not-terminate-commands-when-in-resetting.patch
- patches.suse/nvme-tcp-make-err_work-a-delayed-work.patch
- commit cad3abd
- netfilter: nf_tables: honor table dormant flag from netdev release event path
(CVE-2024-36005 bsc#1224539).
- commit a6152f6
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
lock-up (bsc#1224552 CVE-2024-35997).
- commit bce3fab
- eeprom: at24: fix memory corruption race condition (bsc#1224612
CVE-2024-35848).
- commit 3fcf5a7
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
(CVE-2024-35884 bsc#1224520).
- commit 62c6d61
- mm/slab: make __free(kfree) accept error pointers
(CVE-2024-36890 bsc#1225714).
- commit d6b7c8a
- perf/core: Bail out early if the request AUX area is out of
bound (bsc#1225602 CVE-2023-52835).
- commit cf52881
- Update
patches.suse/scsi-target-core-Add-TMF-to-tmr_list-handling.patch
(bsc#1223018 CVE-2024-26845).
Update references to correct bug number and CVE number.
- commit 0b7584b
- scsi: target: core: Add TMF to tmr_list handling (bsc#1223013
CVE-2024-26842).
- commit b16632b
- powerpc/imc-pmu: Add a null pointer check in
update_events_in_group() (bsc#1224504 CVE-2023-52675).
- commit 9619143
- icmp: prevent possible NULL dereferences from icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d66584e
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit c99f07a
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- sock_map: avoid race between sock_map_close and sk_psock_put
(bsc#1225475 CVE-2023-52735).
- Refresh patches.kabi/bpf-sockmap-struct-psock-kABI-workaround.patch
- commit 4b60451
- proc/vmcore: fix clearing user buffer by properly using
clear_user() (CVE-2021-47566 bsc#1225514).
- commit 26144da
- ceph: switch to use cap_delay_lock for the unlink delay list
(bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately
(bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps
(bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- commit de9fe57
- usb: typec: altmodes/displayport: create sysfs nodes as driver's
default device attribute group (CVE-2024-35790 bsc#1224712).
Altered because we do not have 001b0c780eac328bc48b70b8437f202a4ed785e4
Needs to be redone if DRM requires that
- blacklist.conf: Incompatible with adjusted version
- commit a52e669
- usb: typec: ucsi: Limit read size on v1.2 (CVE-2024-35924
bsc#1224657).
- commit 578815c
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
(bsc#1224575 CVE-2024-35976).
- commit bc0a82d
- bpf, skmsg: Fix NULL pointer dereference in
sk_psock_skb_ingress_enqueue (bsc#1225761 CVE-2024-36938).
- commit 38f788d
- inet: inet_defrag: prevent sk release while still in use
(CVE-2024-26921 bsc#1223138).
- commit fb20c1d
- Update references
- commit 006ab15
- ipv4: check for NULL idev in ip_route_use_hint()
(CVE-2024-36008 bsc#1224540)
- commit 49edcb5
- drm/client: Fully protect modes with dev->mode_config.mutex (CVE-2024-35950 bsc#1224703).
- commit 75706b6
- kABI: bpf: struct bpf_insn_aux_data kABI workaround
(bsc#1225756).
- commit b5b7cd0
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- commit 1edb341
- vhost-vdpa: fix use after free in vhost_vdpa_probe()
(CVE-2023-52795 bsc#1225085).
- commit 423f910
- smb3: fix lock ordering potential deadlock in
cifs_sync_mid_result (bsc#1224020, bsc#1224549, CVE-2024-35998).
- commit fbb4c17
- smb: client: fix potential deadlock when releasing mids
(bsc#1224020, bsc#1225548, CVE-2023-52757).
- commit edc36f8
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array (bsc#1225506 CVE-2021-47548)
- commit b006eef
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355).
Adding the CVE references.
- commit 2df316d
- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
CVE-2024-26828).
- commit cade548
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- bpf: mostly decouple jump history management from
is_state_visited() (bsc#1225756).
- bpf: decouple prune and jump points (bsc#1225756).
- commit 574a67d
- Refresh patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
This fixes following build warning:
Changed build warnings:
* **** 1 warnings *****
* comparison of distinct pointer types lacks a cast in ../kernel/dma/swiotlb.c in swiotlb_do_find_slots (from ../include/linux/minmax.h)
In file included from ../include/linux/kernel.h:17:0,
../kernel/dma/swiotlb.c: In function 'swiotlb_do_find_slots':
../include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
../include/linux/minmax.h:26:4: note: in expansion of macro '__typecheck'
../include/linux/minmax.h:36:24: note: in expansion of macro '__safe_cmp'
../include/linux/minmax.h:52:19: note: in expansion of macro '__careful_cmp'
../kernel/dma/swiotlb.c:648:12: note: in expansion of macro 'max'
- commit a52b0ca
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- commit 7a7f193
- smb: client: set correct id, uid and cruid for multiuser
automounts (bsc#1223011, CVE-2024-26822).
- commit 04cc660
- smb3: missing lock when picking channel (bsc#1224020,
bsc#1224550, CVE-2024-35999).
- commit dfca6b0
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224020, bsc#1224766,
CVE-2024-35861).
- commit 40c4ccf
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224020, bsc#1224764, CVE-2024-35862).
- commit 464e649
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224763, CVE-2024-35863).
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224020, bsc#1224763, CVE-2024-35863).
- commit bfa9e6b
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
(bsc#1224020, bsc#1224668, CVE-2024-35865).
- commit 08baf42
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224020, bsc#1224765, CVE-2024-35864).
- commit b0dc4df
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224664, CVE-2024-35867).
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224020, bsc#1224664, CVE-2024-35867).
- commit 45bad5a
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224678, CVE-2024-35868).
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224020, bsc#1224678, CVE-2024-35868).
- commit 3ae3416
- smb: client: fix potential UAF in cifs_dump_full_key()
(bsc#1224020, bsc#1224667, CVE-2024-35866).
- commit f99c74f
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1223532, CVE-2024-26928).
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1224020, bsc#1223532, CVE-2024-26928).
- commit e95e3a6
- smb: client: guarantee refcounted children from parent session
(bsc#1224020, bsc#1224679, CVE-2024-35869).
- commit 6773173
- smb: client: fix UAF in smb2_reconnect_server() (bsc#1224020,
bsc#1224672, CVE-2024-35870).
- commit 69f157e
- cifs: failure to add channel on iface should bump up weight
(git-fixes, bsc#1224020).
- commit f21b7f9
- Revert "cifs: reconnect work should have reference on server
struct" (git-fixes, bsc#1224020).
- commit 04d1a0e
- cifs: fix leak of iface for primary channel (git-fixes,
bsc#1224020).
- commit 0af0c46
- smb: client: fix mount when dns_resolver key is not available
(git-fixes, bsc#1224020).
- commit 751b43e
- cifs: handle cases where multiple sessions share connection
(bsc#1224020).
- commit caf101a
- smb3: show beginning time for per share stats (bsc#1224020).
- commit 9120f21
- cifs: cifs_chan_is_iface_active should be called with chan_lock
held (bsc#1224020).
- commit 8eaf345
- cifs: do not pass cifs_sb when trying to add channels
(bsc#1224020).
- commit 0be08c0
- smb: client: remove extra @chan_count check in
__cifs_put_smb_ses() (bsc#1224020).
- commit 48869a9
- cifs: reconnect work should have reference on server struct
(bsc#1224020).
- commit 4099f48
- cifs: handle cases where a channel is closed (bsc#1224020).
- commit 856c9d4
- smb: client: reduce stack usage in cifs_try_adding_channels()
(bsc#1224020).
- commit 664baaf
- smb: client: get rid of dfs code dep in namespace.c
(bsc#1224020).
- commit fd4a262
- smb: client: get rid of dfs naming in automount code
(bsc#1224020).
- commit ffae390
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- commit 28e987f
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit af0feb9
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- commit ba31c72
- cifs: fix charset issue in reconnection (bsc#1224020).
- commit 18aa95e
- cifs: account for primary channel in the interface list
(bsc#1224020).
- commit a4889d1
- smb: Fix regression in writes when non-standard maximum write
size negotiated (bsc#1222464, CVE-2024-26692).
- commit 3c009aa
- cifs: distribute channels across interfaces based on speed
(bsc#1224020).
- commit 607d036
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes CVE-2024-26894 bsc#1223043).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes CVE-2024-27436 bsc#1224803).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes CVE-2024-36906 bsc#1225715).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes CVE-2024-26801 bsc#1222413).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes CVE-2024-35978 bsc#1224571).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes CVE-2024-35965 bsc#1224579).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes CVE-2024-35966 bsc#1224576).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes CVE-2024-35967 bsc#1224587).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes CVE-2024-35933 bsc#1224640).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes CVE-2024-27416 bsc#1224723).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes CVE-2024-35963 bsc#1224582).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes CVE-2024-27399 bsc#1224177).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes CVE-2024-36012 bsc#1225502).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes CVE-2024-36880 bsc#1225722).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes CVE-2024-35851 bsc#1224509).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes CVE-2024-36032 bsc#1225720).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes CVE-2024-26839 bsc#1222975).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes CVE-2024-26870 bsc#1223113).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes CVE-2024-35809 bsc#1224738).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes CVE-2024-26838 bsc#1222974).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes CVE-2024-26907 bsc#1223203).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes CVE-2024-26916 bsc#1223137).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes CVE-2024-27388 bsc#1223744).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes CVE-2024-36896 bsc#1225734).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes CVE-2024-26934 bsc#1223671).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes CVE-2024-26989 bsc#1223748).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes CVE-2024-35887 bsc#1224663).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes CVE-2024-35982 bsc#1224566).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 CVE-2024-36918 bsc#1225766).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes CVE-2024-35849 bsc#1224733).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes CVE-2024-27004 bsc#1223762).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes CVE-2024-27037 bsc#1223717).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes CVE-2024-27001 bsc#1223698).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes CVE-2024-27051 bsc#1223769).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes CVE-2024-26974 bsc#1223638).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes CVE-2024-26880 bsc#1223188).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes CVE-2024-35990 bsc#1224559).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes CVE-2024-35833 bsc#1224632).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes CVE-2024-26788 bsc#1222783).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes CVE-2024-35989 bsc#1224558).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes CVE-2024-36897 bsc#1225735).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes CVE-2024-27045 bsc#1223826).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes CVE-2024-36026 bsc#1225705).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes CVE-2024-27400 bsc#1224180).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes CVE-2024-26922 bsc#1223315).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes CVE-2024-36014 bsc#1225593).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
CVE-2024-35952 bsc#1224705).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes CVE-2024-35950 bsc#1224703).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes CVE-2024-26938 bsc#1223678).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes CVE-2024-26937 bsc#1223677).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes CVE-2024-35829 bsc#1224707).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes CVE-2024-26874 bsc#1223048).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes CVE-2024-27008 bsc#1223802).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes CVE-2024-35932 bsc#1224650).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes CVE-2024-26940 bsc#1223718).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes CVE-2024-35947 bsc#1224647).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26778 bsc#1222770).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26777 bsc#1222765).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes CVE-2024-35922 bsc#1224660).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes CVE-2024-35984 bsc#1224567).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes CVE-2024-26988 bsc#1223747).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes CVE-2024-35847 bsc#1224697).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes CVE-2024-35955 bsc#1224676).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes CVE-2024-27075 bsc#1223842).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes CVE-2024-27074 bsc#1223844).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes CVE-2024-27076 bsc#1223779).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes CVE-2024-26829 bsc#1223027).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes CVE-2024-27073 bsc#1223843).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes CVE-2024-27072 bsc#1223837).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes CVE-2024-27077 bsc#1223780).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes CVE-2024-27078 bsc#1223781).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes CVE-2024-35813 bsc#1224618).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes CVE-2024-36029 bsc#1225708).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes CVE-2024-26698 bsc#1222374).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes CVE-2024-35901 bsc#1224495).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 CVE-2024-26859 bsc#1223049).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes CVE-2024-35796 bsc#1224615).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes CVE-2024-27047 bsc#1223828).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes CVE-2024-26597 bsc#1220363).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes CVE-2024-35915 bsc#1224479).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes CVE-2024-26984 bsc#1223633).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes CVE-2024-26846 bsc#1223023).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes CVE-2024-27435 bsc#1224717).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes CVE-2024-26977 bsc#1223631).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes CVE-2024-27412 bsc#1224437).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes CVE-2024-36015 bsc#1225640).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes CVE-2024-35940 bsc#1224537).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes CVE-2024-27054 bsc#1223819).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 CVE-2024-36931 bsc#1225747).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 CVE-2024-36928 bsc#1225775).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 CVE-2024-26957 bsc#1223666).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 CVE-2024-35930 bsc#1224651).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 CVE-2024-26931 bsc#1223627).
- Update patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch
(bsc1221816 CVE-2024-26929 bsc#1223715).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 CVE-2024-26930 bsc#1223626).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes CVE-2024-27000 bsc#1223757).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes CVE-2024-26999 bsc#1223754).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes CVE-2024-35806 bsc#1224699).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes CVE-2024-26994 bsc#1223750).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes CVE-2024-27028 bsc#1223788).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes CVE-2024-36016 bsc#1225642).
- Update
patches.suse/ubifs-Set-page-uptodate-in-the-correct-place.patch
(git-fixes CVE-2024-35821 bsc#1224629).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes CVE-2024-35812 bsc#1224624).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes CVE-2024-26748 bsc#1222513).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes CVE-2024-26997 bsc#1223741).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes CVE-2024-26996 bsc#1223752).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes CVE-2024-27405 bsc#1224423).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes CVE-2024-35825 bsc#1224681).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes CVE-2024-36893 bsc#1225748).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes CVE-2024-35822 bsc#1224739).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes CVE-2024-26964 bsc#1223650).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes CVE-2024-35823 bsc#1224692).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 CVE-2024-35938 bsc#1224643).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes CVE-2024-35845 bsc#1224731).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes CVE-2024-35912 bsc#1224487).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes CVE-2024-35828 bsc#1224622).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes CVE-2024-35789 bsc#1224749).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes CVE-2024-27410 bsc#1224432).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes CVE-2024-27052 bsc#1223829).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes CVE-2024-27053 bsc#1223737).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes CVE-2024-35801 bsc#1224732).
- commit aea06f9
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes CVE-2023-52683 bsc#1224627).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes CVE-2023-52693 bsc#1224686).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes CVE-2023-52851 bsc#1225587).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes CVE-2023-52657 bsc#1224722).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes CVE-2023-52803 bsc#1225008).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 CVE-2023-52653 bsc#1223712).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 CVE-2023-52732 bsc#1225222).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes CVE-2023-52669 bsc#1224637).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2023-52773 bsc#1225041).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes CVE-2023-52691 bsc#1224607).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes CVE-2023-52815 bsc#1225568).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes CVE-2023-52678 bsc#1224617).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes CVE-2023-52861 bsc#1224941).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes CVE-2023-52694 bsc#1224598).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes CVE-2023-52650 bsc#1223770).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes CVE-2023-52661 bsc#1224445).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes CVE-2023-52662 bsc#1224449).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 CVE-2023-52731 bsc#1224929).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes CVE-2023-52643 bsc#1222960).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes CVE-2023-52642 bsc#1223031).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes CVE-2023-52705 bsc#1225480).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes CVE-2023-52679 bsc#1224508).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes CVE-2023-52696 bsc#1224601).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes CVE-2023-52685 bsc#1224728).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes CVE-2023-52808 bsc#1225555).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 CVE-2023-52811 bsc#1225559).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes CVE-2023-52809 bsc#1225556).
- Update
patches.suse/sysv-don-t-call-sb_bread-with-pointers_lock-held.patch
(git-fixes CVE-2023-52699 bsc#1224659).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes CVE-2023-52777 bsc#1224992).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes CVE-2023-52644 bsc#1222961).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes CVE-2023-52659 bsc#1224442).
- commit c90a371
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48633 bsc#1223489).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes CVE-2022-48669
bsc#1223756).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 CVE-2022-48705 bsc#1223895).
- commit 5061b21
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47532 bsc#1225444).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47531 bsc#1225443).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47530 bsc#1225442).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 CVE-2021-47552 bsc#1225513).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes CVE-2021-47508 bsc#1225408).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 CVE-2021-47504 bsc#1225382).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 CVE-2021-47569 bsc#1225515).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 CVE-2021-47512 bsc#1225424).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 CVE-2021-47557 bsc#1225468).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes CVE-2021-47555 bsc#1225467).
- commit 89b5f8b
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes CVE-2023-52736 bsc#1225486).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes CVE-2023-52806 bsc#1225554).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes CVE-2023-52833 bsc#1225595).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes CVE-2023-52745 bsc#1225032).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes CVE-2023-52747 bsc#1224931).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes CVE-2023-52840 bsc#1224928).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes CVE-2023-52744 bsc#1225121).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes CVE-2023-52834 bsc#1225599).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes CVE-2023-52878 bsc#1225000).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes CVE-2023-52741 bsc#1225479).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52875 bsc#1225096).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52870 bsc#1224937).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52873 bsc#1225589).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52865 bsc#1225086).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52858 bsc#1225566).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes CVE-2023-52876 bsc#1225036).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes CVE-2023-52819 bsc#1225532).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes CVE-2023-52818 bsc#1225530).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes CVE-2023-52753 bsc#1225478).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes CVE-2023-52817 bsc#1225569).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes CVE-2023-52814 bsc#1225565).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes CVE-2023-52738 bsc#1225005).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes CVE-2023-52825 bsc#1225076).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2023-52816 bsc#1225529).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes CVE-2023-52856 bsc#1224932).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2023-52821 bsc#1225022).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes CVE-2023-52867 bsc#1225009).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes CVE-2023-52838 bsc#1225031).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes CVE-2023-52810 bsc#1225557).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes CVE-2023-52759 bsc#1225560).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes CVE-2023-52853 bsc#1224988).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes CVE-2023-52791 bsc#1225108).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes CVE-2023-52763 bsc#1225570).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes CVE-2023-52788 bsc#1225106).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes CVE-2023-52743 bsc#1225003).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes CVE-2023-52799 bsc#1225472).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes CVE-2023-52805 bsc#1225553).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes CVE-2023-52847 bsc#1225588).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes CVE-2023-52764 bsc#1225571).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes CVE-2023-52754 bsc#1225490).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-52844 bsc#1225590).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes CVE-2023-52708 bsc#1225483).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes CVE-2023-52730 bsc#1224956).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes CVE-2023-52742 bsc#1225482).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes CVE-2023-52702 bsc#1224945).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes CVE-2023-52703 bsc#1225549).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes CVE-2023-52854 bsc#1225584).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes CVE-2023-52864 bsc#1225132).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
CVE-2023-52756 bsc#1225461).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes CVE-2023-52871 bsc#1225534).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes CVE-2023-52868 bsc#1225044).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes CVE-2023-52872 bsc#1225591).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes CVE-2023-52789 bsc#1225180).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes CVE-2023-52781 bsc#1225092).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes CVE-2023-52855 bsc#1225583).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes CVE-2023-52877 bsc#1224944).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes CVE-2023-52798 bsc#1224947).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2022-48710 bsc#1225230).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes CVE-2022-48709 bsc#1225095).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes CVE-2021-47511 bsc#1225411).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes CVE-2021-47509 bsc#1225409).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes CVE-2021-47502 bsc#1225369).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes CVE-2021-47522 bsc#1225437).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes CVE-2021-47521 bsc#1225435).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes CVE-2021-47514 bsc#1225425).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes CVE-2021-47550 bsc#1225379).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes CVE-2021-47551 bsc#1225510).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes CVE-2021-47535 bsc#1225446).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes CVE-2021-47533 bsc#1225445).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes CVE-2021-47499 bsc#1225358).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes CVE-2021-47500 bsc#1225360).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes CVE-2021-47529 bsc#1225373).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes CVE-2021-47560 bsc#1225495).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes CVE-2021-47513 bsc#1225380).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes CVE-2021-47564 bsc#1225501).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-47542 bsc#1225455).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes CVE-2021-47559 bsc#1225396).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes CVE-2021-47536 bsc#1225447).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes CVE-2021-47518 bsc#1225372).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes CVE-2021-47507 bsc#1225405).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes CVE-2021-47506 bsc#1225404).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes CVE-2021-47537 bsc#1225375).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes CVE-2021-47549 bsc#1225508).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes CVE-2021-47553 bsc#1225464).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes CVE-2021-47565 bsc#1225384).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes CVE-2021-47503 bsc#1225374).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes CVE-2021-47527 bsc#1194288).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes CVE-2021-47526 bsc#1225376).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes CVE-2021-47524 bsc#1225377).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes CVE-2021-47525 bsc#1225441).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes CVE-2021-47544 bsc#1225463).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes CVE-2021-47528 bsc#1225368).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes CVE-2021-47554 bsc#1225466).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b
- kABI: bpf, sockmap: struct psock related kABI workaround
(bsc#1225475 CVE-2023-52735).
- commit 4b30d8d
- selftests/bpf: Cover listener cloning with progs attached to
sockmap (bsc#1225475 CVE-2023-52735).
- selftests/bpf: Pass BPF skeleton to sockmap_listen ops tests
(bsc#1225475 CVE-2023-52735).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a
listener (git-fixes).
- bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call
itself (bsc#1225475 CVE-2023-52735).
- bpf, sock_map: Move cancel_work_sync() out of sock lock
(bsc#1225475 CVE-2023-52735).
- bpf: Fix sockmap calling sleepable function in teardown path
(bsc#1225475 CVE-2023-52735).
- bpf, sockmap: Fix sk->sk_forward_alloc warn_on in
sk_stream_kill_queues (bsc#1225475 CVE-2023-52735).
- commit 0ce00d7
- scsi: lpfc: Copyright updates for 14.4.0.2 patches
(bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask
(bsc#1225842).
Refresh:
- patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list
(bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver
is unloading (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O
(bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT
MIB commands (bsc#1225842).
- commit 5e95ee6
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225444
CVE-2021-47532).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225443
CVE-2021-47531).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225442
CVE-2021-47530).
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
bsc#1223489 CVE-2022-48633).
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes bsc#1224627 CVE-2023-52683).
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes bsc#1223043 CVE-2024-26894).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes bsc#1224686 CVE-2023-52693).
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes bsc#1225486 CVE-2023-52736).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes bsc#1225554 CVE-2023-52806).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955).
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes bsc#1225411 CVE-2021-47511).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes bsc#1225409 CVE-2021-47509).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes bsc#1224803 CVE-2024-27436).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes bsc#1225715 CVE-2024-36906).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes bsc#1225369 CVE-2021-47502).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes bsc#1222413 CVE-2024-26801).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes bsc#1224571 CVE-2024-35978).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes bsc#1224579 CVE-2024-35965).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes bsc#1224576 CVE-2024-35966).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes bsc#1224587 CVE-2024-35967).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes bsc#1224640 CVE-2024-35933).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes bsc#1225595 CVE-2023-52833).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes bsc#1224723 CVE-2024-27416).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes bsc#1224582 CVE-2024-35963).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes bsc#1224177 CVE-2024-27399).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes bsc#1225502 CVE-2024-36012).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes bsc#1225722 CVE-2024-36880).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes bsc#1224509 CVE-2024-35851).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes bsc#1225720 CVE-2024-36032).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes bsc#1225437 CVE-2021-47522).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes bsc#1225032 CVE-2023-52745).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes bsc#1222975 CVE-2024-26839).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes bsc#1224931 CVE-2023-52747).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes bsc#1225587 CVE-2023-52851).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes bsc#1224928 CVE-2023-52840).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes bsc#1223113 CVE-2024-26870).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes bsc#1224738 CVE-2024-35809).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes bsc#1222974 CVE-2024-26838).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes bsc#1225121 CVE-2023-52744).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes bsc#1223203 CVE-2024-26907).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes bsc#1223137 CVE-2024-26916).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes bsc#1224722 CVE-2023-52657).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes bsc#1225008 CVE-2023-52803).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 bsc#1223712 CVE-2023-52653).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes bsc#1223744 CVE-2024-27388).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes bsc#1225734 CVE-2024-36896).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes bsc#1223671 CVE-2024-26934).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes bsc#1223748 CVE-2024-26989).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes bsc#1225599 CVE-2023-52834).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes bsc#1224663 CVE-2024-35887).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes bsc#1224566 CVE-2024-35982).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 bsc#1225513 CVE-2021-47552).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 bsc#1225766 CVE-2024-36918).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes bsc#1224733 CVE-2024-35849).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes bsc#1225408 CVE-2021-47508).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes bsc#1225000 CVE-2023-52878).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes bsc#1225435 CVE-2021-47521).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 bsc#1225222 CVE-2023-52732).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes bsc#1225479 CVE-2023-52741).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes bsc#1223762 CVE-2024-27004).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225096 CVE-2023-52875).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1224937 CVE-2023-52870).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225589 CVE-2023-52873).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225086 CVE-2023-52865).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225566 CVE-2023-52858).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes bsc#1225036 CVE-2023-52876).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes bsc#1223717 CVE-2024-27037).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes bsc#1223698 CVE-2024-27001).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes bsc#1223769 CVE-2024-27051).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes bsc#1223638 CVE-2024-26974).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes bsc#1224637 CVE-2023-52669).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes bsc#1225425 CVE-2021-47514).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes bsc#1223188 CVE-2024-26880).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes bsc#1224559 CVE-2024-35990).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes bsc#1224632 CVE-2024-35833).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes bsc#1222783 CVE-2024-26788).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes bsc#1224558 CVE-2024-35989).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes bsc#1225532 CVE-2023-52819).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225379
CVE-2021-47550).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225510
CVE-2021-47551).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes bsc#1225735 CVE-2024-36897).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes bsc#1225478 CVE-2023-52753).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes bsc#1223826 CVE-2024-27045).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes bsc#1225041 CVE-2023-52773).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225153
CVE-2021-47362).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes bsc#1224607 CVE-2023-52691).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes bsc#1225705 CVE-2024-36026).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes bsc#1225569 CVE-2023-52817).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes bsc#1225565 CVE-2023-52814).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225353
CVE-2021-47421).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes bsc#1224180 CVE-2024-27400).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes bsc#1223315 CVE-2024-26922).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes bsc#1225568 CVE-2023-52815).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes bsc#1224617 CVE-2023-52678).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes bsc#1225076 CVE-2023-52825).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes bsc#1225529 CVE-2023-52816).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225339
CVE-2021-47420).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes bsc#1225593 CVE-2024-36014).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
bsc#1224705 CVE-2024-35952).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes bsc#1224941 CVE-2023-52861).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes bsc#1224932 CVE-2023-52856).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes bsc#1224598 CVE-2023-52694).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes bsc#1224703 CVE-2024-35950).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225243
CVE-2021-47444).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes bsc#1223678 CVE-2024-26938).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes bsc#1223677 CVE-2024-26937).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes bsc#1224707 CVE-2024-35829).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes bsc#1223048 CVE-2024-26874).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225261
CVE-2021-47445).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225260
CVE-2021-47447).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225240
CVE-2021-47446).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225446
CVE-2021-47535).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225187
CVE-2021-47471).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225366
CVE-2021-47423).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225233
CVE-2021-47422).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes bsc#1223802 CVE-2024-27008).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225022 CVE-2023-52821).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes bsc#1225077 CVE-2023-52826).
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225230
CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes bsc#1225009 CVE-2023-52867).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes bsc#1223770 CVE-2023-52650).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes bsc#1224445 CVE-2023-52661).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225436
CVE-2021-47490).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes bsc#1224650 CVE-2024-35932).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47534).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225445
CVE-2021-47533).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes bsc#1223718 CVE-2024-26940).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes bsc#1224449 CVE-2023-52662).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes bsc#1224647 CVE-2024-35947).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 bsc#1224929 CVE-2023-52731).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes bsc#1225031 CVE-2023-52838).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222770 CVE-2024-26778).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222765 CVE-2024-26777).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes bsc#1224660 CVE-2024-35922).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes bsc#1225557 CVE-2023-52810).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes bsc#1225560 CVE-2023-52759).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes bsc#1224988 CVE-2023-52853).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes bsc#1225108 CVE-2023-52791).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes bsc#1224567 CVE-2024-35984).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes bsc#1225570 CVE-2023-52763).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes bsc#1225106 CVE-2023-52788).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(jsc#PED-376 bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(jsc#PED-376 bsc#1225095 CVE-2022-48709).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes bsc#1225358 CVE-2021-47499).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes bsc#1222960 CVE-2023-52643).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes bsc#1225360 CVE-2021-47500).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes bsc#1223747 CVE-2024-26988).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 bsc#1225382 CVE-2021-47504).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 bsc#1225515 CVE-2021-47569).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes bsc#1224697 CVE-2024-35847).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes bsc#1225373 CVE-2021-47529).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes bsc#1225472 CVE-2023-52799).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes bsc#1225553 CVE-2023-52805).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes bsc#1224676 CVE-2024-35955).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
patches.suse/md-Don-t-ignore-suspended-array-in-md_check_recovery-1baa.patch
(git-fixes CVE-2024-26758).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes bsc#1225588 CVE-2023-52847).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes bsc#1223842 CVE-2024-27075).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes bsc#1223844 CVE-2024-27074).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes bsc#1225571 CVE-2023-52764).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes bsc#1225490 CVE-2023-52754).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes bsc#1223779 CVE-2024-27076).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes bsc#1223027 CVE-2024-26829).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes bsc#1223031 CVE-2023-52642).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes bsc#1223843 CVE-2024-27073).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes bsc#1223837 CVE-2024-27072).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes bsc#1223780 CVE-2024-27077).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes bsc#1223781 CVE-2024-27078).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes bsc#1225590 CVE-2023-52844).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes bsc#1225495 CVE-2021-47560).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes bsc#1224618 CVE-2024-35813).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes bsc#1225483 CVE-2023-52708).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes bsc#1225708 CVE-2024-36029).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes bsc#1224956 CVE-2023-52730).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes bsc#1222374 CVE-2024-26698).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes bsc#1224495 CVE-2024-35901).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes bsc#1225386 CVE-2021-47540).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 bsc#1223049 CVE-2024-26859).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes bsc#1225380 CVE-2021-47513).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes bsc#1224615 CVE-2024-35796).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes bsc#1225501 CVE-2021-47564).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes bsc#1224945 CVE-2023-52702).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes bsc#1223828 CVE-2024-27047).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes bsc#1225455 CVE-2021-47542).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes bsc#1220363 CVE-2024-26597).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 bsc#1225424 CVE-2021-47512).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 bsc#1225468 CVE-2021-47557).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes bsc#1225396 CVE-2021-47559).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes bsc#1225447 CVE-2021-47536).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes bsc#1225549 CVE-2023-52703).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes bsc#1225467 CVE-2021-47555).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes bsc#1225372 CVE-2021-47518).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes bsc#1224479 CVE-2024-35915).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes bsc#1225405 CVE-2021-47507).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes bsc#1225404 CVE-2021-47506).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes bsc#1225480 CVE-2023-52705).
- Update
patches.suse/nouveau-dmem-handle-kcalloc-allocation-failure.patch
(git-fixes CVE-2024-26943).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes bsc#1223633 CVE-2024-26984).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes bsc#1223023 CVE-2024-26846).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes bsc#1224717 CVE-2024-27435).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes bsc#1225375 CVE-2021-47537).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes bsc#1224508 CVE-2023-52679).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes bsc#1223631 CVE-2024-26977).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
patches.suse/pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch
(git-fixes CVE-2024-36940).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes bsc#1224942 CVE-2022-48708).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes bsc#1225132 CVE-2023-52864).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes bsc#1224437 CVE-2024-27412).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes bsc#1224601 CVE-2023-52696).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes bsc#1223756
CVE-2022-48669).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes bsc#1225640 CVE-2024-36015).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes bsc#1224728 CVE-2023-52685).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes bsc#1224537 CVE-2024-35940).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
bsc#1225461 CVE-2023-52756).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes bsc#1223819 CVE-2024-27054).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 bsc#1225747 CVE-2024-36931).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 bsc#1225775 CVE-2024-36928).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 bsc#1223666 CVE-2024-26957).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes bsc#1225508 CVE-2021-47549).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes bsc#1225464 CVE-2021-47553).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes bsc#1225555 CVE-2023-52808).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes bsc#1225556 CVE-2023-52809).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 bsc#1224651 CVE-2024-35930).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes bsc#1225384 CVE-2021-47565).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes bsc#1225374 CVE-2021-47503).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 bsc#1223627 CVE-2024-26931).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 bsc#1223626 CVE-2024-26930).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes bsc#1194288 CVE-2021-47527).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes bsc#1225376 CVE-2021-47526).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes bsc#1225377 CVE-2021-47524).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes bsc#1225441 CVE-2021-47525).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes bsc#1223757 CVE-2024-27000).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes bsc#1223754 CVE-2024-26999).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes bsc#1224699 CVE-2024-35806).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes bsc#1225534 CVE-2023-52871).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes bsc#1223750 CVE-2024-26994).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes bsc#1223788 CVE-2024-27028).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes bsc#1225463 CVE-2021-47544).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes bsc#1225044 CVE-2023-52868).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes bsc#1225642 CVE-2024-36016).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes bsc#1225591 CVE-2023-52872).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes bsc#1225180 CVE-2023-52789).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes bsc#1224624 CVE-2024-35812).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes bsc#1222513 CVE-2024-26748).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes bsc#1225368 CVE-2021-47528).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes bsc#1225092 CVE-2023-52781).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes bsc#1225583 CVE-2023-52855).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes bsc#1223741 CVE-2024-26997).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes bsc#1223752 CVE-2024-26996).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes bsc#1224423 CVE-2024-27405).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes bsc#1224681 CVE-2024-35825).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes bsc#1225748 CVE-2024-36893).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes bsc#1224944 CVE-2023-52877).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes bsc#1224739 CVE-2024-35822).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes bsc#1223650 CVE-2024-26964).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes bsc#1225466 CVE-2021-47554).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes bsc#1224692 CVE-2024-35823).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 bsc#1224643 CVE-2024-35938).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes bsc#1224947 CVE-2023-52798).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes bsc#1224992 CVE-2023-52777).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes bsc#1222961 CVE-2023-52644).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes bsc#1224731 CVE-2024-35845).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes bsc#1224487 CVE-2024-35912).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes bsc#1224622 CVE-2024-35828).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes bsc#1224749 CVE-2024-35789).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes bsc#1225577 CVE-2023-52832).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 bsc#1223895 CVE-2022-48705).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes bsc#1224432 CVE-2024-27410).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes bsc#1223829 CVE-2024-27052).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes bsc#1223737 CVE-2024-27053).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes bsc#1224732 CVE-2024-35801).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes bsc#1224442 CVE-2023-52659).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit 7e29329
- powerpc/pseries/lparcfg: drop error message from guest name
lookup (bsc#1187716 ltc#193451 git-fixes).
- commit 1d8f6b6
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- powerpc/uaccess: Fix build errors seen with GCC 13/14
(bsc#1194869).
- commit 0f3f8d5
- nvmet: fix ns enable/disable possible hang (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- commit dd54933
- netfilter: nf_tables: release mutex after nft_gc_seq_end from
abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f
- cls_rsvp: check user supplied offsets (CVE-2023-42755
bsc#1215702).
- commit b6c6fb3
- llc: call sock_orphan() at release time
(CVE-2024-26625 bsc#1221086)
- commit bc4fd65
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
(git-fixes).
- commit 53d4b05
- bpf: fix precision backtracking instruction iteration
(bsc#1225756).
- commit 5aec043
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- nvme: fix miss command type check (git-fixes).
- commit b122221
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- commit e08ce4d
- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 65a74c5
- Bluetooth: ISO: Fix not validating setsockopt user input
(bsc#1224581 CVE-2024-35964).
- commit cf9835d
- printk: Update @console_may_schedule in
console_trylock_spinning() (bsc#1225616).
- commit 9f61f12
- Bluetooth: ISO: Add support for BT_PKT_STATUS (bsc#1224581
CVE-2024-35964).
- commit 9488226
- Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic (bsc#1224581
CVE-2024-35964).
- Refresh
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch.
- commit 07d66e7
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
Update patches.kabi/kABI-Work-around-kABI-changes-after-20347fca71a3-swi.patch (jsc#PED-3259, bsc#1224331).
- commit 861d481
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- commit 00a5ac9
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- commit be23e64
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- commit ec1f4ec
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- commit cdb0386
- calipso: fix memory leak in netlbl_calipso_add_pass()
(CVE-2023-52698 bsc#1224621)
- commit 77eb4f6
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
(git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in
sd_probe() (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
(git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: mpt3sas: Prevent sending diag_reset when the controller
is ready (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching
page (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
(git-fixes).
- scsi: libfc: Don't schedule abort twice (git-fixes).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886
(git-fixes).
- commit f4328c2
- net: atlantic: eliminate double free in error handling logic
(CVE-2023-52664 bsc#1224747).
- Refresh
patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch.
- commit 3161f6b
- Delete BT and WiFi cleanup patches for netif_rx()
Drop two cleanup patches that are likely broken: SLE15-SP5 kernel has
no prerequisite commit baebdf48c3600 backported (yet):
patches.suse/bluetooth-Use-netif_rx-d33d0dc9.patch
patches.suse/wireless-Atheros-Use-netif_rx.patch
- commit d16d77f
- net: hns3: fix out-of-bounds access may occur when coalesce
info is read via debugfs (CVE-2023-52807 bsc#1225097).
- commit 2628336
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- commit 58a5216
- cpumap: Zero-initialise xdp_rxq_info struct before running
XDP program (bsc#1224718 CVE-2024-27431).
- commit 1d6e754
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- commit 60a3fbf
- PCI: dwc: ep: Fix DBI access failure for drivers requiring
refclk from host (git-fixes).
- PCI: dwc: Detect iATU settings after getting "addr_space"
resource (git-fixes).
- commit a26d4db
- kABI: bpf: struct bpf_link and bpf_link_ops kABI workaround
(bsc#1224531 CVE-2024-35860).
- commit 35186ef
- ppdev: Add an error check in register_device (git-fixes).
- commit cd9959b
- bpf: support deferring bpf_link dealloc to after RCU grace
period (bsc#1224531 CVE-2024-35860).
- commit 5cff30d
- tpm_tis_spi: Account for SPI header when allocating TPM SPI
xfer buffer (git-fixes).
- commit 65639af
- drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 (CVE-2023-52671 bsc#1224729).
- commit d5b1287
- drm/amd/display: Prevent crash when disable stream (CVE-2024-35799 bsc#1224740).
- commit 7764a6b
- drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (CVE-2024-35951 bsc#1224701).
- commit c3405cd
- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
CVE-2024-27413).
- commit bcbd0b7
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893).
- commit 7df29b0
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a
- x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1224525
CVE-2024-35877).
- commit b573b7a
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
(CVE-2024-35969 bsc#1224580)
- commit 217a49b
- Refresh patches.suse/x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch.
Remove defined but unused variable warning.
- commit 2a387cc
- xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
(CVE-2023-52746 bsc#1225114)
- commit 1a99ba9
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
(CVE-2024-35872 bsc#1224530).
- commit 1a7a850
- Update CVE references (CVE-2024-35935 bsc#1224645)
Update patches.suse/btrfs-send-handle-path-ref-underflow-in-header-itera.patch
(CVE-2024-35935 bsc#1224645).
- commit 1afc656
- Update CVE references (CVE-2024-35936 bsc#1224644)
- Update patches.suse/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys.patch
(CVE-2024-35936 bsc#1224644).
- Update patches.suse/btrfs-handle-chunk-tree-lookup-error-in-btrfs_reloca.patch
(CVE-2024-35936 bsc#1224644).
- commit 46ae3a6
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- Update config files.
- commit 99579af
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- Update config files.
- commit 6a0eda0
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash
work (CVE-2024-35852 bsc#1224502).
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
(CVE-2024-36006 bsc#1224541).
- mlxsw: spectrum_acl_tcam: Fix warning during rehash
(CVE-2024-36007 bsc#1224543).
- mlxbf_gige: stop interface during shutdown (CVE-2024-35885
bsc#1224519).
- mlxbf_gige: call request_irq() after NAPI initialized
(CVE-2024-35907 bsc#1224492).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- ipvlan: add ipvlan_route_v6_outbound() helper (CVE-2023-52796
bsc#1224930).
- commit de506c4
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
(git-fixes).
- commit 9feb6d7
- ring-buffer: Fix a race between readers and resize checks
(git-fixes).
- commit 1627912
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- commit 8692851
- dma-direct: Leak pages on dma_set_decrypted() failure (bsc#1224535 CVE-2024-35939).
- commit 7213b4b
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665 CVE-2024-35875).
- Refresh patches.suse/suse-hv-cc_attr_cpu_hotplug_disabled.patch.
- commit 234fdb1
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- commit 450733a
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- commit bab84b2
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- commit caf6529
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- commit 085895e
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- commit 76ca8ec
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- commit 20c646a
- x86/lib: Fix overflow when counting digits (git-fixes).
- commit 5eb97ad
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- commit f16b82f
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- commit 22da5da
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- commit f63acb6
- KVM: x86: Mark target gfn of emulated atomic instruction as
dirty (bsc#1224638, CVE-2024-35804).
- commit e14475b
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- commit ead7031
- KVM: SVM: Flush pages under kvm->lock to fix UAF in
svm_register_enc_region() (bsc#1224725, CVE-2024-35791).
- commit 5b89286
- selinux: avoid dereference of garbage after mount failure
(bsc#1224494 CVE-2024-35904).
- commit dad5bc3
- nilfs2: fix unexpected freezing of nilfs_segctor_sync()
(git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread
(git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client
IBI handler (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during
start frame (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
(stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config
(stable-fixes).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin() (stable-fixes).
- commit 062f495
- media: rkisp1: Fix IRQ handling due to shared interrupts
(CVE-2023-52660 bsc#1224443).
- commit aadfd1f
- Input: cyapa - add missing input core locking to suspend/resume
functions (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
(git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
(git-fixes).
- ALSA: core: Fix NULL module pointer assignment at card init
(git-fixes).
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using
prescaler (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible
(git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch
(git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
(git-fixes).
- commit 1d7ff63
- kABI workaround for drivers/of/dynamic.c (CVE-2024-35879
bsc#1224524).
- commit 2e9ad08
- pmdomain: ti: Add a null pointer check to the
omap_prm_domain_init (CVE-2024-35943 bsc#1224649).
- commit aa89394
- of: module: prevent NULL pointer dereference in vsnprintf()
(CVE-2024-35878 bsc#1224671).
- commit 715f7d4
- of: dynamic: Synchronize of_changeset_destroy() with the
devlink removals (CVE-2024-35879 bsc#1224524).
- driver core: Introduce device_link_wait_removal()
(CVE-2024-35879 bsc#1224524).
- commit fe69cd8
- drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls()
for hisi_hns3_pmu uninit process (CVE-2023-52860 bsc#1224936).
- commit 1703104
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- commit f0643dd
- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (CVE-2024-35959
bsc#1224666).
- Refresh
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch.
- Refresh
patches.suse/powerpc-eeh-Permanently-disable-the-removed-device.patch.
- commit 2088b29
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
rehash (CVE-2024-35854 bsc#1224636).
- commit 0674818
- geneve: fix header validation in geneve[6]_xmit_skb
(CVE-2024-35973 bsc#1224586).
- commit ef0dd47
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
(CVE-2024-27417 bsc#1224721)
- commit 9d4dafd
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1223384).
- Refresh
patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c
- Update patch reference for media fix (CVE-2024-35830 bsc#1224680)
- commit aae637c
- regulator: bd71828: Don't overwrite runtime voltages
(git-fixes).
- nfc: nci: Fix handling of zero-length payload packets in
nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns
(git-fixes).
- commit 6c22f99
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- bpf: Check bloom filter map value size (bsc#1224488
CVE-2024-35905).
- commit c3a457f
- io_uring: drop any code related to SCM_RIGHTS (git-fixes
CVE-2023-52656 bsc#1224187).
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- commit 2c7c0cc
- autofs: use wake_up() instead of wake_up_interruptible(()
(bsc#1224166).
- commit 63af67f
- Update patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099)
This commit was merged twice, through the net and io_uring maintainer
trees. Add an Alt-commit entry to document that.
- commit 8d7b4ed
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- commit c7be571
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- commit c17c3b1
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- commit f8c347d
- s390/ipl: Fix incorrect initialization of len fields in nvme
reipl block (git-fixes bsc#1225139).
- commit fa2a3c7
- s390/ipl: Fix incorrect initialization of nvme dump block
(git-fixes bsc#1225138).
- commit 99842eb
- ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
(CVE-2023-52674 bsc#1224727).
- ALSA: scarlett2: Add missing error checks to *_ctl_get()
(CVE-2023-52680 bsc#1224608).
- ALSA: scarlett2: Add missing error check to
scarlett2_usb_set_config() (CVE-2023-52692 bsc#1224628).
- commit 76e573a
- spmi: hisi-spmi-controller: Do not override device identifier
(git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it
(git-fixes).
- vmci: prevent speculation leaks by sanitizing event in
event_deliver() (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device()
(git-fixes).
- iio: pressure: dps310: support negative temperature values
(git-fixes).
- iio: core: Leave private pointer NULL when no private data
supplied (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown
(git-fixes).
- serial: sc16is7xx: add proper sched.h include for
sched_set_fifo() (git-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal
(git-fixes).
- serial: max3100: Lock port->lock when calling
uart_handle_cts_change() (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock
(git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in
vmci_datagram_invoke_guest_handler() (stable-fixes).
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
(stable-fixes CVE-2024-35944 bsc#1224648).
- spmi: Add a check for remove callback when removing a SPMI
driver (git-fixes).
- commit d71c003
- Update
patches.suse/efi-libstub-Implement-support-for-unaccepted-memory.patch
(jsc#PED-7167, bsc#1224169).
- commit a57eb93
- libsubcmd: Fix parse-options memory leak (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size
(git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
(git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
(git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
(git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
(git-fixes).
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a
safety margin (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by
cpu5wdt_trigger (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- nilfs2: make superblock data array index computation sparse
friendly (git-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- commit 4148cf4
- Update
patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
(bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
patches.suse/fs-aio-Check-IOCB_AIO_RW-before-the-struct-aio_kiocb.patch
(bsc#1222721 CVE-2024-26764 CVE-2024-35815 bsc#1224685).
- Update
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
(bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
(CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit 78f49e4
- Update
patches.suse/bpf-Guard-stack-limits-against-32bit-overflow.patch
(git-fixes CVE-2023-52676 bsc#1224730).
- commit bdae745
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- Update
patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch
(bsc#1191949 CVE-2021-42327 stable-5.14.16 CVE-2021-47489
bsc#1224901).
- Update
patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch
(stable-5.14.16 bsc#1193983 CVE-2021-4148 CVE-2021-47491
bsc#1224900).
- Update
patches.suse/mm-thp-bail-out-early-in-collapse_file-for-writeback.patch
(stable-5.14.16 CVE-2021-47492 bsc#1224898).
- commit 9ce4e35
- Update
patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
(git-fixes stable-5.14.12 CVE-2020-36788 bsc#1224816).
- commit 92d2a7f
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- commit da02dfd
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686).
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690).
- commit 2a79a5d
- s390/cio: fix tracepoint subchannel type field (git-fixes
bsc#1224796).
- commit 681015b
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes
bsc#1224795).
- commit 99a2b7b
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M
(git-fixes bsc#1224794).
- commit 9db7bb3
- rpm/kernel-obs-build.spec.in: remove reiserfs from OBS initrd
We disabled the FS in bug 1202309. And we actively blacklist it in:
/usr/lib/modprobe.d/60-blacklist_fs-reiserfs.conf
This, as a side-effect, fixes obs-build's warning:
dracut-pre-udev[1463]: sh: line 1: /usr/lib/module-init-tools/unblacklist: No such file or directory
Exactly due to the above 60-blacklist_fs-reiserfs.conf trying to call the
above unblacklist.
We should likely drop ext2+ext3 from the list too, as we don't build
them at all. But that's a different story.
- commit 9e1a078
- scsi: qla2xxx: Fix double free of fcport (bsc#1223715
CVE-2024-26929).
- commit b3136a1
- scsi: smartpqi: Fix disable_managed_interrupts (git-fixes
bsc#1222608 CVE-2024-26742).
- commit c1f56fa
- Update
patches.suse/sysv-don-t-call-sb_bread-with-pointers_lock-held.patch
(git-fixes CVE-2023-52699).
- commit ff72612
- Update
patches.suse/ubifs-Set-page-uptodate-in-the-correct-place.patch
(git-fixes CVE-2024-35821).
- commit 06c29ae
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- commit 75af646
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- commit 4e2227a
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- commit c90aa66
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- commit 101e7e8
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- commit 9b195ba
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- commit 8706619
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- commit dda4cd3
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- commit 8a7e34d
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- commit babd9f3
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- commit a60c9b0
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- commit dd98c69
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- commit 1491654
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- commit 6714845
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- commit d4ad30e
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- commit 10645e8
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- commit c414cca
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- commit ffe591d
- qibfs: fix dentry leak (git-fixes)
- commit 610d1c4
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- commit 38a61b1
- RDMA/rxe: Fix the problem "mutex_destroy missing" (git-fixes)
- commit e67f56e
- powerpc/pseries/vio: Don't return ENODEV if node or compatible
missing (bsc#1220783).
- commit 1f4ad41
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- commit f8629fb
- 9p: explicitly deny setlease attempts (git-fixes).
- commit 87fc9de
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- commit 5d62c08
- fs/9p: only translate RWX permissions for plain 9P2000
(git-fixes).
- commit 4c1bbf3
- Bluetooth: qca: fix firmware check error path (git-fixes).
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods
(git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35
(stable-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation
(stable-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes
(git-fixes).
- power: rt9455: hide unused rt9455_boost_voltage_values
(git-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
(git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable()
(git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf
of GPIOR-T (git-fixes).
- clk: Don't hold prepare_lock when calling kref_put()
(stable-fixes).
- drm/nouveau/dp: Don't probe eDP ports twice harder
(stable-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices
(stable-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and
bottom half (stable-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order
(stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
(stable-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- commit 5c4ce2b
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(bsc#1224174 CVE-2024-27398).
- commit d55ff83
- af_unix: Fix garbage collector racing against connect()
(CVE-2024-26923 bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 94450ec
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks
(bsc#1223575).
- commit f1fed0b
- btrfs: fix silent failure when deleting root reference (git-fixes)
- commit f078eaa
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- commit c636d84
- btrfs: repair super block num_devices automatically (git-fixes)
- commit 32923eb
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- commit d70817a
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- commit ff787e8
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- commit b395410
- btrfs: extend locking to all space_info members accesses (git-fixes)
- commit 4332b8c
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- commit 41ad45c
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- commit bc68d31
- btrfs: send: in case of IO error log it (git-fixes)
- commit ae97fc7
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- commit 83c095f
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- commit 8756aca
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- commit 23fe652
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- commit a052f3d
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- commit e0cc982
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- commit 602c5bc
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- commit cb7f515
- btrfs: free exchange changeset on failures (git-fixes)
- commit caf57c7
- platform/x86/intel-uncore-freq: Don't present root domain on
error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting
key events (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in
mtd_otp_nvmem_add() (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain
(git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video()
(git-fixes).
- media: mc: mark the media devnode as registered from the,
start (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in
load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names
(git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check
(git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
(git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks
(git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards
(git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm
(git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
(git-fixes).
- fbdev: savage: Handle err return when savagefb_check_var failed
(git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
(git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original
mode pclk (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24
(git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format,
flags, connector (git-fixes).
- drm/panel: novatek-nt35950: Don't log an error when DSI host
can't be found (git-fixes).
- drm/bridge: dpc3433: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: tc358775: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: lt9611: Don't log an error when DSI host can't be
found (git-fixes).
- drm/bridge: lt8912b: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: icn6211: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: anx7625: Don't log an error when DSI host can't
be found (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference
(git-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amd/display: Fix potential index out of bounds in color
transformation function (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer
dereference (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates
(git-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case
HPD doesn't assert (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware
(git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info()
(git-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints
(git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath10k: Fix an error code problem in
ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- net: nfc: remove inappropriate attrs check (stable-fixes).
- wifi: ath11k: don't force enable power save on non-running vdevs
(git-fixes).
- wifi: ath10k: poll service ready message before failing
(git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- efi: libstub: only free priv.runtime_map when allocated
(git-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
(git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property
(git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of
PR_SCHED_CORE_GET (git-fixes).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
(git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings
(git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for
hci_add_adv_monitor() (git-fixes).
- commit b58e70a
- drm/msm/dpu: Add mutex lock in control vblank irq (CVE-2023-52586 bsc#1221081).
- commit 29edf8b
- Move upstreamed patches into sorted section
- commit 5da5b18
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc#1223626 CVE-2024-26930).
- commit dba3cc6
- Update
patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- commit 659f245
- s390/cpum_cf: make crypto counters upward compatible across
machine types (bsc#1224346).
- commit 92b222a
- net: usb: ax88179_178a: fix link status when link is set to
down/up (git-fixes).
- commit e11b05f
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- commit 3074ef8
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- commit 7392ae5
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- commit b6e5b9b
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991
ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event()
(bsc#1223991 ltc#205740).
- Refresh patches.suse/powerpc-eeh-Set-channel-state-after-notifying-the-dr.patch
- commit de617cf
- powerpc/eeh: Permanently disable the removed device (bsc#1223991
ltc#205740).
- commit 2349f02
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- commit 440eb05
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- commit 0f43a22
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- commit 61ce074
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (bsc#1224098
CVE-2024-27395).
- commit 9dd8826
- Refresh
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch.
- Refresh
patches.suse/x86-boot-Ignore-relocations-in-.notes-sections-in-walk_rel.patch.
- commit 9696669
- net: gtp: Fix Use-After-Free in gtp_dellink (bsc#1224096
CVE-2024-27396).
- commit 3a088c1
- usb: dwc3: gadget: Fix NULL pointer dereference in
dwc3_gadget_suspend (bsc#1222561 CVE-2024-26715).
- commit a21446a
- usb: dwc3: Remove DWC3 locking during gadget suspend/resume
(bsc#1222561 CVE-2024-26715).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit a8e6e1a
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- commit 20c1915
- Bluetooth: hci_sync: Don't double print name in add/remove
adv_monitor (bsc#1216358).
- commit c312f28
- usb: ulpi: Fix debugfs directory leak (bsc#1223847
CVE-2024-26919).
- commit 97ae025
- xfs: fix exception caused by unexpected illegal bestcount in
leaf dir (git-fixes).
- commit 354440e
- xfs: Fix false ENOSPC when performing direct write on a delalloc
extent in cow fork (git-fixes).
- commit 09541ce
- xfs: fix inode reservation space for removing transaction
(git-fixes).
- commit 47013bd
- xfs: add missing cmap->br_state = XFS_EXT_NORM update
(git-fixes).
- commit 4d7f88f
- xfs: fix imprecise logic in xchk_btree_check_block_owner
(git-fixes).
- commit 0e818cc
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
- commit 9c49a44
- sysv: don't call sb_bread() with pointers_lock held (git-fixes).
- commit 55f88f8
- jffs2: prevent xattr node from overflowing the eraseblock
(git-fixes).
- commit d6d35af
- nilfs2: fix out-of-range warning (git-fixes).
- commit 5e5e50a
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit a741c33
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit e177a81
- Revert
patches.suse/scsi-qla2xxx-Drop-redundant-pci_enable_pcie_error_re.patch (bsc#1223919).
- commit 418d666
- Revert
patches.suse/scsi-lpfc-Drop-redundant-pci_enable_pcie_error_repor.patch (bsc#1223919).
- Refresh patches.suse/scsi-lpfc-Change-lpfc_hba-hba_flag-member-into-a-bit.patch
- commit 24012d9
- Revert patches.suse/crypto-qat-drop-redundant-adf_enable_aer.patch (bsc#1223919)
- Refresh patches.suse/crypto-qat-add-heartbeat-feature.patch.
- Refresh
patches.suse/crypto-qat-add-internal-timer-for-qat-4xxx.patch.
- Refresh
patches.suse/crypto-qat-add-measure-clock-frequency.patch.
- Refresh
patches.suse/crypto-qat-make-fw-images-name-constant.patch.
- Refresh
patches.suse/crypto-qat-move-dbgfs-init-to-separate-file.patch.
- Delete
patches.suse/crypto-qat-drop-redundant-adf_enable_aer.patch.
- commit 3820b40
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- commit df207bd
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- firewire: nosy: ensure user_length is taken into account when
fetching packet contents (CVE-2024-27401 bsc#1224181).
- commit c84510f
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- commit 262f224
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- commit 616144a
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- commit 7d4e374
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- commit 7ffe18f
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- commit 41270ad
- md: fix kmemleak of rdev->serial (CVE-2024-26900, bsc#1223046).
- commit 46303cd
- btrfs: send: ensure send_fd is writable (git-fixes)
- commit bb19617
- aoe: avoid potential deadlock at set_capacity (CVE-2024-26775,
bsc#1222627).
- commit 6e30008
- fail_function: fix wrong use of fei_attr_remove().
- commit fbd7566
- KVM: x86: Delete duplicate documentation for
KVM_X86_SET_MSR_FILTER (git-fixes).
- commit db41c1c
- locking/atomic: Make test_and_*_bit() ordered on failure
(git-fixes).
- commit 1d020ff
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state
(git-fixes).
- commit 6a4baff
- nfs: fix UAF in direct writes (bsc#1223653 CVE-2024-26958).
- commit e54fcee
- drm/connector: Add \n to message about demoting connector
force-probes (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU
13.0.4/13.0.11 users (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- commit 0e34b53
- netfilter: nf_tables: mark set as dead when unbinding anonymous
set with timeout (bsc#1221829 CVE-2024-26643).
- commit cfcc70a
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- commit 1ace211
- mfd: intel-lpss: Revert "Add missing check for
platform_get_resource" (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely
(git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property
(git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode
selection (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities
(git-fixes).
- commit 763351d
- block/rnbd-srv: Check for unlikely string overflow (bsc#1221615
CVE-2023-52618).
- commit 7417f1e
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
(git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a
spinlock (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete()
in ccp_raw_event() (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands
(git-fixes).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
(git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id
(git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close()
(git-fixes).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(git-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- commit 9f11ba4
- Update
patches.suse/xen-netfront-Add-missing-skb_mark_for_recycle.patch
(git-fixes CVE-2024-27393 bsc#1224076).
- commit 80c2241
- kcm: do not sense pfmemalloc status in kcm_sendpage()
(git-fixes bsc#1223959)
- commit 99fbfaf
- net: do not sense pfmemalloc status in skb_append_pagefrags()
(git-fixes bsc#1223959)
- commit 08d0491
- net: introduce __skb_fill_page_desc_noacc
(git-fixes bsc#1223959)
- commit 4746bcf
- tcp: TX zerocopy should not sense pfmemalloc status
(CVE-2022-48689 bsc#1223959)
- commit 04462e7
- net: vmxnet3: Fix NULL pointer dereference in
vmxnet3_rq_rx_complete() (bsc#1223360).
- commit 7acf5e5
- Update
patches.suse/USB-core-Fix-deadlock-in-port-disable-sysfs-attribut.patch
(bsc#1223670 CVE-2024-26933).
- commit 00172be
- netfilter: nf_tables: clean up hook list when offload flags check fails
(CVE-2022-48691 bsc#1223961)
- commit 0430a1c
- netfilter: nf_tables: bail out early if hardware offload is not supported
(git-fixes bsc#1223961)
- commit faaa2c1
- Update
patches.suse/USB-usb-storage-Prevent-divide-by-0-error-in-isd200_.patch
(bsc#1223738 CVE-2024-27059).
Added CVE and bugzilla ID
- commit a7346fe
- drm/amdgpu: Reset IH OVERFLOW_CLEAR bit (bsc#1223207 CVE-2024-26915)
- commit 8adefb2
- Update
patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
(bsc#1223140 CVE-2024-26877).
CVE and bugzilla id added
- commit 73d8093
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- Refresh patches.suse/x86-bugs-Fix-BHI-handling-of-RRSBA.patch.
- commit 2155e75
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 54de3e2
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- commit 7067d06
- x86/bugs: Fix BHI documentation (git-fixes).
- commit c9aeaed
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- commit 7152334
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- commit f36b29c
- Fix "drm/amd/display: Fix MST Null Ptr for RV" (CVE-2024-26700 bsc#1222870)
Attibute the patch to the correct bsc# and CVE numbers.
- commit ba486d5
- Update "drm/vmwgfx: Fix possible null pointer derefence with invalid contexts" (CVE-2024-26979 bsc#1223628)
- commit 2fa33a2
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858).
- commit e50ed21
- drm/i915/vma: Fix UAF on destroy against retire race (CVE-2024-26939 bsc#1223679).
- commit 017ecd8
- Update
patches.suse/sched-debug-fix-dentry-leak-in-update_sched_domain_d.patch
(git-fixes CVE-2022-48699 bsc#1223996).
- commit 201a58f
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- commit 2f340e7
- btrfs: dev-replace: properly validate device names (CVE-2024-26791 bsc#1222793)
- commit 71c7afc
- Update
patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
(bsc#1220267 bsc#1222976 CVE-2024-26840).
- commit a7d6da2
- Update patches.suse/aio-fix-mremap-after-fork-null-deref.patch
(git-fixes CVE-2023-52646 bsc#1223432).
- commit 2adb86a
- inet: read sk->sk_family once in inet_recv_error() (bsc#1222385
CVE-2024-26679).
- commit b5f1323
- USB: core: Fix access violation during port device removal
(git-fixes).
- commit 3a8cd11
- USB: core: Fix deadlock in port "disable" sysfs attribute
(git-fixes).
- commit 200e4b0
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- commit 49cc1c1
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 892e634
- Update
patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
a4e7ccdac38e ("drm/i915: Move context management under GEM")
CVE-2022-48662 bsc#1223505).
- commit a7faced
- netfilter: nft_ct: fix l3num expectations with inet pseudo
family (git-fixes).
- commit 87e8a80
- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- commit 8f3269f
- Update
patches.suse/1576-drm-amd-display-fix-memory-leak-when-using-debugfs_l.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48698 bsc#1223956).
- commit a0e3008
- Update patches.suse/ice-Fix-DMA-mappings-leak.patch (jsc#PED-376
CVE-2022-48690 bsc#1223960).
- commit 7e1bf3d
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- Update
patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
(jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
(git-fixes CVE-2022-48692 bsc#1223962).
- Update
patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
(bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
(git-fixes CVE-2022-48704 bsc#1223932).
- Update
patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
(jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
(git-fixes CVE-2022-48673 bsc#1223934).
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
CVE-2022-48697 bsc#1223922).
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- Update
patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
(bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
CVE-2022-48700 bsc#1223957).
- commit c8677b5
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 6e591e7
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit 517d4f7
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505).
Unbreak metadata (References: collides with our internal tracking,
switch to Fixes: when referencing a commit).
- commit cd38265
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in
custom expectations (bsc#1222368 CVE-2024-26673).
- commit 785b7d0
- igc: avoid returning frame twice in XDP_REDIRECT (bsc#1223061
CVE-2024-26853).
- commit 021db33
- net: sparx5: Fix use after free inside sparx5_del_mact_entry
(bsc#1223052 CVE-2024-26856).
- commit fc5c6ad
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993 bsc#1223693)
- commit b0c9830
- Update
patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
(git-fixes CVE-2022-48675 bsc#1223894).
- Update
patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
(git-fixes CVE-2022-48634 bsc#1223501).
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
context management under GEM") bsc#1223505).
- Update
patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
(git-fixes CVE-2022-48632 bsc#1223481).
- Update
patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
(git-fixes CVE-2022-48652 bsc#1223520).
- Update
patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
(git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c
- ring-buffer: Only update pages_touched when a new page is
touched (git-fixes).
- commit b42aba1
- kprobes: Fix possible use-after-free issue on kprobe
registration (git-fixes).
- commit e007447
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page
in concurrent environment (git-fixes).
- commit 118cfcd
- tracing/net_sched: Fix tracepoints that save qdisc_dev()
as a string (git-fixes).
- commit a272f90
- tracing: Show size of requested perf buffer (git-fixes).
- commit f8d068b
- Bluetooth: Add new quirk for broken read key length on ATS2851
(git-fixes).
- commit 9ac913a
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE
(git-fixes).
- commit 83cd609
- fuse: don't unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal
(bsc#1223949).
- commit fdf9216
- RDMA/cm: Print the old state when cm_destroy_id gets timeout
(git-fixes).
- commit 9b2934b
- nouveau: lock the client object tree. (bsc#1223834 CVE-2024-27062)
- commit e828498
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- commit 5647172
- drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (CVE-2024-27042 bsc#1223823).
- commit f41733d
- drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() (CVE-2024-27041 bsc#1223714)
- commit ae6f7a9
- tun: limit printing rate when illegal packet received by tun
dev (bsc#1223745 CVE-2024-27013).
- net/mlx5e: Prevent deadlock while disabling aRFS (bsc#1223735
CVE-2024-27014).
- octeontx2-af: Use separate handlers for interrupts (bsc#1223790
CVE-2024-27030).
- wireguard: netlink: access device through ctx instead of peer
(bsc#1223661 CVE-2024-26950).
- wireguard: netlink: check for dangling peer via is_dead instead
of empty list (bsc#1223660 CVE-2024-26951).
- wireguard: receive: annotate data-race around
receiving_counter.counter (bsc#1223076 CVE-2024-26861).
- nfp: flower: handle acti_netdevs allocation failure (bsc#1223827
CVE-2024-27046).
- commit b495510
- drm/amd/display: Add a dc_state NULL check in dc_state_release (CVE-2024-26948 bsc#1223664)
- commit 211db77
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation
(git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- usb: typec: tcpm: Check for port partner validity before
consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before
re-registration (bsc#1220569).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual
SuperSpeed device (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup
packets (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic
(git-fixes).
- commit d9cff03
- pstore: inode: Only d_invalidate() is needed (bsc#1223705
CVE-2024-27389).
- commit bbe965a
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
(stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops
(stable-fixes).
- commit 86753e0
- ASoC: meson: axg-tdm-interface: manage formatters in trigger
(git-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe
(git-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of
device_get_named_child_node() (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events
(git-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()
v2 (git-fixes).
- spi: hisi-kunpeng: Delete the dump interface of data registers
in debugfs (git-fixes).
- commit 79c4a57
- wifi: iwlwifi: mvm: ensure offloading TID queue exists
(CVE-2024-27056 bsc#1223822).
- wifi: iwlwifi: mvm: protect TXQ list manipulation
(CVE-2024-27056 bsc#1223822).
- commit 5895d13
- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
bsc#1223824).
- commit e3d9ce5
- clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
(CVE-2024-27039 bsc#1223821).
- commit 70ad74a
- clk: Fix clk_core_get NULL dereference (CVE-2024-27038
bsc#1223816).
- commit bcf8ce4
- Rename to
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch.
- commit e953a9a
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes
bsc#1223879).
- commit 1b0c7f2
- s390/mm: Fix storage key clearing for guest huge pages
(git-fixes bsc#1223878).
- commit fc57acc
- s390/mm: Fix clearing storage keys for huge pages (git-fixes
bsc#1223877).
- commit c73273d
- s390/vdso: Add CFI for RA register to asm macro vdso_func
(git-fixes bsc#1223876).
- commit 15b93ff
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes
bsc#1223875).
- commit c670b5d
- NTB: fix possible name leak in ntb_register_device()
(CVE-2023-52652 bsc#1223686).
- commit 206337a
- mm: swap: fix race between free_swap_and_cache() and swapoff()
(CVE-2024-26960 bsc#1223655).
- commit b6bee56
- swap: comments get_swap_device() with usage rule (CVE-2024-26960
bsc#1223655).
- commit 15510e4
- Refresh patches.suse/powerpc-pseries-iommu-LPAR-panics-when-rebooted-with.patch.
- commit 2ecdc0a
- clk: qcom: mmcc-msm8974: fix terminating of frequency table
arrays (CVE-2024-26965 bsc#1223648).
- commit 1dd34df
- clk: qcom: mmcc-apq8084: fix terminating of frequency table
arrays (CVE-2024-26966 bsc#1223646).
- commit a12a96e
- clk: qcom: gcc-ipq8074: fix terminating of frequency table
arrays (CVE-2024-26969 bsc#1223645).
- commit 8dca0be
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit f5401a7
- drm/bridge: adv7511: fix crash on irq during probe (CVE-2024-26876 bsc#1223119).
- commit baf14c5
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit cdd225e
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- commit 87fa6a6
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp
(git-fixes).
- commit 77fb94f
- net: stream: purge sk_error_queue in sk_stream_kill_queues()
(git-fixes).
- commit cb9fa4c
- netfilter: br_netfilter: Drop dst references before setting
(git-fixes).
- commit 28508ef
- net: mld: fix reference count leak in mld_{query |
report}_work() (git-fixes).
- commit 389c7c7
- net: ipv6: ensure we call ipv6_mc_down() at most once
(git-fixes).
- commit e46b1a5
- net: fix a memleak when uncloning an skb dst and its metadata
(git-fixes).
- commit 9e895dd
- net: bridge: vlan: fix memory leak in __allowed_ingress
(git-fixes).
- commit 26122cb
- Update patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch
(bsc#1223380 bsc#1217408 bsc#1223640).
- commit 48bb894
- netfilter: ipt_CLUSTERIP: fix refcount leak in
clusterip_tg_check() (git-fixes).
- commit 014c7bb
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- commit f6e1f81
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests
(jsc#PED-7167 git-fixes).
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit 8eb012f
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit
type (jsc#PED-7167 git-fixes).
- commit 554f303
- Update
patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
(bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c
- clk: qcom: gcc-ipq6018: fix terminating of frequency table
arrays (CVE-2024-26970 bsc#1223644).
- commit 0c0dddd
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
(stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails
(stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
(stable-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
(stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
(git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry
(stable-fixes).
- commit ac12ea7
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
(CVE-2024-26852 bsc#1223057)
- commit d89430d
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- commit 4bfffd4
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- commit 1d62037
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- commit 93fb4e2
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- commit 5fec238
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- commit 8f27cd5
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit d2d22f0
- s390/decompressor: fix misaligned symbol build error (git-fixes
bsc#1223785).
- commit 47fb728
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- commit c7b5bd6
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- commit a134662
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- commit bb84f10
- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
(CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
(CVE-2024-23848 bsc#1219104).
- commit 70ecf73
- mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659
bsc#1223498).
- commit d72759d
- drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (CVE-2023-52585 bsc#1221080).
- commit cde7c84
- bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1223499
CVE-2022-48640).
- commit 9f14266
- media: cec: abort if the current transmit was canceled
(CVE-2024-23848 bsc#1219104).
- commit e51b978
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit 8ad2647
- Update
patches.suse/ubifs-ubifs_symlink-Fix-memleak-of-inode-i_link-in-error-path.patch
(git-fixes CVE-2024-26972 bsc#1223643).
- commit c1d0983
- Update
patches.suse/nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch
(git-fixes CVE-2024-26955 bsc#1223657).
- commit 59db655
- Update
patches.suse/nilfs2-fix-failure-to-detect-DAT-corruption-in-btree.patch
(git-fixes CVE-2024-26956 bsc#1223663).
- commit b968ba7
- Update patches.suse/nilfs2-fix-OOB-in-nilfs_set_de_type.patch
(git-fixes CVE-2024-26981 bsc#1223668).
- commit 7b2eba5
- ASoC: SOF: Add some bounds checking to firmware data
(CVE-2024-26927 bsc#1223525).
- commit 797ef67
- Update
patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
(git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d
- Update
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
(bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545
- Update
patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
(git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
(bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640
- Update
patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
(jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
(bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6
- drm/i915/gem: Really move i915_gem_context.link under ref
protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422
- Update
patches.suse/net-sched-taprio-avoid-disabling-offload-when-it-was.patch
(bsc#1207361 CVE-2022-48644 bsc#1223511).
- commit 32036dc
- Update
patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
jsc#PED-2849a4e7ccdac38e ("drm/i915: Move context management
under GEM") CVE-2022-48662 bsc#1223505).
- commit 16b0082
- netfilter: nf_tables: disallow timeout for anonymous sets
(CVE-2023-52620 bsc#1221825).
- commit 19a9222
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit a4b4019
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c
- Update
patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
(git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a
- Update
patches.suse/sfc-siena-fix-null-pointer-dereference-in-efx_hard_s.patch
(jsc#PED-1565 CVE-2022-48646 bsc#1223502).
- commit 54704c0
- Update
patches.suse/net-sched-fix-possible-refcount-leak-in-tc_new_tfilt.patch
(bsc#1207361 CVE-2022-48639 bsc#1223490).
- commit 1b88973
- Update
patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
(git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811
- Update
patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
(git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659
- Update
patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
(bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952
- Update
patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
(git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3
- netfilter: nf_tables: fix percpu memory leak at
nf_tables_addchain() (bsc#1223478 CVE-2022-48642).
- commit 839888a
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- commit 15c6bc2
- printk: Avoid non-panic CPUs writing to ringbuffer
(bsc#1223574).
- commit d14ad8e
- Update
patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
(git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- commit ed11fe0
- printk: Disable passing console lock owner completely during
panic() (bsc#1223574).
- commit d98358d
- s390/zcrypt: fix reference counting on zcrypt card objects
(git-fixes bsc#1223595).
- commit 0483eb1
- Update
patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
(git-fixes CVE-2024-26875 bsc#1223118).
- commit fd5a947
- printk: ringbuffer: Skip non-finalized records in panic
(bsc#1223574).
- commit c9df6e3
- printk: Wait for all reserved records with pr_flush()
(bsc#1223574).
- commit d04f93d
- Update
patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
(git-fixes CVE-2024-26872 bsc#1223115).
- commit 66d99f5
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- commit a92ce86
- printk: Add this_cpu_in_panic() (bsc#1223574).
- commit 0b039ad
- quota: Fix potential NULL pointer dereference (bsc#1223060
CVE-2024-26878).
- commit 93c484c
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
(bsc#1223198 CVE-2024-26901).
- commit a397ff1
- blk-mq: fix IO hang from sbitmap wakeup race (bsc#1222357
CVE-2024-26671).
- commit 9908e06
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_find_by_goal() (bsc#1222613 CVE-2024-26772).
- commit be73fd6
- printk: Rename abandon_console_lock_in_panic() to
other_cpu_in_panic() (bsc#1223574).
- commit 6336c25
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes).
- commit 111a038
- printk: Drop console_sem during panic (bsc#1223574).
- commit 725427c
- clk: meson: Add missing clocks to axg_clk_regmaps
(CVE-2024-26879 bsc#1223066).
- commit 46eee50
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- commit 0f13b5c
- printk: ringbuffer: Do not skip non-finalized records with
prb_next_seq() (bsc#1223574).
- commit 28b403a
- printk: ringbuffer: Improve prb_next_seq() performance
(bsc#1223574).
- commit 6a93375
- Update
patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
(git-fixes CVE-2024-26820 bsc#1223078).
- commit d0bb689
- Update
patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
(git-fixes CVE-2024-26825 bsc#1223065).
- commit 4685711
- wifi: wfx: fix memory leak when starting AP (CVE-2024-26896
bsc#1223042).
- commit f3e25cb
- Update
patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
(git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
- commit f3895d7
- printk: Use prb_first_seq() as base for 32bit seq macros
(bsc#1223574).
- commit e3b59e0
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- commit 7e7615e
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- commit 6dcabeb
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- commit c13f8d3
- PM / devfreq: Fix buffer overflow in trans_stat_show
(CVE-2023-52614 bsc#1221617).
- commit 43b7d5b
- Update
patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
(git-fixes CVE-2024-26891 bsc#1223037).
- commit 7b52ba2
- Update
patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
(git-fixes CVE-2024-26833 bsc#1223036).
- commit 6c18411
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1223513 CVE-2022-48651).
- commit c96a663
- net: hns3: fix kernel crash when 1588 is received on HIP08
devices (bsc#1223041 CVE-2024-26881).
- net: ice: Fix potential NULL pointer dereference in
ice_bridge_setlink() (bsc#1223051 CVE-2024-26855).
- geneve: make sure to pull inner header in geneve_rx()
(bsc#1223058 CVE-2024-26857).
- ppp_async: limit MRU to 64K (bsc#1222379 CVE-2024-26675).
- commit 61a60e2
- Update
patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
(git-fixes CVE-2024-26843 bsc#1223014).
- commit 3f9577f
- net: usb: ax88179_178a: stop lying about skb->truesize
(git-fixes).
- commit 416a90a
- Update
patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
(git-fixes CVE-2024-26897 bsc#1223323).
- commit 938950f
- drm/amd/display: Fix MST Null Ptr for RV (CVE-2021-47200 bsc#1222838)
- commit 3d0cc91
- Update
patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
(git-fixes CVE-2024-26895 bsc#1223197).
- commit 73cb93c
- amdkfd: use calloc instead of kzalloc to avoid integer overflow (CVE-2024-26817 bsc#1222812)
- commit 5946a4f
- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb
- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in
task context (CVE-2022-48658 bsc#1223496).
- commit 3480d23
- firmware: arm_scmi: Fix double free in SMC transport cleanup
path (CVE-2024-26893 bsc#1223196).
- commit 689202d
- nfsd: use __fput_sync() to avoid delayed closing of files
(bsc#1223380 bsc#1217408).
- commit aa925bb
- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
This reverts commit b92b60703522e3531f77c5af2f34b4b165007b3a.
This commit was reverted upstream by commit 0ecff05e6c59dd82dbcb9706db911f7fd9f40fb8
with note:
ice_check_vf_ready_for_cfg() already contain waiting for reset.
New condition in ice_check_vf_ready_for_reset() causing only problems.
- commit 33e8bb2
- Sort recent BHI patches
- Refresh patches.suse/KVM-x86-Add-BHI_NO.patch.
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- commit 065fb7d
- Update patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch
(jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- commit 29ca2f7
- x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word (bsc#1217339 CVE-2024-2201).
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Delete
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit b2ddc32
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- commit e9b75ba
- livepatch: Fix missing newline character in
klp_resolve_symbols() (bsc#1223539).
- commit ccf2afb
- Update
patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
(git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d
- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
(CVE-2023-52616 bsc#1221612).
- commit 6fa74bc
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone
index (bsc#1222615 CVE-2024-26783).
- commit d2a6383
- mm/vmscan: make sure wakeup_kswapd with managed zone
(bsc#1223473).
- commit c954567
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd
- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48
- hugetlb, userfaultfd: fix reservation restore on userfaultfd
error (bsc#1222710 CVE-2021-47214).
- commit 4a75d88
- drm/amdgpu: fix use-after-free bug (CVE-2024-26656 bsc#1222307)
- commit 2c0e8cb
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
(git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- idma64: Don't try to serve interrupts when device is powered
off (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions
(stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
(stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product
(stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650
(stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models
(stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants
(stable-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume
(stable-fixes).
- thunderbolt: Fix wake configurations after device unplug
(stable-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb
ep transport error (stable-fixes).
- clk: Get runtime PM before walking tree during disable_unused
(git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- arm64: hibernate: Fix level3 translation fault in swsusp_save()
(git-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with
ALC269VC (stable-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/amd/display: Do not recursively call manual trigger
programming (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
(stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages
(stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB
(stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct
(stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- clk: Print an info line before disabling unused clocks
(stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11
(stable-fixes).
- clk: remove extra empty line (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- commit 2a4676e
- i40e: Fix VF MAC filter removal (git-fixes).
- commit 03f8d56
- mmc: sdhci-msm: pervent access to suspended controller
(git-fixes).
- fbdev: fix incorrect address computation in deferred IO
(git-fixes).
- wifi: nl80211: don't free NULL coalescing rule (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
(git-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new
one (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend
(git-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports
(git-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
dev->devc (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow
(git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
(git-fixes).
- commit eb0d29c
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33
- i40e: Do not allow untrusted VF to remove administratively
set MAC (git-fixes CVE-2024-26830 bsc#1223012).
- commit 67a5cff
- net: ip_tunnel: make sure to pull inner header in
ip_tunnel_rcv() (git-fixes CVE-2024-26882 bsc#1223034).
- commit 1915836
- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
(CVE-2023-52635 bsc#1222294).
- commit 6f88f1b
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369
ltc#205888).
- powerpc/rtas: define pr_fmt and convert printk call sites
(bsc#1223369 ltc#205888).
- commit 13f68b5
- Update
patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
(bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a
- Renamepatches before cve/linux-5.14-LTSS
- commit 0b096bb
- PCI: rpaphp: Error out on busy status from get-sensor-state
(bsc#1223369 ltc#205888).
- commit f9716ef
- bpf: Fix stackmap overflow check on 32-bit arches (bsc#1223035
CVE-2024-26883).
- bpf: Fix hashtab overflow check on 32-bit arches (bsc#1223189
CVE-2024-26884).
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
(bsc#1223190 CVE-2024-26885).
- commit c435af8
- Update
patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch
(bsc#1222596 cve-2024-26760), updating CVE number.
- commit 0b78c9a
- powerpc/kasan: Don't instrument non-maskable or raw interrupts
(bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- Refresh patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
- commit 8a00767
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt
(bsc#1221645 ltc#205739 bsc#1223191).
- commit caf6e20
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood
(git-fixes).
- serial: mxs-auart: add spinlock around changing cts state
(git-fixes).
- Revert "usb: cdc-wdm: close race between read and workqueue"
(git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow
(git-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- commit 28e1f50
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- commit e92aa40
- clk: Remove prepare_lock hold assertion in __clk_release()
(git-fixes).
- commit 7812d3f
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit 236cddf
- drm/panel: visionox-rm69299: don't unregister DSI device
(git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference
(git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- nouveau: fix instmem race condition around ptr stores
(git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations
more clearly (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit d2ecf52
- pmdomain: mediatek: fix race conditions with genpd
(CVE-2023-52645 bsc#1223033).
- commit 9a65bfe
- spi: spi-fsl-lpspi: remove redundant spi_controller_put call
(CVE-2024-26866 bsc#1223024).
- commit 1408e84
- spi: lpspi: Avoid potential use-after-free in probe()
(CVE-2024-26866 bsc#1223024).
- commit 233d8aa
- platform/x86: think-lmi: Fix password opcode ordering for
workstations (CVE-2024-26836 bsc#1222968).
- platform/x86: think-lmi: Enable opcode support on BIOS settings
(CVE-2024-26836 bsc#1222968).
- commit 13fd3e3
- net: usb: ax88179_178a: avoid writing the mac address before
first reading (git-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed()
(git-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
(stable-fixes).
- nouveau: fix function cast warning (git-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316
(stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
(stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure
(stable-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used
(stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
active (git-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete()
(git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT
(git-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of
probe (git-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack
(stable-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn
establishes (stable-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
(stable-fixes).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not
attached (stable-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode()
(stable-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
(stable-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms
(stable-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and
MM0110113M (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product
(stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100
(stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
(stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
(git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy
(stable-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is
defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible
(stable-fixes).
- ahci: asm1064: asm1166: don't limit reported ports (git-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for
"phys" fails (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- media: cec: core: remove length check of Timer Status
(stable-fixes).
- ALSA: firewire-lib: handle quirk to calculate payload quadlets
as data block counter (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle
by default" (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant
of the Chuwi Vi8 tablet (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle
(stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided
IDs (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini
(stable-fixes).
- drm/vc4: don't check if plane->state->fb == state->fb
(stable-fixes).
- hwmon: (amc6821) add of_match table (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
(stable-fixes).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
(stable-fixes).
- pstore/zone: Add a null pointer check to the psz_kmsg_read
(stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags
(stable-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running
(stable-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- commit 5f4b68d
- Update
patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
(git-fixes CVE-2024-26798 bsc#1222798).
- commit 3f5154a
- Update
patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
(bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
(CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e
- Update
patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
(git-fixes CVE-2021-47207 bsc#1222790).
- Update
patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
(bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
(jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
(git-fixes CVE-2021-47187 bsc#1222703).
- Update
patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
(git-fixes CVE-2021-47194 bsc#1222829).
- Update
patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
(git-fixes CVE-2021-47205 bsc#1222888).
- Update
patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
(git-fixes CVE-2021-47200 bsc#1222838).
- Update
patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
(jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
(jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
(git-fixes CVE-2021-47217 bsc#1222836).
- Update
patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
(git-fixes CVE-2021-47204 bsc#1222787).
- Update
patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
(jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
(jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
(jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
(bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
(git-fixes CVE-2021-47216 bsc#1222876).
- Update
patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
(git-fixes CVE-2021-47192 bsc#1222867).
- Update
patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
(bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
(bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
(git-fixes CVE-2021-47193 bsc#1222879).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(git-fixes CVE-2021-47191 bsc#1222866).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
(git-fixes CVE-2021-47188 bsc#1222671).
- Update
patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
(git-fixes CVE-2021-47218 bsc#1222791).
- Update
patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
(stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185 bsc#1222669).
- Update
patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
(git-fixes CVE-2021-47206 bsc#1222894).
- Update
patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
(git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
(git-fixes).
- Refresh
patches.suse/coresight-etm-Override-TRCIDR3.CCITMIN-on-errata-affected-cpus.patch.
- commit d93f0f0
- Update
patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
(git-fixes CVE-2024-26779 bsc#1222772).
- commit c8c8675
- wifi: wfx: fix possible NULL pointer dereference in
wfx_set_mfp_ap() (CVE-2023-52593 bsc#1221042).
- commit 846e85e
- iommu/mediatek: Flush IOTLB completely only if domain has
been attached (git-fixes).
- commit 623c929
- media: rkisp1: Fix IRQ disable race issue (CVE-2023-52589
bsc#1221084).
- commit e4627b0
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- commit b3bdbef
- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
- commit 9b2027c
- iommu/amd: Don't block updates to GATag if guest mode is on
(git-fixes).
- commit 9ffdfc7
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- commit c8c9239
- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
bsc#1221299).
- commit e7967c5
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- commit 6d1aa27
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c
(git-fixes).
- commit 452d862
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
(git-fixes).
- commit 161366f
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- commit b3ada40
- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
bsc#1222435).
- commit eb41ab9
- xen/xenbus: document will_handle argument for
xenbus_watch_path() (git-fixes).
- commit c749895
- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- libceph: init the cursor when preparing sparse read in msgr2
(bsc#1222247 CVE-2023-52636).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap
(bsc#1223067).
- libceph: just wait for more data to be available on the socket
(bsc#1222247 CVE-2023-52636).
- libceph: rename read_sparse_msg_*() to
read_partial_sparse_msg_*() (bsc#1222247 CVE-2023-52636).
- commit c683288
- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap
functions for FIFO (bsc#1221162 CVE-2023-52488).
- commit 0ac4803
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- commit aa65491
- Refresh patches.kabi/kabi-allow-extra-bugints.patch. (bsc#1222952)
- commit a04a1a9
- iommu/amd: Fix "Guest Virtual APIC Table Root Pointer"
configuration in IRTE (git-fixes).
- commit 9b574c1
- afs: Fix endless loop in directory parsing (bsc#1223030
CVE-2024-26848).
- commit 38522d0
- iommu/vt-d: Allow zero SAGAW if second-stage not supported
(git-fixes).
- commit 9bb9de0
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1220342 CVE-2024-26601).
- commit c12e20f
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- commit f532194
- iommu/amd: Add a length limitation for the ivrs_acpihid
command-line parameter (git-fixes).
- commit 8f23b5e
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- commit 87554ac
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- commit 6fc55b4
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
(bsc#1222721 CVE-2024-26764).
- commit b81d662
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via
libaio (bsc#1222721 CVE-2024-26764).
- commit 6f0ed6e
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found() (bsc#1222618 CVE-2024-26773).
- commit 821043d
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- commit 78b0780
- xen-netback: properly sync TX responses (git-fixes).
- commit b347f75
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf
import (git-fixes).
- commit 78d5534
- drm/amd/display: Implement bounds check for stream encoder creation (bsc#1222266 CVE-2024-26660)
- commit 3a8faf0
- iommu/amd: Fix error handling for pdev_pri_ats_enable()
(git-fixes).
- commit 9598a5a
- Update
patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
(bsc#1222609 CVE-2024-26747).
Added CVE reference
- commit c356fce
- iommu/vt-d: Fix error handling in sva enable/disable paths
(git-fixes).
- commit a7d0d80
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- commit 997077c
- iommu/vt-d: Allocate local memory for page request queue
(git-fixes).
- commit 29949ff
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
PE (bsc#1222011 ltc#205900).
- commit 92932bc
- Update references in
patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
(bsc#1221044 bsc#1221088 CVE-2023-52591 CVE-2023-52590).
- commit 6a6852e
- Update patches.suse/spi-fix-use-after-free-of-the-add_lock-mutex.patch (git-fixes CVE-2021-47195 bsc#1222832)
- commit e8d48f1
- mm/vmalloc: huge vmalloc backing pages should be split rather
than compound (bsc#1217829).
- commit 539be83
- netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
(bsc#1222630 CVE-2024-26805).
- commit 62396b0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (bsc#1222726 CVE-2024-26766)
- commit dc4bba0
- spi: cadence-qspi: fix pointer reference in runtime PM hooks (CVE-2024-26807 bsc#1222801)
- commit 4dd5f9f
- Update
patches.suse/nvmet-fc-avoid-deadlock-on-delete-association-path.patch
(git-fixes CVE-2024-26769 bsc#1222727).
- commit fb3505a
- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
(git-fixes bsc#1222449 CVE-2024-26744)
- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
(git-fixes bsc#1222677 CVE-2024-26743)
- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
(git-fixes bsc#1222726 CVE-2024-26766)
- commit c5a8a5e
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- commit 1af9c1e
- NFS: avoid spurious warning of lost lock that is being unlocked
(bsc#1221791).
- commit 1efde72
- gtp: fix use-after-free and null-ptr-deref in
gtp_genl_dump_pdp() (bsc#1222428 CVE-2024-26793 bsc#1222632
CVE-2024-26754).
- commit eebe79d
- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
- commit 3445a30
- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
- commit fa581a2
- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
- commit 97121f5
- iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. (CVE-2023-52627 bsc#1222051)
- commit e5bef1f
- dm: don't lock fs when the map is NULL during suspend or resume
(git-fixes).
- commit 78ef342
- dm integrity: fix out-of-range warning (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm raid: fix false positive for requeue needed during reshape
(git-fixes).
- dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes).
- md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume
(git-fixes).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Don't clear MD_CLOSING when the raid is about to stop
(git-fixes).
- dm-verity, dm-crypt: align "struct bvec_iter" correctly
(git-fixes).
- dm-crypt: don't modify the data when using authenticated
encryption (bsc#1222720, CVE-2024-26763).
- dm-crypt, dm-verity: disable tasklets (bsc#1222416, CVE-2024-26718).
- dm-integrity: don't modify bio's immutable bio_vec in
integrity_metadata() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
(git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set()
(git-fixes).
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up
race (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx
(git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
(git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size
(git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio
(git-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and
check its return value (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices
(git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu()
(git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in
unregister_nvdimm_pmu() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
progress (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr()
(git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
error paths (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit
architectures (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client
(git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
(git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- dm thin metadata: check fail_io before using data_sm
(git-fixes).
- dm: don't lock fs when the map is NULL in process of resume
(git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
error path (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error
path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
(git-fixes).
- dm stats: check for and propagate alloc_percpu failure
(git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- commit 876bda1
- dm thin: fix deadlock when swapping to thin device
(bsc#1177529).
- Use above upstream patch, delete in-house patch,
patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch.
- commit f651b2e
- dm cache: add cond_resched() to various workqueue loops
(git-fixes).
- dm thin: add cond_resched() to various workqueue loops
(git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
(git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed
block devices (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions
without mappings (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def
in stats.h (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- nvdimm/namespace: drop nested variable in
create_namespace_pmem() (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous
device registration' (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms
(git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded
CPU false sharing (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish
(git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit
(git-fixes).
- bcache: move uapi header bcache.h to bcache code directory
(git-fixes).
- bcache: remove bch_crc64_update (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- commit fd7b7d9
- bcache: remove the backing_dev_name field from struct cached_dev
(git-fixes).
- Rebased for the above change,
patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch.
- commit fddbf12
- bcache: remove the cache_dev_name field from struct cache
(git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing
device detach (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- commit b239072
- scsi: target: pscsi: Fix bio_put() for error case (bsc#1222596
cve-2024-267600).
- commit 54b96d8
- arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as (CVE-2023-52561 bsc#1220935)
- commit 003c2c9
- selftests/bpf: Test racing between bpf_timer_cancel_and_free
and bpf_timer_cancel (bsc#1222557 CVE-2024-26737).
- bpf: Fix racing between bpf_timer_cancel_and_free and
bpf_timer_cancel (bsc#1222557 CVE-2024-26737).
- commit 141641a
- iio: adc: ad7091r: Allow users to configure device events (CVE-2023-52627 bsc#1222051)
- commit 4afaad3
- ARM: ep93xx: Add terminator to gpiod_lookup_table (CVE-2024-26751 bsc#1222724)
- commit 9f7da20
- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
- commit fb21423
- Update
patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
(git-fixes CVE-2021-47189 bsc#1222706).
- commit 95bc72d
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
Properly check whether the feature we are patching in the alternatives
is a feature or a bug. This was broken because in apply_alternative()
boot_cpu_has is used and if we have an alternative that depends on a bug
bit (such as X86_BUG_SYSRET_SS_ATTRS) the boot_cpu_has will erroneously
check if this bit is set in the feature ints rather than the bug ints.
While at it ensure that static_cpu_has isn't called with extended
bugs features as those aren't supported right now.
- commit 793068f
- Refresh
patches.kabi/PCI-Add-locking-to-RMW-PCI-Express-Capability-Regist.patch.
Drop a bogus hunk. It was introduced by mistake.
Fixes: acf0d9920aee
- commit 3a754ef
- Update
patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
(git-fixes CVE-2024-26749 bsc#1222680).
- commit 515d996
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
(bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
- commit 3731b61
- tee: amdtee: fix use-after-free vulnerability in
amdtee_close_session (bsc#1220915 CVE-2023-52503).
- commit 926b64b
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- Delete
patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch.
- commit bf0e61f
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185).
- commit de9e1db
- Update
patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
(bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit 720685d
- Update
patches.suse/scsi-core-Fix-scsi_mode_sense-buffer-length-handling.patch
(git-fixes CVE-2021-47182 bsc#1222662).
- commit 641c737
- Update
patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
(git-fixes CVE-2021-47181 bsc#1222660).
- commit 27da195
- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
bsc#1222503).
- commit c307f9b
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
(bsc#1222619).
- commit 3d3186c
- PCI/PM: Drain runtime-idle callbacks before driver removal
(git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
(git-fixes).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
(git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports
(git-fixes).
- Refresh
patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch.
- PCI: Drop pci_device_remove() test of pci_dev->driver
(git-fixes).
- commit 1625155
- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
bsc#1222585).
- commit aed9764
- net/sched: act_mirred: don't override retval if we already
lost the skb (CVE-2024-26733 bsc#1222585).
- commit 57213f3
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- commit aa158b4
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- commit 7ab1530
- Update
patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
(git-fixes CVE-2024-26736 bsc#1222586).
- commit 95b873b
- Update
patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26727 bsc#1222536).
- commit 9619dfe
- Update
patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch
(git-fixes CVE-2024-26697 bsc#1222550).
- commit a10bcda
- nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
(bsc#1222549 CVE-2024-26696).
- commit b7a4096
- Update
patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
(git-fixes CVE-2024-26722 bsc#1222520).
- commit 227851b
- ring-buffer: Make wake once of ring_buffer_wait() more robust
(git-fixes).
- commit 9369b70
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- commit 0c26abb
- ext4: fix double-free of blocks due to wrong extents moved_len
(bsc#1222422 CVE-2024-26704).
- commit 4e96ad3
- net: stmmac: xgmac: use #define for string constants
(bsc#1222445 CVE-2024-26684).
- net: stmmac: xgmac: fix a typo of register name in DPP safety
handling (bsc#1222445 CVE-2024-26684).
- commit d142965
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
(git-fixes CVE-2024-26681 bsc#1222431).
- commit 6e625f6
- References update
- commit e2989ce
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- commit 4edf006
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
channels (bsc#1222445 CVE-2024-26684).
- commit f5bac1a
- gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
(bsc#1222428 CVE-2024-26793).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1222427
CVE-2024-26680).
- commit 8477f57
- ring-buffer: Use wait_event_interruptible() in
ring_buffer_wait() (git-fixes).
- commit a852b18
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- commit a44bf56
- ring-buffer: Do not set shortest_full when full target is hit
(git-fixes).
- commit 4381c01
- tracing: Use .flush() call to wake up readers (git-fixes).
- commit d993c13
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- commit 966f555
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- commit 676cf24
- tracing: Remove precision vsnprintf() check from print event
(git-fixes).
- commit 6b7c133
- tracing: Have saved_cmdlines arrays all in one allocation
(git-fixes).
- commit 49f31e7
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- commit eb744cd
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264 CVE-2024-0841).
- commit fe3c052
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264 CVE-2024-0841).
- commit aa8204a
- nilfs2: fix potential bug in end_buffer_async_write (bsc#1222437
CVE-2024-26685).
- commit dafe6fe
- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
CVE-2023-52591).
- commit a849be1
- net: usb: ax88179_178a: avoid the interface always configured
as random address (git-fixes).
- commit c53377c
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- commit 629693d
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes).
- Drivers: hv: vmbus: Calculate ring buffer size for more
efficient use of memory (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER
missed (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and
netvsc_remove (git-fixes).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not
4 Kbytes (git-fixes).
- commit 82617ea
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- commit 22061fc
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- commit a61527a
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- commit b828266
- ata: sata_mv: Fix PCI device ID table declaration compilation
warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
(git-fixes).
- ASoC: amd: acp: fix for acp_init function error handling
(git-fixes).
- ASoC: rt711-sdw: fix locking sequence (git-fixes).
- ASoC: rt711-sdca: fix locking sequence (git-fixes).
- ASoC: rt5682-sdw: fix locking sequence (git-fixes).
- ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
(git-fixes).
- ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support
headset with microphone (git-fixes).
- drm/i915/gt: Do not generate the command streamer for all the
CCS (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- commit 56ef24f
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500).
- commit fc88013
- KVM: x86: Add BHI_NO (bsc#1217339 CVE-2024-2201).
- commit c0e1ffe
- Update
patches.suse/ALSA-sh-aica-reorder-cleanup-operations-to-avoid-UAF.patch
(git-fixes CVE-2024-26654 bsc#1222304).
- Update
patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
(git-fixes CVE-2024-26717 bsc#1222360).
- Update
patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
(bsc#1219443 CVE-2024-26670 bsc#1222356).
- Update
patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
(git-fixes CVE-2024-26695 bsc#1222373).
- Update
patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
(git-fixes CVE-2024-26667 bsc#1222331).
- Update
patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
(git-fixes CVE-2024-26664 bsc#1222355).
- Update patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch
(bsc#1218968 CVE-2024-26629 bsc#1221379).
- Update
patches.suse/pwm-Fix-out-of-bounds-access-in-of_pwm_single_xlate.patch
(git-fixes CVE-2024-26599 bsc#1220365).
- Update
patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch
(git-fixes bsc1220398 CVE-2024-26602 bsc#1220398).
- Update
patches.suse/scsi-core-Move-scsi_host_busy-out-of-host-lock-for-waking-up-EH-handler.patch
(git-fixes CVE-2024-26627 bsc#1221090).
- Update
patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
(git-fixes CVE-2024-26651 bsc#1221337).
- Update
patches.suse/tracing-Ensure-visibility-when-inserting-an-element-into-tracing_map.patch
(git-fixes CVE-2024-26645 bsc#1222056).
- Update
patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
(git-fixes CVE-2024-26659 bsc#1222317).
- commit bd16cf6
- Update
patches.suse/Bluetooth-hci_codec-Fix-leaking-content-of-local_cod.patch
(git-fixes CVE-2023-52518 bsc#1221056).
- Update
patches.suse/FS-JFS-UBSAN-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2023-52604 bsc#1221067).
- Update patches.suse/IB-ipoib-Fix-mcast-list-locking.patch
(git-fixes CVE-2023-52587 bsc#1221082).
- Update
patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
(git-fixes bsc#1220393 CVE-2023-52639 bsc#1222300).
- Update
patches.suse/PCI-switchtec-Fix-stdev_release-crash-after-surprise.patch
(git-fixes CVE-2023-52617 bsc#1221613).
- Update
patches.suse/SUNRPC-Fix-a-suspicious-RCU-usage-warning.patch
(git-fixes CVE-2023-52623 bsc#1222060).
- Update
patches.suse/UBSAN-array-index-out-of-bounds-in-dtSplitRoot.patch
(git-fixes CVE-2023-52603 bsc#1221066).
- Update
patches.suse/bus-mhi-host-Add-alignment-check-for-event-ring-read.patch
(git-fixes CVE-2023-52494 bsc#1221273).
- Update
patches.suse/bus-mhi-host-Drop-chan-lock-before-queuing-buffers.patch
(git-fixes CVE-2023-52493 bsc#1221274).
- Update
patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
(git-fixes CVE-2023-52637 bsc#1222291).
- Update
patches.suse/crypto-scomp-fix-req-dst-buffer-overflow.patch
(git-fixes CVE-2023-52612 bsc#1221616).
- Update
patches.suse/drm-Don-t-unref-the-same-fb-many-times-by-mistake-du.patch
(git-fixes CVE-2023-52486 bsc#1221277).
- Update
patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
(git-fixes CVE-2023-52632 bsc#1222274).
- Update
patches.suse/drm-meson-fix-memory-leak-on-hpd_notify-callback.patch
(git-fixes CVE-2023-52563 bsc#1220937).
- Update
patches.suse/hwrng-core-Fix-page-fault-dead-lock-on-mmap-ed-hwrng.patch
(git-fixes CVE-2023-52615 bsc#1221614).
- Update
patches.suse/iommu-arm-smmu-v3-Fix-soft-lockup-triggered-by-arm_smmu_mm_invalidate_range.patch
(bsc#1215921 CVE-2023-52484 bsc#1220797).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2023-52601 bsc#1221068).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diNewExt.patch
(git-fixes CVE-2023-52599 bsc#1221062).
- Update
patches.suse/jfs-fix-slab-out-of-bounds-Read-in-dtSearch.patch
(git-fixes CVE-2023-52602 bsc#1221070).
- Update patches.suse/jfs-fix-uaf-in-jfs_evict_inode.patch
(git-fixes CVE-2023-52600 bsc#1221071).
- Update
patches.suse/perf-x86-intel-uncore-Fix-NULL-pointer-dereference-issue-in-upi_fill_topology.patch
(bsc#1218958 CVE-2023-52450 bsc#1220237).
- Update
patches.suse/pstore-ram-Fix-crash-when-setting-number-of-cpus-to-.patch
(git-fixes CVE-2023-52619 bsc#1221618).
- Update
patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
(git-fixes CVE-2023-52500 bsc#1220883).
- Update
patches.suse/wifi-ath9k-Fix-potential-array-index-out-of-bounds-r.patch
(git-fixes CVE-2023-52594 bsc#1221045).
- Update
patches.suse/wifi-rt2x00-restart-beacon-queue-when-hardware-reset.patch
(git-fixes CVE-2023-52595 bsc#1221046).
- commit b1046c1
- Update
patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
(CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- commit fd3aabc
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- commit a7b445d
- mm,page_owner: Fix accounting of pages when migrating
(bsc#1222366).
- commit 37b3731
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- commit 4dc29b0
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- commit 21d467e
- selinux: saner handling of policy reloads (bsc#1222230 bsc#1221044
CVE-2023-52591).
- commit 66a189d
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- commit b2b2b31
- mm,page_owner: fix recursion (bsc#1222366).
- commit 4517a6d
- mm,page_owner: drop unnecessary check (bsc#1222366).
- commit 0c42427
- mm,page_owner: check for null stack_record before bumping its
refcount (bsc#1222366).
- commit 81f3531
- Update patches metadata
- commit f6df04d
- x86/bhi: Mitigate KVM by default (bsc#1217339 CVE-2024-2201).
- commit e8a52ff
- x86/bhi: Add BHI mitigation knob (bsc#1217339 CVE-2024-2201).
- Update config files.
- commit 66b3207
- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1217339 CVE-2024-2201).
- commit 797a250
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (bsc#1217339 CVE-2024-2201).
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- commit d9a50a1
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1217339 CVE-2024-2201).
- commit c5355fd
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
Extend existing functionality to allow adding extra feature words in
addition to extra bug words. This code is adjusted from SLE12-SP5 patch.
- commit 44177f4
- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1217339 CVE-2024-2201).
- commit 7297553
- x86/cpufeature: Add missing leaf enumeration (bsc#1217339 CVE-2024-2201).
- commit 72a3a61
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails
(git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in
intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
(stable-fixes).
- drm/amd/display: Return the correct HDCP error code
(stable-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
(stable-fixes).
- drm/exynos: do not return negative values from .get_modes()
(stable-fixes).
- drm/panel: do not return negative error codes from
drm_panel_get_modes() (stable-fixes).
- drm/probe-helper: warn about negative .get_modes()
(stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
(stable-fixes).
- ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
(stable-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting
(stable-fixes).
- drm/amd/display: handle range offsets in VRR ranges
(stable-fixes).
- commit 9310237
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- blacklist.conf: omit previous incomplete sockmap fix
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t
(git-fixes).
- commit 9a86a18
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- commit f738a42
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- commit 989b8c6
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642 bsc#1221830).
- commit 02a907f
- netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit 0b47032
- usb: typec: ucsi: Check for notifications after init
(git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
(git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds
(git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- USB: core: Fix deadlock in usb_deauthorize_interface()
(git-fixes).
- staging: vc04_services: fix information leak in
create_component() (git-fixes).
- commit 74f6b3e
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/qxl: remove unused variable from
`qxl_process_single_command()` (git-fixes).
- drm/qxl: remove unused `count` variable from
`qxl_surface_id_alloc()` (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if
needed (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- ACPICA: debugger: check status of acpi_evaluate_object()
in acpi_db_walk_for_fields() (git-fixes).
- commit 22f136e
- README.BRANCH: Remove copy of branch name
- commit 4834fba
- README.BRANCH: Remove copy of branch name
- commit 9b22290
- thermal: intel: hfi: Add syscore callbacks for system-wide PM
(CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Disable an HFI instance when all its CPUs
go offline (CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Enable an HFI instance from its first
online CPU (CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Refactor enabling code into helper
functions (CVE-2024-26646 bsc#1222070).
- commit 8d3563b
- ASoC: meson: t9015: fix function pointer type mismatch
(git-fixes).
- drm/tegra: hdmi: Fix some error handling paths in
tegra_hdmi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in
tegra_dsi_probe() (git-fixes).
- net/x25: fix incorrect parameter validation in the
x25_getsockopt() function (git-fixes).
- Bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion
msg (git-fixes).
- Input: gpio_keys_polled - suppress deferred probe error for gpio
(stable-fixes).
- firewire: core: use long bus reset on gap count error
(stable-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
(stable-fixes).
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(stable-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcddc device
(stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
(stable-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe()
(stable-fixes).
- commit 2335ed9
- ACPI: resource: Add Infinity laptops to
irq1_edge_low_force_override (stable-fixes).
- Refresh
patches.suse/ACPI-resource-Add-MAIBENBEN-X577-to-irq1_edge_low_fo.patch.
- commit a322c3a
- ASoC: meson: aiu: fix function pointer type mismatch
(git-fixes).
- ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
(stable-fixes).
- ACPI: resource: Do IRQ override on Lunnen Ground laptops
(stable-fixes).
- ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
(stable-fixes).
- ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono
mode (stable-fixes).
- ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
(stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi
Vi8 tablet (stable-fixes).
- ASoC: rt5645: Make LattePanda board DMI match more precise
(stable-fixes).
- ASoC: meson: Use dev_err_probe() helper (stable-fixes).
- commit 8f94a4d
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- ALSA: aoa: avoid false-positive format truncation warning
(git-fixes).
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
(git-fixes).
- wifi: iwlwifi: fw: don't always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks
(git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function
(git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
(git-fixes).
- ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
(stable-fixes).
- commit a43d7a1
- ipv6: init the accept_queue's spinlocks in inet6_create
(bsc#1221293 CVE-2024-26614).
- commit 0ab8c0f
- net/bnx2x: Prevent access to a freed page in page_pool
(bsc#1215322).
- commit 6d39ac9
- tcp: make sure init the accept_queue's spinlocks once
(bsc#1221293 CVE-2024-26614).
- commit 943f002
- powerpc/boot: Disable power10 features after BOOTAFLAGS
assignment (bsc#1194869).
- commit 17f8de7
- powerpc/boot: Fix boot wrapper code generation with
CONFIG_POWER10_CPU (bsc#1194869).
- commit 9b67460
- powerpc/lib: Validate size for vector operations (bsc#1194869 CVE-2023-52606 bsc#1221069).
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
(CVE-2023-52607 bsc#1221061).
- powerpc: add compile-time support for lbarx, lharx
(bsc#1194869).
- Update config files.
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- Update config files.
- powerpc/sstep: Use bitwise instead of arithmetic operator for
flags (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__
(bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding
(bsc#1194869).
- powerpc/lib/sstep: Don't use __{get/put}_user() on kernel
addresses (bsc#1194869).
- commit b17389a
- RDMA/mlx5: Relax DEVX access upon modify commands (git-fixes)
- commit 9423a91
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (git-fixes)
- commit 16e4eca
- Revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
This reverts commit 81476d7e609a6d383f3d404542eebc93cebd0a4d.
This fixes bsc#1221814
- commit bc3a73c
- Update
patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch
(git-fixes CVE-2023-52519 bsc#1220920).
- Update
patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch
(git-fixes CVE-2023-52529 bsc#1220929).
- Update
patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
(git-fixes CVE-2023-52474 bsc#1220445).
- Update
patches.suse/RDMA-siw-Fix-connection-failure-handling.patch
(git-fixes CVE-2023-52513 bsc#1221022).
- Update
patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch
(git-fixes CVE-2023-52515 bsc#1221048).
- Update
patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch
(git-fixes CVE-2023-52564 bsc#1220938).
- Update
patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch
(bsc#1220251 CVE-2023-52447 CVE-2023-52621 bsc#1222073).
- Update
patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch
(git-fixes CVE-2023-52510 bsc#1220898).
- Update
patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch
(git-fixes CVE-2023-52524 bsc#1220927).
- Update
patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch
(git-fixes CVE-2023-52528 bsc#1220843).
- Update
patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch
(git-fixes CVE-2023-52507 bsc#1220833).
- Update
patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch
(git-fixes CVE-2023-52566 bsc#1220940).
- Update
patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
(bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch
(git-fixes CVE-2023-52520 bsc#1220921).
- Update
patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
(bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch
(git-fixes CVE-2023-52501 bsc#1220885).
- Update
patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch
(git-fixes CVE-2023-52567 bsc#1220839).
- Update
patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch
(git-fixes CVE-2023-52517 bsc#1221055).
- Update
patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch
(git-fixes CVE-2023-52511 bsc#1221012).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(git-fixes CVE-2023-52525 bsc#1220840).
- Update
patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch
(git-fixes CVE-2023-52504 bsc#1221553).
- Update
patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
(git-fixes CVE-2023-52575 bsc#1220871).
- commit 5f353b0
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- Update
patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch
(git-fixes CVE-2022-48629 bsc#1220989).
- Update
patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch
(git-fixes CVE-2022-48630 bsc#1220990).
- commit f8cf886
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-harden-detection-of-controll.patch
(git-fixes CVE-2021-46926 bsc#1220478).
- Update
patches.suse/ALSA-rawmidi-fix-the-uninitalized-user_pversion.patch
(git-fixes CVE-2021-47096 bsc#1220981).
- Update
patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
(git-fixes CVE-2021-47104 bsc#1220960).
- Update
patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
(git-fixes CVE-2021-47097 bsc#1220982).
- Update
patches.suse/KVM-x86-mmu-Don-t-advance-iterator-after-restart-due.patch
(git-fixes CVE-2021-47094 bsc#1221551).
- Update patches.suse/NFSD-Fix-READDIR-buffer-overflow.patch
(git-fixes bsc#1196346 CVE-2021-47107 bsc#1220965).
- Update
patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
(git-fixes CVE-2021-47101 bsc#1220987).
- Update
patches.suse/drm-mediatek-hdmi-Perform-NULL-pointer-check-for-mtk.patch
(git-fixes CVE-2021-47108 bsc#1220986).
- Update
patches.suse/hwmon-lm90-Prevent-integer-overflow-underflow-in-hys.patch
(git-fixes CVE-2021-47098 bsc#1220983).
- Update
patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
(git-fixes CVE-2021-47100 bsc#1220985).
- Update
patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
(bsc#1193490 CVE-2021-47095 bsc#1220979).
- Update
patches.suse/mac80211-fix-locking-in-ieee80211_start_ap-error-pat.patch
(git-fixes CVE-2021-47091 bsc#1220959).
- Update
patches.suse/net-fix-use-after-free-in-tw_timer_handler.patch
(bsc#1217195 CVE-2021-46936 bsc#1220439).
- Update
patches.suse/net-marvell-prestera-fix-incorrect-structure-access.patch
(git-fixes CVE-2021-47102 bsc#1221009).
- Update
patches.suse/net-smc-fix-kernel-panic-caused-by-race-of-smc_sock
(git-fixes CVE-2021-46925 bsc#1220466).
- Update
patches.suse/nitro_enclaves-Use-get_user_pages_unlocked-call-to-handle-mmap-assert.patch
(git fixes (mm/gup) CVE-2021-46927 bsc#1220443).
- Update
patches.suse/platform-x86-intel_pmc_core-fix-memleak-on-registrat.patch
(git-fixes CVE-2021-47093 bsc#1220978).
- Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch
(CVE-2022-20154 bsc#1200599 CVE-2021-46929 bsc#1220482).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
(jsc#SLE-21844 CVE-2021-47087 bsc#1220954).
- Update
patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
(bsc#1209635 CVE-2022-4744 git-fixes CVE-2021-47082
bsc#1220969).
- Update
patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
(git-fixes CVE-2021-46933 bsc#1220487).
- Update patches.suse/usb-mtu3-fix-list_head-check-warning.patch
(git-fixes CVE-2021-46930 bsc#1220484).
- Update
patches.suse/veth-ensure-skb-entering-GRO-are-not-cloned.patch
(git-fixes CVE-2021-47099 bsc#1220955).
- commit b15f74e
- RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619).
- commit 9ec75fa
- RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619).
- commit ed7d255
- RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- commit 945ab74
- selftests/bpf: add generic BPF program tester-loader
(bsc#1222033).
- Refresh patches.suse/selftests-bpf-convenience-macro-for-use-with-asm-vol.patch
- commit fac2b7e
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - resolve race condition during AER recovery
(git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - fix unregistration of compression algorithms
(git-fixes).
- crypto: qat - fix unregistration of crypto algorithms
(git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- commit 57086a4
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- commit b45a9b9
- PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
(git-fixes).
- PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address
(git-fixes).
- commit 71917a0
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit 30c5680
- s390/vtime: fix average steal time calculation (git-fixes
bsc#1221951).
- commit dcc65eb
- s390/ptrace: handle setting of fpc register correctly
(CVE-2023-52598 bsc#1221060 git-fixes).
- commit 997994b
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
CVE-2023-7042).
- commit 1784f9f
- ubi: Check for too small LEB size in VTBL code (bsc#1219834
CVE-2024-25739).
- commit ad7e175
- PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
(git-fixes).
- commit 617f4f7
- PCI: rockchip: Fix window mapping and address translation for
endpoint (git-fixes).
- Refresh
patches.suse/PCI-rockchip-Use-u32-variable-to-access-32-bit-regis.patch.
- commit ebc378b
- PCI: qcom: Enable BDF to SID translation properly (git-fixes).
- PCI: mediatek-gen3: Fix translation window size calculation
(git-fixes).
- PCI: mediatek: Clear interrupt status before dispatching handler
(git-fixes).
- PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment
support (git-fixes).
- PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
(git-fixes).
- Revert "PCI: tegra194: Enable support for 256 Byte payload"
(git-fixes).
- PCI: fu740: Set the number of MSI vectors (git-fixes).
- PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: Make link retraining use RMW accessors for changing LNKCTL
(git-fixes).
- PCI: Add locking to RMW PCI Express Capability Register
accessors (git-fixes).
- kABI: PCI: Add locking to RMW PCI Express Capability Register
accessors (kabi).
- PCI: qcom: Use DWC helpers for modifying the read-only DBI
registers (git-fixes).
- commit 150da46
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- commit 5cc3ff1
- wifi: ath11k: decrease MHI channel buffer length to 8KB
(bsc#1207948).
- commit ccda276
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- commit c4e0d12
- nvme: fix reconnection fail due to reserved tag allocation
(git-fixes).
- commit 08c50ef
- bpf, scripts: Correct GPL license name (git-fixes).
- commit b7a1062
- Refresh
patches.suse/nfsd4-add-refcount-for-nfsd4_blocked_lock.patch.
Add another commit id
- commit 6697f38
- NFSv4.2: fix wrong shrinker_id (git-fixes).
- commit 5ba59c3
- Add cherry-picked id of amdgpu patch (git-fixes)
- commit 3498702
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
(git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- nouveau: reset the bo resource bus info after an eviction
(git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it
(git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock
(git-fixes).
- kconfig: fix infinite loop when expanding a macro at the end
of file (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx()
API (git-fixes).
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- serial: 8250_exar: Don't remove GPIO device on suspend
(git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
(git-fixes).
- serial: max310x: fix syntax error in IRQ error message
(git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to
net2272_probe_fin (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma
(git-fixes).
- usb: audio-v2: Correct comments for struct
uac_clock_selector_descriptor (git-fixes).
- commit d110a91
- Add cherry-picked id to amdgpu patch
- commit 2d7799f
- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 02ed75a
- ubifs: Queue up space reservation tasks if retrying many times
(git-fixes).
- commit 061dcaa
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed
(git-fixes).
- commit 493a02c
- ubifs: Remove unreachable code in dbg_check_ltab_lnum
(git-fixes).
- commit 2771652
- ubifs: fix sort function prototype (git-fixes).
- commit 6125609
- Update patches.suse/dmaengine-fix-NULL-pointer-in-channel-unregistration.patch (git-fixes bsc#1221276 CVE-2023-52492)
- commit 7007f7d
- ubifs: Set page uptodate in the correct place (git-fixes).
- commit 219703b
- iommu/vt-d: Allow to use flush-queue when first level is
default (git-fixes).
- commit 1821f9c
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- commit 23b5322
- iommu/vt-d: Set No Execute Enable bit in PASID table entry
(git-fixes).
- commit 3ba9d71
- iommu/mediatek-v1: Fix an error handling path in
mtk_iommu_v1_probe() (git-fixes).
- commit 3b5ce5d
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(bsc#1219170 CVE-2024-22099).
- commit ece27a6
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Change debug message during driver unload
(bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored
(bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- commit ac0c897
- scsi: lpfc: Copyright updates for 14.4.0.1 patches
(bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3
ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr
(bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr
(bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state
(bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in
lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
(bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling
(bsc#1221777 bsc#1217959).
- scsi: lpfc: Move NPIV's transport unregistration to after
resource clean up (bsc#1221777).
- scsi: lpfc: Remove unnecessary log message in queuecommand path
(bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
(bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- commit 173a64c
- firmware: arm_scmi: Check mailbox/SMT channel for consistency (bsc#1221375 CVE-2023-52608)
- commit f829935
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- commit dfc50d6
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- commit c06fc74
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- commit b983475
- NFS: Fix an off by one in root_nfs_cat() (git-fixes).
- NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
(git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
(git-fixes).
- NFSD: Retransmit callbacks after client reconnects (git-fixes).
- NFSD: Reschedule CB operations when backchannel rpc_clnt is
shut down (git-fixes).
- NFSD: Convert the callback workqueue to use delayed_work
(git-fixes).
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- NFSD: fix LISTXATTRS returning more bytes than maxcount
(git-fixes).
- NFSD: fix LISTXATTRS returning a short list with eof=TRUE
(git-fixes).
- NFSD: change LISTXATTRS cookie encoding to big-endian
(git-fixes).
- NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes).
- SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes).
- SUNRPC: fix a memleak in gss_import_v2_context (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- commit 90396a4
- clk: zynq: Prevent null pointer dereference caused by kmalloc
failure (git-fixes).
- commit 6c59283
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
(git-fixes).
- commit c2aa41d
- iommu/dma: Trace bounce buffer usage when mapping buffers
(git-fixes).
- commit e3645be
- media: staging: ipu3-imgu: Set fields before
media_entity_pads_init() (git-fixes).
- commit 5978536
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- commit 936859f
- Drop temporarily amdgpu patch (to be reapplied later)
- commit 809ae8f
- RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- commit 373361b
- RDMA/device: Fix a race between mad_client and cm_client init (git-fixes)
- commit 5b52744
- RDMA/hns: Fix mis-modifying default congestion control algorithm (git-fixes)
- commit 95141c0
- RDMA/srpt: Do not register event handler until srpt device is fully setup (git-fixes)
- commit 5d33595
- RDMA/irdma: Remove duplicate assignment (git-fixes)
- commit 9841c04
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled
(git-fixes).
- commit dc89308
- drm/amd/display: Fix possible underflow for displays with
large vblank (git-fixes).
- drm/amd/display: Revert vblank change that causes null pointer
crash (git-fixes).
- commit 7e422d7
- Revert "Revert "drm/amdgpu/display: change pipe policy for
DCN 2.0"" (git-fixes).
- drm/amd/display: perform a bounds check before filling dirty
rectangles (git-fixes).
- commit 7922bac
- Refresh patches.suse/drm-amd-display-always-switch-off-ODM-before-committ.patch
Add cherry-pickd id
- commit feac6cf
- Refresh patches.suse/drm-amd-display-Write-to-correct-dirty_rect.patch
Add cherry-picked id
- commit d1b610a
- drm/amd/display: For prefetch mode > 0, extend prefetch if
possible (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again
(git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or
KCSAN in dml (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314
(git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8
(git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy
p-state (git-fixes).
- drm/amdgpu: Force order between a read and write to the same
address (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK
(git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting
enabled (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
(git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above
(git-fixes).
- drm/amd/display: fix a NULL pointer dereference in
amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set
(git-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to
panel-simple (git-fixes).
- Revert "drm/amd: Disable S/G for APUs when 64GB or more host
memory" (git-fixes).
- drm/amd/display: always switch off ODM before committing more
streams (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for
DCN31 (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
(git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc
(git-fixes).
- commit e9791f4
- Refresh patches.suse/drm-amdgpu-vcn-Disable-indirect-SRAM-on-Vangogh-brok.patch (git-fixes)
Alt-commit
- commit 633cb3b
- Refresh patches.suse/1398-drm-i915-pass-a-pointer-for-tlb-seqno-at-vma_invalid.patch (git-fixes)
Alt-commit
- commit 4cec8c9
- Refresh patches.suse/1866-drm-i915-ttm-fix-32b-build.patch (git-fixes)
Alt-commit
- commit a1a2486
- drm/amd/display: ensure async flips are only accepted for fast
updates (git-fixes).
- drm/exynos: fix a possible null-pointer dereference due to
data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
(git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing
(git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings
(git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets
(git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to
access PHY (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family
(git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous
GFX Curr Clock (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
(git-fixes).
- drm/ttm: Don't leak a resource on eviction error (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT
(git-fixes).
- Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON"
(git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on
Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on
Rembrandt (git-fixes).
- drm/amd/display: Update correct DCN314 register header
(git-fixes).
- drm/amd/display: Fix possible underflow for displays with
large vblank (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards
(git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround
(git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it
(git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
(git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe
(git-fixes).
- Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"
(git-fixes).
- Revert "drm/amdgpu/display: change pipe policy for DCN 2.1"
(git-fixes).
- commit 5e1df8b
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/ttm: Don't print error message if eviction was interrupted
(git-fixes).
- Revert "drm/vc4: hdmi: Enforce the minimum rate at
runtime_resume" (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: clean code-style issues in
dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off
(git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate
modes on dcn315 (git-fixes).
- drm/amd/display: use low clocks for no plane configs
(git-fixes).
- drm/amd/display: Use min transition for all SubVP plane
add/remove (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP
(git-fixes).
- drm/amd/display: Update OTG instance in the commit stream
(git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Add function for validate and update new stream
(git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams
(git-fixes).
- drm/amd/display: Copy DC context in the commit streams
(git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x
(git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10
(SW5-017) (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
(git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
(git-fixes).
- commit 17a985c
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
(git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro
(git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit
(git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free()
(git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang
(git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: go7007: add check of return value of go7007_read_addr()
(git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
(git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
(git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: em28xx: annotate unchecked call to
media_device_register() (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
(git-fixes).
- media: staging: ipu3-imgu: Set fields before
media_entity_pads_init() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop
(git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning
(git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests
(git-fixes).
- commit 6d10a8f
- xhci: handle isoc Babble and Buffer Overrun events properly
(git-fixes).
- commit b33a274
- xhci: process isoc TD properly when there was a transaction
error mid TD (git-fixes).
- commit ef9dcf9
- Refresh patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch (git-fixes)
Alt-commit
- commit 51173ed
- Refresh patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch (git-fixes)
Alt-commit
- commit 9a337ae
- Refresh patches.suse/drm-amdgpu-display-Initialize-gamma-correction-mode-.patch (git-fixes)
Alt-commit
- commit ae35079
- Refresh patches.suse/drm-amd-display-Fix-possible-NULL-dereference-on-dev.patch (git-fixes)
Alt-commit
- commit 968007a
- Refresh patches.suse/Revert-drm-amd-display-increased-min_dcfclk_mhz-and-.patch (git-fixes)
Alt-commit
- commit 29d289f
- Refresh patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch (git-fixes)
Alt-commit
- commit 6c8d470
- Refresh patches.suse/drm-amd-display-Fix-possible-buffer-overflow-in-find.patch (git-fixes)
Alt-commit
- commit d66904a
- Refresh patches.suse/drm-amdgpu-Fix-missing-error-code-in-gmc_v6-7-8-9_0_.patch (git-fixes)
Alt-commit
- commit 17a587a
- Refresh patches.suse/drm-bridge-sii902x-Fix-probing-race-issue.patch (git-fixes)
Alt-commit
- commit 0c6bf24
- Refresh patches.suse/drm-i915-dp-Fix-passing-the-correct-DPCD_REV-for-drm.patch (git-fixes)
Alt-commit
- commit eeb30fc
- Refresh patches.suse/drm-amd-Disable-ASPM-for-VI-w-all-Intel-systems.patch (git-fixes)
Alt-commit
- commit 2b0efc6
- Refresh patches.suse/drm-amd-Fix-detection-of-_PR3-on-the-PCIe-root-port.patch (git-fixes)
Alt-commit
- commit 0458ace
- Refresh patches.suse/drm-amd-display-fix-the-white-screen-issue-when-64GB.patch (git-fixes)
Alt-commit
- commit 46ed395
- Refresh patches.suse/drm-amd-display-prevent-potential-division-by-zero-e.patch (git-fixes)
Alt-commit
- commit b7ab8de
- Refresh patches.suse/drm-amd-display-enable-cursor-degamma-for-DCN3-DRM-l.patch (git-fixes)
Alt-commit
- commit 885580e
- Refresh patches.suse/drm-amd-display-Remove-wait-while-locked.patch (git-fixes)
Alt-commit
- commit 43c45c5
- Refresh patches.suse/drm-amd-display-Add-smu-write-msg-id-fail-retry-proc.patch (git-fixes)
Alt-commit
- commit b800d81
- Refresh patches.suse/drm-amd-display-register-edp_backlight_control-for-D.patch (git-fixes)
Alt-commit
- commit 164cdf4
- Refresh patches.suse/drm-amdgpu-fix-Null-pointer-dereference-error-in-amd.patch (git-fixes)
Alt-commit
- commit c814bba
- Refresh patches.suse/drm-amdgpu-gfx10-Disable-gfxoff-before-disabling-pow.patch (git-fixes)
Alt-commit
- commit e937913
- Refresh patches.suse/drm-amd-pm-parse-pp_handle-under-appropriate-conditi.patch (git-fixes)
Alt-commit
- commit f5d987c
- Refresh patches.suse/drm-amd-display-fix-access-hdcp_workqueue-assert.patch (git-fixes)
Alt-commit
- commit 0906f4d
- Refresh patches.suse/drm-amdgpu-nv-Apply-ASPM-quirk-on-Intel-ADL-AMD-Navi.patch (git-fixes)
Alt-commit
- commit c25da25
- Refresh patches.suse/drm-amdgpu-Correct-the-power-calcultion-for-Renior-C.patch (git-fixes)
Alt-commit
- commit bb8f92f
- Refresh patches.suse/0549-drm-amdgpu-enable-Vangogh-VCN-indirect-sram-mode.patch (git-fixes)
Alt-commit
- commit aa42634
- Refresh patches.suse/drm-i915-Never-return-0-if-not-all-requests-retired.patch (git-fixes)
Alt-commit
- commit bf8aa0c
- Refresh patches.suse/drm-i915-Fix-negative-value-passed-as-remaining-time.patch (git-fixes)
Alt-commit
- commit 33c3117
- Refresh patches.suse/drm-display-dp_mst-Fix-drm_dp_mst_add_affected_dsc_c.patch (git-fixes)
Alt-commit
- commit 5f0e59c
- Refresh patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch (git-fixes)
Alt-commit
- commit ae7a01a
- Refresh patches.suse/drm-amdgpu-dm-dp_mst-Don-t-grab-mst_mgr-lock-when-co.patch (git-fixes)
Alt-commit
- commit a480119
- Refresh patches.suse/drm-amdgpu-dm-mst-Use-the-correct-topology-mgr-point.patch (git-fixes)
Alt-commit
- commit cfd3d6f
- Refresh patches.suse/1625-drm-i915-vdsc-Set-VDSC-PIC_HEIGHT-before-using-for-D.patch (git-fixes)
Alt-commit
- commit 0691a9b
- Refresh patches.suse/1585-drm-i915-slpc-Let-s-fix-the-PCODE-min-freq-table-set.patch (git-fixes)
Alt-commit
- commit b19cad4
- Refresh patches.suse/1536-drm-i915-guc-clear-stalled-request-after-a-reset.patch (git-fixes)
Alt-commit
- commit fb1fad7
- Refresh patches.suse/1396-drm-i915-gt-Batch-TLB-invalidations.patch (git-fixes)
Alt-commit
- commit 1d66c31
- Refresh patches.suse/1394-drm-i915-gt-Invalidate-TLB-of-the-OA-unit-at-TLB-inv.patch (git-fixes)
Alt-commit
- commit 5c89722
- Refresh patches.suse/1393-drm-i915-gt-Ignore-TLB-invalidations-on-idle-engines.patch (git-fixes)
Alt-commit
- commit 43ab4df
- Refresh patches.suse/1536-drm-i915-guc-clear-stalled-request-after-a-reset.patch (git-fixes)
Alt-commit
- commit 9329ad7
- Refresh patches.suse/1859-drm-i915-selftests-fix-subtraction-overflow-bug.patch (git-fixes)
Alt-commit
- commit 3943b71
- Refresh patches.suse/1855-drm-i915-ttm-fix-sg_table-construction.patch (git-fixes)
Alt-commit
- commit d989f7a
- Refresh patches.suse/1644-i915-guc-reset-Make-__guc_reset_context-aware-of-gui.patch (git-fixes)
Alt-commit
- commit 4511955
- Refresh patches.suse/1639-drm-amd-Don-t-reset-dGPUs-if-the-system-is-going-to-.patch (git-fixes)
Alt-commit
- commit 69ca555
- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
CVE-2023-52476).
- commit c52b506
- fs: introduce lock_rename_child() helper (bsc#1221044
CVE-2023-52591).
Refresh patches.suse/fs-Establish-locking-order-for-unrelated-directories.patch
- commit 86376e0
- rename(): avoid a deadlock in the case of parents having no
common ancestor (bsc#1221044 CVE-2023-52591).
- commit 16e3098
- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit 8b8deef
- rename(): fix the locking of subdirectories (bsc#1221044
CVE-2023-52591).
- commit 146d81f
- f2fs: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 5344280
- ext4: don't access the source subdirectory content on
same-directory rename (bsc#1221044 CVE-2023-52591).
- commit b2b6374
- ext2: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 2edcc11
- udf_rename(): only access the child content on cross-directory
rename (bsc#1221044 CVE-2023-52591).
- commit 0257614
- ocfs2: Avoid touching renamed directory if parent does not
change (bsc#1221044 CVE-2023-52591).
- commit e786f3a
- reiserfs: Avoid touching renamed directory if parent does not
change (git-fixes bsc#1221044 CVE-2023-52591).
Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit 523ddca
- fs: don't assume arguments are non-NULL (bsc#1221044
CVE-2023-52591).
- commit 2177893
- fs: Restrict lock_two_nondirectories() to non-directory inodes
(bsc#1221044 CVE-2023-52591).
- commit a59a7cb
- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 8c6576f
- s390/pai: fix attr_event_free upper limit for pai device drivers
(git-fixes bsc#1221633).
- commit dcd390e
- KVM: s390: only deliver the set service event bits (git-fixes
bsc#1221631).
- commit 6e3593c
- Update
patches.suse/s390-vfio-ap-always-filter-entire-AP-matrix.patch
(git-fixes bsc#1219012 CVE-2024-26620 bsc#1221298).
- commit 4fb9779
- iommu/vt-d: Don't issue ATS Invalidation request when device
is disconnected (git-fixes).
- commit 4c37f6f
- net/sched: Add module alias for sch_fq_pie (bsc#1210335 CVE-2023-1829).
- commit a69d933
- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
(bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
(bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- commit 961c535
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and
direct mappings (git-fixes).
- ALSA: usb-audio: Stop parsing channels bits when all channels
are found (git-fixes).
- ALSA: aaci: Delete unused variable in aaci_do_suspend
(git-fixes).
- ASoC: meson: axg-tdm-interface: add frame rate constraint
(git-fixes).
- ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
(git-fixes).
- ASoC: amd: acp: Add missing error handling in sof-mach
(git-fixes).
- ALSA: seq: fix function cast warnings (git-fixes).
- ALSA: aw2: avoid casting function pointers (git-fixes).
- ALSA: ctxfi: avoid casting function pointers (git-fixes).
- PCI: dwc: endpoint: Fix advertised resizable BAR size
(git-fixes).
- PCI: switchtec: Fix an error handling path in
switchtec_pci_probe() (git-fixes).
- PCI/P2PDMA: Fix a sleeping issue in a RCU read section
(git-fixes).
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
(git-fixes).
- PCI/DPC: Print all TLP Prefixes, not just the first (git-fixes).
- PCI/AER: Fix rootport attribute paths in ABI docs (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check
(git-fixes).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: lm3630a: Don't set bl->props.brightness in
get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init
(git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when
of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle()
takes a ref (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for
MT8192 (git-fixes).
- HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
(git-fixes).
- HID: amd_sfh: Update HPD sensor structure elements (git-fixes).
- commit d46946b
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (bsc#1213456 CVE-2023-28746).
This is an optimisation patch which got added late so there's no hurry
to merge it.
- commit 69db574
- Properly sort already upstream patches
- Refresh
patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
patches.suse/x86-entry-ia32-Ensure-s32-is-sign-extended-to-s64.patch.
- Refresh
patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit fe7e19d
- iommu/amd: Mark interrupt as managed (git-fixes).
- commit 7365cc3
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- commit e4605be
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- commit f4fdf95
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- commit a51708e
- arm64: mm: fix VA-range sanity check (git-fixes)
- commit dd606ae
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- commit 4c81404
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- commit 59dc2f8
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- commit b5996a2
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- commit 499e8df
- Update patches.kabi/kabi-fix-zone-unaccepted-memory.patch
(jsc#PED-7167 bsc#1218643 bsc#1221338 bsc#1220114).
- commit 727559f
- Make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- commit d2f65b3
- drm/msm/dpu: add division of drm_display_mode's hskew parameter
(git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of
atom_get_src_int() (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
enabled (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
(git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/mediatek: Fix a null pointer crash in
mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
(git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create
(git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in
ni_init_microcode() (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in
'dp_dsc_clock_en_read()' (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode()
(git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid
contexts (git-fixes).
- media: tc358743: register v4l2 async device only after
successful setup (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- PM: suspend: Set mem_sleep_current during kernel command line
setup (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region()
call in the .remove function (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done()
(git-fixes).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data
(git-fixes).
- commit 7758a76
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing
defer (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error
handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling
paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in
tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error
handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in
tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node
(git-fixes).
- ACPI: processor_idle: Fix memory leak in
acpi_processor_power_exit() (git-fixes).
- ACPI: resource: Add MAIBENBEN X577 to
irq1_edge_low_force_override (git-fixes).
- ACPI: scan: Fix device check notification handling (git-fixes).
- ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
(git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's
return value (git-fixes).
- cpufreq: amd-pstate: Fix min_perf assignment in
amd_pstate_adjust_perf() (git-fixes).
- commit 1cf1fe2
- RAS: Export helper to get ras_debugfs_dir (jsc#PED-7619).
- commit 2d174a0
- powerpc/pseries: Fix potential memleak in papr_get_attr()
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- commit 3aea930
- RAS/AMD/FMPM: Fix off by one when unwinding on error (jsc#PED-7619).
- commit b104443
- RAS/AMD/FMPM: Add debugfs interface to print record entries (jsc#PED-7619).
- commit 0fb8312
- RAS/AMD/FMPM: Save SPA values (jsc#PED-7619).
- commit 749cc57
- Sort the AMD edac patches
- Refresh
patches.suse/Documentation-RAS-Add-index-and-address-translation-sectio.patch.
- Refresh
patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Add-MI300-DRAM-to-normalized-address-translati.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Add-MI300-row-retirement-support.patch.
- Refresh patches.suse/RAS-AMD-ATL-Add-MI300-support.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Fix-array-overflow-in-get_logical_coh_st_fabri.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Fix-bit-overflow-in-denorm_addr_df4_np2.patch.
- Refresh
patches.suse/RAS-Introduce-AMD-Address-Translation-Library.patch.
- Refresh
patches.suse/RAS-Introduce-a-FRU-memory-poison-manager.patch.
- commit 9e22745
- net: phy: fix phy_get_internal_delay accessing an empty array
(git-fixes).
- Bluetooth: Remove superfluous call to hci_conn_check_pending()
(git-fixes).
- Bluetooth: mgmt: Remove leftover queuing of power_off work
(git-fixes).
- Bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
(git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init
is complete (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning
up all interfaces (git-fixes).
- wifi: iwlwifi: mvm: don't set replay counters to 0xff
(git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
(git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices
(git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures
(git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data
header (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir() (git-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif
(git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
(git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled
(git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is
disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is
disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros
(git-fixes).
- commit 15851fa
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- commit 407c3c5
- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
Add git-commit info
- commit bc859f9
- pNFS: Fix the pnfs block driver's calculation of layoutget size
(git-fixes).
- NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
(git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node
(git-fixes).
- SUNRPC: Fix a suspicious RCU usage warning (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
(git-fixes).
- NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- SUNRPC: Add an IS_ERR() check back to where it was (git-fixes).
- SUNRPC: ECONNRESET might require a rebind (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same
fs (git-fixes).
- pNFS/flexfiles: Check the layout validity in
ff_layout_mirror_prepare_stats (git-fixes).
- pNFS: Fix a hang in nfs4_evict_inode() (git-fixes).
- Revert "SUNRPC dont update timeout value on connection reset"
(git-fixes).
- NFSv4: Fix a state manager thread deadlock regression
(git-fixes).
- NFSv4: Fix a nfs4_state_manager() race (git-fixes).
- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- NFS: rename nfs_client_kset to nfs_kset (git-fixes).
- commit dc5b918
- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
Fix for kABI workaround.
- commit 6ba2f5d
- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
CVE-2023-52583).
- commit 1a81018
- sched/rt: Disallow writing invalid values to sched_rt_period_us
(bsc#1220176).
- commit ee86051
- Update
patches.suse/netfs-fscache-Prevent-Oops-in-fscache_put_cache.patch
(bsc#1220003 bsc#1221291 CVE-2024-26612).
- commit 0607d13
- netfs: Only call folio_start_fscache() one time for each folio
(CVE-2023-52582 bsc#1220878).
- commit dfd082b
- netfs: Only call folio_start_fscache() one time for each folio
(CVE-2023-52582 bsc#1220878).
- commit b301f9c
- Refresh
patches.suse/mm-ima-kexec-of-use-memblock_free_late-from-ima_free.patch.
Fix:
* Section mismatch (function ima_free_kexec_buffer()) in modpost: vmlinux.o in ima_free_kexec_buffer()
WARNING: modpost: vmlinux.o(.text+0xac1250): Section mismatch in reference from the function ima_free_kexec_buffer() to the function .init.text:__memblock_free_late()
- commit 5522f01
- scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252).
- commit 1d550ca
- sched/rt: sysctl_sched_rr_timeslice show default timeslice
after reset (bsc#1220176).
- commit 4ac46cd
- powerpc/pseries/iommu: IOMMU table is not initialized for
kdump over SR-IOV (bsc#1220492 ltc#205270).
- commit 27b28f5
- Update
patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
(bsc#1220790 CVE-2023-52477).
- commit d33bab7
- nvmet-fc: take ref count on tgtport before delete assoc
(git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- commit 4d1e993
- raid1: fix use-after-free for original bio in
raid1_write_request() (bsc#1221097).
- md: fix data corruption for raid456 when reshape restart while
grow up (git-fixes).
- commit 35ee14b
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe()
(git-fixes).
- i2c: i801: Avoid potential double call to
gpiod_remove_lookup_table (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion
(git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS
is enabled (git-fixes).
- vt: fix unicode buffer corruption when deleting characters
(git-fixes).
- usb: port: Don't try to peer unused USB ports based on location
(git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets
(git-fixes).
- USB: usb-storage: Prevent divide-by-0 error in
isd200_ata_command (git-fixes).
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
(git-fixes).
- ASoC: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- ASoC: madera: Fix typo in madera_set_fll_clks shift value
(git-fixes).
- ALSA: hda/realtek - Fix headset Mic no show at resume back
for Lenovo ALC897 platform (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ
(git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- commit 5e91dbb
- s390/vfio-ap: wire in the vfio_device_ops request callback
(bsc#1205316).
- commit dc0bc15
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl
(bsc#1205316).
- commit 17d9de4
- Fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices" (bsc#1220775)
Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- Refresh patches.suse/coresight-etm4x-Change-etm4_platform_driver-driver-for-MMIO-devices.patch.
- Refresh patches.suse/coresight-etm4x-Ensure-valid-drvdata-and-clock-before-clk_put.patch.
- commit 8983adc
- raid1: fix use-after-free for original bio in
raid1_write_request() (bsc#1221097).
- commit 5154c94
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl
(bsc#1205316).
- commit dbbf2ae
- ALSA: hda/realtek: fix mute/micmute LED For HP mt440
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
(git-fixes).
- commit d4f6f9f
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit 9d7d799
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit f4f0cf4
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- commit 4473cfd
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- Refresh patches.suse/coresight-etm4x-Change-etm4_platform_driver-driver-for-MMIO-devices.patch.
- Refresh patches.suse/coresight-etm4x-Ensure-valid-drvdata-and-clock-before-clk_put.patch.
- commit ef5cdf7
- IB/ipoib: Fix mcast list locking (git-fixes)
- commit 8d1c71a
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (git-fixes)
- commit c54bb31
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- commit fba33fc
- group-source-files.pl: Quote filenames (boo#1221077).
The kernel source now contains a file with a space in the name.
Add quotes in group-source-files.pl to avoid splitting the filename.
Also use -print0 / -0 when updating timestamps.
- commit a005e42
- mm,ima,kexec,of: use memblock_free_late from
ima_free_kexec_buffer (bsc#1220872 CVE-2023-52576).
- commit b1b1c9a
- PCI/MSI: Prevent MSI hardware interrupt number truncation (bsc#1218777)
- commit 5410859
- Update patches.suse/phy-ti-phy-omap-usb2-Fix-NULL-pointer-dereference-fo.patch (git-fixes,bsc#1220340,CVE-2024-26600)
- commit e321d5a
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit 78e2b4a
- erofs: fix lz4 inplace decompression (CVE-2023-52497
bsc#1220879).
- commit ddeedf9
- ACPI: extlog: fix NULL pointer dereference check (bsc#1221039
CVE-2023-52605).
- commit 635c481
- Update patches.suse/arm64-errata-Add-Cortex-A520-speculative-unprivileged-load-workaround.patch (bsc#1219443, bsc#1220887, CVE-2023-52481)
- commit 52243ca
- kernel-binary: Fix i386 build
Fixes: 89eaf4cdce05 ("rpm templates: Move macro definitions below buildrequires")
- commit f7c6351
- btrfs: remove BUG() after failure to insert delayed dir index
item (bsc#1220918 CVE-2023-52569).
- btrfs: improve error message after failure to add delayed dir
index item (bsc#1220918 CVE-2023-52569).
- commit 53e1d2d
- net: nfc: fix races in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831).
- commit 8c33586
- kabi: team: Hide new member header_ops (bsc#1220870
CVE-2023-52574).
- commit 9f49992
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392
bsc#1221040 CVE-2023-52597).
- commit a90b87c
- tracing: Inform kmemleak of saved_cmdlines allocation
(git-fixes).
- commit bb07230
- Update
patches.suse/ceph-drop-messages-from-MDS-when-unmounting.patch
(jsc#SES-1880 CVE-2022-48628 bsc#1220848).
- commit 187fa94
- kernel-binary: vdso: fix filelist for non-usrmerged kernel
Fixes: a6ad8af207e6 ("rpm templates: Always define usrmerged")
- commit fb3f221
- bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
(bsc#1220926 CVE-2023-52523).
- commit 90d9f50
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE
(git-fixes).
- md: Don't ignore suspended array in md_check_recovery()
(git-fixes).
- md: Whenassemble the array, consult the superblock of the
freshest device (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
md_set_readonly() (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should
wait on the reshape (git-fixes).
- md/raid5: release batch_last before waiting for another
stripe_head (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(git-fixes).
- md: introduce md_ro_state (git-fixes).
- commit cef73db
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
(bsc#1218562 CVE-2023-6270).
- commit 57a4cd4
- efivarfs: force RO when remounting if SetVariable is not
supported (bsc#1220328 CVE-2023-52463).
- commit eed7fb0
- topology: Fix up build warning in topology_is_visible()
(jsc#PED-7618).
- commit 6c82a8d
- topology/sysfs: Hide PPIN on systems that do not support it
(jsc#PED-7618).
- commit d8d9717
- iommu/vt-d: Avoid memory allocation in iommu_suspend()
(CVE-2023-52559 bsc#1220933).
- commit c9b01ef
- Refresh patches.suse/0001-powerpc-pseries-memhp-Fix-access-beyond-end-of-drmem.patch.
- update to upstream version
- rename to same name as SLE15 SP5
- commit 1d2def1
- ravb: Fix use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514 CVE-2023-35827).
- team: fix null-ptr-deref when team device type is changed
(bsc#1220870 CVE-2023-52574).
- commit 2cc53f5
- Update
patches.suse/ice-xsk-return-xsk-buffers-back-to-pool-when-cleanin.patch
(jsc#SLE-18375 bsc#1220961 CVE-2021-47105).
- Update patches.suse/net-mana-Fix-TX-CQE-error-handling.patch
(bsc#1215986 bsc#1220932 CVE-2023-52532).
- Update
patches.suse/net-mlx5e-Wrap-the-tx-reporter-dump-callback-to-extr.patch
(jsc#SLE-19253 bsc#1220486 CVE-2021-46931).
Added CVE references.
- commit 3e396c2
- Input: pm8941-powerkey - fix debounce on gen2+ PMICs
(git-fixes).
- commit bbebd44
- Input: pm8941-pwrkey - add support for PON GEN3 base addresses
(git-fixes).
- commit 7ab5a9e
- Update patches.suse/i2c-validate-user-data-in-compat-ioctl.patch
(git-fixes bsc#1220469 CVE-2021-46934).
Add bug and CVE references.
- commit 3a04060
- bpf: fix check for attempt to corrupt spilled pointer
(bsc#1220325 CVE-2023-52462).
- commit 34faa5d
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- commit 6793acf
- krb5
-
- Fix vulnerabilities in GSS message token handling, add patch
0011-Fix-vulnerabilities-in-GSS-message-token-handling.patch
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
- less
-
- Fix CVE-2024-32487, mishandling of \n character in paths when
LESSOPEN is set leads to OS command execution
(CVE-2024-32487, bsc#1222849)
* CVE-2024-32487.patch
- llvm15
-
- Manage clang-cpp with update-alternatives like other binaries.
Solves upgrade issues from Leap 15.5 to 15.6. [boo#1221183]
- avahi
-
- prerequire avahi in avahi-autipd as we user "user avahi"
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch,
util-linux-chcpu-document-zVM-limitations-generated.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- cairo
-
- Add cairo-fix-infinite-loop-bsc1122321-CVE-2019-6462.patch: This
fixes a potentially infinite loop (bsc#1122321, CVE-2019-6462,
glfo#cairo/cairo#155).
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- Added nss-fips-safe-memset.patch, fixing bsc#1222811.
- Removed some dead code from nss-fips-constructor-self-tests.patch.
- Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
- Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
- Updated nss-fips-approved-crypto-non-ec.patch and
nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
bsc#1222828, bsc#1222834.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.
- update to NSS 3.101.1
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
* bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
* bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
* bmo#1899883 - fix formatting issues.
* bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
* bmo#1899593 - remove invalid acvp fuzz test vectors.
* bmo#1898830 - pad short P-384 and P-521 signatures gtests.
* bmo#1898627 - remove unused FreeBL ECC code.
* bmo#1898830 - pad short P-384 and P-521 signatures.
* bmo#1898825 - be less strict about ECDSA private key length.
* bmo#1854439 - Integrate HACL* P-521.
* bmo#1854438 - Integrate HACL* P-384.
* bmo#1898074 - memory leak in create_objects_from_handles.
* bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1748105 - clean up escape handling
* bmo#1896353 - Use lib::pkix as default validator instead of the old-one
* bmo#1827444 - Need to add high level support for PQ signing.
* bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
* bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
* bmo#1793811 - Implement support for PBMAC1 in PKCS#12
* bmo#1897487 - disable VLA warnings for fuzz builds.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
* bmo#215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
* bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
* bmo#1830415 - Switch to the mozillareleases/image_builder image
- Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
- Remove part of nss-fips-zeroization.patch that got removed upstream
- update to NSS 3.100
- bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
faster Xyber operations.
- bmo#1893752 - remove ckcapi.
- bmo#1893162 - avoid a potential PK11GenericObject memory leak.
- bmo#671060 - Remove incomplete ESDH code.
- bmo#215997 - Decrypt RSA OAEP encrypted messages.
- bmo#1887996 - Fix certutil CRLDP URI code.
- bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH.
- bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c.
- bmo#1548723 - Moving the decodedCert allocation to NSS.
- bmo#1885404 - Allow developers to speed up repeated local execution
of NSS tests that depend on certificates.
- update to NSS 3.99
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
- update to NSS 3.98
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
in TLS
* bmo#1879513 - Certificate Compression: enabling the check that
the compression was advertised
* bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
* bmo#1879945 - Remove Email trust bit from OISTE WISeKey
Global Root GC CA
* bmo#1877344 - Replace `distutils.spawn.find_executable` with
`shutil.which` within `mach` in `nss`
* bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
support Certificate compression
* bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
* bmo#1875356 - Add valgrind annotations to freebl kyber operations
for constant-time execution tests
* bmo#1870673 - Set nssckbi version number to 2.66
* bmo#1874017 - Add Telekom Security roots
* bmo#1873095 - Add D-Trust 2022 S/MIME roots
* bmo#1865450 - Remove expired Security Communication RootCA1 root
* bmo#1876179 - move keys to a slot that supports concatenation in
PK11_ConcatSymKeys
* bmo#1876800 - remove unmaintained tls-interop tests
* bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
flags
* bmo#1874937 - bogo: add support for the -curves shim flag and
update Kyber expectations
* bmo#1874937 - bogo: adjust expectation for a key usage bit test
* bmo#1757758 - mozpkix: add option to ignore invalid subject
alternative names
* bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
* bmo#1876390 - take ownership of ecckilla shims
* bmo#1874458 - add valgrind annotations to freebl/ec.c
* bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* bmo#1875965 - Update zlib to 1.3.1
- Use %patch -P N instead of deprecated %patchN.
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
* bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
* bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
* bmo#1867408 - add a defensive check for large ssl_DefSend return values
* bmo#1869378 - Add dependency to the taskcluster script for Darwin
* bmo#1869378 - Upgrade version of the MacOS worker for the CI
- add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
explicit default trust flags" test needs longer than the allowed
6 seconds on s390x
- update to NSS 3.95
* bmo#1842932 - Bump builtins version number.
* bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
* bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
* bmo#1850982 - Remove Camerfirma root certificates from NSS.
* bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
* bmo#1860670 - Add four Commscope root certificates to NSS.
* bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
* bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
* bmo#1861728 - Include P-256 Scalar Validation from HACL*.
* bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
256 ECC without DER wrapping at the softoken level
* bmo#1837987 - Add means to provide library parameters to C_Initialize
* bmo#1573097 - clang format
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
* bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
* bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
* bmo#1573097 - Fix Invalid casts in instance.c
- update to NSS 3.94
* bmo#1853737 - Updated code and commit ID for HACL*
* bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
current NSS
* bmo#1827303 - Softoken C_ calls should use system FIPS setting
to select NSC_ or FC_ variants
* bmo#1774659 - NSS needs a database tool that can dump the low level
representation of the database
* bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
* bmo#1852179 - avoid implicit conversion for ByteString
* bmo#1818766 - update rust version for acvp docker
* bmo#1852011 - Moving the init function of the mpi_ints before
clean-up in ec.c
* bmo#1615555 - P-256 ECDH and ECDSA from HACL*
* bmo#1840510 - Add ACVP test vectors to the repository
* bmo#1849077 - Stop relying on std::basic_string<uint8_t>
* bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
- rebased patches
- added nss-fips-test.patch to fix broken test
- Update to NSS 3.93:
* bmo#1849471 - Update zlib in NSS to 1.3.
* bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
* bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
- Rebase nss-fips-pct-pubkeys.patch.
- update to NSS 3.92
* bmo#1822935 - Set nssckbi version number to 2.62
* bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
* bmo#1839992 - Add 4 SSL.com Root CA certificates
* bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
* bmo#1840437 - Add LAWtrust Root CA2 (4096)
* bmo#1822936 - Remove E-Tugra Certification Authority root
* bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
* bmo#1840505 - Remove Hongkong Post Root CA 1
* bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
* bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
* bmo#1837431 - Implementation of the HW support check for ADX instruction
* bmo#1836925 - Removing the support of Curve25519
* bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
* bmo#1839327 - Adding args to enable-legacy-db build
* bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
default trust flags"
* bmo#1837617 - Initialize flags in slot structures
* bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
* bmo#1829112 - Followup Fixes
* bmo#1784253 - avoid processing unexpected inputs by checking for
m_exptmod base sign
* bmo#1826652 - add a limit check on order_k to avoid infinite loop
* bmo#1834851 - Update HACL* to commit 5f6051d2
* bmo#1753026 - add SHA3 to cryptohi and softoken
* bmo#1753026 - HACL SHA3
* bmo#1836781 - Disabling ASM C25519 for A but X86_64
- removed upstreamed patch nss-fix-bmo1836925.patch
- update to NSS 3.90.3
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1748105 - clean up escape handling.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1836925 - Disable ASM support for Curve25519.
* bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
- remove upstreamed nss-fix-bmo1836925.patch
- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
when using FIPS-mode (bsc#1223724).
- Added "Provides: nss" so other RPMs that require 'nss' can
be installed (jira PED-6358).
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- fix replaces_installed_package using the wrong solvable id
when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- add a conflict to older libsolv-tools to libsolv-tools-base
- report unsupported compression in solv_xfopen() with errno
- fix return value of repodata.add_solv() in the bindings
- fix SHA-224 oid in solv_pgpvrfy
- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
cases
- added experimental lua bindings
- bump version to 0.7.29
- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- Update to version 1.9.0
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
- systemd
-
- Import commit cba472567893618e15b4ab95a3cb0a762ad3ed10
0e8c003e1f core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
621e16c0b8 core/unit: add get_timeout_start_usec in UnitVTable and define it for service
b4140d888a sd-bus: make bus_add_match_full accept timeout
81cb3a4fb5 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
533e98fc6b sd-device: add helper to read a unsigned int attribute
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- tiff
-
- security update:
* CVE-2024-7006 [bsc#1228924]
Fix pointer deref in tif_dirinfo.c
+ tiff-CVE-2024-7006.patch
- security update:
* CVE-2023-3164 [bsc#1212233]
Fix heap buffer overflow in tiffcrop
+ tiff-CVE-2023-3164.patch
- tpm2-0-tss
-
- add 0001-FAPI-Fix-check-of-magic-number-in-verify-quote.patch: fixes
CVE-2024-29040 (bsc#1223690): Missing verification of the magic number in
Fapi_VerifyQuote(), which might allow an attacker to generate arbitrary
quote data, which would not be detected by Fapi_VerifyQuote().
- libuv
-
- Fixed CVE-2024-24806: libuv: Improper Domain Lookup that potentially
leads to SSRF attacks (bsc#1219724)
Added:
0001-fix-always-zero-terminate-idna-output.patch
0002-fix-reject-zero-length-idna-inputs.patch
0003-test-empty-strings-are-not-valid-IDNA.patch
- libxml2
-
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
xmlHTMLPrintFileContext in xmllint.c
* Added libxml2-CVE-2024-34459.patch
- libzypp
-
- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)
- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- Fix typo (fixes #592)
- cmake: check location of fcgi header and adjust include
accordingly. On Debian and derivatives the fcgi headers
are not stored in a fastcgi/ subdirectory.(#590)
- version 17.35.15 (35)
- The 20MB download limit must not apply to non-metadata files like
package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)
- BuildCache: Don't try to retrieve missing raw metadata if no
permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- zypp-tui: Make sure translated texts use the correct textdomain
(fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)
- don't require libproxy1 on tumbleweed, it is optional now
- version 17.34.0 (34)
- Fix versioning scheme
- version 17.33.4 (35)
- add one more missing export for libyui-qt-pkg
- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)
- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2
- version 17.33.1 (33)
- switch to reduced size libsolv-tools-base (jsc#PED-8153)
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- Add ZYPP_API for exported functions and switch to
visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)
- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)
- Don't try to refresh volatile media as long as raw metadata are
present (bsc#1223094)
- version 17.32.5 (32)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- opensc
-
- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
* opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
* opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
* opensc: Incorrect handling length of buffers or files in libopensc
* opensc: Incorrect handling of the length of buffers or files in pkcs15init
* Added patches:
- opensc-CVE-2024-45615.patch
- opensc-CVE-2024-45616.patch
- opensc-CVE-2024-45617.patch
- opensc-CVE-2024-45618.patch
- opensc-CVE-2024-45619.patch
- opensc-CVE-2024-45620.patch
- Security fix: [CVE-2024-8443, bsc#1230364]
* Disable deprecated declaration warnings caused by OpenSSL 3 (bsc#1217722)
* opensc: heap buffer overflow in OpenPGP driver when generating key
* Added patch: opensc-CVE-2024-8443.patch
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- pam_pkcs11
-
- Fix for bsc#1221255:
* Add patch 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- patterns-base
-
- Added a fips-certified pattern matching the exact certified
FIPS versions
- perl
-
- fix space calculation issues in pp_pack.c [bnc#1082216]
[CVE-2018-6913]
* new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
[CVE-2018-6798]
new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
new patch: perl-net-ftp-tls13.diff
- python-Jinja2
-
- Add security patch CVE-2024-56326.patch (bsc#1234809)
- Add CVE-2024-34064.patch upstream patch
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
Also fixes (CVE-2024-22195, bsc#1218722)
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-lxml
-
- Add libexpat-2.6.0-backport.patch to fix compatibility with system
libexpat in tests (bsc#1222075, CVE-2023-52425).
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
- salt
-
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
- Added:
* revert-the-change-making-reactor-less-blocking-bsc-1.patch
* fix-x509-test-fails-on-old-openssl-systems-682.patch
* prevent-using-syncwrapper-with-no-reason.patch
* avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
* allow-namedloadercontexts-to-be-returned-from-loader.patch
* fix-deprecated-code-677.patch
* fix-test_debian-to-work-in-our-infrastructure-676.patch
* fix-the-selinux-context-for-salt-minion-service-bsc-.patch
* use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
* fix-test_system-flaky-setup_teardown-fn.patch
* join-masters-if-it-is-a-list-671.patch
* replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
* remove-redundant-run_func-from-salt.master.mworker._.patch
* make-tests-compatible-with-venv-bundle.patch
* avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
* skip-more-tests-related-to-old-openssl-algorithms.patch
* improve-error-handling-with-different-openssl-versio.patch
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Added:
* skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
* make-reactor-engine-less-blocking-the-eventpublisher.patch
* remove-unused-import-causing-delays-on-starting-salt.patch
* make-logging-calls-lighter.patch
* remove-redundant-_file_find-call-to-the-master.patch
* prevent-possible-exception-in-tornado.concurrent.fut.patch
* do-not-call-the-async-wrapper-calls-with-the-separat.patch
* add-missing-contextvars-dependency-in-salt.version.patch
* prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
* speed-up-salt.matcher.confirm_top-by-using-__context.patch
* improve-broken-events-catching-and-reporting.patch
* make-salt-master-self-recoverable-on-killing-eventpu.patch
- Make "man" a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* make-importing-seco.range-thread-safe-bsc-1211649.patch
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
* decode-oscap-byte-stream-to-string-bsc-1219001.patch
* fix-problematic-tests-and-allow-smooth-tests-executi.patch
* discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
* fix-salt-warnings-and-testuite-for-python-3.11-635.patch
* switch-oscap-encoding-to-utf-8-639.patch
* fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
* improve-pip-target-override-condition-with-venv_pip_.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- python-PyNaCl
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- python-six not required
- python-bcrypt
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- Removed not needed C build dependencies
- Enable for all archs by default
- Update to 4.0.1:
* We now build PyPy manylinux wheels.
* Fixed a bug where passing an invalid salt to checkpw could result in a
pyo3_runtime.PanicException. It now correctly raises a ValueError.
- 4.0.0:
* bcrypt is now implemented in Rust. Users building from source will need to
have a Rust compiler available. Nothing will change for users downloading
wheels.
* We no longer ship manylinux2010 wheels. Users should upgrade to the latest
pip to ensure this doesn’t cause issues downloading wheels on their
platform. We now ship manylinux_2_28 wheels for users on new enough
platforms.
* NUL bytes are now allowed in inputs.
- Remove not needed python-six dependency
- update to 3.2.2:
* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works.
* Added support for compilation on z/OS
* The next release of ``bcrypt`` with be 4.0 and it will require Rust at
compile time, for users building from source. There will be no additional
requirement for users who are installing from wheels. Users on most
platforms will be able to obtain a wheel by making sure they have an up to
date ``pip``. The minimum supported Rust version will be 1.56.0.
- python-boto3
-
- Drop Provides for SLE 15 SP4 and openSUSE Leap 15.4 and later
- Switch to Python 3.11 build in SLE 15 SP4 and openSUSE Leap 15.4 and
later (jsc#PCT-371)
- Switch to wheel build
- Update to 1.34.31
* api-change:``datazone``: [``botocore``] Add new skipDeletionCheck to
DeleteDomain. Add new skipDeletionCheck to DeleteProject which also
automatically deletes dependent objects
* api-change:``route53``: [``botocore``] Update the SDKs for text changes
in the APIs.
- From 1.34.30
* api-change:``autoscaling``: [``botocore``] EC2 Auto Scaling customersi
who use attribute based instance-type selection can now intuitively
define their Spot instances price protection limit as a percentage of
the lowest priced On-Demand instance type.
* api-change:``comprehend``: [``botocore``] Comprehend PII analysis now
supports Spanish input documents.
* api-change:``ec2``: [``botocore``] EC2 Fleet customers who use attribute
based instance-type selection can now intuitively define their Spot
instances price protection limit as a percentage of the lowest priced
On-Demand instance type.
* api-change:``mwaa``: [``botocore``] This release adds MAINTENANCE
environment status for Amazon MWAA environments.
* api-change:``rds``: [``botocore``] Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS
RestoreDBClusterFromSnapshot and RestoreDBClusterToPointInTime API methods.
This provides enhanced error handling, ensuring a more robust experience.
* api-change:``snowball``: [``botocore``] Modified description of
createaddress to include direction to add path when providing a JSON file.
- From 1.34.29
* api-change:``connect``: [``botocore``] Update list and string length
limits for predefined attributes.
* api-change:``inspector2``: [``botocore``] This release adds ECR container
image scanning based on their lastRecordedPullTime.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic
Model Tuning now provides an API to programmatically delete tuning jobs.
- From 1.34.28
* api-change:``acm-pca``: [``botocore``] AWS Private CA now supports an
option to omit the CDP extension from issued certificates, when CRL
revocation is enabled.
* api-change:``lightsail``: [``botocore``] This release adds support for
IPv6-only instance plans.
- From 1.34.27
* api-change:``ec2``: [``botocore``] Introduced a new clientToken request
parameter on CreateNetworkAcl and CreateRouteTable APIs. The clientToken
parameter allows idempotent operations on the APIs.
* api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS.
* api-change:``outposts``: [``botocore``] DeviceSerialNumber parameter is
now optional in StartConnection API
* api-change:``rds``: [``botocore``] This release adds support for Aurora
Limitless Database.
* api-change:``storagegateway``: [``botocore``] Add DeprecationDate and
SoftwareVersion to response of ListGateways.
- From 1.34.26
* api-change:``inspector2``: [``botocore``] This release adds support for
CIS scans on EC2 instances.
- From 1.34.25
* enhancement:documentation: [``botocore``] Updates the GitHub issue
creation link in our README
- From 1.34.24
* api-change:``appconfigdata``: [``botocore``] Fix FIPS Endpoints in
aws-us-gov.
* api-change:``cloud9``: [``botocore``] Doc-only update around removing AL1
from list of available AMIs for Cloud9
* api-change:``cloudfront-keyvaluestore``: [``botocore``] This release
improves upon the DescribeKeyValueStore API by returning two additional
fields, Status of the KeyValueStore and the FailureReason in case of
failures during creation of KeyValueStore.
* api-change:``connectcases``: [``botocore``] This release adds the ability
to view audit history on a case and introduces a new parameter,
performedBy, for CreateCase and UpdateCase API's.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``ecs``: [``botocore``] This release adds support for
Transport Layer Security (TLS) and Configurable Timeout to ECS Service
Connect. TLS facilitates privacy and data security for inter-service
communications, while Configurable Timeout allows customized per-request
timeout and idle timeout for Service Connect services.
* api-change:``finspace``: [``botocore``] Allow customer to set zip default
through command line arguments.
* api-change:``organizations``: [``botocore``] Doc only update for quota
increase change
* api-change:``rds``: [``botocore``] Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS CreateDBCluster API
method. This provides enhanced error handling, ensuring a more robust
experience when creating database clusters with insufficient instance
capacity.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules
client to latest version
- From 1.34.23
* api-change:``athena``: [``botocore``] Introducing new
NotebookS3LocationUri parameter to Athena ImportNotebook API. Payload is
no longer required and either Payload or NotebookS3LocationUri needs to be
provided (not both) for a successful ImportNotebook API call. If both are
provided, an InvalidRequestException will be thrown.
* api-change:``codebuild``: [``botocore``] Release CodeBuild Reserved
Capacity feature
* api-change:``dynamodb``: [``botocore``] This release adds support for
including ApproximateCreationDateTimePrecision configurations in
EnableKinesisStreamingDestination API, adds the same as an optional field
in the response of DescribeKinesisStreamingDestination, and adds support
for a new UpdateKinesisStreamingDestination API.
* api-change:``qconnect``: [``botocore``] Increased Quick Response name max
length to 100
- From 1.34.22
* api-change:``b2bi``: [``botocore``] Increasing TestMapping inputFileContent
file size limit to 5MB and adding file size limit 250KB for TestParsing
input file. This release also includes exposing InternalServerException
for Tag APIs.
* api-change:``cloudtrail``: [``botocore``] This release adds a new API
ListInsightsMetricData to retrieve metric data from CloudTrail Insights.
* api-change:``connect``: [``botocore``] GetMetricDataV2 now supports 3
groupings
* api-change:``drs``: [``botocore``] Removed invalid and unnecessary
default values.
* api-change:``firehose``: [``botocore``] Allow support for Snowflake as
a Kinesis Data Firehose delivery destination.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Increase
BatchGetRecord limits from 10 items to 100 items
- From 1.34.21
* api-change:``dynamodb``: [``botocore``] Updating note for enabling streams
for UpdateTable.
* api-change:``keyspaces``: [``botocore``] This release adds support for
Multi-Region Replication with provisioned tables, and Keyspaces auto
scaling APIs
- From 1.34.20
* api-change:``iot``: [``botocore``] Revert release of LogTargetTypes
* api-change:``iotfleetwise``: [``botocore``] Updated APIs: SignalNodeType
query parameter has been added to ListSignalCatalogNodesRequest and
ListVehiclesResponse has been extended with attributes field.
* api-change:``macie2``: [``botocore``] This release adds support for
analyzing Amazon S3 objects that are encrypted using dual-layer
server-side encryption with AWS KMS keys (DSSE-KMS). It also adds support
for reporting DSSE-KMS details in statistics and metadata about
encryption settings for S3 buckets and objects.
* api-change:``payment-cryptography``: [``botocore``] Provide an additional
option for key exchange using RSA wrap/unwrap in addition to tr-34/tr-31
in ImportKey and ExportKey operations. Added new key usage (type)
TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane
operations with ISO9797 Algorithm 1 MAC calculations.
* api-change:``personalize-runtime``: [``botocore``] Documentation updates
for Amazon Personalize
* api-change:``personalize``: [``botocore``] Documentation updates for
Amazon Personalize.
* api-change:``rekognition``: [``botocore``] This release adds ContentType
and TaxonomyLevel attributes to DetectModerationLabels and
GetMediaAnalysisJob API responses.
* api-change:``securityhub``: [``botocore``] Documentation updates for
AWS Security Hub
- From 1.34.19
* api-change:``sagemaker``: [``botocore``] This release will have
ValidationException thrown if certain invalid app types are provided. The
release will also throw ValidationException if more than 10 account ids
are provided in VpcOnlyTrustedAccounts.
- From 1.34.18
* api-change:``connect``: [``botocore``] Supervisor Barge for Chat is now
supported through the MonitorContact API.
* api-change:``connectparticipant``: [``botocore``] Introduce new
Supervisor participant role
* api-change:``location``: [``botocore``] Location SDK documentation update.
Added missing fonts to the MapConfiguration data type. Updated note for
the SubMunicipality property in the place data type.
* api-change:``mwaa``: [``botocore``] This Amazon MWAA feature release
includes new fields in CreateWebLoginToken response model. The new fields
IamIdentity and AirflowIdentity will let you match identifications, as
the Airflow identity length is currently hashed to 64 characters.
* api-change:``s3control``: [``botocore``] S3 On Outposts team adds
dualstack endpoints support for S3Control and S3Outposts API calls.
* api-change:``supplychain``: [``botocore``] This release includes APIs
CreateBillOfMaterialsImportJob and GetBillOfMaterialsImportJob.
* api-change:``transfer``: [``botocore``] AWS Transfer Family now supports
static IP addresses for SFTP & AS2 connectors and for async MDNs on AS2
servers.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- From 1.34.17
* api-change:``ec2``: [``botocore``] This release adds support for adding
an ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``ecs``: [``botocore``] This release adds support for adding an
ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``events``: [``botocore``] Update events client to latest
version
* api-change:``iot``: [``botocore``] Add ConflictException to Update APIs of
AWS IoT Software Package Catalog
* api-change:``iotfleetwise``: [``botocore``] The following dataTypes have
been removed: CUSTOMER_DECODED_INTERFACE in NetworkInterfaceType;
CUSTOMER_DECODED_SIGNAL_INFO_IS_NULL in SignalDecoderFailureReason;
CUSTOMER_DECODED_SIGNAL_NETWORK_INTERFACE_INFO_IS_NULL in
NetworkInterfaceFailureReason; CUSTOMER_DECODED_SIGNAL in SignalDecoderType
* api-change:``secretsmanager``: [``botocore``] Doc only update for Secrets
Manager
* api-change:``workspaces``: [``botocore``] Added AWS Workspaces
RebootWorkspaces API - Extended Reboot documentation update
- From 1.34.16
* api-change:``connectcampaigns``: [``botocore``] Minor pattern updates
for Campaign and Dial Request API fields.
* api-change:``location``: [``botocore``] This release adds API support for
custom layers for the maps service APIs: CreateMap, UpdateMap, DescribeMap.
* api-change:``logs``: [``botocore``] Add support for account level
subscription filter policies to PutAccountPolicy, DescribeAccountPolicies,
and DeleteAccountPolicy APIs. Additionally, PutAccountPolicy has been
modified with new optional "selectionCriteria" parameter for resource
selection.
* api-change:``qconnect``: [``botocore``] QueryAssistant and
GetRecommendations will be discontinued starting June 1, 2024. To receive
generative responses after March 1, 2024 you will need to create a new
Assistant in the Connect console and integrate the Amazon Q in Connect
JavaScript library (amazon-q-connectjs) into your applications.
* api-change:``redshift-serverless``: [``botocore``] Updates to
ConfigParameter for RSS workgroup, removal of use_fips_ssl
* api-change:``route53``: [``botocore``] Route53 now supports geoproximity
routing in AWS regions
* api-change:``wisdom``: [``botocore``] QueryAssistant and GetRecommendations
will be discontinued starting June 1, 2024. To receive generative responses
after March 1, 2024 you will need to create a new Assistant in the Connect
console and integrate the Amazon Q in Connect JavaScript library
(amazon-q-connectjs) into your applications.
- From 1.34.15
* api-change:``codebuild``: [``botocore``] Aws CodeBuild now supports new
compute type BUILD_GENERAL1_XLARGE
* api-change:``ec2``: [``botocore``] Amazon EC2 R7iz bare metal instances
are powered by custom 4th generation Intel Xeon Scalable processors.
* api-change:``route53resolver``: [``botocore``] This release adds support
for query type configuration on firewall rules that enables customers for
granular action (ALLOW, ALERT, BLOCK) by DNS query type.
- From 1.34.14
* api-change:``connect``: [``botocore``] Minor trait updates for User APIs
* api-change:``kms``: [``botocore``] Documentation updates for AWS Key
Management Service (KMS).
* api-change:``redshift-serverless``: [``botocore``] use_fips_ssl and
require_ssl parameter support for Workgroup, UpdateWorkgroup, and
CreateWorkgroup
-From 1.34.13
* api-change:``config``: [``botocore``] Updated ResourceType enum with new
resource types onboarded by AWS Config in November and December 2023.
* api-change:``docdb``: [``botocore``] Adding PerformanceInsightsEnabled and
PerformanceInsightsKMSKeyId fields to DescribeDBInstances Response.
* api-change:``ecs``: [``botocore``] This release adds support for managed
instance draining which facilitates graceful termination of Amazon ECS
instances.
* api-change:``es``: [``botocore``] This release adds support for new or
existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with
perfect forward secrecy cipher suites for domain endpoints.
* api-change:``lightsail``: [``botocore``] This release adds support to set
up an HTTPS endpoint on an instance.
* api-change:``opensearch``: [``botocore``] This release adds support for
new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2
with perfect forward secrecy cipher suites for domain endpoints.
* api-change:``sagemaker``: [``botocore``] Adding support for provisioned
throughput mode for SageMaker Feature Groups
* api-change:``servicecatalog``: [``botocore``] Added Idempotency token
support to Service Catalog AssociateServiceActionWithProvisioningArtifact,
DisassociateServiceActionFromProvisioningArtifact, DeleteServiceAction API
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- From 1.34.12
* api-change:``connect``: [``botocore``] Amazon Connect, Contact Lens
Evaluation API increase evaluation notes max length to 3072.
* api-change:``mediaconvert``: [``botocore``] This release includes video
engine updates including HEVC improvements, support for ingesting VP9
encoded video in MP4 containers, and support for user-specified 3D LUTs.
- From 1.34.11
* api-change:``apprunner``: [``botocore``] AWS App Runner adds Python 3.11
and Node.js 18 runtimes.
* api-change:``location``: [``botocore``] This release introduces a new
parameter to bypasses an API key's expiry conditions and delete the key.
* api-change:``quicksight``: [``botocore``] Add LinkEntityArn support for
different partitions; Add UnsupportedUserEditionException in
UpdateDashboardLinks API; Add support for New Reader Experience Topics
- From 1.34.10
* api-change:``codestar-connections``: [``botocore``] New integration with
the GitLab self-managed provider type.
* api-change:``kinesis-video-archived-media``: [``botocore``]
NoDataRetentionException thrown when GetImages requested for a Stream
that does not retain data (that is, has a DataRetentionInHours of 0).
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Studio now
supports Docker access from within app container
- From 1.34.9
* api-change:``emr``: [``botocore``] Update emr client to latest version
- From 1.34.8
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity
and Access Management (IAM).
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules
client to latest version
- From 1.34.7
* api-change:``bedrock-agent``: [``botocore``] Adding Claude 2.1 support to
Bedrock Agents
* api-change:``glue``: [``botocore``] This release adds additional
configurations for Query Session Context on the following APIs:
GetUnfilteredTableMetadata, GetUnfilteredPartitionMetadata,
GetUnfilteredPartitionsMetadata.
* api-change:``lakeformation``: [``botocore``] This release adds additional
configurations on GetTemporaryGlueTableCredentials for Query Session
Context.
* api-change:``mediaconnect``: [``botocore``] This release adds the
DescribeSourceMetadata API. This API can be used to view the stream
information of the flow's source.
* api-change:``networkmonitor``: [``botocore``] CloudWatch Network Monitor
is a new service within CloudWatch that will help network administrators
and operators continuously monitor network performance metrics such as
round-trip-time and packet loss between their AWS-hosted applications and
their on-premises locations.
* api-change:``omics``: [``botocore``] Provides minor corrections and an
updated description of APIs.
* api-change:``secretsmanager``: [``botocore``] Update endpoint rules and
examples.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- From 1.34.6
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.19.19
* api-change:``amp``: [``botocore``] This release updates Amazon Managed
Service for Prometheus APIs to support customer managed KMS keys.
* api-change:``appintegrations``: [``botocore``] The Amazon AppIntegrations
service adds DeleteApplication API for deleting applications, and updates
APIs to support third party applications reacting to workspace events and
make data requests to Amazon Connect for agent and contact events.
* api-change:``bedrock-agent``: [``botocore``] This release introduces
Amazon Aurora as a vector store on Knowledge Bases for Amazon Bedrock
* api-change:``codecommit``: [``botocore``] AWS CodeCommit now supports
customer managed keys from AWS Key Management Service.
UpdateRepositoryEncryptionKey is added for updating the key configuration.
CreateRepository, GetRepository, BatchGetRepositories are updated with new
input or output parameters.
* api-change:``connect``: [``botocore``] Adds APIs to manage User
Proficiencies and Predefined Attributes. Enhances StartOutboundVoiceContact
API input. Introduces SearchContacts API. Enhances DescribeContact API.
Adds an API to update Routing Attributes in QueuePriority and
QueueTimeAdjustmentSeconds.
* api-change:``medialive``: [``botocore``] MediaLive now supports the ability
to configure the audio that an AWS Elemental Link UHD device produces, when
the device is configured as the source for a flow in AWS Elemental
MediaConnect.
* api-change:``neptune-graph``: [``botocore``] Adds Waiters for successful
creation and deletion of Graph, Graph Snapshot, Import Task and Private
Endpoints for Neptune Analytics
* api-change:``rds-data``: [``botocore``] This release adds support for
using RDS Data API with Aurora PostgreSQL Serverless v2 and provisioned DB
clusters.
* api-change:``rds``: [``botocore``] This release adds support for using RDS
Data API with Aurora PostgreSQL Serverless v2 and provisioned DB clusters.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Training now
provides model training container access for debugging purposes. Amazon
SageMaker Search now provides the ability to use visibility conditions to
limit resource access to a single domain or multiple domains.
- From 1.34.5
* api-change:``appstream``: [``botocore``] This release introduces
configurable clipboard, allowing admins to specify the maximum length of
text that can be copied by the users from their device to the remote
session and vice-versa.
* api-change:``eks``: [``botocore``] Add support for cluster insights, new
EKS capability that surfaces potentially upgrade impacting issues.
* api-change:``guardduty``: [``botocore``] This release 1) introduces a new
API: GetOrganizationStatistics , and 2) adds a new UsageStatisticType
TOP_ACCOUNTS_BY_FEATURE for GetUsageStatistics API
* api-change:``managedblockchain-query``: [``botocore``] Adding Confirmation
Status and Execution Status to GetTransaction Response.
* api-change:``mediatailor``: [``botocore``] Adds the ability to configure
time shifting on MediaTailor channels using the TimeShiftConfiguration
field
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the
Canada West (Calgary) Region (ca-west-1) for latency records, geoproximity
records, and private DNS for Amazon VPCs in that region.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- From 1.34.4
* api-change:``appsync``: [``botocore``] This release adds additional
configurations on GraphQL APIs for limits on query depth, resolver count,
and introspection
* api-change:``chime-sdk-meetings``: [``botocore``] Add meeting features to
specify a maximum camera resolution, a maximum content sharing resolution,
and a maximum number of attendees for a given meeting.
* api-change:``ec2``: [``botocore``] Provision BYOIPv4 address ranges and
advertise them by specifying the network border groups option in
Los Angeles, Phoenix and Dallas AWS Local Zones.
* api-change:``fsx``: [``botocore``] Added support for FSx for OpenZFS
on-demand data replication across AWS accounts and/or regions.Added the
IncludeShared attribute for DescribeSnapshots.Added the CopyStrategy
attribute for OpenZFSVolumeConfiguration.
* api-change:``marketplace-catalog``: [``botocore``] AWS Marketplace now
supports a new API, BatchDescribeEntities, which returns metadata and
content for multiple entities.
* api-change:``rds``: [``botocore``] RDS - The release adds two new APIs:
DescribeDBRecommendations and ModifyDBRecommendation
- From 1.34.3
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports
trigger versions that define the fields in the request sent to pre token
generation Lambda triggers.
* api-change:``eks``: [``botocore``] Add support for EKS Cluster Access
Management.
* api-change:``quicksight``: [``botocore``] A docs-only release to add
missing entities to the API reference.
* api-change:``route53resolver``: [``botocore``] Add DOH protocols in
resolver endpoints.
- From 1.34.2
* api-change:``cloud9``: [``botocore``] Updated Cloud9 API documentation for
AL2023 release
* api-change:``connect``: [``botocore``] Adds relatedContactId field to
StartOutboundVoiceContact API input. Introduces PauseContact API and
ResumeContact API for Task contacts. Adds pause duration, number of pauses,
timestamps for last paused and resumed events to DescribeContact API
response. Adds new Rule type and new Rule action.
* api-change:``connectcases``: [``botocore``] Increase number of fields that
can be included in CaseEventIncludedData from 50 to 200
* api-change:``kms``: [``botocore``] Documentation updates for AWS Key
Management Service
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation by
adding code examples
* api-change:``sagemaker``: [``botocore``] This release 1) introduces a new
API: DeleteCompilationJob , and 2) adds InfraCheckConfig for
Create/Describe training job API
- From 1.34.1
* api-change:``appstream``: [``botocore``] This release includes support for
images of Windows Server 2022 platform.
* api-change:``b2bi``: [``botocore``] Documentation updates for AWS B2B Data
Interchange
* api-change:``billingconductor``: [``botocore``] Billing Conductor is
releasing a new API, GetBillingGroupCostReport, which provides the ability
to retrieve/view the Billing Group Cost Report broken down by attributes
for a specific billing group.
* api-change:``connect``: [``botocore``] This release adds support for more
granular billing using tags (key:value pairs)
* api-change:``controltower``: [``botocore``] Documentation updates for
AWS Control Tower.
* api-change:``firehose``: [``botocore``] This release, 1) adds configurable
buffering hints for the Splunk destination, and 2) reduces the minimum
configurable buffering interval for supported destinations
* api-change:``gamelift``: [``botocore``] Amazon GameLift adds the ability
to add and update the game properties of active game sessions.
* api-change:``iot``: [``botocore``] This release adds the ability to
self-manage certificate signing in AWS IoT Core fleet provisioning using
the new certificate provider resource.
* api-change:``neptune-graph``: [``botocore``] This is the initial SDK
release for Amazon Neptune Analytics
* api-change:``opensearch``: [``botocore``] Updating documentation for Amazon
OpenSearch Service support for new zero-ETL integration with Amazon S3.
* api-change:``quicksight``: [``botocore``] Update Dashboard Links support;
SingleAxisOptions support; Scatterplot Query limit support.
* api-change:``workspaces``: [``botocore``] Updated note to ensure customers
understand running modes.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- From 1.34.0
* feature:Python: End of support for Python 3.7
* feature:Python: [``botocore``] End of support for Python 3.7
* api-change:``drs``: [``botocore``] Adding AgentVersion to SourceServer and
RecoveryInstance structures
- From 1.33.13
* api-change:``imagebuilder``: [``botocore``] This release adds the Image
Workflows feature to give more flexibility and control over the image
building and testing process.
* api-change:``location``: [``botocore``] This release 1) adds
sub-municipality field in Places API for searching and getting places
information, and 2) allows optimizing route calculation based on expected
arrival time.
* api-change:``logs``: [``botocore``] This release introduces the
StartLiveTail API to tail ingested logs in near real time.
- From 1.33.12
* api-change:``neptune``: [``botocore``] This release adds a new parameter
configuration setting to the Neptune cluster related APIs that can be
leveraged to switch between the underlying supported storage modes.
* api-change:``pinpoint``: [``botocore``] This release includes Amazon
Pinpoint API documentation updates pertaining to campaign message sending
rate limits.
* api-change:``securityhub``: [``botocore``] Added new resource detail
objects to ASFF, including resources for AwsDynamoDbTable,
AwsEc2ClientVpnEndpoint, AwsMskCluster, AwsS3AccessPoint, AwsS3Bucket
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client
to latest version
- Update to 1.33.11:
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``ec2``: [``botocore``] M2 Mac instances are built on Apple M2 Mac mini computers. I4i
instances are powered by 3rd generation Intel Xeon Scalable processors. C7i compute optimized, M7i
general purpose and R7i memory optimized instances are powered by custom 4th Generation Intel Xeon
Scalable processors.
* api-change:``finspace``: [``botocore``] Releasing Scaling Group, Dataview, and Volume APIs
- from version 1.33.10
* api-change:``codedeploy``: [``botocore``] This release adds support for two new CodeDeploy
features: 1) zonal deployments for Amazon EC2 in-place deployments, 2) deployments triggered by
Auto Scaling group termination lifecycle hook events.
- from version 1.33.9
* api-change:``backup``: [``botocore``] AWS Backup - Features: Add VaultType to the output of
DescribeRecoveryPoint, ListRecoveryPointByBackupVault API and add ResourceType to the input of
ListRestoreJobs API
* api-change:``comprehend``: [``botocore``] Documentation updates for Trust and Safety features.
* api-change:``connect``: [``botocore``] Releasing Tagging Support for Instance Management APIS
* api-change:``ec2``: [``botocore``] Releasing the new cpuManufacturer attribute within the
DescribeInstanceTypes API response which notifies our customers with information on who the
Manufacturer is for the processor attached to the instance, for example: Intel.
* api-change:``payment-cryptography``: [``botocore``] AWS Payment Cryptography IPEK feature release
- from version 1.33.8
* api-change:``athena``: [``botocore``] Adding IdentityCenter enabled request for interactive query
* api-change:``cleanroomsml``: [``botocore``] Updated service title from cleanroomsml to
CleanRoomsML.
* api-change:``cloudformation``: [``botocore``] Documentation update, December 2023
* api-change:``ec2``: [``botocore``] Adds A10G, T4G, and H100 as accelerator name options and
Habana as an accelerator manufacturer option for attribute based selection
- from version 1.33.7
* api-change:``billingconductor``: [``botocore``] This release adds the ability to specify a linked
account of the billing group for the custom line item resource.
* api-change:``braket``: [``botocore``] This release enhances service support to create quantum
tasks and hybrid jobs associated with Braket Direct Reservations.
* api-change:``cloud9``: [``botocore``] This release adds the requirement to include the imageId
parameter in the CreateEnvironmentEC2 API call.
* api-change:``cloudformation``: [``botocore``] Including UPDATE_* states as a success status for
CreateStack waiter.
* api-change:``finspace``: [``botocore``] Release General Purpose type clusters
* api-change:``medialive``: [``botocore``] Adds support for custom color correction on channels
using 3D LUT files.
* api-change:``servicecatalog-appregistry``: [``botocore``] Documentation-only updates for Dawn
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.33.6
* api-change:``qconnect``: [``botocore``] This release adds the PutFeedback API and allows
providing feedback against the specified assistant for the specified target.
* api-change:``rbin``: [``botocore``] Added resource identifier in the output and updated error
handling.
* api-change:``verifiedpermissions``: [``botocore``] Adds description field to PolicyStore API's
and namespaces field to GetSchema.
- from version 1.33.5
* api-change:``arc-zonal-shift``: [``botocore``] This release adds a new capability, zonal
autoshift. You can configure zonal autoshift so that AWS shifts traffic for a resource away from an
Availability Zone, on your behalf, when AWS determines that there is an issue that could
potentially affect customers in the Availability Zone.
* api-change:``glue``: [``botocore``] Adds observation and analyzer support to the
GetDataQualityResult and BatchGetDataQualityResult APIs.
* api-change:``sagemaker``: [``botocore``] This release adds support for 1/ Code Editor, based on
Code-OSS, Visual Studio Code Open Source, a new fully managed IDE option in SageMaker Studio 2/
JupyterLab, a new fully managed JupyterLab IDE experience in SageMaker Studio
- from version 1.33.4
* bugfix:``s3transfer``: Raise floor for ``s3transfer`` to 0.8.2 to avoid any conflicts with the
awscrt
* api-change:``marketplace-agreement``: [``botocore``] The AWS Marketplace Agreement Service
provides an API interface that helps AWS Marketplace sellers manage their agreements, including
listing, filtering, and viewing details about their agreements.
* api-change:``marketplace-catalog``: [``botocore``] This release enhances the ListEntities API to
support new entity type-specific strongly typed filters in the request and entity type-specific
strongly typed summaries in the response.
* api-change:``marketplace-deployment``: [``botocore``] AWS Marketplace Deployment is a new service
that provides essential features that facilitate the deployment of software, data, and services
procured through AWS Marketplace.
* api-change:``redshift-serverless``: [``botocore``] This release adds the following support for
Amazon Redshift Serverless: 1) cross-account cross-VPCs, 2) copying snapshots across Regions, 3)
scheduling snapshot creation, and 4) restoring tables from a recovery point.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.33.3
* api-change:``application-autoscaling``: [``botocore``] Amazon SageMaker customers can now use
Application Auto Scaling to automatically scale the number of Inference Component copies across an
endpoint to meet the varying demand of their workloads.
* api-change:``cleanrooms``: [``botocore``] AWS Clean Rooms now provides differential privacy to
protect against user-identification attempts and machine learning modeling to allow two parties to
identify similar users in their data.
* api-change:``cleanroomsml``: [``botocore``] Public Preview SDK release of AWS Clean Rooms ML APIs
* api-change:``opensearch``: [``botocore``] Launching Amazon OpenSearch Service support for new
zero-ETL integration with Amazon S3. Customers can now manage their direct query data sources to
Amazon S3 programatically
* api-change:``opensearchserverless``: [``botocore``] Amazon OpenSearch Serverless collections
support an additional attribute called standby-replicas. This allows to specify whether a
collection should have redundancy enabled.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] This release adds following support 1/ Improved SDK
tooling for model deployment. 2/ New Inference Component based features to lower inference costs
and latency 3/ SageMaker HyperPod management. 4/ Additional parameters for FM Fine Tuning in
Autopilot
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.33.2
* api-change:``accessanalyzer``: [``botocore``] This release adds support for external access
findings for S3 directory buckets to help you easily identify cross-account access. Updated service
API, documentation, and paginators.
* api-change:``bedrock-agent-runtime``: [``botocore``] This release introduces Agents for Amazon
Bedrock Runtime
* api-change:``bedrock-agent``: [``botocore``] This release introduces Agents for Amazon Bedrock
* api-change:``bedrock-runtime``: [``botocore``] This release adds support for minor
versions/aliases for invoke model identifier.
* api-change:``bedrock``: [``botocore``] This release adds support for customization types, model
life cycle status and minor versions/aliases for model identifiers.
* api-change:``connect``: [``botocore``] Added support for following capabilities: Amazon Connect's
in-app, web, and video calling. Two-way SMS integrations. Contact Lens real-time chat analytics
feature. Amazon Connect Analytics Datalake capability. Capability to configure real time chat rules.
* api-change:``customer-profiles``: [``botocore``] This release introduces DetectProfileObjectType
API to auto generate object type mapping.
* api-change:``qbusiness``: [``botocore``] Amazon Q - a generative AI powered application that your
employees can use to ask questions and get answers from knowledge spread across disparate content
repositories, summarize reports, write articles, take actions, and much more - all within their
company's connected content repositories.
* api-change:``qconnect``: [``botocore``] Amazon Q in Connect, an LLM-enhanced evolution of Amazon
Connect Wisdom. This release adds generative AI support to Amazon Q Connect QueryAssistant and
GetRecommendations APIs.
* api-change:``s3``: [``botocore``] Adds support for S3 Express One Zone.
* api-change:``s3control``: [``botocore``] Adds support for S3 Express One Zone, and
InvocationSchemaVersion 2.0 for S3 Batch Operations.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.33.1
* api-change:``elasticache``: [``botocore``] Launching Amazon ElastiCache Serverless that enables
you to create a cache in under a minute without any capacity management. ElastiCache Serverless
monitors the cache's memory, CPU, and network usage and scales both vertically and horizontally to
support your application's requirements.
- from version 1.33.0
* enhancement:Versioning: Bump boto3 from 1.29.7 to 1.33.0 to match Botocore versioning scheme.
* feature:``s3``: Boto3 will now opt into using the awscrt on select EC2 instance types for s3
transfers.
* feature:Versioning: [``botocore``] With the release of Botocore 1.33.0, Boto3 and Botocore will
share the same version number.
* api-change:``appsync``: [``botocore``] This update enables introspection of Aurora cluster
databases using the RDS Data API
* api-change:``b2bi``: [``botocore``] This is the initial SDK release for AWS B2B Data Interchange.
* api-change:``backup``: [``botocore``] AWS Backup now supports restore testing, a new feature that
allows customers to automate restore testing and validating their backups. Additionally, this
release adds support for EBS Snapshots Archive tier.
* api-change:``controltower``: [``botocore``] This release adds the following support: 1. The
EnableControl API can configure controls that are configurable. 2. The GetEnabledControl API shows
the configured parameters on an enabled control. 3. The new UpdateEnabledControl API can change
parameters on an enabled control.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``fis``: [``botocore``] AWS FIS adds support for multi-account experiments & empty
target resolution. This release also introduces the CreateTargetAccountConfiguration API that
allows experiments across multiple AWS accounts, and the ListExperimentResolvedTargets API to list
target details.
* api-change:``glue``: [``botocore``] add observations support to DQ CodeGen config model + update
document for connectiontypes supported by ConnectorData entities
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for support for RDS for Db2.
* api-change:``securityhub``: [``botocore``] Adds and updates APIs to support central
configuration. This feature allows the Security Hub delegated administrator to configure Security
Hub for their entire AWS Org across multiple regions from a home Region. With this release,
findings also include account name and application metadata.
* api-change:``transcribe``: [``botocore``] This release adds support for AWS HealthScribe APIs
within Amazon Transcribe
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.29.7
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.19.17
* api-change:``accessanalyzer``: [``botocore``] IAM Access Analyzer now continuously monitors IAM
roles and users in your AWS account or organization to generate findings for unused access.
Additionally, IAM Access Analyzer now provides custom policy checks to validate that IAM policies
adhere to your security standards ahead of deployments.
* api-change:``amp``: [``botocore``] This release adds support for the Amazon Managed Service for
Prometheus collector, a fully managed, agentless Prometheus metrics scraping capability.
* api-change:``bcm-data-exports``: [``botocore``] Users can create, read, update, delete Exports of
billing and cost management data. Users can get details of Export Executions and details of Tables
for exporting. Tagging support is provided for Exports
* api-change:``cloudtrail``: [``botocore``] CloudTrail Lake now supports federating event data
stores. giving users the ability to run queries against their event data using Amazon Athena.
* api-change:``codestar-connections``: [``botocore``] This release adds support for the
CloudFormation Git sync feature. Git sync enables updating a CloudFormation stack from a template
stored in a Git repository.
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
analyze and generate recommendations with customization and discounts preferences.
* api-change:``config``: [``botocore``] Support Periodic Recording for Configuration Recorder
* api-change:``controltower``: [``botocore``] Add APIs to create and manage a landing zone.
* api-change:``cost-optimization-hub``: [``botocore``] This release launches Cost Optimization Hub,
a new AWS Billing and Cost Management feature that helps you consolidate and prioritize cost
optimization recommendations across your AWS Organizations member accounts and AWS Regions, so that
you can get the most out of your AWS spend.
* api-change:``detective``: [``botocore``] Added new APIs in Detective to support resource
investigations
* api-change:``ecs``: [``botocore``] Adds a new 'type' property to the Setting structure. Adds a
new AccountSetting - guardDutyActivate for ECS.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``eks-auth``: [``botocore``] This release adds support for EKS Pod Identity feature.
EKS Pod Identity makes it easy for customers to obtain IAM permissions for their applications
running in the EKS clusters.
* api-change:``eks``: [``botocore``] This release adds support for EKS Pod Identity feature. EKS
Pod Identity makes it easy for customers to obtain IAM permissions for the applications running in
their EKS clusters.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``freetier``: [``botocore``] This is the initial SDK release for the AWS Free Tier
GetFreeTierUsage API
* api-change:``fsx``: [``botocore``] Added support for FSx for ONTAP scale-out file systems and
FlexGroup volumes. Added the HAPairs field and ThroughputCapacityPerHAPair for filesystem. Added
AggregateConfiguration (containing Aggregates and ConstituentsPerAggregate) and SizeInBytes for
volume.
* api-change:``guardduty``: [``botocore``] Add support for Runtime Monitoring for ECS and ECS-EC2.
* api-change:``iotfleetwise``: [``botocore``] AWS IoT FleetWise introduces new APIs for vision
system data, such as data collected from cameras, radars, and lidars. You can now model and decode
complex data types.
* api-change:``lakeformation``: [``botocore``] This release adds four new APIs
"DescribeLakeFormationIdentityCenterConfiguration",
"CreateLakeFormationIdentityCenterConfiguration",
"DescribeLakeFormationIdentityCenterConfiguration", and
"DeleteLakeFormationIdentityCenterConfiguration", and also updates the corresponding documentation.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``logs``: [``botocore``] Added APIs to Create, Update, Get, List and Delete
LogAnomalyDetectors and List and Update Anomalies in Detector. Added LogGroupClass attribute for
LogGroups to classify loggroup as Standard loggroup with all capabilities or InfrequentAccess
loggroup with limited capabilities.
* api-change:``managedblockchain``: [``botocore``] Add optional NetworkType property to Accessor
APIs
* api-change:``personalize-events``: [``botocore``] This release enables PutActions and
PutActionInteractions
* api-change:``personalize-runtime``: [``botocore``] Enables metadata in recommendations and next
best action recommendations
* api-change:``personalize``: [``botocore``] Enables metadata in recommendations, recommendations
with themes, and next best action recommendations
* api-change:``quicksight``: [``botocore``] This release launches new APIs for trusted identity
propagation setup and supports creating datasources using trusted identity propagation as
authentication method for QuickSight accounts configured with IAM Identity Center.
* api-change:``redshift``: [``botocore``] This release adds support for multi-data warehouse writes
through data sharing.
* api-change:``repostspace``: [``botocore``] Initial release of AWS re:Post Private
* api-change:``s3``: [``botocore``] Adding new params - Key and Prefix, to S3 API operations for
supporting S3 Access Grants. Note - These updates will not change any of the existing S3 API
functionality.
* api-change:``s3control``: [``botocore``] Introduce Amazon S3 Access Grants, a new S3 access
control feature that maps identities in directories such as Active Directory, or AWS Identity and
Access Management (IAM) Principals, to datasets in S3.
* api-change:``secretsmanager``: [``botocore``] AWS Secrets Manager has released the
BatchGetSecretValue API, which allows customers to fetch up to 20 Secrets with a single request
using a list of secret names or filters.
* api-change:``securityhub``: [``botocore``] Adds and updates APIs to support customizable security
controls. This feature allows Security Hub customers to provide custom parameters for security
controls. With this release, findings for controls that support custom parameters will include the
parameters used to generate the findings.
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``transcribe``: [``botocore``] This release adds support for transcriptions from audio
sources in 64 new languages and introduces generative call summarization in Transcribe Call
Analytics (Post call)
* api-change:``workspaces-thin-client``: [``botocore``] Initial release of Amazon WorkSpaces Thin
Client
* api-change:``workspaces``: [``botocore``] The release introduces Multi-Region Resilience one-way
data replication that allows you to replicate data from your primary WorkSpace to a standby
WorkSpace in another AWS Region. DescribeWorkspaces now returns the status of data replication.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- Update BuildRequires and Requires from setup.py
- Update to 1.29.6:
* bugfix:sqs: [``botocore``] Rolled back recent change to wire format protocol
* api-change:``kinesis``: [``botocore``] This release adds support for resource based policies on
streams and consumers.
* api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations now manages buckets or
prefixes in a single step.
* api-change:``sagemaker``: [``botocore``] This feature adds the end user license agreement status
as a model access configuration parameter.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.29.5
* api-change:``cloudfront-keyvaluestore``: [``botocore``] This release adds support for CloudFront
KeyValueStore, a globally managed key value datastore associated with CloudFront Functions.
* api-change:``cloudfront``: [``botocore``] This release adds support for CloudFront KeyValueStore,
a globally managed key value datastore associated with CloudFront Functions.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``inspector-scan``: [``botocore``] This release adds support for the new Amazon
Inspector Scan API. The new Inspector Scan API can synchronously scan SBOMs adhering to the
CycloneDX v1.5 format.
* api-change:``iotsitewise``: [``botocore``] Adds 1/ user-defined unique identifier for asset and
model metadata, 2/ asset model components, and 3/ query API for asset metadata and telemetry data.
Supports 4/ multi variate anomaly detection using Amazon Lookout for Equipment, 5/ warm storage
tier, and 6/ buffered ingestion of time series data.
* api-change:``iottwinmaker``: [``botocore``] This release adds following support. 1. New APIs for
metadata bulk operations. 2. Modify the component type API to support composite component types -
nesting component types within one another. 3. New list APIs for components and properties. 4.
Support the larger scope digital twin modeling.
* api-change:``s3``: [``botocore``] Add support for automatic date based partitioning in S3 Server
Access Logs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.29.4
* enhancement:IMDS: [``botocore``] Adds a config option to opt out of IMDSv1 fallback
* api-change:``codestar-connections``: [``botocore``] This release updates a few CodeStar
Connections related APIs.
* api-change:``docdb``: [``botocore``] Amazon DocumentDB updates for new cluster storage
configuration: Amazon DocumentDB I/O-Optimized.
* api-change:``ec2``: [``botocore``] This release adds support for Security group referencing over
Transit gateways, enabling you to simplify Security group management and control of
instance-to-instance traffic across VPCs that are connected by Transit gateway.
- from version 1.29.3
* api-change:``macie``: [``botocore``] The macie client has been removed following the deprecation
of the service.
* api-change:``appmesh``: [``botocore``] Change the default value of these fields from 0 to null:
MaxConnections, MaxPendingRequests, MaxRequests, HealthCheckThreshold, PortNumber, and
HealthCheckPolicy -> port. Users are not expected to perceive the change, except that
badRequestException is thrown when required fields missing configured.
* api-change:``athena``: [``botocore``] Adding SerivicePreProcessing time metric
* api-change:``cloud9``: [``botocore``] A minor doc only update related to changing the date of an
API change.
* api-change:``cloudformation``: [``botocore``] This release adds a new flag
ImportExistingResources to CreateChangeSet. Specify this parameter on a CREATE- or UPDATE-type
change set to import existing resources with custom names instead of recreating them.
* api-change:``codepipeline``: [``botocore``] CodePipeline now supports overriding source revisions
to achieve manual re-deploy of a past revision
* api-change:``codestar-connections``: [``botocore``] This release adds support for the
CloudFormation Git sync feature. Git sync enables updating a CloudFormation stack from a template
stored in a Git repository.
* api-change:``connect``: [``botocore``] This release adds WISDOM_QUICK_RESPONSES as new
IntegrationType of Connect IntegrationAssociation resource and bug fixes.
* api-change:``dlm``: [``botocore``] Added support for SAP HANA in Amazon Data Lifecycle Manager
EBS snapshot lifecycle policies with pre and post scripts.
* api-change:``ec2``: [``botocore``] This release adds new features for Amazon VPC IP Address
Manager (IPAM) Allowing a choice between Free and Advanced Tiers, viewing public IP address
insights across regions and in Amazon Cloudwatch, use IPAM to plan your subnet IPs within a VPC and
bring your own autonomous system number to IPAM.
* api-change:``ecr``: [``botocore``] Documentation and operational updates for Amazon ECR, adding
support for pull through cache rules for upstream registries that require authentication.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``internetmonitor``: [``botocore``] Adds new querying capabilities for running data
queries on a monitor
* api-change:``ivs``: [``botocore``] type & defaulting refinement to various range properties
* api-change:``ivschat``: [``botocore``] type & defaulting refinement to various range properties
* api-change:``kinesisvideo``: [``botocore``] Docs only build to bring up-to-date with public docs.
* api-change:``location``: [``botocore``] Remove default value and allow nullable for request
parameters having minimum value larger than zero.
* api-change:``medialive``: [``botocore``] MediaLive has now added support for per-output static
image overlay.
* api-change:``mgn``: [``botocore``] Removed invalid and unnecessary default values.
* api-change:``osis``: [``botocore``] Add support for enabling a persistent buffer when creating or
updating an OpenSearch Ingestion pipeline. Add tags to Pipeline and PipelineSummary response models.
* api-change:``pipes``: [``botocore``] TargetParameters now properly supports
BatchJobParameters.ArrayProperties.Size and BatchJobParameters.RetryStrategy.Attempts being
optional, and EcsTaskParameters.Overrides.EphemeralStorage.SizeInGiB now properly required when
setting EphemeralStorage
* api-change:``rds``: [``botocore``] This release adds support for option groups and replica
enhancements to Amazon RDS Custom.
* api-change:``redshift-serverless``: [``botocore``] Updated SDK for Amazon Redshift Serverless,
which provides the ability to configure a connection with IAM Identity Center to manage user and
group access to databases.
* api-change:``redshift``: [``botocore``] Updated SDK for Amazon Redshift, which you can use to
configure a connection with IAM Identity Center to manage access to databases. With these, you can
create a connection through a managed application. You can also change a managed application,
delete it, or get information about an existing one.
* api-change:``s3``: [``botocore``] Removes all default 0 values for numbers and false values for
booleans
* api-change:``sso-admin``: [``botocore``] Improves support for configuring RefreshToken and
TokenExchange grants on applications.
* api-change:``sso-oidc``: [``botocore``] Adding support for `sso-oauth:CreateTokenWithIAM`.
* api-change:``sts``: [``botocore``] API updates for the AWS Security Token Service
* api-change:``trustedadvisor``: [``botocore``] AWS Trusted Advisor introduces new APIs to enable
you to programmatically access Trusted Advisor best practice checks, recommendations, and
prioritized recommendations. Trusted Advisor APIs enable you to integrate Trusted Advisor with your
operational tools to automate your workloads.
* api-change:``verifiedpermissions``: [``botocore``] Adding BatchIsAuthorized API which supports
multiple authorization requests against a PolicyStore
* api-change:``wisdom``: [``botocore``] This release adds QuickResponse as a new Wisdom resource
and Wisdom APIs for import, create, read, search, update and delete QuickResponse resources.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.29.2
* api-change:``codecatalyst``: [``botocore``] This release includes updates to the Dev Environment
APIs to include an optional vpcConnectionName parameter that supports using Dev Environments with
Amazon VPC.
* api-change:``dlm``: [``botocore``] This release adds support for Amazon Data Lifecycle Manager
default policies for EBS snapshots and EBS-backed AMIs.
* api-change:``ec2``: [``botocore``] Enable use of tenant-specific PublicSigningKeyUrl from device
trust providers and onboard jumpcloud as a new device trust provider.
* api-change:``fsx``: [``botocore``] Enables customers to update their PerUnitStorageThroughput on
their Lustre file systems.
* api-change:``glue``: [``botocore``] Introduces new column statistics APIs to support statistics
generation for tables within the Glue Data Catalog.
* api-change:``imagebuilder``: [``botocore``] This release adds the Image Lifecycle Management
feature to automate the process of deprecating, disabling and deleting outdated images and their
associated resources.
* api-change:``iot``: [``botocore``] GA release the ability to index and search devices based on
their GeoLocation data. With GeoQueries you can narrow your search to retrieve devices located in
the desired geographic boundary.
* api-change:``ivs-realtime``: [``botocore``] This release introduces server side composition and
recording for stages.
* api-change:``kafka``: [``botocore``] Added a new API response field which determines if there is
an action required from the customer regarding their cluster.
* api-change:``lambda``: [``botocore``] Adds support for logging configuration in Lambda Functions.
Customers will have more control how their function logs are captured and to which cloud watch log
group they are delivered also.
* api-change:``macie2``: [``botocore``] This release adds support for configuring Macie to assume
an IAM role when retrieving sample occurrences of sensitive data reported by findings.
* api-change:``mediapackage``: [``botocore``] DRM_TOP_LEVEL_COMPACT allows placing content
protection elements at the MPD level and referenced at the AdaptationSet level
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] Amazon Pinpoint now offers additional
operations as part of version 2 of the SMS and voice APIs. This release includes 26 new APIs to
create and manage phone number registrations, add verified destination numbers, and request sender
IDs.
* api-change:``polly``: [``botocore``] Add new engine - long-form - dedicated for longer content,
such as news articles, training materials, or marketing videos.
* api-change:``quicksight``: [``botocore``] Custom permission support for QuickSight roles; Three
new datasources STARBURST, TRINO, BIGQUERY; Lenient mode changes the default behavior to allow for
exporting and importing with certain UI allowed errors, Support for permissions and tags export and
import.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Studio now supports Trainium instance
types - trn1.2xlarge, trn1.32xlarge, trn1n.32xlarge.
* api-change:``ssm-incidents``: [``botocore``] Introduces new APIs ListIncidentFindings and
BatchGetIncidentFindings to use findings related to an incident.
* api-change:``ssm``: [``botocore``] This release introduces the ability to filter automation
execution steps which have parent steps. In addition, runbook variable information is returned by
GetAutomationExecution and parent step information is returned by the
DescribeAutomationStepExecutions API.
* api-change:``sso-admin``: [``botocore``] Instances bound to a single AWS account, API operations
for managing instances and applications, and assignments to applications are now supported. Trusted
identity propagation is also supported, with new API operations for managing trusted token issuers
and application grants and scopes.
* api-change:``transfer``: [``botocore``] Introduced S3StorageOptions for servers to enable
directory listing optimizations and added Type fields to logical directory mappings.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.29.1
* enhancement:Package Size: [``botocore``] The botocore .whl file distributed on PyPI now provides
compressed service models to improve total size on disk.
* api-change:``autoscaling``: [``botocore``] This release introduces Instance Maintenance Policy, a
new EC2 Auto Scaling capability that allows customers to define whether instances are launched
before or after existing instances are terminated during instance replacement operations.
* api-change:``cloudtrail``: [``botocore``] The Lake Repricing feature lets customers configure a
BillingMode for an event data store. The BillingMode determines the cost for ingesting and storing
events and the default and maximum retention period for the event data store.
* api-change:``codecatalyst``: [``botocore``] This release adds functionality for retrieving
information about workflows and workflow runs and starting workflow runs in Amazon CodeCatalyst.
* api-change:``ec2``: [``botocore``] AWS EBS now supports Snapshot Lock, giving users the ability
to lock an EBS Snapshot to prohibit deletion of the snapshot. This release introduces the
LockSnapshot, UnlockSnapshot & DescribeLockedSnapshots APIs to manage lock configuration for
snapshots. The release also includes the dl2q_24xlarge.
* api-change:``finspace-data``: [``botocore``] Adding deprecated trait to APIs in this name space.
* api-change:``finspace``: [``botocore``] Adding deprecated trait on Dataset Browser Environment
APIs
* api-change:``lambda``: [``botocore``] Add Java 21 (java21) support to AWS Lambda
* api-change:``mwaa``: [``botocore``] This Amazon MWAA release adds support for customer-managed
VPC endpoints. This lets you choose whether to create, and manage your environment's VPC endpoints,
or to have Amazon MWAA create, and manage them for you.
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for support for upgrading RDS
for MySQL snapshots from version 5.7 to version 8.0.
* api-change:``redshift``: [``botocore``] The custom domain name SDK for Amazon Redshift
provisioned clusters is updated with additional required parameters for modify and delete
operations. Additionally, users can provide domain names with longer top-level domains.
* api-change:``s3control``: [``botocore``] Add 5 APIs to create, update, get, list, delete S3
Storage Lens group(eg. CreateStorageLensGroup), 3 APIs for
tagging(TagResource,UntagResource,ListTagsForResource), and update to StorageLensConfiguration to
allow metrics to be aggregated on Storage Lens groups.
* api-change:``ssm-sap``: [``botocore``] Update the default value of MaxResult to 50.
- from version 1.29.0
* feature:ContainerProvider: [``botocore``] Added Support for EKS container credentials
* api-change:``backup``: [``botocore``] AWS Backup - Features: Provide Job Summary for your backup
activity.
* api-change:``cleanrooms``: [``botocore``] This feature provides the ability for the collaboration
creator to configure either the member who can run queries or a different member in the
collaboration to be billed for query compute costs.
* api-change:``connect``: [``botocore``] Introducing SegmentAttributes parameter for
StartChatContact API
* api-change:``glue``: [``botocore``] Introduces new storage optimization APIs to support automatic
compaction of Apache Iceberg tables.
* api-change:``iot``: [``botocore``] This release introduces new attributes in API
CreateSecurityProfile, UpdateSecurityProfile and DescribeSecurityProfile to support management of
Metrics Export for AWS IoT Device Defender Detect.
* api-change:``lambda``: [``botocore``] Add Python 3.12 (python3.12) support to AWS Lambda
* api-change:``mediatailor``: [``botocore``] Removed unnecessary default values.
* api-change:``pipes``: [``botocore``] Added support (via new LogConfiguration field in CreatePipe
and UpdatePipe APIs) for logging to Amazon CloudWatch Logs, Amazon Simple Storage Service (Amazon
S3), and Amazon Kinesis Data Firehose
* api-change:``resource-explorer-2``: [``botocore``] Resource Explorer supports multi-account
search. You can now use Resource Explorer to search and discover resources across AWS accounts
within your organization or organizational unit.
* api-change:``sagemaker``: [``botocore``] This release makes Model Registry Inference
Specification fields as not required.
* api-change:``signer``: [``botocore``] Documentation updates for AWS Signer
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.85
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.19.12
* api-change:``dataexchange``: [``botocore``] Removed Required trait for
DataSet.OriginDetails.ProductId.
* api-change:``dms``: [``botocore``] Added new Db2 LUW Target endpoint with related endpoint
settings. New executeTimeout endpoint setting for mysql endpoint. New ReplicationDeprovisionTime
field for serverless describe-replications.
* api-change:``ec2``: [``botocore``] Adds the new EC2 DescribeInstanceTopology API, which you can
use to retrieve the network topology of your running instances on select platform types to
determine their relative proximity to each other.
* api-change:``ecs``: [``botocore``] Adds a Client Token parameter to the ECS RunTask API. The
Client Token parameter allows for idempotent RunTask requests.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``servicecatalog-appregistry``: [``botocore``] When the customer associates a resource
collection to their application with this new feature, then a new application tag will be applied
to all supported resources that are part of that collection. This allows customers to more easily
find the application that is associated with those resources.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.84
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.19.10
* api-change:``controltower``: [``botocore``] AWS Control Tower supports tagging for enabled
controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage
tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time.
* api-change:``cur``: [``botocore``] This release adds support for tagging and customers can now
tag report definitions. Additionally, ReportStatus is now added to report definition to show when
the last delivered time stamp and if it succeeded or not.
* api-change:``ec2``: [``botocore``] EC2 adds API updates to enable ENA Express at instance launch
time.
* api-change:``fms``: [``botocore``] Adds optimizeUnassociatedWebACL flag to ManagedServiceData,
updates third-party firewall examples, and other minor documentation updates.
* api-change:``marketplace-entitlement``: [``botocore``] Update marketplace-entitlement client to
latest version
* api-change:``mediaconvert``: [``botocore``] This release includes the ability to specify any
input source as the primary input for corresponding follow modes, and allows users to specify fit
and fill behaviors without resizing content.
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for zero-ETL integrations.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.83
* api-change:``cloudformation``: [``botocore``] Added new ConcurrencyMode feature for AWS
CloudFormation StackSets for faster deployments to target accounts.
* api-change:``cloudtrail``: [``botocore``] The Insights in Lake feature lets customers enable
CloudTrail Insights on a source CloudTrail Lake event data store and create a destination event
data store to collect Insights events based on unusual management event activity in the source
event data store.
* api-change:``comprehend``: [``botocore``] This release adds support for toxicity detection and
prompt safety classification.
* api-change:``connect``: [``botocore``] This release adds the ability to integrate customer lambda
functions with Connect attachments for scanning and updates the ListIntegrationAssociations API to
support filtering on IntegrationArn.
* api-change:``ec2``: [``botocore``] AWS EBS now supports Block Public Access for EBS Snapshots.
This release introduces the EnableSnapshotBlockPublicAccess, DisableSnapshotBlockPublicAccess and
GetSnapshotBlockPublicAccessState APIs to manage account-level public access settings for EBS
Snapshots in an AWS Region.
* api-change:``eks``: [``botocore``] Adding EKS Anywhere subscription related operations.
* api-change:``lambda``: [``botocore``] Add Custom runtime on Amazon Linux 2023 (provided.al2023)
support to AWS Lambda.
* api-change:``logs``: [``botocore``] Update to support new APIs for delivery of logs from AWS
services.
* api-change:``omics``: [``botocore``] Support UBAM filetype for Omics Storage and make
referenceArn optional
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.82
* api-change:``sqs``: [``botocore``] This release enables customers to call SQS using AWS JSON-1.0
protocol and bug fix.
- from version 1.28.81
* api-change:``connect``: [``botocore``] This release clarifies in our public documentation that
InstanceId is a requirement for SearchUsers API requests.
* api-change:``connectcases``: [``botocore``] This release adds the ability to add/view comment
authors through CreateRelatedItem and SearchRelatedItems API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``datasync``: [``botocore``] This change allows for 0 length access keys and secret
keys for object storage locations. Users can now pass in empty string credentials.
* api-change:``guardduty``: [``botocore``] Added API support for new GuardDuty EKS Audit Log
finding types.
* api-change:``lambda``: [``botocore``] Add Node 20 (nodejs20.x) support to AWS Lambda.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``omics``: [``botocore``] Adding Run UUID and Run Output URI: GetRun and StartRun API
response has two new fields "uuid" and "runOutputUri".
* api-change:``rds``: [``botocore``] This Amazon RDS release adds support for patching the OS of an
RDS Custom for Oracle DB instance. You can now upgrade the database or operating system using the
modify-db-instance command.
* api-change:``redshift-serverless``: [``botocore``] Added a new parameter in the workgroup that
helps you control your cost for compute resources. This feature provides a ceiling for RPUs that
Amazon Redshift Serverless can scale up to. When automatic compute scaling is required, having a
higher value for MaxRPU can enhance query throughput.
* api-change:``resiliencehub``: [``botocore``] AWS Resilience Hub enhances Resiliency Score,
providing actionable recommendations to improve application resilience. Amazon Elastic Kubernetes
Service (EKS) operational recommendations have been added to help improve the resilience posture of
your applications.
* api-change:``sqs``: [``botocore``] This release enables customers to call SQS using AWS JSON-1.0
protocol.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.80
* api-change:``dataexchange``: [``botocore``] Updated SendDataSetNotificationRequest Comment to be
maximum length 4096.
* api-change:``dlm``: [``botocore``] Added support for pre and post scripts in Amazon Data
Lifecycle Manager EBS snapshot lifecycle policies.
* api-change:``rds``: [``botocore``] This Amazon RDS release adds support for the multi-tenant
configuration. In this configuration, an RDS DB instance can contain multiple tenant databases. In
RDS for Oracle, a tenant database is a pluggable database (PDB).
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.79
* api-change:``ce``: [``botocore``] This release extends the GetReservationPurchaseRecommendation
API to support recommendations for Amazon MemoryDB reservations.
* api-change:``codebuild``: [``botocore``] AWS CodeBuild now supports AWS Lambda compute.
* api-change:``connect``: [``botocore``] Added new API that allows Amazon Connect Outbound
Campaigns to create contacts in Amazon Connect when ingesting your dial requests.
* api-change:``docdb``: [``botocore``] Update the input of CreateDBInstance and ModifyDBInstance to
support setting CA Certificates. Update the output of DescribeDBInstance and
DescribeDBEngineVersions to show current and supported CA certificates.
* api-change:``iam``: [``botocore``] Add partitional endpoint for iso-e.
* api-change:``mwaa``: [``botocore``] This release adds support for Apache Airflow version 2.7.2.
This version release includes support for deferrable operators and triggers.
* api-change:``polly``: [``botocore``] Amazon Polly adds new US English voices - Danielle and
Gregory. Danielle and Gregory are available as Neural voices only.
* api-change:``route53``: [``botocore``] Add partitional endpoints for iso-e and iso-f.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.78
* api-change:``config``: [``botocore``] Updated ResourceType enum with new resource types onboarded
by AWS Config in October 2023.
* api-change:``connect``: [``botocore``] Amazon Connect Chat introduces Create Persistent Contact
Association API, allowing customers to choose when to resume previous conversations from previous
chats, eliminating the need to repeat themselves and allowing agents to provide personalized
service with access to entire conversation history.
* api-change:``iotwireless``: [``botocore``] Added LoRaWAN version 1.0.4 support
* api-change:``launch-wizard``: [``botocore``] AWS Launch Wizard is a service that helps reduce the
time it takes to deploy applications to the cloud while providing a guided deployment experience.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.77
* api-change:``apprunner``: [``botocore``] AWS App Runner now supports using dual-stack address
type for the public endpoint of your incoming traffic.
* api-change:``connect``: [``botocore``] GetMetricDataV2 API: Update to include new metrics
PERCENT_NON_TALK_TIME, PERCENT_TALK_TIME, PERCENT_TALK_TIME_AGENT, PERCENT_TALK_TIME_CUSTOMER
* api-change:``gamelift``: [``botocore``] Amazon GameLift adds support for shared credentials,
which allows applications that are deployed on managed EC2 fleets to interact with other AWS
resources.
* api-change:``glue``: [``botocore``] This release introduces Google BigQuery Source and Target in
AWS Glue CodeGenConfigurationNode.
* api-change:``network-firewall``: [``botocore``] This release introduces the stateless rule
analyzer, which enables you to analyze your stateless rules for asymmetric routing.
* api-change:``quicksight``: [``botocore``] This release introduces Float Decimal Type as SubType
in QuickSight SPICE datasets and Custom week start and Custom timezone options in Analysis and
Dashboard
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.76
* api-change:``connect``: [``botocore``] Adds the BatchGetFlowAssociation API which returns flow
associations (flow-resource) corresponding to the list of resourceArns supplied in the request.
This release also adds IsDefault, LastModifiedRegion and LastModifiedTime fields to the responses
of several Describe and List APIs.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now support accelerators with
cross account endpoints.
* api-change:``rds``: [``botocore``] This release adds support for customized networking resources
to Amazon RDS Custom.
* api-change:``redshift``: [``botocore``] Added support for Multi-AZ deployments for Provisioned
RA3 clusters that provide 99.99% SLA availability.
* api-change:``sagemaker``: [``botocore``] Support for batch transform input in Model dashboard
- from version 1.28.75
* api-change:``amplify``: [``botocore``] Add backend field to CreateBranch and UpdateBranch
requests. Add pagination support for ListApps, ListDomainAssociations, ListBranches, and ListJobs
* api-change:``application-insights``: [``botocore``] Automate attaching managed policies
* api-change:``ec2``: [``botocore``] Capacity Blocks for ML are a new EC2 purchasing option for
reserving GPU instances on a future date to support short duration machine learning (ML) workloads.
Capacity Blocks automatically place instances close together inside Amazon EC2 UltraClusters for
low-latency, high-throughput networking.
* api-change:``m2``: [``botocore``] Added name filter ability for ListDataSets API, added
ForceUpdate for Updating environment and BatchJob submission using S3BatchJobIdentifier
* api-change:``neptunedata``: [``botocore``] Minor change to not retry CancelledByUserException
* api-change:``translate``: [``botocore``] Added support for Brevity translation settings feature.
- from version 1.28.74
* api-change:``connect``: [``botocore``] This release adds InstanceId field for phone number APIs.
* api-change:``dataexchange``: [``botocore``] We added a new API action: SendDataSetNotification.
* api-change:``datasync``: [``botocore``] Platform version changes to support AL1 deprecation
initiative.
* api-change:``finspace``: [``botocore``] Introducing new API UpdateKxClusterCodeConfiguration,
introducing new cache types for clusters and introducing new deployment modes for updating clusters.
* api-change:``mediapackagev2``: [``botocore``] This feature allows customers to create a
combination of manifest filtering, startover and time delay configuration that applies to all
egress requests by default.
* api-change:``rds``: [``botocore``] This release launches the CreateIntegration,
DeleteIntegration, and DescribeIntegrations APIs to manage zero-ETL Integrations.
* api-change:``redshift-serverless``: [``botocore``] Added support for custom domain names for
Amazon Redshift Serverless workgroups. This feature enables customers to create a custom domain
name and use ACM to generate fully secure connections to it.
* api-change:``resiliencehub``: [``botocore``] Introduced the ability to filter applications by
their last assessment date and time and have included metrics for the application's estimated
workload Recovery Time Objective (RTO) and estimated workload Recovery Point Objective (RPO).
* api-change:``s3outposts``: [``botocore``] Updated ListOutpostsWithS3 API response to include
S3OutpostArn for use with AWS RAM.
* api-change:``wisdom``: [``botocore``] This release added necessary API documents on creating a
Wisdom knowledge base to integrate with S3.
- from version 1.28.73
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``neptune``: [``botocore``] Update TdeCredentialPassword type to SensitiveString
* api-change:``pinpoint``: [``botocore``] Updated documentation to describe the case insensitivity
for EndpointIds.
* api-change:``redshift``: [``botocore``] added support to create a dual stack cluster
* api-change:``wafv2``: [``botocore``] Updates the descriptions for the calls that manage web ACL
associations, to provide information for customer-managed IAM policies.
- from version 1.28.72
* api-change:``appstream``: [``botocore``] This release introduces multi-session fleets, allowing
customers to provision more than one user session on a single fleet instance.
* api-change:``ec2``: [``botocore``] Launching GetSecurityGroupsForVpc API. This API gets security
groups that can be associated by the AWS account making the request with network interfaces in the
specified VPC.
* api-change:``network-firewall``: [``botocore``] Network Firewall now supports inspection of
outbound SSL/TLS traffic.
* api-change:``opensearch``: [``botocore``] You can specify ipv4 or dualstack IPAddressType for
cluster endpoints. If you specify IPAddressType as dualstack, the new endpoint will be visible
under the 'EndpointV2' parameter and will support IPv4 and IPv6 requests. Whereas, the 'Endpoint'
will continue to serve IPv4 requests.
* api-change:``redshift``: [``botocore``] Add Redshift APIs GetResourcePolicy,
DeleteResourcePolicy, PutResourcePolicy and DescribeInboundIntegrations for the new Amazon Redshift
Zero-ETL integration feature, which can be used to control data ingress into Redshift namespace,
and view inbound integrations.
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Autopilot now supports Text Generation
jobs.
* api-change:``sns``: [``botocore``] Message Archiving and Replay is now supported in Amazon SNS
for FIFO topics.
* api-change:``ssm-sap``: [``botocore``] AWS Systems Manager for SAP added support for registration
and discovery of SAP ABAP applications
* api-change:``transfer``: [``botocore``] No API changes from previous release. This release
migrated the model to Smithy keeping all features unchanged.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.28.71
* enhancement:Configuration: [``botocore``] Adds client context params support to ``Config``.
* api-change:``connectcases``: [``botocore``] Increase maximum length of CommentBody to 3000, and
increase maximum length of StringValue to 1500
* api-change:``groundstation``: [``botocore``] This release will allow KMS alias names to be used
when creating Mission Profiles
* api-change:``iam``: [``botocore``] Updates to GetAccessKeyLastUsed action to replace NoSuchEntity
error with AccessDeniedException error.
- from version 1.28.70
* api-change:``codepipeline``: [``botocore``] Add ability to trigger pipelines from git tags,
define variables at pipeline level and new pipeline type V2.
* api-change:``ec2``: [``botocore``] This release updates the documentation for
InstanceInterruptionBehavior and HibernationOptionsRequest to more accurately describe the behavior
of these two parameters when using Spot hibernation.
* api-change:``eks``: [``botocore``] Added support for Cluster Subnet and Security Group mutability.
* api-change:``iam``: [``botocore``] Add the partitional endpoint for IAM in iso-f.
* api-change:``migrationhub-config``: [``botocore``] This release introduces
DeleteHomeRegionControl API that customers can use to delete the Migration Hub Home Region
configuration
* api-change:``migrationhubstrategy``: [``botocore``] This release introduces multi-data-source
feature in Migration Hub Strategy Recommendations. This feature now supports vCenter as a data
source to fetch inventory in addition to ADS and Import from file workflow that is currently
supported with MHSR collector.
* api-change:``opensearchserverless``: [``botocore``] This release includes the following new APIs:
CreateLifecyclePolicy, UpdateLifecyclePolicy, BatchGetLifecyclePolicy, DeleteLifecyclePolicy,
ListLifecyclePolicies and BatchGetEffectiveLifecyclePolicy to support the data lifecycle management
feature.
- from version 1.28.69
* api-change:``marketplacecommerceanalytics``: [``botocore``] The StartSupportDataExport operation
has been deprecated as part of the Product Support Connection deprecation. As of December 2022,
Product Support Connection is no longer supported.
* api-change:``networkmanager``: [``botocore``] This release adds API support for Tunnel-less
Connect (NoEncap Protocol) for AWS Cloud WAN
* api-change:``redshift-serverless``: [``botocore``] This release adds support for customers to see
the patch version and workgroup version in Amazon Redshift Serverless.
* api-change:``rekognition``: [``botocore``] Amazon Rekognition introduces StartMediaAnalysisJob,
GetMediaAnalysisJob, and ListMediaAnalysisJobs operations to run a bulk analysis of images with a
Detect Moderation model.
- from version 1.28.68
* api-change:``appconfig``: [``botocore``] Update KmsKeyIdentifier constraints to support AWS KMS
multi-Region keys.
* api-change:``appintegrations``: [``botocore``] Updated ScheduleConfig to be an optional input to
CreateDataIntegration to support event driven downloading of files from sources such as Amazon s3
using Amazon Connect AppIntegrations.
* api-change:``connect``: [``botocore``] This release adds support for updating phone number
metadata, such as phone number description.
* api-change:``discovery``: [``botocore``] This release introduces three new APIs:
StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
* api-change:``medical-imaging``: [``botocore``] Updates on documentation links
* api-change:``ssm``: [``botocore``] This release introduces a new API: DeleteOpsItem. This allows
deletion of an OpsItem.
- from version 1.28.67
* api-change:``gamesparks``: [``botocore``] The gamesparks client has been removed following the
deprecation of the service.
* api-change:``ec2``: [``botocore``] Amazon EC2 C7a instances, powered by 4th generation AMD EPYC
processors, are ideal for high performance, compute-intensive workloads such as high performance
computing. Amazon EC2 R7i instances are next-generation memory optimized and powered by custom 4th
Generation Intel Xeon Scalable processors.
* api-change:``managedblockchain-query``: [``botocore``] This release adds support for Ethereum
Sepolia network
* api-change:``neptunedata``: [``botocore``] Doc changes to add IAM action mappings for the data
actions.
* api-change:``omics``: [``botocore``] This change enables customers to retrieve failure reasons
with detailed status messages for their failed runs
* api-change:``opensearch``: [``botocore``] Added Cluster Administrative options for node restart,
opensearch process restart and opensearch dashboard restart for Multi-AZ without standby domains
* api-change:``quicksight``: [``botocore``] This release adds the following: 1) Trino and Starburst
Database Connectors 2) Custom total for tables and pivot tables 3) Enable restricted folders 4) Add
rolling dates for time equality filters 5) Refine DataPathValue and introduce DataPathType 6) Add
SeriesType to ReferenceLineDataConfiguration
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``servicecatalog``: [``botocore``] Introduce support for EXTERNAL product and
provisioning artifact type in CreateProduct and CreateProvisioningArtifact APIs.
* api-change:``verifiedpermissions``: [``botocore``] Improving Amazon Verified Permissions Create
experience
* api-change:``workspaces``: [``botocore``] Documentation updates for WorkSpaces
- from version 1.28.66
* api-change:``cloud9``: [``botocore``] Update to imageId parameter behavior and dates updated.
* api-change:``dynamodb``: [``botocore``] Updating descriptions for several APIs.
* api-change:``kendra``: [``botocore``] Changes for a new feature in Amazon Kendra's Query API to
Collapse/Expand query results
* api-change:``rds``: [``botocore``] This release adds support for upgrading the storage file
system configuration on the DB instance using a blue/green deployment or a read replica.
* api-change:``wisdom``: [``botocore``] This release adds an max limit of 25 recommendation ids for
NotifyRecommendationsReceived API.
- from version 1.28.65
* api-change:``codepipeline``: [``botocore``] Add retryMode ALL_ACTIONS to RetryStageExecution API
that retries a failed stage starting from first action in the stage
* api-change:``discovery``: [``botocore``] This release introduces three new APIs:
StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
* api-change:``ecs``: [``botocore``] Documentation only updates to address Amazon ECS tickets.
* api-change:``globalaccelerator``: [``botocore``] Fixed error where
ListCustomRoutingEndpointGroups did not have a paginator
* api-change:``guardduty``: [``botocore``] Add domainWithSuffix finding field to dnsRequestAction
* api-change:``kafka``: [``botocore``] AWS Managed Streaming for Kafka is launching MSK Replicator,
a new feature that enables customers to reliably replicate data across Amazon MSK clusters in same
or different AWS regions. You can now use SDK to create, list, describe, delete, update, and manage
tags of MSK Replicators.
* api-change:``route53-recovery-cluster``: [``botocore``] Adds Owner field to ListRoutingControls
API.
* api-change:``route53-recovery-control-config``: [``botocore``] Adds permissions for
GetResourcePolicy to support returning details about AWS Resource Access Manager resource policies
for shared resources.
- from version 1.28.64
* api-change:``cloudformation``: [``botocore``] SDK and documentation updates for
UpdateReplacePolicy
* api-change:``drs``: [``botocore``] Updated exsiting API to allow AWS Elastic Disaster Recovery
support of launching recovery into existing EC2 instances.
* api-change:``entityresolution``: [``botocore``] This launch expands our matching techniques to
include provider-based matching to help customer match, link, and enhance records with minimal data
movement. With data service providers, we have removed the need for customers to build bespoke
integrations,.
* api-change:``managedblockchain-query``: [``botocore``] This release introduces two new APIs:
GetAssetContract and ListAssetContracts. This release also adds support for Bitcoin Testnet.
* api-change:``mediapackagev2``: [``botocore``] This release allows customers to manage
MediaPackage v2 resource using CloudFormation.
* api-change:``opensearch``: [``botocore``] This release allows customers to list and associate
optional plugin packages with compatible Amazon OpenSearch Service clusters for enhanced
functionality.
* api-change:``redshift-serverless``: [``botocore``] Added support for managing credentials of
serverless namespace admin using AWS Secrets Manager.
* api-change:``redshift``: [``botocore``] Added support for managing credentials of provisioned
cluster admin using AWS Secrets Manager.
* api-change:``sesv2``: [``botocore``] This release provides enhanced visibility into your SES
identity verification status. This will offer you more actionable insights, enabling you to
promptly address any verification-related issues.
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
* api-change:``xray``: [``botocore``] This releases enhances GetTraceSummaries API to support new
TimeRangeType Service to query trace summaries by segment end time.
- from version 1.28.63
* api-change:``auditmanager``: [``botocore``] This release introduces a new limit to the
awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS
accounts that can be specified in the assessment scope.
* api-change:``autoscaling``: [``botocore``] Update the NotificationMetadata field to only allow
visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and
DescribeLoadBalancerTargetGroups
* api-change:``config``: [``botocore``] Add enums for resource types supported by Config
* api-change:``controltower``: [``botocore``] Added new EnabledControl resource details to
ListEnabledControls API and added new GetEnabledControl API.
* api-change:``customer-profiles``: [``botocore``] Adds sensitive trait to various shapes in
Customer Profiles Calculated Attribute API model.
* api-change:``ec2``: [``botocore``] This release adds Ubuntu Pro as a supported platform for
On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to
disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new
EC2 instance launches from it.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``glue``: [``botocore``] Extending version control support to GitLab and Bitbucket
from AWSGlue
* api-change:``inspector2``: [``botocore``] Add MacOs ec2 platform support
* api-change:``ivs-realtime``: [``botocore``] Update GetParticipant to return additional metadata.
* api-change:``lambda``: [``botocore``] Adds support for Lambda functions to access Dual-Stack
subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
* api-change:``location``: [``botocore``] This release adds endpoint updates for all AWS Location
resource operations.
* api-change:``machinelearning``: [``botocore``] This release marks Password field as sensitive
* api-change:``pricing``: [``botocore``] Documentation updates for Price List
* api-change:``rds``: [``botocore``] This release adds support for adding a dedicated log volume to
open-source RDS instances.
* api-change:``rekognition``: [``botocore``] Amazon Rekognition introduces support for Custom
Moderation. This allows the enhancement of accuracy for detect moderation labels operations by
creating custom adapters tuned on customer data.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds KendraSettings and
DirectDeploySettings support for CanvasAppSettings
* api-change:``textract``: [``botocore``] This release adds 9 new APIs for adapter and adapter
version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis
API parameters for using adapters.
* api-change:``transcribe``: [``botocore``] This release is to enable m4a format to customers
* api-change:``workspaces``: [``botocore``] Updated the CreateWorkspaces action documentation to
clarify that the PCoIP protocol is only available for Windows bundles.
- from version 1.28.62
* enhancement:Dependencies: [``botocore``] Add support for urllib3 2.0 for Python 3.10+
* api-change:``ec2``: [``botocore``] Documentation updates for Elastic Compute Cloud (EC2).
* api-change:``fsx``: [``botocore``] After performing steps to repair the Active Directory
configuration of a file system, use this action to initiate the process of attempting to recover to
the file system.
* api-change:``marketplace-catalog``: [``botocore``] This release adds support for Document type as
an alternative for stringified JSON for StartChangeSet, DescribeChangeSet and DescribeEntity APIs
* api-change:``quicksight``: [``botocore``] NullOption in FilterListConfiguration; Dataset
schema/table max length increased; Support total placement for pivot table visual; Lenient mode
relaxes the validation to create resources with definition; Data sources can be added to folders;
Redshift data sources support IAM Role-based authentication
* api-change:``transfer``: [``botocore``] This release updates the max character limit of
PreAuthenticationLoginBanner and PostAuthenticationLoginBanner to 4096 characters
- Update BuildRequires and Requires from setup.py
- Update to 1.31.61:
* api-change:``omics``: [``botocore``] Add Etag Support for Omics Storage in ListReadSets and
GetReadSetMetadata API
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for corrections and minor
improvements.
* api-change:``route53``: [``botocore``] Add hostedzonetype filter to ListHostedZones API.
* api-change:``securityhub``: [``botocore``] Added new resource detail objects to ASFF, including
resources for AwsEventsEventbus, AwsEventsEndpoint, AwsDmsEndpoint, AwsDmsReplicationTask,
AwsDmsReplicationInstance, AwsRoute53HostedZone, and AwsMskCluster
* api-change:``storagegateway``: [``botocore``] Add SoftwareVersion to response of
DescribeGatewayInformation.
* api-change:``workspaces``: [``botocore``] This release introduces Manage applications. This
feature allows users to manage their WorkSpaces applications by associating or disassociating their
WorkSpaces with applications. The DescribeWorkspaces API will now additionally return
OperatingSystemName in its responses.
- from version 1.28.60
* api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK)
encryption support for data saved to AppConfig's hosted configuration store.
* api-change:``datazone``: [``botocore``] Initial release of Amazon DataZone
* api-change:``mediatailor``: [``botocore``] Updates DescribeVodSource to include a list of ad
break opportunities in the response
* api-change:``mgn``: [``botocore``] This release includes the following new APIs: ListConnectors,
CreateConnector, UpdateConnector, DeleteConnector and UpdateSourceServer to support the source
action framework feature.
* api-change:``sagemaker``: [``botocore``] Adding support for AdditionalS3DataSource, a data source
used for training or inference that is in addition to the input dataset or model data.
- from version 1.28.59
* api-change:``connect``: [``botocore``] GetMetricDataV2 API: Update to include new metrics
CONTACTS_RESOLVED_IN_X , AVG_HOLD_TIME_ALL_CONTACTS , AVG_RESOLUTION_TIME , ABANDONMENT_RATE ,
AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS with added features: Interval Period, TimeZone, Negate
MetricFilters, Extended date time range.
* api-change:``location``: [``botocore``] Amazon Location Service adds support for bounding polygon
queries. Additionally, the GeofenceCount field has been added to the DescribeGeofenceCollection API
response.
* api-change:``mediaconvert``: [``botocore``] This release adds the ability to replace video frames
without modifying the audio essence.
* api-change:``oam``: [``botocore``] This release adds support for sharing
AWS::ApplicationInsights::Application resources.
* api-change:``sagemaker``: [``botocore``] This release allows users to run Selective Execution in
SageMaker Pipelines without SourcePipelineExecutionArn if selected steps do not have any dependent
steps.
* api-change:``wellarchitected``: [``botocore``] AWS Well-Architected now supports Review Templates
that allows you to create templates with pre-filled answers for Well-Architected and Custom Lens
best practices.
- from version 1.28.58
* api-change:``bedrock-runtime``: [``botocore``] Add model timeout exception for
InvokeModelWithResponseStream API and update validator for invoke model identifier.
* api-change:``bedrock``: [``botocore``] Provisioned throughput feature with Amazon and third-party
base models, and update validators for model identifier and taggable resource ARNs.
* api-change:``ec2``: [``botocore``] Introducing Amazon EC2 R7iz instances with 3.9 GHz sustained
all-core turbo frequency and deliver up to 20% better performance than previous generation z1d
instances.
* api-change:``managedblockchain``: [``botocore``] Remove Rinkeby as option from Ethereum APIs
* api-change:``rds``: [``botocore``] Adds DefaultCertificateForNewLaunches field in the
DescribeCertificates API response.
* api-change:``sso``: [``botocore``] Fix FIPS Endpoints in aws-us-gov.
* api-change:``sts``: [``botocore``] STS API updates for assumeRole
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.28.57
* api-change:``bedrock-runtime``: [``botocore``] Run Inference: Added support to run the inference
on models. Includes set of APIs for running inference in streaming and non-streaming mode.
* api-change:``bedrock``: [``botocore``] Model Invocation logging added to enable or disable logs
in customer account. Model listing and description support added. Provisioned Throughput feature
added. Custom model support added for creating custom models. Also includes list, and delete
functions for custom model.
* api-change:``budgets``: [``botocore``] Update DescribeBudgets and
DescribeBudgetNotificationsForAccount MaxResults limit to 1000.
* api-change:``ec2``: [``botocore``] Adds support for Customer Managed Key encryption for Amazon
Verified Access resources
* api-change:``iotfleetwise``: [``botocore``] AWS IoT FleetWise now supports encryption through a
customer managed AWS KMS key. The PutEncryptionConfiguration and GetEncryptionConfiguration APIs
were added.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Feature Store supports read/write
of records with collection type features.
* api-change:``sagemaker``: [``botocore``] Online store feature groups supports Standard and
InMemory tier storage types for low latency storage for real-time data retrieval. The InMemory tier
supports collection types List, Set, and Vector.
* api-change:``wafv2``: [``botocore``] Correct and improve the documentation for the FieldToMatch
option JA3 fingerprint.
- from version 1.28.56
* api-change:``cognito-idp``: [``botocore``] The UserPoolType Status field is no longer used.
* api-change:``firehose``: [``botocore``] Features : Adding support for new data ingestion source
to Kinesis Firehose - AWS Managed Services Kafka.
* api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Kafka Action Headers
* api-change:``textract``: [``botocore``] This release adds new feature - Layout to Analyze
Document API which can automatically extract layout elements such as titles, paragraphs, headers,
section headers, lists, page numbers, footers, table areas, key-value areas and figure areas and
order the elements as a human would read.
- from version 1.28.55
* api-change:``appintegrations``: [``botocore``] The Amazon AppIntegrations service adds a set of
APIs (in preview) to manage third party applications to be used in Amazon Connect agent workspace.
* api-change:``apprunner``: [``botocore``] This release allows an App Runner customer to specify a
custom source directory to run the build & start command. This change allows App Runner to support
monorepo based repositories
* api-change:``codedeploy``: [``botocore``] CodeDeploy now supports In-place and Blue/Green EC2
deployments with multiple Classic Load Balancers and multiple Target Groups.
* api-change:``connect``: [``botocore``] This release updates a set of Amazon Connect APIs that
provides the ability to integrate third party applications in the Amazon Connect agent workspace.
* api-change:``dynamodb``: [``botocore``] Amazon DynamoDB now supports Incremental Export as an
enhancement to the existing Export Table
* api-change:``ec2``: [``botocore``] The release includes AWS verified access to support FIPs
compliance in North America regions
* api-change:``lakeformation``: [``botocore``] This release adds three new API support
"CreateLakeFormationOptIn", "DeleteLakeFormationOptIn" and "ListLakeFormationOptIns", and also
updates the corresponding documentation.
* api-change:``pinpoint``: [``botocore``] Update documentation for RemoveAttributes to more
accurately reflect its behavior when attributes are deleted.
* api-change:``s3``: [``botocore``] This release adds a new field COMPLETED to the
ReplicationStatus Enum. You can now use this field to validate the replication status of S3 objects
using the AWS SDK.
- from version 1.28.54
* api-change:``amplifyuibuilder``: [``botocore``] Support for generating code that is compatible
with future versions of amplify project dependencies.
* api-change:``chime-sdk-media-pipelines``: [``botocore``] Adds support for sending WebRTC audio to
Amazon Kineses Video Streams.
* api-change:``emr-serverless``: [``botocore``] This release adds support for application-wide
default job configurations.
* api-change:``finspace-data``: [``botocore``] Adding sensitive trait to attributes. Change max
SessionDuration from 720 to 60. Correct "ApiAccess" attribute to "apiAccess" to maintain
consistency between APIs.
* api-change:``quicksight``: [``botocore``] Added ability to tag users upon creation.
* api-change:``ssm``: [``botocore``] This release updates the enum values for ResourceType in SSM
DescribeInstanceInformation input and ConnectionStatus in GetConnectionStatus output.
* api-change:``wafv2``: [``botocore``] You can now perform an exact match against the web request's
JA3 fingerprint.
- from version 1.28.53
* api-change:``braket``: [``botocore``] This release adds support to view the device queue depth
(the number of queued quantum tasks and hybrid jobs on a device) and queue position for a quantum
task and hybrid job.
* api-change:``dms``: [``botocore``] new vendors for DMS CSF: MongoDB, MariaDB, DocumentDb and
Redshift
* api-change:``ec2``: [``botocore``] EC2 M2 Pro Mac instances are powered by Apple M2 Pro Mac Mini
computers featuring 12 core CPU, 19 core GPU, 32 GiB of memory, and 16 core Apple Neural Engine and
uniquely enabled by the AWS Nitro System through high-speed Thunderbolt connections.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``guardduty``: [``botocore``] Add `EKS_CLUSTER_NAME` to filter and sort key.
* api-change:``mediaconvert``: [``botocore``] This release supports the creation of of audio-only
tracks in CMAF output groups.
- from version 1.28.52
* api-change:``appconfig``: [``botocore``] Enabling boto3 paginators for list APIs and adding
documentation around ServiceQuotaExceededException errors
* api-change:``apprunner``: [``botocore``] This release adds improvements for managing App Runner
auto scaling configuration resources. New APIs: UpdateDefaultAutoScalingConfiguration and
ListServicesForAutoScalingConfiguration. Updated API: DeleteAutoScalingConfiguration.
* api-change:``codeartifact``: [``botocore``] Add support for the Swift package format.
* api-change:``kinesisvideo``: [``botocore``] Updated DescribeMediaStorageConfiguration,
StartEdgeConfigurationUpdate, ImageGenerationConfiguration$SamplingInterval, and
UpdateMediaStorageConfiguration to match AWS Docs.
* api-change:``logs``: [``botocore``] Add ClientToken to QueryDefinition CFN Handler in CWL
* api-change:``s3``: [``botocore``] Fix an issue where the SDK can fail to unmarshall response due
to NumberFormatException
* api-change:``servicediscovery``: [``botocore``] Adds a new DiscoverInstancesRevision API and also
adds InstanceRevision field to the DiscoverInstances API response.
* api-change:``sso-oidc``: [``botocore``] Update FIPS endpoints in aws-us-gov.
- from version 1.28.51
* api-change:``ec2``: [``botocore``] This release adds support for C7i, and R7a instance types.
* api-change:``outposts``: [``botocore``] This release adds the InstanceFamilies field to the
ListAssets response.
* api-change:``sagemaker``: [``botocore``] This release adds support for one-time model monitoring
schedules that are executed immediately without delay, explicit data analysis windows for model
monitoring schedules and exclude features attributes to remove features from model monitor analysis.
- from version 1.28.50
* api-change:``discovery``: [``botocore``] Add sensitive protection for customer information
* api-change:``macie2``: [``botocore``] This release changes the default
managedDataIdentifierSelector setting for new classification jobs to RECOMMENDED. By default, new
classification jobs now use the recommended set of managed data identifiers.
* api-change:``workmail``: [``botocore``] This release includes four new APIs UpdateUser,
UpdateGroup, ListGroupsForEntity and DescribeEntity, along with RemoteUsers and some enhancements
to existing APIs.
- from version 1.28.49
* api-change:``appstream``: [``botocore``] This release introduces app block builder, allowing
customers to provision a resource to package applications into an app block
* api-change:``connect``: [``botocore``] New rule type (OnMetricDataUpdate) has been added
* api-change:``datasync``: [``botocore``] Documentation-only updates for AWS DataSync.
* api-change:``sagemaker``: [``botocore``] This release introduces Skip Model Validation for Model
Packages
- from version 1.28.48
* api-change:``appstream``: [``botocore``] This release introduces multi-session fleets, allowing
customers to provision more than one user session on a single fleet instance.
* api-change:``cloudformation``: [``botocore``] Documentation updates for AWS CloudFormation
* api-change:``entityresolution``: [``botocore``] Changed "ResolutionTechniques" and
"MappedInputFields" in workflow and schema mapping operations to be required fields.
* api-change:``lookoutequipment``: [``botocore``] This release adds APIs for the new scheduled
retraining feature.
- from version 1.28.47
* api-change:``cloud9``: [``botocore``] Update to include information on Ubuntu 18 deprecation.
* api-change:``drs``: [``botocore``] Updated existing APIs and added new ones to support using AWS
Elastic Disaster Recovery post-launch actions. Added support for new regions.
* api-change:``firehose``: [``botocore``] DocumentIdOptions has been added for the Amazon
OpenSearch destination.
* api-change:``guardduty``: [``botocore``] Add `managementType` field to ListCoverage API response.
* api-change:``internetmonitor``: [``botocore``] This release updates the Amazon CloudWatch
Internet Monitor API domain name.
* api-change:``ivs-realtime``: [``botocore``] Doc only update that changes description for
ParticipantToken.
* api-change:``simspaceweaver``: [``botocore``] Edited the introductory text for the API reference.
* api-change:``xray``: [``botocore``] Add StartTime field in GetTraceSummaries API response for
each TraceSummary.
- from version 1.28.46
* api-change:``ec2``: [``botocore``] This release adds support for restricting public sharing of
AMIs through AMI Block Public Access
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports confidence score buckets for
retrieved passage results using the Retrieve API.
- from version 1.28.45
* api-change:``ecr``: [``botocore``] This release will have ValidationException be thrown from ECR
LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon
Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to
required.
* api-change:``medialive``: [``botocore``] AWS Elemental Link now supports attaching a Link UHD
device to a MediaConnect flow.
* api-change:``quicksight``: [``botocore``] This release launches new updates to QuickSight KPI
visuals - support for sparklines, new templated layout and new targets for conditional formatting
rules.
- from version 1.28.44
* api-change:``fsx``: [``botocore``] Amazon FSx documentation fixes
* api-change:``sagemaker``: [``botocore``] Autopilot APIs will now support holiday featurization
for Timeseries models. The models will now hold holiday metadata and should be able to accommodate
holiday effect during inference.
* api-change:``sso-admin``: [``botocore``] Content updates to IAM Identity Center API for China
Regions.
* api-change:``workspaces``: [``botocore``] A new field "ErrorDetails" will be added to the output
of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error
occurred during image import process. These details include the possible causes of the errors and
troubleshooting information.
- from version 1.28.43
* api-change:``neptunedata``: [``botocore``] Minor changes to send unsigned requests to Neptune
clusters
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``simspaceweaver``: [``botocore``] BucketName and ObjectKey are now required for the
S3Location data type. BucketName is now required for the S3Destination data type.
- from version 1.28.42
* api-change:``appflow``: [``botocore``] Adding OAuth2.0 support for servicenow connector.
* api-change:``ec2``: [``botocore``] This release adds 'outpost' location type to the
DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to
query their offerings in the API.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``medialive``: [``botocore``] Adds advanced Output Locking options for Epoch Locking:
Custom Epoch and Jam Sync Time
* api-change:``wafv2``: [``botocore``] The targeted protection level of the Bot Control managed
rule group now provides optional, machine-learning analysis of traffic statistics to detect some
bot-related activity. You can enable or disable the machine learning functionality through the API.
- from version 1.28.41
* api-change:``billingconductor``: [``botocore``] This release adds support for line item filtering
in for the custom line item resource.
* api-change:``cloud9``: [``botocore``] Added support for Ubuntu 22.04 that was not picked up in a
previous Trebuchet request. Doc-only update.
* api-change:``compute-optimizer``: [``botocore``] This release adds support to provide
recommendations for G4dn and P3 instances that use NVIDIA GPUs.
* api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up
to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3
processors, delivering up to 25% better performance over Graviton2-based instances.
* api-change:``ecs``: [``botocore``] Documentation only update for Amazon ECS.
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``rds``: [``botocore``] Add support for feature integration with AWS Backup.
* api-change:``sagemaker``: [``botocore``] SageMaker Neo now supports data input shape derivation
for Pytorch 2.0 and XGBoost compilation job for cloud instance targets. You can skip
DataInputConfig field during compilation job creation. You can also access derived information from
model in DescribeCompilationJob response.
* api-change:``vpc-lattice``: [``botocore``] This release adds Lambda event structure version
config support for LAMBDA target groups. It also adds newline support for auth policies.
- from version 1.28.40
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds support for the Voice
Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
* api-change:``connect``: [``botocore``] Amazon Connect adds the ability to read, create, update,
delete, and list view resources, and adds the ability to read, create, delete, and list view
versions.
* api-change:``identitystore``: [``botocore``] New Identity Store content for China Region launch
* api-change:``neptunedata``: [``botocore``] Removed the descriptive text in the introduction.
- from version 1.28.39
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds support for feature
Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
* api-change:``cloudhsm``: [``botocore``] Deprecating CloudHSM Classic API Service.
* api-change:``connectcampaigns``: [``botocore``] Amazon Connect outbound campaigns has launched
agentless dialing mode which enables customers to make automated outbound calls without agent
engagement. This release updates three of the campaign management API's to support the new
agentless dialing mode and the new dialing capacity field.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Participant Service adds the
ability to get a view resource using a view token, which is provided in a participant message, with
the release of the DescribeView API.
* api-change:``customer-profiles``: [``botocore``] Adds sensitive trait to various shapes in
Customer Profiles API model.
* api-change:``ecs``: [``botocore``] This release adds support for an account-level setting that
you can use to configure the number of days for AWS Fargate task retirement.
* api-change:``grafana``: [``botocore``] Marking SAML RoleValues attribute as sensitive and
updating VpcConfiguration attributes to match documentation.
* api-change:``health``: [``botocore``] Adds new API DescribeEntityAggregatesForOrganization that
retrieves entity aggregates across your organization. Also adds support for resource status
filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the
DescribeEntityAggregates response, and new resource statuses.
* api-change:``ivs``: [``botocore``] Updated "type" description for CreateChannel, UpdateChannel,
Channel, and ChannelSummary.
* api-change:``kafkaconnect``: [``botocore``] Minor model changes for Kafka Connect as well as
endpoint updates.
* api-change:``payment-cryptography-data``: [``botocore``] Make KeyCheckValue field optional when
using asymmetric keys as Key Check Values typically only apply to symmetric keys
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
- from version 1.28.38
* api-change:``appflow``: [``botocore``] Add SAP source connector parallel and pagination feature
* api-change:``apprunner``: [``botocore``] App Runner adds support for Bitbucket. You can now
create App Runner connection that connects to your Bitbucket repositories and deploy App Runner
service with the source code stored in a Bitbucket repository.
* api-change:``auditmanager``: [``botocore``] This release marks some assessment metadata as
sensitive. We added a sensitive trait to the following attributes: assessmentName, emailAddress,
scope, createdBy, lastUpdatedBy, and userName.
* api-change:``cleanrooms``: [``botocore``] This release decouples member abilities in a
collaboration. With this change, the member who can run queries no longer needs to be the same as
the member who can receive results.
* api-change:``datasync``: [``botocore``] AWS DataSync introduces Task Reports, a new feature that
provides detailed reports of data transfer operations for each task execution.
* api-change:``neptunedata``: [``botocore``] Allows customers to execute data plane actions like
bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
* api-change:``network-firewall``: [``botocore``] Network Firewall increasing pagination token
string length
* api-change:``pca-connector-ad``: [``botocore``] The Connector for AD allows you to use a
fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without
local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce
their private certificate authority (CA) costs and complexity.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds
IdentityProviderOAuthSettings support for CanvasAppSettings
- from version 1.28.37
* api-change:``cognito-idp``: [``botocore``] Added API example requests and responses for several
operations. Fixed the validation regex for user pools Identity Provider name.
* api-change:``fsx``: [``botocore``] Documentation updates for project quotas.
* api-change:``omics``: [``botocore``] Add RetentionMode support for Runs.
* api-change:``sesv2``: [``botocore``] Adds support for the new Export and Message Insights
features: create, get, list and cancel export jobs; get message insights.
- from version 1.28.36
* api-change:``backup``: [``botocore``] Add support for customizing time zone for backup window in
backup plan rules.
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: [``botocore``] Documentation updates for permissions and links.
* api-change:``securitylake``: [``botocore``] Remove incorrect regex enforcement on pagination
tokens.
* api-change:``service-quotas``: [``botocore``] Service Quotas now supports viewing the applied
quota value and requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now enables Admins to configure
which cookies are synchronized from an end-user's local browser to the in-session browser. In
conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by
reducing the number of times an end-user has to authenticate.
- from version 1.28.35
* api-change:``cloudtrail``: [``botocore``] Add ThrottlingException with error code 429 to handle
CloudTrail Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``detective``: [``botocore``] Added protections to interacting with fields containing
customer information.
- from version 1.28.34
* api-change:``ec2``: [``botocore``] Amazon EC2 M7a instances, powered by 4th generation AMD EPYC
processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a
instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared
to Amazon EC2 Hpc6a instances.
* api-change:``glue``: [``botocore``] Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: [``botocore``] This release includes additional audio channel tags
in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create
audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: [``botocore``] MediaLive now supports passthrough of KLV data to a HLS
output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio
when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL
units in RTMP output group settings.
* api-change:``mediatailor``: [``botocore``] Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: [``botocore``] Excel support in Snapshot Export APIs. Removed Required
trait for some insight Computations. Namespace-shared Folders support. Global Filters support.
Table pin Column support.
* api-change:``rds``: [``botocore``] This release updates the supported versions for Percona
XtraBackup in Aurora MySQL.
* api-change:``s3control``: [``botocore``] Updates to endpoint ruleset tests to address Smithy
validation issues and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified
Permissions.
- from version 1.28.33
* api-change:``apigateway``: [``botocore``] This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: [``botocore``] Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: [``botocore``] Amazon Polly adds 1 new voice - Zayd (ar-AE)
- from version 1.28.32
* api-change:``ce``: [``botocore``] This release adds the LastUpdatedDate and LastUsedDate
timestamps to help you manage your cost allocation tags.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports Client Ip
Preservation for Network Load Balancer endpoints.
* api-change:``rds``: [``botocore``] Adding parameters to CreateCustomDbEngineVersion reserved for
future use.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified
Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and
ListPolicyTemplates APIs from 20 to 50.
- Update BuildRequires and Requires from setup.py
- Update to 1.28.36:
* api-change:``backup``: [``botocore``] Add support for customizing time zone for backup window in
backup plan rules.
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: [``botocore``] Documentation updates for permissions and links.
* api-change:``securitylake``: [``botocore``] Remove incorrect regex enforcement on pagination
tokens.
* api-change:``service-quotas``: [``botocore``] Service Quotas now supports viewing the applied
quota value and requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now enables Admins to configure
which cookies are synchronized from an end-user's local browser to the in-session browser. In
conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by
reducing the number of times an end-user has to authenticate.
- from version 1.28.35
* api-change:``cloudtrail``: [``botocore``] Add ThrottlingException with error code 429 to handle
CloudTrail Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``detective``: [``botocore``] Added protections to interacting with fields containing
customer information.
- from version 1.28.34
* api-change:``ec2``: [``botocore``] Amazon EC2 M7a instances, powered by 4th generation AMD EPYC
processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a
instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared
to Amazon EC2 Hpc6a instances.
* api-change:``glue``: [``botocore``] Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: [``botocore``] This release includes additional audio channel tags
in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create
audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: [``botocore``] MediaLive now supports passthrough of KLV data to a HLS
output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio
when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL
units in RTMP output group settings.
* api-change:``mediatailor``: [``botocore``] Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: [``botocore``] Excel support in Snapshot Export APIs. Removed Required
trait for some insight Computations. Namespace-shared Folders support. Global Filters support.
Table pin Column support.
* api-change:``rds``: [``botocore``] This release updates the supported versions for Percona
XtraBackup in Aurora MySQL.
* api-change:``s3control``: [``botocore``] Updates to endpoint ruleset tests to address Smithy
validation issues and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified
Permissions.
- from version 1.28.33
* api-change:``apigateway``: [``botocore``] This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: [``botocore``] Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: [``botocore``] Amazon Polly adds 1 new voice - Zayd (ar-AE)
- from version 1.28.32
* api-change:``ce``: [``botocore``] This release adds the LastUpdatedDate and LastUsedDate
timestamps to help you manage your cost allocation tags.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports Client Ip
Preservation for Network Load Balancer endpoints.
* api-change:``rds``: [``botocore``] Adding parameters to CreateCustomDbEngineVersion reserved for
future use.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified
Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and
ListPolicyTemplates APIs from 20 to 50.
- from version 1.28.31
* api-change:``cloud9``: [``botocore``] Doc only update to add Ubuntu 22.04 as an Image ID option
for Cloud9
* api-change:``ec2``: [``botocore``] The DeleteKeyPair API has been updated to return the keyPairId
when an existing key pair is deleted.
* api-change:``finspace``: [``botocore``] Allow customers to manage outbound traffic from their Kx
Environment when attaching a transit gateway by providing network acl entries. Allow the customer
to choose how they want to update the databases on a cluster allowing updates to possibly be faster
than usual.
* api-change:``rds``: [``botocore``] Adding support for RDS Aurora Global Database Unplanned
Failover
* api-change:``route53domains``: [``botocore``] Fixed typos in description fields
- from version 1.28.30
* api-change:``codecommit``: [``botocore``] Add new ListFileCommitHistory operation to retrieve
commits which introduced changes to a specific file.
* api-change:``securityhub``: [``botocore``] Added Inspector Lambda code Vulnerability section to
ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
- from version 1.28.29
* api-change:``ec2``: [``botocore``] Adds support for SubnetConfigurations to allow users to select
their own IPv4 and IPv6 addresses for Interface VPC endpoints
* api-change:``gamelift``: [``botocore``] Amazon GameLift updates its instance types support.
- from version 1.28.28
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
- Update BuildRequires and Requires from setup.py
- Update to 1.28.27:
* enhancement:Python: Added provisional Python 3.12 support to Boto3
* enhancement:Python: [``botocore``] Added provisional Python 3.12 support to Botocore
* api-change:``chime-sdk-meetings``: [``botocore``] Updated API documentation to include additional
exceptions.
* api-change:``ec2``: [``botocore``] Documentation updates for Elastic Compute Cloud (EC2).
* api-change:``glue``: [``botocore``] AWS Glue Crawlers can now accept SerDe overrides from a
custom csv classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the
user wants crawler to do the selection, "None" can be selected for this purpose.
* api-change:``pi``: [``botocore``] AWS Performance Insights for Amazon RDS is launching
Performance Analysis On Demand, a new feature that allows you to analyze database performance
metrics and find out the performance issues. You can now use SDK to create, list, get, delete, and
manage tags of performance analysis reports.
* api-change:``route53domains``: [``botocore``] Provide explanation if CheckDomainTransferability
return false. Provide requestId if a request is already submitted. Add sensitive protection for
customer information
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now provides
SupportedResponseMIMETypes from DescribeInferenceRecommendationsJob response
- from version 1.28.26
* api-change:``mediapackage``: [``botocore``] Fix SDK logging of certain fields.
* api-change:``omics``: [``botocore``] This release provides support for annotation store
versioning and cross account sharing for Omics Analytics
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.28.25
* api-change:``amplifybackend``: [``botocore``] Adds sensitive trait to required input shapes.
* api-change:``config``: [``botocore``] Updated ResourceType enum with new resource types onboarded
by AWS Config in July 2023.
* api-change:``ec2``: [``botocore``] Amazon EC2 P5 instances, powered by the latest NVIDIA H100
Tensor Core GPUs, deliver the highest performance in EC2 for deep learning (DL) and HPC
applications. M7i-flex and M7i instances are next-generation general purpose instances powered by
custom 4th Generation Intel Xeon Scalable processors.
* api-change:``quicksight``: [``botocore``] New Authentication method for Account subscription -
IAM Identity Center. Hierarchy layout support, default column width support and related style
properties for pivot table visuals. Non-additive topic field aggregations for Topic API
* api-change:``ses``: [``botocore``] Update ses client to latest version
* api-change:``swf``: [``botocore``] This release adds new API parameters to override workflow task
list for workflow executions.
- from version 1.28.24
* api-change:``cloudtrail``: [``botocore``] Documentation updates for CloudTrail.
* api-change:``connect``: [``botocore``] This release adds APIs to provision agents that are global
/ available in multiple AWS regions and distribute them across these regions by percentage.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``omics``: [``botocore``] This release adds instanceType to GetRunTask & ListRunTasks
responses.
* api-change:``secretsmanager``: [``botocore``] Add additional InvalidRequestException to list of
possible exceptions for ListSecret.
* api-change:``transfer``: [``botocore``] Documentation updates for AW Transfer Family
- from version 1.28.23
* api-change:``chime-sdk-voice``: [``botocore``] Updating CreatePhoneNumberOrder, UpdatePhoneNumber
and BatchUpdatePhoneNumbers APIs, adding phone number name
* api-change:``fsx``: [``botocore``] For FSx for Lustre, add new data repository task type,
RELEASE_DATA_FROM_FILESYSTEM, to release files that have been archived to S3. For FSx for Windows,
enable support for configuring and updating SSD IOPS, and for updating storage type. For FSx for
OpenZFS, add new deployment type, MULTI_AZ_1.
* api-change:``globalaccelerator``: [``botocore``] Documentation update for dualstack EC2 endpoint
support
* api-change:``guardduty``: [``botocore``] Added autoEnable ALL to UpdateOrganizationConfiguration
and DescribeOrganizationConfiguration APIs.
* api-change:``sagemaker``: [``botocore``] This release adds support for cross account access for
SageMaker Model Cards through AWS RAM.
- from version 1.28.22
* api-change:``backup``: [``botocore``] This release introduces a new logically air-gapped vault
(Preview) in AWS Backup that stores immutable backup copies, which are locked by default and
isolated with encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure
recovery of application data across accounts.
* api-change:``elasticache``: [``botocore``] Added support for cluster mode in online migration and
test migration API
* api-change:``servicecatalog``: [``botocore``] Introduce support for HashiCorp Terraform Cloud in
Service Catalog by addying TERRAFORM_CLOUD product type in CreateProduct and
CreateProvisioningArtifact API.
- from version 1.28.21
* api-change:``detective``: [``botocore``] Updated the email validation regex to be in line with
the TLD name specifications.
* api-change:``ivs-realtime``: [``botocore``] Add QUOTA_EXCEEDED and PUBLISHER_NOT_FOUND to
EventErrorCode for stage health events.
* api-change:``kinesis-video-archived-media``: [``botocore``] This release enables minimum of
Images SamplingInterval to be as low as 200 milliseconds in Kinesis Video Stream Image feature.
* api-change:``kinesisvideo``: [``botocore``] This release enables minimum of Images
SamplingInterval to be as low as 200 milliseconds in Kinesis Video Stream Image feature.
* api-change:``rekognition``: [``botocore``] This release adds code snippets for Amazon Rekognition
Custom Labels.
- from version 1.28.20
* api-change:``acm-pca``: [``botocore``] Documentation correction for AWS Private CA
* api-change:``connect``: [``botocore``] Added a new API UpdateRoutingProfileAgentAvailabilityTimer
to update agent availability timer of a routing profile.
* api-change:``datasync``: [``botocore``] Display cloud storage used capacity at a cluster level.
* api-change:``ecs``: [``botocore``] This is a documentation update to address various tickets.
* api-change:``sagemaker``: [``botocore``] Including DataCaptureConfig key in the Amazon Sagemaker
Search's transform job object
- from version 1.28.19
* api-change:``autoscaling``: [``botocore``] Documentation changes related to Amazon EC2 Auto
Scaling APIs.
* api-change:``cloud9``: [``botocore``] Updated the deprecation date for Amazon Linux. Doc only
update.
* api-change:``dms``: [``botocore``] The release makes public API for DMS Schema Conversion feature.
* api-change:``ec2``: [``botocore``] This release adds new parameter isPrimaryIPv6 to allow
assigning an IPv6 address as a primary IPv6 address to a network interface which cannot be changed
to give equivalent functionality available for network interfaces with primary IPv4 address.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
p5.48xlarge instance types.
- from version 1.28.18
* api-change:``budgets``: [``botocore``] As part of CAE tagging integration we need to update our
budget names regex filter to prevent customers from using "/action/" in their budget names.
* api-change:``cognito-idp``: [``botocore``] New feature that logs Cognito user pool error messages
to CloudWatch logs.
* api-change:``glue``: [``botocore``] This release includes additional Glue Streaming KAKFA SASL
property types.
* api-change:``resiliencehub``: [``botocore``] Drift Detection capability added when applications
policy has moved from a meet to breach state. Customers will be able to exclude operational
recommendations and receive credit in their resilience score. Customers can now add ARH permissions
to an existing or new role.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender introduces a new API
GetScalingConfigurationRecommendation to recommend auto scaling policies based on completed
Inference Recommender jobs.
- from version 1.28.17
* api-change:``batch``: [``botocore``] This release adds support for price capacity optimized
allocation strategy for Spot Instances.
* api-change:``dms``: [``botocore``] Adding new API describe-engine-versions which provides
information about the lifecycle of a replication instance's version.
* api-change:``internetmonitor``: [``botocore``] This release adds a new feature for Amazon
CloudWatch Internet Monitor that enables customers to set custom thresholds, for performance and
availability drops, for impact limited to a single city-network to trigger creation of a health
event.
* api-change:``medialive``: [``botocore``] AWS Elemental Link devices now report their Availability
Zone. Link devices now support the ability to change their Availability Zone.
* api-change:``polly``: [``botocore``] Amazon Polly adds new French Belgian voice - Isabelle.
Isabelle is available as Neural voice only.
* api-change:``rds``: [``botocore``] Added support for deleted clusters PiTR.
* api-change:``sagemaker``: [``botocore``] Add Stairs TrafficPattern and FlatInvocations to
RecommendationJobStoppingConditions
- from version 1.28.16
* api-change:``amplifyuibuilder``: [``botocore``] Amplify Studio releases GraphQL support for
codegen job action.
* api-change:``autoscaling``: [``botocore``] You can now configure an instance refresh to set its
status to 'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state.
You can also choose to roll back the instance refresh automatically when the alarm threshold is met.
* api-change:``cleanrooms``: [``botocore``] This release introduces custom SQL queries - an
expanded set of SQL you can run. This release adds analysis templates, a new resource for storing
pre-defined custom SQL queries ahead of time. This release also adds the Custom analysis rule,
which lets you approve analysis templates for querying.
* api-change:``codestar-connections``: [``botocore``] New integration with the Gitlab provider type.
* api-change:``drs``: [``botocore``] Add support for in-aws right sizing
* api-change:``inspector2``: [``botocore``] This release adds 1 new API: BatchGetFindingDetails to
retrieve enhanced vulnerability intelligence details for findings.
* api-change:``lookoutequipment``: [``botocore``] This release includes new import resource, model
versioning and resource policy features.
* api-change:``omics``: [``botocore``] Add CreationType filter for ListReadSets
* api-change:``rds``: [``botocore``] This release adds support for Aurora MySQL local write
forwarding, which allows for forwarding of write operations from reader DB instances to the writer
DB instance.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Israel (Tel Aviv) Region
(il-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``scheduler``: [``botocore``] This release introduces automatic deletion of schedules
in EventBridge Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule
after the schedule has completed its last invocation.
- from version 1.28.15
* enhancement:HTTP: [``botocore``] Move 100-continue behavior to use `HTTPConnections` request
interface.
* api-change:``application-insights``: [``botocore``] This release enable customer to
add/remove/update more than one workload for a component
* api-change:``cloudformation``: [``botocore``] This SDK release is for the feature launch of AWS
CloudFormation RetainExceptOnCreate. It adds a new parameter retainExceptOnCreate in the following
APIs: CreateStack, UpdateStack, RollbackStack, ExecuteChangeSet.
* api-change:``cloudfront``: [``botocore``] Add a new JavaScript runtime version for CloudFront
Functions.
* api-change:``connect``: [``botocore``] This release adds support for new number types.
* api-change:``kafka``: [``botocore``] Amazon MSK has introduced new versions of
ListClusterOperations and DescribeClusterOperation APIs. These v2 APIs provide information and
insights into the ongoing operations of both MSK Provisioned and MSK Serverless clusters.
* api-change:``pinpoint``: [``botocore``] Added support for sending push notifications using the
FCM v1 API with json credentials. Amazon Pinpoint customers can now deliver messages to Android
devices using both FCM v1 API and the legacy FCM/GCM API
- from version 1.28.14
* enhancement:compression: [``botocore``] Adds support for the ``requestcompression`` operation
trait.
* api-change:``sqs``: [``botocore``] Documentation changes related to SQS APIs.
- from version 1.28.13
* api-change:``autoscaling``: [``botocore``] This release updates validation for instance types
used in the AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements
property of a MixedInstancesPolicy.
* api-change:``ebs``: [``botocore``] SDK and documentation updates for Amazon Elastic Block Store
API
* api-change:``ec2``: [``botocore``] SDK and documentation updates for Amazon Elastic Block Store
APIs
* api-change:``eks``: [``botocore``] Add multiple customer error code to handle customer caused
failure when managing EKS node groups
* api-change:``sagemaker``: [``botocore``] Expose ProfilerConfig attribute in SageMaker Search API
response.
- from version 1.28.12
* api-change:``cloudcontrol``: [``botocore``] Updates the documentation for CreateResource.
* api-change:``entityresolution``: [``botocore``] AWS Entity Resolution can effectively match a
source record from a customer relationship management (CRM) system with a source record from a
marketing system containing campaign information.
* api-change:``glue``: [``botocore``] Release Glue Studio Snowflake Connector Node for SDK/CLI
* api-change:``healthlake``: [``botocore``] Updating the HealthLake service documentation.
* api-change:``managedblockchain-query``: [``botocore``] Amazon Managed Blockchain (AMB) Query
provides serverless access to standardized, multi-blockchain datasets with developer-friendly APIs.
* api-change:``mediaconvert``: [``botocore``] This release includes general updates to user
documentation.
* api-change:``omics``: [``botocore``] The service is renaming as a part of AWS Health.
* api-change:``opensearchserverless``: [``botocore``] This release adds new collection type
VectorSearch.
* api-change:``polly``: [``botocore``] Amazon Polly adds 1 new voice - Lisa (nl-BE)
* api-change:``route53``: [``botocore``] Update that corrects the documents for received feedback.
- from version 1.28.11
* api-change:``billingconductor``: [``botocore``] Added support for Auto-Assocate Billing Groups
for CreateBillingGroup, UpdateBillingGroup, and ListBillingGroups.
* api-change:``customer-profiles``: [``botocore``] Amazon Connect Customer Profiles now supports
rule-based resolution to match and merge similar profiles into unified profiles, helping companies
deliver faster and more personalized customer service by providing access to relevant customer
information for agents and automated experiences.
* api-change:``datasync``: [``botocore``] AWS DataSync now supports Microsoft Azure Blob Storage
locations.
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB
* api-change:``ec2``: [``botocore``] This release adds an instance's peak and baseline network
bandwidth as well as the memory sizes of an instance's inference accelerators to
DescribeInstanceTypes.
* api-change:``emr-serverless``: [``botocore``] This release adds support for publishing
application logs to CloudWatch.
* api-change:``lambda``: [``botocore``] Add Python 3.11 (python3.11) support to AWS Lambda
* api-change:``rds``: [``botocore``] This release adds support for monitoring storage optimization
progress on the DescribeDBInstances API.
* api-change:``sagemaker``: [``botocore``] Mark ContentColumn and TargetLabelColumn as required
Targets in TextClassificationJobConfig in CreateAutoMLJobV2API
* api-change:``securityhub``: [``botocore``] Add support for CONTAINS and NOT_CONTAINS comparison
operators for Automation Rules string filters and map filters
* api-change:``sts``: [``botocore``] API updates for the AWS Security Token Service
* api-change:``transfer``: [``botocore``] This release adds support for SFTP Connectors.
* api-change:``wisdom``: [``botocore``] This release added two new data types:
AssistantIntegrationConfiguration, and SessionIntegrationConfiguration to support Wisdom
integration with Amazon Connect Chat
- from version 1.28.10
* api-change:``apigatewayv2``: [``botocore``] Documentation updates for Amazon API Gateway.
* api-change:``ce``: [``botocore``] This release introduces the new API
'GetSavingsPlanPurchaseRecommendationDetails', which retrieves the details for a Savings Plan
recommendation. It also updates the existing API 'GetSavingsPlansPurchaseRecommendation' to include
the recommendation detail ID.
* api-change:``chime-sdk-media-pipelines``: [``botocore``] AWS Media Pipeline compositing
enhancement and Media Insights Pipeline auto language identification.
* api-change:``cloudformation``: [``botocore``] This release supports filtering by DRIFT_STATUS for
existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts.
Customers can now view resource drift information from their StackSet management accounts.
* api-change:``ec2``: [``botocore``] Add "disabled" enum value to SpotInstanceState.
* api-change:``glue``: [``botocore``] Added support for Data Preparation Recipe node in Glue Studio
jobs
* api-change:``quicksight``: [``botocore``] This release launches new Snapshot APIs for CSV and PDF
exports, adds support for info icon for filters and parameters in Exploration APIs, adds modeled
exception to the DeleteAccountCustomization API, and introduces AttributeAggregationFunction's
ability to add UNIQUE_VALUE aggregation in tooltips.
- from version 1.28.9
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with Apache
Hudi Tables, allowing Crawlers to discover Hudi Tables in S3 and register them in Glue Data Catalog
for query engines to query against.
* api-change:``mediaconvert``: [``botocore``] This release includes improvements to Preserve 444
handling, compatibility of HEVC sources without frame rates, and general improvements to MP4
outputs.
* api-change:``rds``: [``botocore``] Adds support for the DBSystemID parameter of CreateDBInstance
to RDS Custom for Oracle.
* api-change:``workspaces``: [``botocore``] Fixed VolumeEncryptionKey descriptions
- from version 1.28.8
* api-change:``codecatalyst``: [``botocore``] This release adds support for updating and deleting
spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and
deleting source repositories in CodeCatalyst projects.
* api-change:``connectcases``: [``botocore``] This release adds the ability to assign a case to a
queue or user.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``route53resolver``: [``botocore``] This release adds support for Route 53 On
Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints
locally on their Outposts.
* api-change:``s3``: [``botocore``] Improve performance of S3 clients by simplifying and optimizing
endpoint resolution.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Cross account support for SageMaker
Feature Store
* api-change:``sagemaker``: [``botocore``] Cross account support for SageMaker Feature Store
* api-change:``securitylake``: [``botocore``] Adding support for Tags on Create and Resource
Tagging API.
* api-change:``transcribe``: [``botocore``] Added API argument --toxicity-detection to
startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
- from version 1.28.7
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.26
* api-change:``savingsplans``: [``botocore``] Savings Plans endpoints update
- from version 1.28.6
* api-change:``cloudformation``: [``botocore``] SDK and documentation updates for
GetTemplateSummary API (unrecognized resources)
* api-change:``ec2``: [``botocore``] Amazon EC2 documentation updates.
* api-change:``grafana``: [``botocore``] Amazon Managed Grafana now supports grafanaVersion update
for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API
additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a
workspaceId, the versions it can upgrade to.
* api-change:``medical-imaging``: [``botocore``] General Availability (GA) release of AWS Health
Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
* api-change:``ram``: [``botocore``] This release adds support for securely sharing with AWS
service principals.
* api-change:``ssm-sap``: [``botocore``] Added support for SAP Hana High Availability discovery
(primary and secondary nodes) and Backint agent installation with SSM for SAP.
* api-change:``wafv2``: [``botocore``] Added the URI path to the custom aggregation keys that you
can specify for a rate-based rule.
- from version 1.28.5
* api-change:``codeguru-security``: [``botocore``] Documentation updates for CodeGuru Security.
* api-change:``connect``: [``botocore``] GetMetricDataV2 API: Update to include Contact Lens
Conversational Analytics Metrics
* api-change:``es``: [``botocore``] Regex Validation on the ElasticSearch Engine Version attribute
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``m2``: [``botocore``] Allows UpdateEnvironment to update the environment to 0 host
capacity. New GetSignedBluinsightsUrl API
* api-change:``snowball``: [``botocore``] Adds support for RACK_5U_C. This is the first AWS Snow
Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU
device in a portable, compact 5U, half-rack width form-factor.
* api-change:``translate``: [``botocore``] Added DOCX word document support to TranslateDocument API
- from version 1.28.4
* api-change:``codeartifact``: [``botocore``] Doc only update for AWS CodeArtifact
* api-change:``docdb``: [``botocore``] Added major version upgrade option in ModifyDBCluster API
* api-change:``ec2``: [``botocore``] Add Nitro TPM support on DescribeInstanceTypes
* api-change:``glue``: [``botocore``] Adding new supported permission type flags to get-unfiltered
endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained
access control on nested column attributes.
* api-change:``ivs``: [``botocore``] This release provides the flexibility to configure what
renditions or thumbnail qualities to record when creating recording configuration.
* api-change:``lakeformation``: [``botocore``] Adds supports for ReadOnlyAdmins and
AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to
SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and
GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
- from version 1.28.3
* api-change:``cognito-idp``: [``botocore``] API model updated in Amazon Cognito
* api-change:``connect``: [``botocore``] Add support for deleting Queues and Routing Profiles.
* api-change:``datasync``: [``botocore``] Added LunCount to the response object of
DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system
resource.
* api-change:``dms``: [``botocore``] Enhanced PostgreSQL target endpoint settings for providing
Babelfish support.
* api-change:``ec2``: [``botocore``] This release adds support for the C7gn and Hpc7g instances.
C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards.
Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network
bandwidth.
* api-change:``fsx``: [``botocore``] Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP
feature that enables you to protect your files in a volume by transitioning them to a write once,
read many (WORM) state.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``mediatailor``: [``botocore``] Adds categories to MediaTailor channel assembly alerts
* api-change:``personalize``: [``botocore``] This release provides ability to customers to change
schema associated with their datasets in Amazon Personalize
* api-change:``proton``: [``botocore``] This release adds support for deployment history for Proton
provisioned resources
* api-change:``s3``: [``botocore``] S3 Inventory now supports Object Access Control List and Object
Owner as available object metadata fields in inventory reports.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds WorkspeceSettings support
for CanvasAppSettings
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- Update BuildRequires and Requires from setup.py
- Update to 1.28.2:
* bugfix:s3: [``botocore``] Fix s3 presigned URLs for operations with query components (`#2962
<https://github.com/boto/botocore/issues/2962>`__)
* api-change:``cognito-idp``: [``botocore``] API model updated in Amazon Cognito
- from version 1.28.1
* api-change:``dms``: [``botocore``] Releasing DMS Serverless. Adding support for PostgreSQL 15.x
as source and target endpoint. Adding support for DocDB Elastic Clusters with sharded collections,
PostgreSQL datatype mapping customization and disabling hostname validation of the certificate
authority in Kafka endpoint settings
* api-change:``glue``: [``botocore``] This release enables customers to create new Apache Iceberg
tables and associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
* api-change:``logs``: [``botocore``] Add CMK encryption support for CloudWatch Logs Insights query
result data
* api-change:``medialive``: [``botocore``] This release enables the use of Thumbnails in AWS
Elemental MediaLive.
* api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly
has added support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs,
including support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
- from version 1.28.0
* enhancement:configprovider: [``botocore``] Always use shallow copy of session config value store
for clients
* feature:configuration: [``botocore``] Configure the endpoint URL in the shared configuration file
or via an environment variable for a specific AWS service or all AWS services.
* bugfix:configprovider: [``botocore``] Fix bug when deep copying config value store where
overrides were not preserved
* api-change:``ec2``: [``botocore``] Add Nitro Enclaves support on DescribeInstanceTypes
* api-change:``location``: [``botocore``] This release adds support for authenticating with Amazon
Location Service's Places & Routes APIs with an API Key. Also, with this release developers can
publish tracked device position updates to Amazon EventBridge.
* api-change:``outposts``: [``botocore``] Added paginator support to several APIs. Added the
ISOLATED enum value to AssetState.
* api-change:``quicksight``: [``botocore``] This release includes below three changes: small
multiples axes improvement, field based coloring, removed required trait from Aggregation function
for TopBottomFilter.
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for creating DB instances and
creating Aurora global clusters.
- from version 1.27.1
* api-change:``comprehendmedical``: [``botocore``] Update to Amazon Comprehend Medical
documentation.
* api-change:``connect``: [``botocore``] GetMetricDataV2 API: Channels filters do not count towards
overall limitation of 100 filter values.
* api-change:``kms``: [``botocore``] Added Dry Run Feature to cryptographic and cross-account
mutating KMS APIs (14 in all). This feature allows users to test their permissions and parameters
before making the actual API call.
* api-change:``mgn``: [``botocore``] This release introduces the Global view feature and new
Replication state APIs.
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
- from version 1.27.0
* feature:Useragent: [``botocore``] Update User-Agent header format
* api-change:``batch``: [``botocore``] This feature allows customers to use AWS Batch with Linux
with ARM64 CPU Architecture and X86_64 CPU Architecture with Windows OS on Fargate Platform.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts new fields
SupportedEndpointType and ServerlessConfiguration to support serverless endpoints.
- from version 1.26.165
* api-change:``amp``: [``botocore``] AWS SDK service model generation tool version upgrade.
* api-change:``ecs``: [``botocore``] Added new field "credentialspecs" to the ecs task definition
to support gMSA of windows/linux in both domainless and domain-joined mode
* api-change:``ivs``: [``botocore``] Corrects the HTTP response code in the generated docs for
PutMetadata and DeleteRecordingConfiguration APIs.
* api-change:``mediaconvert``: [``botocore``] This release includes improved color handling of
overlays and general updates to user documentation.
* api-change:``sagemaker``: [``botocore``] This release adds support for rolling deployment in
SageMaker Inference.
* api-change:``transfer``: [``botocore``] Add outbound Basic authentication support to AS2
connectors
* api-change:``verifiedpermissions``: [``botocore``] This release corrects several broken links in
the documentation.
- from version 1.26.164
* api-change:``appstream``: [``botocore``] This release introduces app block builder, allowing
customers to provision a resource to package applications into an app block
* api-change:``chime``: [``botocore``] The Amazon Chime SDK APIs in the Chime namespace are no
longer supported. Customers should use APIs in the dedicated Amazon Chime SDK namespaces:
ChimeSDKIdentity, ChimeSDKMediaPipelines, ChimeSDKMeetings, ChimeSDKMessaging, and ChimeSDKVoice.
* api-change:``cleanrooms``: [``botocore``] This release adds support for the OR operator in RSQL
join match conditions and the ability to control which operators (AND, OR) are allowed in a join
match condition.
* api-change:``dynamodb``: [``botocore``] This release adds ReturnValuesOnConditionCheckFailure
parameter to PutItem, UpdateItem, DeleteItem, ExecuteStatement, BatchExecuteStatement and
ExecuteTransaction APIs. When set to ALL_OLD, API returns a copy of the item as it was when a
conditional write failed
* api-change:``gamelift``: [``botocore``] Amazon GameLift now supports game builds that use the
Amazon Linux 2023 (AL2023) operating system.
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with Iceberg
Tables, allowing Crawlers to discover Iceberg Tables in S3 and register them in Glue Data Catalog
for query engines to query against.
* api-change:``sagemaker``: [``botocore``] Adding support for timeseries forecasting in the
CreateAutoMLJobV2 API.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.163:
* api-change:``internetmonitor``: [``botocore``] This release adds a new feature for Amazon
CloudWatch Internet Monitor that enables customers to set custom thresholds, for performance and
availability drops, for triggering when to create a health event.
* api-change:``kinesisanalyticsv2``: [``botocore``] Support for new runtime environment in Kinesis
Data Analytics Studio: Zeppelin-0.10, Apache Flink-1.15
* api-change:``lambda``: [``botocore``] Surface ResourceConflictException in
DeleteEventSourceMapping
* api-change:``omics``: [``botocore``] Add Common Workflow Language (CWL) as a supported language
for Omics workflows
* api-change:``rds``: [``botocore``] Amazon Relational Database Service (RDS) now supports joining
a RDS for SQL Server instance to a self-managed Active Directory.
* api-change:``s3``: [``botocore``] The S3 LISTObjects, ListObjectsV2 and ListObjectVersions API
now supports a new optional header x-amz-optional-object-attributes. If header contains
RestoreStatus as the value, then S3 will include Glacier restore status i.e. isRestoreInProgress
and RestoreExpiryDate in List response.
* api-change:``sagemaker``: [``botocore``] This release adds support for Model Cards Model Registry
integration.
- from version 1.26.162
* bugfix:Parsers: [``botocore``] Fixes datetime parse error handling for out-of-range and negative
timestamps (`#2564 <https://github.com/boto/botocore/issues/2564>`__).
* api-change:``appfabric``: [``botocore``] Initial release of AWS AppFabric for connecting SaaS
applications for better productivity and security.
* api-change:``appflow``: [``botocore``] This release adds support to bypass SSO with the SAPOData
connector when connecting to an SAP instance.
* api-change:``emr-serverless``: [``botocore``] This release adds support to update the release
label of an EMR Serverless application to upgrade it to a different version of Amazon EMR via
UpdateApplication API.
* api-change:``ivs``: [``botocore``] IVS customers can now revoke the viewer session associated
with an auth token, to prevent and stop playback using that token.
* api-change:``kinesisvideo``: [``botocore``] General Availability (GA) release of Kinesis Video
Streams at Edge, enabling customers to provide a configuration for the Kinesis Video Streams
EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras and
stream videos to the cloud on a configured schedule.
* api-change:``macie2``: [``botocore``] This release adds support for configuring new
classification jobs to use the set of managed data identifiers that we recommend for jobs. For the
managed data identifier selection type (managedDataIdentifierSelector), specify RECOMMENDED.
* api-change:``privatenetworks``: [``botocore``] This release allows Private5G customers to choose
different commitment plans (60-days, 1-year, 3-years) when placing new orders, enables automatic
renewal option for 1-year and 3-years commitments. It also allows customers to update the
commitment plan of an existing radio unit.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Introducing TTL for online store
records for feature groups.
* api-change:``sagemaker``: [``botocore``] Introducing TTL for online store records in feature
groups.
* api-change:``ssm``: [``botocore``] Systems Manager doc-only update for June 2023.
* api-change:``verifiedpermissions``: [``botocore``] This update fixes several broken links to the
Cedar documentation.
- from version 1.26.161
* api-change:``connect``: [``botocore``] This release provides a way to search for existing tags
within an instance. Before tagging a resource, ensure consistency by searching for pre-existing
key:value pairs.
* api-change:``glue``: [``botocore``] Timestamp Starting Position For Kinesis and Kafka Data
Sources in a Glue Streaming Job
* api-change:``guardduty``: [``botocore``] Add support for user.extra.sessionName in Kubernetes
Audit Logs Findings.
* api-change:``iam``: [``botocore``] Support for a new API "GetMFADevice" to present MFA device
metadata such as device certifications
* api-change:``pinpoint``: [``botocore``] Added time zone estimation support for journeys
- from version 1.26.160
* api-change:``devops-guru``: [``botocore``] This release adds support for encryption via customer
managed keys.
* api-change:``fsx``: [``botocore``] Update to Amazon FSx documentation.
* api-change:``rds``: [``botocore``] Documentation improvements for create, describe, and modify DB
clusters and DB instances.
* api-change:``verifiedpermissions``: [``botocore``] Added improved descriptions and new code
samples to SDK documentation.
- from version 1.26.159
* api-change:``chime-sdk-identity``: [``botocore``] AppInstanceBots can be configured to be invoked
or not using the Target or the CHIME.mentions attribute for ChannelMessages
* api-change:``chime-sdk-messaging``: [``botocore``] ChannelMessages can be made visible to sender
and intended recipient rather than all channel members with the target attribute. For example, a
user can send messages to a bot and receive messages back in a group channel without other members
seeing them.
* api-change:``kendra``: [``botocore``] Introducing Amazon Kendra Retrieve API that can be used to
retrieve relevant passages or text excerpts given an input query.
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
- from version 1.26.158
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``inspector2``: [``botocore``] This release adds support for Software Bill of
Materials (SBOM) export and the general availability of code scanning for AWS Lambda functions.
* api-change:``mediaconvert``: [``botocore``] This release introduces the bandwidth reduction
filter for the HEVC encoder, increases the limits of outputs per job, and updates support for the
Nagra SDK to version 1.14.7.
* api-change:``mq``: [``botocore``] The Cross Region Disaster Recovery feature allows to replicate
a brokers state from one region to another in order to provide customers with multi-region
resiliency in the event of a regional outage.
* api-change:``sagemaker``: [``botocore``] This release provides support in SageMaker for output
files in training jobs to be uploaded without compression and enable customer to deploy
uncompressed model from S3 to real-time inference Endpoints. In addition, ml.trn1n.32xlarge is
added to supported instance type list in training job.
* api-change:``transfer``: [``botocore``] This release adds a new parameter
StructuredLogDestinations to CreateServer, UpdateServer APIs.
- from version 1.26.157
* api-change:``appflow``: [``botocore``] This release adds new API to reset connector metadata cache
* api-change:``config``: [``botocore``] Updated ResourceType enum with new resource types onboarded
by AWS Config in May 2023.
* api-change:``ec2``: [``botocore``] Adds support for targeting Dedicated Host allocations by
assetIds in AWS Outposts
* api-change:``lambda``: [``botocore``] This release adds RecursiveInvocationException to the
Invoke API and InvokeWithResponseStream API.
* api-change:``redshift``: [``botocore``] Added support for custom domain names for Redshift
Provisioned clusters. This feature enables customers to create a custom domain name and use ACM to
generate fully secure connections to it.
- from version 1.26.156
* api-change:``cloudformation``: [``botocore``] Specify desired CloudFormation behavior in the
event of ChangeSet execution failure using the CreateChangeSet OnStackFailure parameter
* api-change:``ec2``: [``botocore``] API changes to AWS Verified Access to include data from trust
providers in logs
* api-change:``ecs``: [``botocore``] Documentation only update to address various tickets.
* api-change:``glue``: [``botocore``] This release adds support for creating cross region
table/database resource links
* api-change:``pricing``: [``botocore``] This release updates the PriceListArn regex pattern.
* api-change:``route53domains``: [``botocore``] Update MaxItems upper bound to 1000 for
ListPricesRequest
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Autopilot releases CreateAutoMLJobV2
and DescribeAutoMLJobV2 for Autopilot customers with ImageClassification, TextClassification and
Tabular problem type config support.
- from version 1.26.155
* api-change:``account``: [``botocore``] Improve pagination support for ListRegions
* api-change:``connect``: [``botocore``] Updates the *InstanceStorageConfig APIs to support a new
ResourceType: SCREEN_RECORDINGS to enable screen recording and specify the storage configurations
for publishing the recordings. Also updates DescribeInstance and ListInstances APIs to include
InstanceAccessUrl attribute in the API response.
* api-change:``discovery``: [``botocore``] Add Amazon EC2 instance recommendations export
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``s3``: [``botocore``] This release adds SDK support for request-payer request header
and request-charged response header in the "GetBucketAccelerateConfiguration",
"ListMultipartUploads", "ListObjects", "ListObjectsV2" and "ListObjectVersions" S3 APIs.
- from version 1.26.154
* api-change:``auditmanager``: [``botocore``] This release introduces 2 Audit Manager features: CSV
exports and new manual evidence options. You can now export your evidence finder results in CSV
format. In addition, you can now add manual evidence to a control by entering free-form text or
uploading a file from your browser.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``guardduty``: [``botocore``] Updated descriptions for some APIs.
* api-change:``location``: [``botocore``] Amazon Location Service adds categories to places,
including filtering on those categories in searches. Also, you can now add metadata properties to
your geofences.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.153:
* api-change:``cloudtrail``: [``botocore``] This feature allows users to view dashboards for
CloudTrail Lake event data stores.
* api-change:``codeguru-security``: [``botocore``] Initial release of Amazon CodeGuru Security APIs
* api-change:``drs``: [``botocore``] Added APIs to support network replication and recovery using
AWS Elastic Disaster Recovery.
* api-change:``ec2``: [``botocore``] This release introduces a new feature, EC2 Instance Connect
Endpoint, that enables you to connect to a resource over TCP, without requiring the resource to
have a public IPv4 address.
* api-change:``imagebuilder``: [``botocore``] Change the Image Builder ImagePipeline dateNextRun
field to more accurately describe the data.
* api-change:``lightsail``: [``botocore``] This release adds pagination for the Get Certificates
API operation.
* api-change:``s3``: [``botocore``] Integrate double encryption feature to SDKs.
* api-change:``securityhub``: [``botocore``] Add support for Security Hub Automation Rules
* api-change:``simspaceweaver``: [``botocore``] This release fixes using aws-us-gov ARNs in API
calls and adds documentation for snapshot APIs.
* api-change:``verifiedpermissions``: [``botocore``] GA release of Amazon Verified Permissions.
* api-change:``wafv2``: [``botocore``] You can now detect and block fraudulent account creation
attempts with the new AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule
group AWSManagedRulesACFPRuleSet.
* api-change:``wellarchitected``: [``botocore``] AWS Well-Architected now supports Profiles that
help customers prioritize which questions to focus on first by providing a list of prioritized
questions that are better aligned with their business goals and outcomes.
- from version 1.26.152
* api-change:``amplifyuibuilder``: [``botocore``] AWS Amplify UIBuilder is launching Codegen UI, a
new feature that enables you to generate your amplify uibuilder components and forms.
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``fsx``: [``botocore``] Amazon FSx for NetApp ONTAP now supports joining a storage
virtual machine (SVM) to Active Directory after the SVM has been created.
* api-change:``opensearch``: [``botocore``] This release adds support for SkipUnavailable
connection property for cross cluster search
* api-change:``rekognition``: [``botocore``] This release adds support for improved accuracy with
user vector in Amazon Rekognition Face Search. Adds new APIs: AssociateFaces, CreateUser,
DeleteUser, DisassociateFaces, ListUsers, SearchUsers, SearchUsersByImage. Also adds new face
metadata that can be stored: user vector.
* api-change:``sagemaker``: [``botocore``] Sagemaker Neo now supports compilation for inferentia2
(ML_INF2) and Trainium1 (ML_TRN1) as available targets. With these devices, you can run your
workloads at highest performance with lowest cost. inferentia2 (ML_INF2) is available in CMH and
Trainium1 (ML_TRN1) is available in IAD currently
- from version 1.26.151
* api-change:``acm-pca``: [``botocore``] Document-only update to refresh CLI documentation for AWS
Private CA. No change to the service.
* api-change:``connect``: [``botocore``] This release adds search APIs for Prompts, Quick Connects
and Hours of Operations, which can be used to search for those resources within a Connect Instance.
- from version 1.26.150
* api-change:``athena``: [``botocore``] You can now define custom spark properties at start of the
session for use cases like cluster encryption, table formats, and general Spark tuning.
* api-change:``comprehendmedical``: [``botocore``] This release supports a new set of entities and
traits.
* api-change:``payment-cryptography-data``: [``botocore``] Initial release of AWS Payment
Cryptography DataPlane Plane service for performing cryptographic operations typically used during
card payment processing.
* api-change:``payment-cryptography``: [``botocore``] Initial release of AWS Payment Cryptography
Control Plane service for creating and managing cryptographic keys used during card payment
processing.
* api-change:``servicecatalog``: [``botocore``] New parameter added in ServiceCatalog
DescribeProvisioningArtifact api - IncludeProvisioningArtifactParameters. This parameter can be
used to return information about the parameters used to provision the product
* api-change:``timestream-write``: [``botocore``] This release adds the capability for customers to
define how their data should be partitioned, optimizing for certain access patterns. This
definition will take place as a part of the table creation.
- from version 1.26.149
* api-change:``cloudformation``: [``botocore``] AWS CloudFormation StackSets is updating the
deployment experience for all stackset operations to skip suspended AWS accounts during
deployments. StackSets will skip target AWS accounts that are suspended and set the Detailed Status
of the corresponding stack instances as SKIPPED_SUSPENDED_ACCOUNT
* api-change:``customer-profiles``: [``botocore``] This release introduces event stream related
APIs.
* api-change:``directconnect``: [``botocore``] This update corrects the jumbo frames mtu values
from 9100 to 8500 for transit virtual interfaces.
* api-change:``emr-containers``: [``botocore``] EMR on EKS adds support for log rotation of Spark
container logs with EMR-6.11.0 onwards, to the StartJobRun API.
* api-change:``iotdeviceadvisor``: [``botocore``] AWS IoT Core Device Advisor now supports new
Qualification Suite test case list. With this update, customers can more easily create new
qualification test suite with an empty rootGroup input.
* api-change:``logs``: [``botocore``] This change adds support for account level data protection
policies using 3 new APIs, PutAccountPolicy, DeleteAccountPolicy and DescribeAccountPolicy.
DescribeLogGroup API has been modified to indicate if account level policy is applied to the
LogGroup via "inheritedProperties" list in the response.
- from version 1.26.148
* api-change:``connect``: [``botocore``] GetMetricDataV2 API is now available in AWS GovCloud(US)
region.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``iam``: [``botocore``] This release updates the AccountAlias regex pattern with the
same length restrictions enforced by the length constraint.
* api-change:``inspector2``: [``botocore``] Adds new response properties and request parameters for
'last scanned at' on the ListCoverage operation. This feature allows you to search and view the
date of which your resources were last scanned by Inspector.
* api-change:``iot-data``: [``botocore``] Update thing shadow name regex to allow '$' character
* api-change:``iot``: [``botocore``] Adding IoT Device Management Software Package Catalog APIs to
register, store, and report system software packages, along with their versions and metadata in a
centralized location.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``quicksight``: [``botocore``] QuickSight support for pivot table field collapse
state, radar chart range scale and multiple scope options in conditional formatting.
* api-change:``signer``: [``botocore``] AWS Signer is launching Container Image Signing, a new
feature that enables you to sign and verify container images. This feature enables you to validate
that only container images you approve are used in your enterprise.
* api-change:``sqs``: [``botocore``] Amazon SQS adds three new APIs - StartMessageMoveTask,
CancelMessageMoveTask, and ListMessageMoveTasks to automate redriving messages from dead-letter
queues to source queues or a custom destination.
- from version 1.26.147
* api-change:``cloudformation``: [``botocore``] AWS CloudFormation StackSets provides customers
with three new APIs to activate, deactivate, and describe AWS Organizations trusted access which is
needed to get started with service-managed StackSets.
* api-change:``ec2``: [``botocore``] Making InstanceTagAttribute as the required parameter for the
DeregisterInstanceEventNotificationAttributes and RegisterInstanceEventNotificationAttributes APIs.
* api-change:``finspace``: [``botocore``] Releasing new Managed kdb Insights APIs
* api-change:``frauddetector``: [``botocore``] Added new variable types, new DateTime data type,
and new rules engine functions for interacting and working with DateTime data types.
* api-change:``keyspaces``: [``botocore``] This release adds support for MRR GA launch, and
includes multiregion support in create-keyspace, get-keyspace, and list-keyspace.
* api-change:``kms``: [``botocore``] This release includes feature to import customer's asymmetric
(RSA and ECC) and HMAC keys into KMS. It also includes feature to allow customers to specify
number of days to schedule a KMS key deletion as a policy condition key.
* api-change:``lambda``: [``botocore``] Add Ruby 3.2 (ruby3.2) Runtime support to AWS Lambda.
* api-change:``mwaa``: [``botocore``] This release adds ROLLING_BACK and CREATING_SNAPSHOT
environment statuses for Amazon MWAA environments.
- from version 1.26.146
* api-change:``athena``: [``botocore``] This release introduces the DeleteCapacityReservation API
and the ability to manage capacity reservations using CloudFormation
* api-change:``cloudtrail``: [``botocore``] This feature allows users to start and stop event
ingestion on a CloudTrail Lake event data store.
* api-change:``sagemaker``: [``botocore``] This release adds Selective Execution feature that
allows SageMaker Pipelines users to run selected steps in a pipeline.
* api-change:``wafv2``: [``botocore``] Added APIs to describe managed products. The APIs retrieve
information about rule groups that are managed by AWS and by AWS Marketplace sellers.
- from version 1.26.145
* api-change:``alexaforbusiness``: [``botocore``] Alexa for Business has been deprecated and is no
longer supported.
* api-change:``appflow``: [``botocore``] Added ability to select DataTransferApiType for
DescribeConnector and CreateFlow requests when using Async supported connectors. Added
supportedDataTransferType to DescribeConnector/DescribeConnectors/ListConnector response.
* api-change:``customer-profiles``: [``botocore``] This release introduces calculated attribute
related APIs.
* api-change:``ivs``: [``botocore``] API Update for IVS Advanced Channel type
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker Autopilot adds support for Parquet file
input to NLP text classification jobs.
* api-change:``wafv2``: [``botocore``] Corrected the information for the header order FieldToMatch
setting
- Update BuildRequires and Requires from setup.py
- update to 1.26.144:
* see https://raw.githubusercontent.com/boto/boto3/1.26.144/CHANGELOG.rst
- Update to 1.26.130:
* api-change:``glue``: [``botocore``] Support large worker types G.4x and G.8x for Glue Spark
* api-change:``guardduty``: [``botocore``] Add AccessDeniedException 403 Error message code to
support 3 Tagging related APIs
* api-change:``iotsitewise``: [``botocore``] Provide support for 20,000 max results for
GetAssetPropertyValueHistory/BatchGetAssetPropertyValueHistory and 15 minute aggregate resolution
for GetAssetPropertyAggregates/BatchGetAssetPropertyAggregates
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
- from version 1.26.129
* api-change:``ec2``: [``botocore``] This release adds support the inf2 and trn1n instances. inf2
instances are purpose built for deep learning inference while trn1n instances are powered by AWS
Trainium accelerators and they build on the capabilities of Trainium-powered trn1 instances.
* api-change:``inspector2``: [``botocore``] Amazon Inspector now allows customers to search its
vulnerability intelligence database if any of the Inspector scanning types are activated.
* api-change:``mediatailor``: [``botocore``] This release adds support for AFTER_LIVE_EDGE mode
configuration for avail suppression, and adding a fill-policy setting that sets the avail
suppression to PARTIAL_AVAIL or FULL_AVAIL_ONLY when AFTER_LIVE_EDGE is enabled.
* api-change:``sqs``: [``botocore``] Revert previous SQS protocol change.
- from version 1.26.128
* bugfix:``sqs``: [``botocore``] Rolled back recent change to wire format protocol
- from version 1.26.127
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``config``: [``botocore``] Updated ResourceType enum with new resource types onboarded
by AWS Config in April 2023.
* api-change:``connect``: [``botocore``] Remove unused InvalidParameterException from
CreateParticipant API
* api-change:``ecs``: [``botocore``] Documentation update for new error type
NamespaceNotFoundException for CreateCluster and UpdateCluster
* api-change:``network-firewall``: [``botocore``] This release adds support for the Suricata REJECT
option in midstream exception configurations.
* api-change:``opensearch``: [``botocore``] DescribeDomainNodes: A new API that provides
configuration information for nodes part of the domain
* api-change:``quicksight``: [``botocore``] Add support for Topic, Dataset parameters and VPC
* api-change:``rekognition``: [``botocore``] This release adds a new attribute FaceOccluded.
Additionally, you can now select attributes individually (e.g. ["DEFAULT", "FACE_OCCLUDED",
"AGE_RANGE"] instead of ["ALL"]), which can reduce response time.
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``sagemaker``: [``botocore``] We added support for ml.inf2 and ml.trn1 family of
instances on Amazon SageMaker for deploying machine learning (ML) models for Real-time and
Asynchronous inference. You can use these instances to achieve high performance at a low cost for
generative artificial intelligence (AI) models.
* api-change:``securityhub``: [``botocore``] Add support for Finding History.
* api-change:``sqs``: [``botocore``] This release enables customers to call SQS using AWS JSON-1.0
protocol.
- from version 1.26.126
* api-change:``appsync``: [``botocore``] Private API support for AWS AppSync. With Private APIs,
you can now create GraphQL APIs that can only be accessed from your Amazon Virtual Private Cloud
("VPC").
* api-change:``ec2``: [``botocore``] Adds an SDK paginator for
GetNetworkInsightsAccessScopeAnalysisFindings
* api-change:``inspector2``: [``botocore``] This feature provides deep inspection for linux based
instance
* api-change:``iottwinmaker``: [``botocore``] This release adds a field for GetScene API to return
error code and message from dependency services.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now supports policy level
HOME_NET variable overrides.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option to deploy a
domain across multiple Availability Zones, with each AZ containing a complete copy of data and with
nodes in one AZ acting as a standby. This option provides 99.99% availability and consistent
performance in the event of infrastructure failure.
* api-change:``wellarchitected``: [``botocore``] This release deepens integration with AWS Service
Catalog AppRegistry to improve workload resource discovery.
- Update BuildRequires and Requires from setup.py
- update to 1.26.125:
* api-change:``appflow``: [``botocore``] This release adds new
API to cancel flow executions.
* api-change:``connect``: [``botocore``] Amazon Connect Service
Rules API update: Added OnContactEvaluationSubmit event
source to support user configuring evaluation form rules.
* api-change:``ecs``: [``botocore``] Documentation only update
to address Amazon ECS tickets.
* api-change:``kendra``: [``botocore``] AWS Kendra now supports
configuring document fields/attributes via the
GetQuerySuggestions API. You can now base query suggestions
on the contents of document fields.
* api-change:``resiliencehub``: [``botocore``] This release
will improve resource level transparency in applications by
discovering previously hidden resources.
* api-change:``sagemaker``: [``botocore``] Amazon Sagemaker
Autopilot supports training models with sample weights and
additional objective metrics.
* 1.26.124
* api-change:``compute-optimizer``: [``botocore``] support for
tag filtering within compute optimizer. ability to filter
recommendation results by tag and tag key value pairs.
ability to filter by inferred workload type added.
* api-change:``kms``: [``botocore``] This release makes the
NitroEnclave request parameter Recipient and the response
field for CiphertextForRecipient available in AWS SDKs. It
also adds the regex pattern for CloudHsmClusterId validation.
* 1.26.123
* api-change:``appflow``: [``botocore``] Adds Jwt Support for
Salesforce Credentials.
* api-change:``athena``: [``botocore``] You can now use
capacity reservations on Amazon Athena to run SQL queries on
fully-managed compute capacity.
* api-change:``directconnect``: [``botocore``] This release
corrects the jumbo frames MTU from 9100 to 8500.
* api-change:``efs``: [``botocore``] Update efs client to
latest version
* api-change:``grafana``: [``botocore``] This release adds
support for the grafanaVersion parameter in CreateWorkspace.
* api-change:``iot``: [``botocore``] This release allows AWS
IoT Core users to specify a TLS security policy when creating
and updating AWS IoT Domain Configurations.
* api-change:``rekognition``: [``botocore``] Added support for
aggregating moderation labels by video segment timestamps for
Stored Video Content Moderation APIs and added additional
information about the job to all Stored Video Get API
responses.
* api-change:``simspaceweaver``: [``botocore``] Added a new
CreateSnapshot API. For the StartSimulation API,
SchemaS3Location is now optional, added a new
SnapshotS3Location parameter. For the DescribeSimulation API,
added SNAPSHOT_IN_PROGRESS simulation state, deprecated
SchemaError, added new fields: StartError and
SnapshotS3Location.
* api-change:``wafv2``: [``botocore``] You can now associate a
web ACL with a Verified Access instance.
* api-change:``workspaces``: [``botocore``] Added Windows 11 to
support Microsoft_Office_2019
* api-change:``ec2``: [``botocore``] This release adds support
for AMD SEV-SNP on EC2 instances.
* api-change:``emr-containers``: [``botocore``] This release
adds GetManagedEndpointSessionCredentials, a new API that
allows customers to generate an auth token to connect to a
managed endpoint, enabling features such as self-hosted
Jupyter notebooks for EMR on EKS.
* api-change:``guardduty``: [``botocore``] Added API support to
initiate on-demand malware scan on specific resources.
* api-change:``iotdeviceadvisor``: [``botocore``] AWS IoT Core
Device Advisor now supports MQTT over WebSocket. With this
update, customers can run all three test suites of AWS IoT
Core Device Advisor - qualification, custom, and long
duration tests - using Signature Version 4 for MQTT over
WebSocket.
* api-change:``kafka``: [``botocore``] Amazon MSK has added new
APIs that allows multi-VPC private connectivity and cluster
policy support for Amazon MSK clusters that simplify
connectivity and access between your Apache Kafka clients
hosted in different VPCs and AWS accounts and your Amazon MSK
clusters.
* api-change:``lambda``: [``botocore``] Add Java 17 (java17)
support to AWS Lambda
* api-change:``marketplace-catalog``: [``botocore``] Enabled
Pagination for List Entities and List Change Sets operations
* api-change:``osis``: [``botocore``] Documentation updates for
OpenSearch Ingestion
* api-change:``qldb``: [``botocore``] Documentation updates for
Amazon QLDB
* api-change:``sagemaker``: [``botocore``] Added
ml.p4d.24xlarge and ml.p4de.24xlarge as supported instances
for SageMaker Studio
* api-change:``xray``: [``botocore``] Updated X-Ray
documentation with Resource Policy API descriptions.
* api-change:``osis``: [``botocore``] Initial release for
OpenSearch Ingestion
* api-change:``chime-sdk-messaging``: [``botocore``] Remove non
actionable field from UpdateChannelReadMarker and
DeleteChannelRequest. Add precise exceptions to
DeleteChannel and DeleteStreamingConfigurations error cases.
* api-change:``connect``: [``botocore``] Amazon Connect,
Contact Lens Evaluation API release including ability to
manage forms and to submit contact evaluations.
* api-change:``datasync``: [``botocore``] This release adds 13
new APIs to support AWS DataSync Discovery GA.
* api-change:``ds``: [``botocore``] New field added in AWS
Managed Microsoft AD DescribeSettings response and regex
pattern update for UpdateSettings value. Added length
validation to RemoteDomainName.
* api-change:``pinpoint``: [``botocore``] Adds support for
journey runs and querying journey execution metrics based on
journey runs. Adds execution metrics to campaign activities.
Updates docs for Advanced Quiet Time.
* api-change:``appflow``: [``botocore``] Increased the max
length for RefreshToken and AuthCode from 2048 to 4096.
* api-change:``codecatalyst``: [``botocore``] Documentation
updates for Amazon CodeCatalyst.
* api-change:``ec2``: [``botocore``] API changes to AWS
Verified Access related to identity providers' information.
* api-change:``mediaconvert``: [``botocore``] This release
introduces a noise reduction pre-filter, linear interpolation
deinterlace mode, video pass-through, updated default job
settings, and expanded LC-AAC Stereo audio bitrate ranges.
* api-change:``rekognition``: [``botocore``] Added new status
result to Liveness session status.
* 1.26.118
* api-change:``connect``: [``botocore``] This release adds a
new API CreateParticipant. For Amazon Connect Chat, you can
use this new API to customize chat flow experiences.
* api-change:``ecs``: [``botocore``] Documentation update to
address various Amazon ECS tickets.
* api-change:``fms``: [``botocore``] AWS Firewall Manager adds
support for multiple administrators. You can now delegate
more than one administrator per organization.
* 1.26.117
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This
release adds support for specifying the recording file format
in an S3 recording sink configuration.
* api-change:``chime-sdk-meetings``: [``botocore``] Adds
support for Hindi and Thai languages and additional Amazon
Transcribe parameters to the StartMeetingTranscription API.
* api-change:``chime``: [``botocore``] Adds support for Hindi
and Thai languages and additional Amazon Transcribe
parameters to the StartMeetingTranscription API.
* api-change:``gamelift``: [``botocore``] Amazon GameLift
supports creating Builds for Windows 2016 operating system.
* api-change:``guardduty``: [``botocore``] This release adds
support for the new Lambda Protection feature.
* api-change:``iot``: [``botocore``] Support additional OTA
states in GetOTAUpdate API
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker
Canvas adds ModelRegisterSettings support for
CanvasAppSettings.
* api-change:``snowball``: [``botocore``] Adds support for
Amazon S3 compatible storage. AWS Snow Family customers can
now use Amazon S3 compatible storage on Snowball Edge
devices. Also adds support for V3_5S. This is a refreshed AWS
Snowball Edge Storage Optimized device type with 210TB SSD
(customer usable).
* api-change:``wafv2``: [``botocore``] You can now create
encrypted API keys to use in a client application integration
of the JavaScript CAPTCHA API . You can also retrieve a list
of your API keys and the JavaScript application integration
URL.
* api-change:``comprehend``: [``botocore``] This release
supports native document models for custom classification, in
addition to plain-text models. You train native document
models using documents (PDF, Word, images) in their native
format.
* api-change:``ecs``: [``botocore``] This release supports the
Account Setting "TagResourceAuthorization" that allows for
enhanced Tagging security controls.
* api-change:``ram``: [``botocore``] This release adds support
for customer managed permissions. Customer managed
permissions enable customers to author and manage tailored
permissions for resources shared using RAM.
* api-change:``rds``: [``botocore``] Adds support for the
ImageId parameter of CreateCustomDBEngineVersion to RDS
Custom for Oracle
* api-change:``s3``: [``botocore``] Provides support for "Snow"
Storage class.
* api-change:``s3control``: [``botocore``] Provides support for
overriding endpoint when region is "snow". This will enable
bucket APIs for Amazon S3 Compatible storage on Snow Family
devices.
* api-change:``secretsmanager``: [``botocore``] Documentation
updates for Secrets Manager
- Update to 1.26.115
* api-change:``appflow``: [``botocore``] This release adds a Client Token parameter to the
following AppFlow APIs: Create/Update Connector Profile, Create/Update Flow, Start Flow, Register
Connector, Update Connector Registration. The Client Token parameter allows idempotent operations
for these APIs.
* api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to support using an
account-level launch configuration template with AWS Elastic Disaster Recovery.
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB API
* api-change:``emr-serverless``: [``botocore``] The GetJobRun API has been updated to include the
job's billed resource utilization. This utilization shows the aggregate vCPU, memory and storage
that AWS has billed for the job run. The billed resources include a 1-minute minimum usage for
workers, plus additional storage over 20 GB per worker.
* api-change:``internetmonitor``: [``botocore``] This release includes a new configurable value,
TrafficPercentageToMonitor, which allows users to adjust the amount of traffic monitored by
percentage
* api-change:``iotwireless``: [``botocore``] Supports the new feature of LoRaWAN roaming, allows to
configure MaxEirp for LoRaWAN gateway, and allows to configure PingSlotPeriod for LoRaWAN multicast
group
* api-change:``lambda``: [``botocore``] Add Python 3.10 (python3.10) support to AWS Lambda
- from version 1.26.114
* api-change:``ecs``: [``botocore``] This release supports ephemeral storage for AWS Fargate
Windows containers.
* api-change:``lambda``: [``botocore``] This release adds SnapStart related exceptions to
InvokeWithResponseStream API. IAM access related documentation is also added for this API.
* api-change:``migration-hub-refactor-spaces``: [``botocore``] Doc only update for Refactor Spaces
environments without network bridge feature.
* api-change:``rds``: [``botocore``] This release adds support of modifying the engine mode of
database clusters.
- from version 1.26.113
* api-change:``chime-sdk-voice``: [``botocore``] This release adds tagging support for Voice
Connectors and SIP Media Applications
* api-change:``mediaconnect``: [``botocore``] Gateway is a new feature of AWS Elemental
MediaConnect. Gateway allows the deployment of on-premises resources for the purpose of
transporting live video to and from the AWS Cloud.
- from version 1.26.112
* api-change:``groundstation``: [``botocore``] AWS Ground Station Wideband DigIF GA Release
* api-change:``managedblockchain``: [``botocore``] Removal of the Ropsten network. The Ethereum
foundation ceased support of Ropsten on December 31st, 2022..
- from version 1.26.111
* api-change:``ecr-public``: [``botocore``] This release will allow using registry alias as
registryId in BatchDeleteImage request.
* api-change:``emr-serverless``: [``botocore``] This release extends GetJobRun API to return job
run timeout (executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720
minutes if none was specified).
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 user properties when
calling the AWS IoT GetRetainedMessage API
* api-change:``wafv2``: [``botocore``] For web ACLs that protect CloudFront protections, the
default request body inspection size is now 16 KB, and you can use the new association
configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur
additional costs.
- from version 1.26.110
* api-change:``connect``: [``botocore``] This release adds the ability to configure an agent's
routing profile to receive contacts from multiple channels at the same time via extending the
UpdateRoutingProfileConcurrency, CreateRoutingProfile and DescribeRoutingProfile APIs.
* api-change:``ecs``: [``botocore``] This release adds support for enabling FIPS compliance on
Amazon ECS Fargate tasks
* api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support resource
sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added new OwnershipType
field to ListEntities request to let users filter on entities that are shared with them. Increased
max page size of ListEntities response from 20 to 50 results.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK now supports
conversion of 608 paint-on captions to pop-on captions for SCC sources.
* api-change:``omics``: [``botocore``] Remove unexpected API changes.
* api-change:``rekognition``: [``botocore``] This release adds support for Face Liveness APIs in
Amazon Rekognition. Updates UpdateStreamProcessor to return ResourceInUseException Exception. Minor
updates to API documentation.
- from version 1.26.109
* api-change:``dlm``: [``botocore``] Updated timestamp format for GetLifecyclePolicy API
* api-change:``docdb``: [``botocore``] This release adds a new parameter
'DBClusterParameterGroupName' to 'RestoreDBClusterFromSnapshot' API to associate the name of the DB
cluster parameter group while performing restore.
* api-change:``fsx``: [``botocore``] Amazon FSx for Lustre now supports creating data repository
associations on Persistent_1 and Scratch_2 file systems.
* api-change:``lambda``: [``botocore``] This release adds a new Lambda InvokeWithResponseStream API
to support streaming Lambda function responses. The release also adds a new InvokeMode parameter to
Function Url APIs to control whether the response will be streamed or buffered.
* api-change:``quicksight``: [``botocore``] This release has two changes: adding the OR condition
to tag-based RLS rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental
RefreshProperties operations for users to programmatically configure SPICE dataset ingestions.
* api-change:``redshift-data``: [``botocore``] Update documentation of API descriptions as needed
in support of temporary credentials with IAM identity.
* api-change:``servicecatalog``: [``botocore``] Updates description for property
- from version 1.26.108
* api-change:``cloudformation``: [``botocore``] Including UPDATE_COMPLETE as a failed status for
DeleteStack waiter.
* api-change:``greengrassv2``: [``botocore``] Add support for SUCCEEDED value in
coreDeviceExecutionStatus field. Documentation updates for Greengrass V2.
* api-change:``proton``: [``botocore``] This release adds support for the AWS Proton service sync
feature. Service sync enables managing an AWS Proton service (creating and updating instances) and
all of it's corresponding service instances from a Git repository.
* api-change:``rds``: [``botocore``] Adds and updates the SDK examples
- from version 1.26.107
* api-change:``apprunner``: [``botocore``] App Runner adds support for seven new vCPU and memory
configurations.
* api-change:``config``: [``botocore``] This release adds resourceType enums for types released in
March 2023.
* api-change:``ecs``: [``botocore``] This is a document only updated to add information about
Amazon Elastic Inference (EI).
* api-change:``identitystore``: [``botocore``] Documentation updates for Identity Store CLI command
reference.
* api-change:``ivs-realtime``: [``botocore``] Fix ParticipantToken ExpirationTime format
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now supports IPv6-only
subnets.
* api-change:``servicecatalog``: [``botocore``] removed incorrect product type value
* api-change:``vpc-lattice``: [``botocore``] This release removes the entities in the API doc model
package for auth policies.
- from version 1.26.106
* api-change:``amplifyuibuilder``: [``botocore``] Support StorageField and custom displays for
data-bound options in form builder. Support non-string operands for predicates in collections.
Support choosing client to get token from.
* api-change:``autoscaling``: [``botocore``] Documentation updates for Amazon EC2 Auto Scaling
* api-change:``dataexchange``: [``botocore``] This release updates the value of MaxResults.
* api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn bare metal instances are
powered by 3rd Generation Intel Xeon Scalable processors and offer up to 200 Gbps of network
bandwidth.
* api-change:``elastic-inference``: [``botocore``] Updated public documentation for the Describe
and Tagging APIs.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Asynchronous Inference now allows
customer's to receive failure model responses in S3 and receive success/failure model responses in
SNS notifications.
* api-change:``wafv2``: [``botocore``] This release rolls back association config feature for
webACLs that protect CloudFront protections.
- from version 1.26.105
* api-change:``glue``: [``botocore``] Add support for database-level federation
* api-change:``lakeformation``: [``botocore``] Add support for database-level federation
* api-change:``license-manager``: [``botocore``] This release adds grant override options to the
CreateGrantVersion API. These options can be used to specify grant replacement behavior during
grant activation.
* api-change:``mwaa``: [``botocore``] This Amazon MWAA release adds the ability to customize the
Apache Airflow environment by launching a shell script at startup. This shell script is hosted in
your environment's Amazon S3 bucket. Amazon MWAA runs the script before installing requirements and
initializing the Apache Airflow process.
* api-change:``servicecatalog``: [``botocore``] This release introduces Service Catalog support for
Terraform open source. It enables 1. The notify* APIs to Service Catalog. These APIs are used by
the terraform engine to notify the result of the provisioning engine execution. 2. Adds a new
TERRAFORM_OPEN_SOURCE product type in CreateProduct API.
* api-change:``wafv2``: [``botocore``] For web ACLs that protect CloudFront protections, the
default request body inspection size is now 16 KB, and you can use the new association
configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur
additional costs.
- from version 1.26.104
* api-change:``ec2``: [``botocore``] Documentation updates for EC2 On Demand Capacity Reservations
* api-change:``internetmonitor``: [``botocore``] This release adds a new feature for Amazon
CloudWatch Internet Monitor that enables customers to deliver internet measurements to Amazon S3
buckets as well as CloudWatch Logs.
* api-change:``resiliencehub``: [``botocore``] Adding EKS related documentation for appTemplateBody
* api-change:``s3``: [``botocore``] Documentation updates for Amazon S3
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] In this release, you can now chose
between soft delete and hard delete when calling the DeleteRecord API, so you have more flexibility
when it comes to managing online store data.
* api-change:``sms``: [``botocore``] Deprecating AWS Server Migration Service.
- from version 1.26.103
* api-change:``athena``: [``botocore``] Make DefaultExecutorDpuSize and CoordinatorDpuSize fields
optional in StartSession
* api-change:``autoscaling``: [``botocore``] Amazon EC2 Auto Scaling now supports Elastic Load
Balancing traffic sources with the AttachTrafficSources, DetachTrafficSources, and
DescribeTrafficSources APIs. This release also introduces a new activity status,
"WaitingForConnectionDraining", for VPC Lattice to the DescribeScalingActivities API.
* api-change:``batch``: [``botocore``] This feature allows Batch on EKS to support configuration of
Pod Labels through Metadata for Batch on EKS Jobs.
* api-change:``compute-optimizer``: [``botocore``] This release adds support for HDD EBS volume
types and io2 Block Express. We are also adding support for 61 new instance types and instances
that have non consecutive runtime.
* api-change:``drs``: [``botocore``] Adding a field to the replication configuration APIs to
support the auto replicate new disks feature. We also deprecated RetryDataReplication.
* api-change:``ec2``: [``botocore``] This release adds support for Tunnel Endpoint Lifecycle
control, a new feature that provides Site-to-Site VPN customers with better visibility and control
of their VPN tunnel maintenance updates.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which
helps you evaluate and monitor the quality of your data and includes the API for creating,
deleting, or updating data quality rulesets, runs and evaluations.
* api-change:``guardduty``: [``botocore``] Added EKS Runtime Monitoring feature support to existing
detector, finding APIs and introducing new Coverage APIs
* api-change:``imagebuilder``: [``botocore``] Adds support for new image workflow details and image
vulnerability detection.
* api-change:``ivs``: [``botocore``] Amazon Interactive Video Service (IVS) now offers customers
the ability to configure IVS channels to allow insecure RTMP ingest.
* api-change:``kendra``: [``botocore``] AWS Kendra now supports featured results for a query.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall added TLS inspection
configurations to allow TLS traffic inspection.
* api-change:``sagemaker-geospatial``: [``botocore``] Amazon SageMaker geospatial capabilities now
supports server-side encryption with customer managed KMS key and SageMaker notebooks with a
SageMaker geospatial image in a Amazon SageMaker Domain with VPC only mode.
* api-change:``vpc-lattice``: [``botocore``] General Availability (GA) release of Amazon VPC Lattice
* api-change:``wellarchitected``: [``botocore``] AWS Well-Architected SDK now supports getting
consolidated report metrics and generating a consolidated report PDF.
- from version 1.26.102
* api-change:``opensearchserverless``: [``botocore``] This release includes two new exception types
"ServiceQuotaExceededException" and "OcuLimitExceededException".
* api-change:``rds``: [``botocore``] Add support for creating a read replica DB instance from a
Multi-AZ DB cluster.
- from version 1.26.101
* api-change:``iot-data``: [``botocore``] Add endpoint ruleset support for cn-north-1.
* api-change:``ssm-contacts``: [``botocore``] This release adds 12 new APIs as part of Oncall
Schedule feature release, adds support for a new contact type: ONCALL_SCHEDULE. Check public
documentation for AWS ssm-contacts for more information
* api-change:``ssm-incidents``: [``botocore``] Increased maximum length of "TriggerDetails.rawData"
to 10K characters and "IncidentSummary" to 8K characters.
- from version 1.26.100
* api-change:``athena``: [``botocore``] Enforces a minimal level of encryption for the workgroup
for query and calculation results that are written to Amazon S3. When enabled, workgroup users can
set encryption only to the minimum level set by the administrator or higher when they submit
queries.
* api-change:``chime-sdk-voice``: [``botocore``] Documentation updates for Amazon Chime SDK Voice.
* api-change:``connect``: [``botocore``] This release introduces support for RelatedContactId in
the StartChatContact API. Interactive message and interactive message response have been added to
the list of supported message content types for this API as well.
* api-change:``connectparticipant``: [``botocore``] This release provides an update to the
SendMessage API to handle interactive message response content-types.
* api-change:``iotwireless``: [``botocore``] Introducing new APIs that enable Sidewalk devices to
communicate with AWS IoT Core through Sidewalk gateways. This will empower AWS customers to connect
Sidewalk devices with other AWS IoT Services, creating possibilities for seamless integration and
advanced device management.
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports ID3 tag insertion
for audio only HLS output groups. AWS Elemental Link devices now support tagging.
* api-change:``sagemaker``: [``botocore``] Fixed some improperly rendered links in SDK
documentation.
* api-change:``securityhub``: [``botocore``] Added new resource detail objects to ASFF, including
resources for AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.
* api-change:``servicecatalog-appregistry``: [``botocore``] In this release, we started supporting
ARN in applicationSpecifier and attributeGroupSpecifier. GetAttributeGroup, ListAttributeGroups and
ListAttributeGroupsForApplication APIs will now have CreatedBy field in the response.
* api-change:``voice-id``: [``botocore``] Amazon Connect Voice ID now supports multiple fraudster
watchlists. Every domain has a default watchlist where all existing fraudsters are placed by
default. Custom watchlists may now be created, managed, and evaluated against for known fraudster
detection.
- from version 1.26.99
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``comprehend``: [``botocore``] This release adds a new field (FlywheelArn) to the
EntitiesDetectionJobProperties object. The FlywheelArn field is returned in the
DescribeEntitiesDetectionJob and ListEntitiesDetectionJobs responses when the EntitiesDetection job
is started with a FlywheelArn instead of an EntityRecognizerArn .
* api-change:``rds``: [``botocore``] Added error code CreateCustomDBEngineVersionFault for when the
create custom engine version for Custom engines fails.
- from version 1.26.98
* api-change:``batch``: [``botocore``] This feature allows Batch to support configuration of
ephemeral storage size for jobs running on FARGATE
* api-change:``chime-sdk-identity``: [``botocore``] AppInstanceBots can be used to add a bot
powered by Amazon Lex to chat channels. ExpirationSettings provides automatic resource deletion
for AppInstanceUsers.
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds Amazon Chime SDK call
analytics. Call analytics include voice analytics, which provides speaker search and voice tone
analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to
generate machine-learning-powered insights from real-time audio.
* api-change:``chime-sdk-messaging``: [``botocore``] ExpirationSettings provides automatic resource
deletion for Channels.
* api-change:``chime-sdk-voice``: [``botocore``] This release adds Amazon Chime SDK call analytics.
Call analytics include voice analytics, which provides speaker search and voice tone analysis.
These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate
machine-learning-powered insights from real-time audio.
* api-change:``codeartifact``: [``botocore``] Repository CreationTime is added to the
CreateRepository and ListRepositories API responses.
* api-change:``guardduty``: [``botocore``] Adds AutoEnableOrganizationMembers attribute to
DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.
* api-change:``ivs-realtime``: [``botocore``] Initial release of the Amazon Interactive Video
Service RealTime API.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK now supports
passthrough of ID3v2 tags for audio inputs to audio-only HLS outputs.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds two new APIs -
CreateAutoMLJobV2 and DescribeAutoMLJobV2. Amazon SageMaker Notebook Instances now supports the
ml.geospatial.interactive instance type.
* api-change:``servicediscovery``: [``botocore``] Reverted the throttling exception
RequestLimitExceeded for AWS Cloud Map APIs introduced in SDK version 1.12.424 2023-03-09 to
previous exception specified in the ErrorCode.
* api-change:``textract``: [``botocore``] The AnalyzeDocument - Tables feature adds support for new
elements in the API: table titles, footers, section titles, summary cells/tables, and table type.
- from version 1.26.97
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``iottwinmaker``: [``botocore``] This release adds support of adding metadata when
creating a new scene or updating an existing scene.
* api-change:``networkmanager``: [``botocore``] This release includes an update to
create-transit-gateway-route-table-attachment, showing example usage for
TransitGatewayRouteTableArn.
* api-change:``pipes``: [``botocore``] This release improves validation on the ARNs in the API model
* api-change:``resiliencehub``: [``botocore``] This release provides customers with the ability to
import resources from within an EKS cluster and assess the resiliency of EKS cluster workloads.
* api-change:``ssm``: [``botocore``] This Patch Manager release supports creating, updating, and
deleting Patch Baselines for AmazonLinux2023, AlmaLinux.
- from version 1.26.96
* api-change:``chime-sdk-messaging``: [``botocore``] Amazon Chime SDK messaging customers can now
manage streaming configuration for messaging data for archival and analysis.
* api-change:``cleanrooms``: [``botocore``] GA Release of AWS Clean Rooms, Added Tagging
Functionality
* api-change:``ec2``: [``botocore``] This release adds support for AWS Network Firewall, AWS
PrivateLink, and Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path
destination optional as long as a destination address in the filter at source is provided.
* api-change:``iotsitewise``: [``botocore``] Provide support for tagging of data streams and
enabling tag based authorization for property alias
* api-change:``mgn``: [``botocore``] This release introduces the Import and export feature and
expansion of the post-launch actions
- from version 1.26.95
* api-change:``application-autoscaling``: [``botocore``] With this release customers can now tag
their Application Auto Scaling registered targets with key-value pairs and manage IAM permissions
for all the tagged resources centrally.
* api-change:``neptune``: [``botocore``] This release makes following few changes.
db-cluster-identifier is now a required parameter of create-db-instance. describe-db-cluster will
now return PendingModifiedValues and GlobalClusterIdentifier fields in the response.
* api-change:``s3outposts``: [``botocore``] S3 On Outposts added support for endpoint status, and a
failed endpoint reason, if any
* api-change:``workdocs``: [``botocore``] This release adds a new API, SearchResources, which
enable users to search through metadata and content of folders, documents, document versions and
comments in a WorkDocs site.
- from version 1.26.94
* api-change:``billingconductor``: [``botocore``] This release adds a new filter to
ListAccountAssociations API and a new filter to ListBillingGroups API.
* api-change:``config``: [``botocore``] This release adds resourceType enums for types released
from October 2022 through February 2023.
* api-change:``dms``: [``botocore``] S3 setting to create AWS Glue Data Catalog. Oracle setting to
control conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map
boolean from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to
control access of database logs.
- from version 1.26.93
* api-change:``guardduty``: [``botocore``] Updated 9 APIs for feature enablement to reflect
expansion of GuardDuty to features. Added new APIs and updated existing APIs to support RDS
Protection GA.
* api-change:``resource-explorer-2``: [``botocore``] Documentation updates for APIs.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
- from version 1.26.92
* api-change:``migrationhubstrategy``: [``botocore``] This release adds the binary analysis that
analyzes IIS application DLLs on Windows and Java applications on Linux to provide anti-pattern
report without configuring access to the source code.
* api-change:``s3control``: [``botocore``] Added support for S3 Object Lambda aliases.
* api-change:``securitylake``: [``botocore``] Make Create/Get/ListSubscribers APIs return resource
share ARN and name so they can be used to validate the RAM resource share to accept. GetDatalake
can be used to track status of UpdateDatalake and DeleteDatalake requests.
- from version 1.26.91
* api-change:``application-autoscaling``: [``botocore``] Application Auto Scaling customers can now
use mathematical functions to customize the metric used with Target Tracking policies within the
policy configuration itself, saving the cost and effort of publishing the customizations as a
separate metric.
* api-change:``dataexchange``: [``botocore``] This release enables data providers to license direct
access to S3 objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data
Exchange. Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with
them, without creating or managing copies.
* api-change:``directconnect``: [``botocore``] describe-direct-connect-gateway-associations
includes a new status, updating, indicating that the association is currently in-process of
updating.
* api-change:``ec2``: [``botocore``] This release adds a new DnsOptions key
(PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.
* api-change:``iam``: [``botocore``] Documentation only updates to correct customer-reported issues
* api-change:``keyspaces``: [``botocore``] Adding support for client-side timestamps
- from version 1.26.90
* api-change:``appintegrations``: [``botocore``] Adds FileConfiguration to Amazon AppIntegrations
CreateDataIntegration supporting scheduled downloading of third party files into Amazon Connect
from sources such as Microsoft SharePoint.
* api-change:``lakeformation``: [``botocore``] This release updates the documentation regarding
Get/Update DataCellsFilter
* api-change:``s3control``: [``botocore``] Added support for cross-account Multi-Region Access
Points. Added support for S3 Replication for S3 on Outposts.
* api-change:``tnb``: [``botocore``] This release adds tagging support to the following Network
Instance APIs : Instantiate, Update, Terminate.
* api-change:``wisdom``: [``botocore``] This release extends Wisdom CreateKnowledgeBase API to
support SharePoint connector type by removing the @required trait for objectField
- Update BuildRequires and Requires from setup.py
- python-six is not required
- python-botocore
-
- Drop Provides for SLE 15 SP4 and openSUSE Leap 15.4 and later
- Switch to Python 3.11 build in SLE 15 SP4 and openSUSE Leap 15.4 and
later (jsc#PCT-371).
- Switch to wheel build
- Update to 1.34.31
* api-change:``datazone``: Add new skipDeletionCheck to DeleteDomain. Add
new skipDeletionCheck to DeleteProject which also automatically deletes
dependent objects
* api-change:``route53``: Update the SDKs for text changes in the APIs.
- From 1.34.30
* api-change:``autoscaling``: EC2 Auto Scaling customers who use attribute
based instance-type selection can now intuitively define their Spot
instances price protection limit as a percentage of the lowest priced
On-Demand instance type.
* api-change:``comprehend``: Comprehend PII analysis now supports Spanish
input documents.
* api-change:``ec2``: EC2 Fleet customers who use attribute based
instance-type selection can now intuitively define their Spot instances
price protection limit as a percentage of the lowest priced On-Demand
instance type.
* api-change:``mwaa``: This release adds MAINTENANCE environment status for
Amazon MWAA environments.
* api-change:``rds``: Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS
RestoreDBClusterFromSnapshot and RestoreDBClusterToPointInTime API methods.
This provides enhanced error handling, ensuring a more robust experience.
* api-change:``snowball``: Modified description of createaddress to include
direction to add path when providing a JSON file.
- From 1.34.29
* api-change:``connect``: Update list and string length limits for predefined
attributes.
* api-change:``inspector2``: This release adds ECR container image scanning
based on their lastRecordedPullTime.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now
provides an API to programmatically delete tuning jobs.
- From 1.34.28
* api-change:``acm-pca``: AWS Private CA now supports an option to omit the
CDP extension from issued certificates, when CRL revocation is enabled.
* api-change:``lightsail``: This release adds support for IPv6-only instance
plans.
- From 1.34.27
* api-change:``ec2``: Introduced a new clientToken request parameter on
CreateNetworkAcl and CreateRouteTable APIs. The clientToken parameter
allows idempotent operations on the APIs.
* api-change:``ecs``: Documentation updates for Amazon ECS.
* api-change:``outposts``: DeviceSerialNumber parameter is now optional in
StartConnection API
* api-change:``rds``: This release adds support for Aurora Limitless Database.
* api-change:``storagegateway``: Add DeprecationDate and SoftwareVersion to
response of ListGateways.
- From 1.34.26
* api-change:``inspector2``: This release adds support for CIS scans on EC2
instances.
- From 1.34.25
* enhancement:documentation: Updates the GitHub issue creation link in our
README
- From 1.34.24
* api-change:``appconfigdata``: Fix FIPS Endpoints in aws-us-gov.
* api-change:``cloud9``: Doc-only update around removing AL1 from list of
available AMIs for Cloud9
* api-change:``cloudfront-keyvaluestore``: This release improves upon the
DescribeKeyValueStore API by returning two additional fields, Status of the
KeyValueStore and the FailureReason in case of failures during creation of
KeyValueStore.
* api-change:``connectcases``: This release adds the ability to view audit
history on a case and introduces a new parameter, performedBy, for
CreateCase and UpdateCase API's.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``ecs``: This release adds support for Transport Layer Security
(TLS) and Configurable Timeout to ECS Service Connect. TLS facilitates
privacy and data security for inter-service communications, while
Configurable Timeout allows customized per-request timeout and idle timeout
for Service Connect services.
* api-change:``finspace``: Allow customer to set zip default through command
line arguments.
* api-change:``organizations``: Doc only update for quota increase change
* api-change:``rds``: Introduced support for the
InsufficientDBInstanceCapacityFault error in the RDS CreateDBCluster API
method. This provides enhanced error handling, ensuring a more robust
experience when creating database clusters with insufficient instance
capacity.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- Frome 1.34.23
* api-change:``athena``: Introducing new NotebookS3LocationUri parameter to
Athena ImportNotebook API. Payload is no longer required and either Payload
or NotebookS3LocationUri needs to be provided (not both) for a successful
ImportNotebook API call. If both are provided, an InvalidRequestException
will be thrown.
* api-change:``codebuild``: Release CodeBuild Reserved Capacity feature
* api-change:``dynamodb``: This release adds support for including
ApproximateCreationDateTimePrecision configurations in
EnableKinesisStreamingDestination API, adds the same as an optional field
in the response of DescribeKinesisStreamingDestination, and adds support
for a new UpdateKinesisStreamingDestination API.
* api-change:``qconnect``: Increased Quick Response name max length to 100
- From 1.34.22
* api-change:``b2bi``: Increasing TestMapping inputFileContent file size
limit to 5MB and adding file size limit 250KB for TestParsing input file.
This release also includes exposing InternalServerException for Tag APIs.
* api-change:``cloudtrail``: This release adds a new API
ListInsightsMetricData to retrieve metric data from CloudTrail Insights.
* api-change:``connect``: GetMetricDataV2 now supports 3 groupings
* api-change:``drs``: Removed invalid and unnecessary default values.
* api-change:``firehose``: Allow support for Snowflake as a Kinesis Data
Firehose delivery destination.
* api-change:``sagemaker-featurestore-runtime``: Increase BatchGetRecord
limits from 10 items to 100 items
- From 1.34.21
* api-change:``dynamodb``: Updating note for enabling streams for UpdateTable.
* api-change:``keyspaces``: This release adds support for Multi-Region
Replication with provisioned tables, and Keyspaces auto scaling APIs
- From 1.34.20
* api-change:``iot``: Revert release of LogTargetTypes
* api-change:``iotfleetwise``: Updated APIs: SignalNodeType query parameter
has been added to ListSignalCatalogNodesRequest and ListVehiclesResponse
has been extended with attributes field.
* api-change:``macie2``: This release adds support for analyzing Amazon S3
objects that are encrypted using dual-layer server-side encryption with
AWS KMS keys (DSSE-KMS). It also adds support for reporting DSSE-KMS
details in statistics and metadata about encryption settings for S3 buckets
and objects.
* api-change:``payment-cryptography``: Provide an additional option for key
exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and
ExportKey operations. Added new key usage (type)
TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane
operations with ISO9797 Algorithm 1 MAC calculations.
* api-change:``personalize-runtime``: Documentation updates for Amazon
Personalize
* api-change:``personalize``: Documentation updates for Amazon Personalize.
* api-change:``rekognition``: This release adds ContentType and TaxonomyLevel
attributes to DetectModerationLabels and GetMediaAnalysisJob API responses.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
- From 1.34.19
* api-change:``sagemaker``: This release will have ValidationException thrown
if certain invalid app types are provided. The release will also throw
ValidationException if more than 10 account ids are provided in
VpcOnlyTrustedAccounts.
- From 1.34.18
* api-change:``connect``: Supervisor Barge for Chat is now supported through
the MonitorContact API.
* api-change:``connectparticipant``: Introduce new Supervisor participant role
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
* api-change:``location``: Location SDK documentation update. Added missing
fonts to the MapConfiguration data type. Updated note for the
SubMunicipality property in the place data type.
* api-change:``mwaa``: This Amazon MWAA feature release includes new fields
in CreateWebLoginToken response model. The new fields IamIdentity and
AirflowIdentity will let you match identifications, as the Airflow identity
length is currently hashed to 64 characters.
* api-change:``s3control``: S3 On Outposts team adds dualstack endpoints
support for S3Control and S3Outposts API calls.
* api-change:``supplychain``: This release includes APIs
CreateBillOfMaterialsImportJob and GetBillOfMaterialsImportJob.
* api-change:``transfer``: AWS Transfer Family now supports static IP
addresses for SFTP & AS2 connectors and for async MDNs on AS2 servers.
- From 1.34.17
* api-change:``ec2``: This release adds support for adding an
ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``ecs``: This release adds support for adding an
ElasticBlockStorage volume configurations in ECS
RunTask/StartTask/CreateService/UpdateService APIs. The configuration
allows for attaching EBS volumes to ECS Tasks.
* api-change:``events``: Update events client to latest version
* api-change:``iot``: Add ConflictException to Update APIs of AWS IoT
Software Package Catalog
* api-change:``iotfleetwise``: The following dataTypes have been removed:
CUSTOMER_DECODED_INTERFACE in NetworkInterfaceType;
CUSTOMER_DECODED_SIGNAL_INFO_IS_NULL in SignalDecoderFailureReason;
CUSTOMER_DECODED_SIGNAL_NETWORK_INTERFACE_INFO_IS_NULL in
NetworkInterfaceFailureReason; CUSTOMER_DECODED_SIGNAL in SignalDecoderType
* api-change:``secretsmanager``: Doc only update for Secrets Manager
* api-change:``workspaces``: Added AWS Workspaces RebootWorkspaces API -
Extended Reboot documentation update
- From 1.34.16
* api-change:``connectcampaigns``: Minor pattern updates for Campaign and
Dial Request API fields.
* api-change:``location``: This release adds API support for custom layers
for the maps service APIs: CreateMap, UpdateMap, DescribeMap.
* api-change:``logs``: Add support for account level subscription filter
policies to PutAccountPolicy, DescribeAccountPolicies, and
DeleteAccountPolicy APIs. Additionally, PutAccountPolicy has been modified
with new optional "selectionCriteria" parameter for resource selection.
* api-change:``qconnect``: QueryAssistant and GetRecommendations will be
discontinued starting June 1, 2024. To receive generative responses after
March 1, 2024 you will need to create a new Assistant in the Connect
console and integrate the Amazon Q in Connect JavaScript library
(amazon-q-connectjs) into your applications.
* api-change:``redshift-serverless``: Updates to ConfigParameter for RSS
workgroup, removal of use_fips_ssl
* api-change:``route53``: Route53 now supports geoproximity routing in AWS
regions
* api-change:``wisdom``: QueryAssistant and GetRecommendations will be
discontinued starting June 1, 2024. To receive generative responses after
March 1, 2024 you will need to create a new Assistant in the Connect
console and integrate the Amazon Q in Connect JavaScript library
(amazon-q-connectjs) into your applications.
- From 1.34.15
* api-change:``codebuild``: Aws CodeBuild now supports new compute type
BUILD_GENERAL1_XLARGE
* api-change:``ec2``: Amazon EC2 R7iz bare metal instances are powered by
custom 4th generation Intel Xeon Scalable processors.
* api-change:``route53resolver``: This release adds support for query type
configuration on firewall rules that enables customers for granular action
(ALLOW, ALERT, BLOCK) by DNS query type.
- From 1.34.14
* api-change:``connect``: Minor trait updates for User APIs
* api-change:``kms``: Documentation updates for AWS Key Management Service
(KMS).
* api-change:``redshift-serverless``: use_fips_ssl and require_ssl parameter
support for Workgroup, UpdateWorkgroup, and CreateWorkgroup
- From 1.34.13
* api-change:``config``: Updated ResourceType enum with new resource types
onboarded by AWS Config in November and December 2023.
* api-change:``docdb``: Adding PerformanceInsightsEnabled and
PerformanceInsightsKMSKeyId fields to DescribeDBInstances Response.
* api-change:``ecs``: This release adds support for managed instance draining
which facilitates graceful termination of Amazon ECS instances.
* api-change:``es``: This release adds support for new or existing Amazon
OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward
secrecy cipher suites for domain endpoints.
* api-change:``lightsail``: This release adds support to set up an HTTPS
endpoint on an instance.
* api-change:``opensearch``: This release adds support for new or existing
Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward
secrecy cipher suites for domain endpoints.
* api-change:``sagemaker``: Adding support for provisioned throughput mode
for SageMaker Feature Groups
* api-change:``servicecatalog``: Added Idempotency token support to Service
Catalog AssociateServiceActionWithProvisioningArtifact,
DisassociateServiceActionFromProvisioningArtifact, DeleteServiceAction API
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- From 1.34.12
* api-change:``connect``: Amazon Connect, Contact Lens Evaluation API
increase evaluation notes max length to 3072.
* api-change:``mediaconvert``: This release includes video engine updates
including HEVC improvements, support for ingesting VP9 encoded video in
MP4 containers, and support for user-specified 3D LUTs.
- From 1.34.11
* api-change:``apprunner``: AWS App Runner adds Python 3.11 and Node.js 18
runtimes.
* api-change:``location``: This release introduces a new parameter to
bypasses an API key's expiry conditions and delete the key.
* api-change:``quicksight``: Add LinkEntityArn support for different
partitions; Add UnsupportedUserEditionException in UpdateDashboardLinks
API; Add support for New Reader Experience Topics
- From 1.34.10
* api-change:``codestar-connections``: New integration with the GitLab
self-managed provider type.
* api-change:``kinesis-video-archived-media``: NoDataRetentionException
thrown when GetImages requested for a Stream that does not retain data
(that is, has a DataRetentionInHours of 0).
* api-change:``sagemaker``: Amazon SageMaker Studio now supports Docker
access from within app container
- From 1.34.9
* api-change:``emr``: Update emr client to latest version
- From 1.34.8
* api-change:``iam``: Documentation updates for AWS Identity and Access
Management (IAM).
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- From 1.34.7
* api-change:``bedrock-agent``: Adding Claude 2.1 support to Bedrock Agents
* api-change:``glue``: This release adds additional configurations for Query
Session Context on the following APIs: GetUnfilteredTableMetadata,
GetUnfilteredPartitionMetadata, GetUnfilteredPartitionsMetadata.
* api-change:``lakeformation``: This release adds additional configurations
on GetTemporaryGlueTableCredentials for Query Session Context.
* api-change:``mediaconnect``: This release adds the DescribeSourceMetadata
API. This API can be used to view the stream information of the flow's
source.
* api-change:``networkmonitor``: CloudWatch Network Monitor is a new service
within CloudWatch that will help network administrators and operators
continuously monitor network performance metrics such as round-trip-time
and packet loss between their AWS-hosted applications and their on-premises
locations.
* api-change:``omics``: Provides minor corrections and an updated description
of APIs.
* api-change:``secretsmanager``: Update endpoint rules and examples.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- From 1.34.6
* enhancement:AWSCRT: Update awscrt version to 0.19.19
* api-change:``amp``: This release updates Amazon Managed Service for
Prometheus APIs to support customer managed KMS keys.
* api-change:``appintegrations``: The Amazon AppIntegrations service adds
DeleteApplication API for deleting applications, and updates APIs to
support third party applications reacting to workspace events and make
data requests to Amazon Connect for agent and contact events.
* api-change:``bedrock-agent``: This release introduces Amazon Aurora as a
vector store on Knowledge Bases for Amazon Bedrock
* api-change:``codecommit``: AWS CodeCommit now supports customer managed
keys from AWS Key Management Service. UpdateRepositoryEncryptionKey is
added for updating the key configuration. CreateRepository, GetRepository,
BatchGetRepositories are updated with new input or output parameters.
* api-change:``connect``: Adds APIs to manage User Proficiencies and
Predefined Attributes. Enhances StartOutboundVoiceContact API input.
Introduces SearchContacts API. Enhances DescribeContact API. Adds an API to
update Routing Attributes in QueuePriority and QueueTimeAdjustmentSeconds.
* api-change:``medialive``: MediaLive now supports the ability to configure
the audio that an AWS Elemental Link UHD device produces, when the device
is configured as the source for a flow in AWS Elemental MediaConnect.
* api-change:``neptune-graph``: Adds Waiters for successful creation and
deletion of Graph, Graph Snapshot, Import Task and Private Endpoints for
Neptune Analytics
* api-change:``rds-data``: This release adds support for using RDS Data API
with Aurora PostgreSQL Serverless v2 and provisioned DB clusters.
* api-change:``rds``: This release adds support for using RDS Data API with
Aurora PostgreSQL Serverless v2 and provisioned DB clusters.
* api-change:``sagemaker``: Amazon SageMaker Training now provides model
training container access for debugging purposes. Amazon SageMaker Search
now provides the ability to use visibility conditions to limit resource
access to a single domain or multiple domains.
- From 1.34.5
* api-change:``appstream``: This release introduces configurable clipboard,
allowing admins to specify the maximum length of text that can be copied by
the users from their device to the remote session and vice-versa.
* api-change:``eks``: Add support for cluster insights, new EKS capability
that surfaces potentially upgrade impacting issues.
* api-change:``guardduty``: This release 1) introduces a new API:
GetOrganizationStatistics , and 2) adds a new UsageStatisticType
TOP_ACCOUNTS_BY_FEATURE for GetUsageStatistics API
* api-change:``managedblockchain-query``: Adding Confirmation Status and
Execution Status to GetTransaction Response.
* api-change:``mediatailor``: Adds the ability to configure time shifting on
MediaTailor channels using the TimeShiftConfiguration field
* api-change:``route53``: Amazon Route 53 now supports the Canada West
(Calgary) Region (ca-west-1) for latency records, geoproximity records, and
private DNS for Amazon VPCs in that region.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- From 1.34.4
* api-change:``appsync``: This release adds additional configurations on
GraphQL APIs for limits on query depth, resolver count, and introspection
* api-change:``chime-sdk-meetings``: Add meeting features to specify a
maximum camera resolution, a maximum content sharing resolution, and a
maximum number of attendees for a given meeting.
* api-change:``ec2``: Provision BYOIPv4 address ranges and advertise them by
specifying the network border groups option in Los Angeles, Phoenix and
Dallas AWS Local Zones.
* api-change:``fsx``: Added support for FSx for OpenZFS on-demand data
replication across AWS accounts and/or regions.Added the IncludeShared
attribute for DescribeSnapshots.Added the CopyStrategy attribute for
OpenZFSVolumeConfiguration.
* api-change:``marketplace-catalog``: AWS Marketplace now supports a new API,
BatchDescribeEntities, which returns metadata and content for multiple
entities.
* api-change:``rds``: RDS - The release adds two new APIs:
DescribeDBRecommendations and ModifyDBRecommendation
- From 1.34.3
* api-change:``cognito-idp``: Amazon Cognito now supports trigger versions
that define the fields in the request sent to pre token generation Lambda
triggers.
* api-change:``eks``: Add support for EKS Cluster Access Management.
* api-change:``quicksight``: A docs-only release to add missing entities to
the API reference.
* api-change:``route53resolver``: Add DOH protocols in resolver endpoints.
- From 1.34.2
* api-change:``cloud9``: Updated Cloud9 API documentation for AL2023 release
* api-change:``connect``: Adds relatedContactId field to
StartOutboundVoiceContact API input. Introduces PauseContact API and
ResumeContact API for Task contacts. Adds pause duration, number of pauses,
timestamps for last paused and resumed events to DescribeContact API
response. Adds new Rule type and new Rule action.
* api-change:``connectcases``: Increase number of fields that can be included
in CaseEventIncludedData from 50 to 200
* api-change:``kms``: Documentation updates for AWS Key Management Service
* api-change:``rds``: Updates Amazon RDS documentation by adding code examples
* api-change:``sagemaker``: This release 1) introduces a new API:
DeleteCompilationJob , and 2) adds InfraCheckConfig for Create/Describe
training job API
- From 1.34.1
* api-change:``appstream``: This release includes support for images of
Windows Server 2022 platform.
* api-change:``b2bi``: Documentation updates for AWS B2B Data Interchange
* api-change:``billingconductor``: Billing Conductor is releasing a new API,
GetBillingGroupCostReport, which provides the ability to retrieve/view the
Billing Group Cost Report broken down by attributes for a specific billing
group.
* api-change:``connect``: This release adds support for more granular billing
using tags (key:value pairs)
* api-change:``controltower``: Documentation updates for AWS Control Tower.
* api-change:``firehose``: This release, 1) adds configurable buffering hints
for the Splunk destination, and 2) reduces the minimum configurable
buffering interval for supported destinations
* api-change:``gamelift``: Amazon GameLift adds the ability to add and
update the game properties of active game sessions.
* api-change:``iot``: This release adds the ability to self-manage
certificate signing in AWS IoT Core fleet provisioning using the new
certificate provider resource.
* api-change:``neptune-graph``: This is the initial SDK release for Amazon
Neptune Analytics
* api-change:``opensearch``: Updating documentation for Amazon OpenSearch
Service support for new zero-ETL integration with Amazon S3.
* api-change:``quicksight``: Update Dashboard Links support;
SingleAxisOptions support; Scatterplot Query limit support.
* api-change:``workspaces``: Updated note to ensure customers understand
running modes.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- From 1.34.0
* feature:Python: End of support for Python 3.7
* api-change:``drs``: Adding AgentVersion to SourceServer and
RecoveryInstance structures
- From 1.33.13
* api-change:``imagebuilder``: This release adds the Image Workflows feature
to give more flexibility and control over the image building and testing
process.
* api-change:``location``: This release 1) adds sub-municipality field in
Places API for searching and getting places information, and 2) allows
optimizing route calculation based on expected arrival time.
* api-change:``logs``: This release introduces the StartLiveTail API to tail
ingested logs in near real time.
- From 1.33.12
* api-change:``neptune``: This release adds a new parameter configuration
setting to the Neptune cluster related APIs that can be leveraged to switch
between the underlying supported storage modes.
* api-change:``pinpoint``: This release includes Amazon Pinpoint API
documentation updates pertaining to campaign message sending rate limits.
* api-change:``securityhub``: Added new resource detail objects to ASFF,
including resources for AwsDynamoDbTable, AwsEc2ClientVpnEndpoint,
AwsMskCluster, AwsS3AccessPoint, AwsS3Bucket
* api-change:``endpoint-rules``: Update endpoint-rules client to latest
version
- Update to 1.33.11:
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``ec2``: M2 Mac instances are built on Apple M2 Mac mini computers. I4i instances are
powered by 3rd generation Intel Xeon Scalable processors. C7i compute optimized, M7i general
purpose and R7i memory optimized instances are powered by custom 4th Generation Intel Xeon Scalable
processors.
* api-change:``finspace``: Releasing Scaling Group, Dataview, and Volume APIs
- from version 1.33.10
* api-change:``codedeploy``: This release adds support for two new CodeDeploy features: 1) zonal
deployments for Amazon EC2 in-place deployments, 2) deployments triggered by Auto Scaling group
termination lifecycle hook events.
- from version 1.33.9
* api-change:``backup``: AWS Backup - Features: Add VaultType to the output of
DescribeRecoveryPoint, ListRecoveryPointByBackupVault API and add ResourceType to the input of
ListRestoreJobs API
* api-change:``comprehend``: Documentation updates for Trust and Safety features.
* api-change:``connect``: Releasing Tagging Support for Instance Management APIS
* api-change:``ec2``: Releasing the new cpuManufacturer attribute within the DescribeInstanceTypes
API response which notifies our customers with information on who the Manufacturer is for the
processor attached to the instance, for example: Intel.
* api-change:``payment-cryptography``: AWS Payment Cryptography IPEK feature release
- from version 1.33.8
* api-change:``athena``: Adding IdentityCenter enabled request for interactive query
* api-change:``cleanroomsml``: Updated service title from cleanroomsml to CleanRoomsML.
* api-change:``cloudformation``: Documentation update, December 2023
* api-change:``ec2``: Adds A10G, T4G, and H100 as accelerator name options and Habana as an
accelerator manufacturer option for attribute based selection
- from version 1.33.7
* api-change:``billingconductor``: This release adds the ability to specify a linked account of the
billing group for the custom line item resource.
* api-change:``braket``: This release enhances service support to create quantum tasks and hybrid
jobs associated with Braket Direct Reservations.
* api-change:``cloud9``: This release adds the requirement to include the imageId parameter in the
CreateEnvironmentEC2 API call.
* api-change:``cloudformation``: Including UPDATE_* states as a success status for CreateStack
waiter.
* api-change:``finspace``: Release General Purpose type clusters
* api-change:``medialive``: Adds support for custom color correction on channels using 3D LUT files.
* api-change:``servicecatalog-appregistry``: Documentation-only updates for Dawn
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.33.6
* api-change:``qconnect``: This release adds the PutFeedback API and allows providing feedback
against the specified assistant for the specified target.
* api-change:``rbin``: Added resource identifier in the output and updated error handling.
* api-change:``verifiedpermissions``: Adds description field to PolicyStore API's and namespaces
field to GetSchema.
- from version 1.33.5
* api-change:``arc-zonal-shift``: This release adds a new capability, zonal autoshift. You can
configure zonal autoshift so that AWS shifts traffic for a resource away from an Availability Zone,
on your behalf, when AWS determines that there is an issue that could potentially affect customers
in the Availability Zone.
* api-change:``glue``: Adds observation and analyzer support to the GetDataQualityResult and
BatchGetDataQualityResult APIs.
* api-change:``sagemaker``: This release adds support for 1/ Code Editor, based on Code-OSS, Visual
Studio Code Open Source, a new fully managed IDE option in SageMaker Studio 2/ JupyterLab, a new
fully managed JupyterLab IDE experience in SageMaker Studio
- from version 1.33.4
* api-change:``marketplace-agreement``: The AWS Marketplace Agreement Service provides an API
interface that helps AWS Marketplace sellers manage their agreements, including listing, filtering,
and viewing details about their agreements.
* api-change:``marketplace-catalog``: This release enhances the ListEntities API to support new
entity type-specific strongly typed filters in the request and entity type-specific strongly typed
summaries in the response.
* api-change:``marketplace-deployment``: AWS Marketplace Deployment is a new service that provides
essential features that facilitate the deployment of software, data, and services procured through
AWS Marketplace.
* api-change:``redshift-serverless``: This release adds the following support for Amazon Redshift
Serverless: 1) cross-account cross-VPCs, 2) copying snapshots across Regions, 3) scheduling
snapshot creation, and 4) restoring tables from a recovery point.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.33.3
* api-change:``application-autoscaling``: Amazon SageMaker customers can now use Application Auto
Scaling to automatically scale the number of Inference Component copies across an endpoint to meet
the varying demand of their workloads.
* api-change:``cleanrooms``: AWS Clean Rooms now provides differential privacy to protect against
user-identification attempts and machine learning modeling to allow two parties to identify similar
users in their data.
* api-change:``cleanroomsml``: Public Preview SDK release of AWS Clean Rooms ML APIs
* api-change:``opensearch``: Launching Amazon OpenSearch Service support for new zero-ETL
integration with Amazon S3. Customers can now manage their direct query data sources to Amazon S3
programatically
* api-change:``opensearchserverless``: Amazon OpenSearch Serverless collections support an
additional attribute called standby-replicas. This allows to specify whether a collection should
have redundancy enabled.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: This release adds following support 1/ Improved SDK tooling for model
deployment. 2/ New Inference Component based features to lower inference costs and latency 3/
SageMaker HyperPod management. 4/ Additional parameters for FM Fine Tuning in Autopilot
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.33.2
* api-change:``accessanalyzer``: This release adds support for external access findings for S3
directory buckets to help you easily identify cross-account access. Updated service API,
documentation, and paginators.
* api-change:``bedrock``: This release adds support for customization types, model life cycle
status and minor versions/aliases for model identifiers.
* api-change:``bedrock-agent``: This release introduces Agents for Amazon Bedrock
* api-change:``bedrock-agent-runtime``: This release introduces Agents for Amazon Bedrock Runtime
* api-change:``bedrock-runtime``: This release adds support for minor versions/aliases for invoke
model identifier.
* api-change:``connect``: Added support for following capabilities: Amazon Connect's in-app, web,
and video calling. Two-way SMS integrations. Contact Lens real-time chat analytics feature. Amazon
Connect Analytics Datalake capability. Capability to configure real time chat rules.
* api-change:``customer-profiles``: This release introduces DetectProfileObjectType API to auto
generate object type mapping.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``qbusiness``: Amazon Q - a generative AI powered application that your employees can
use to ask questions and get answers from knowledge spread across disparate content repositories,
summarize reports, write articles, take actions, and much more - all within their company's
connected content repositories.
* api-change:``qconnect``: Amazon Q in Connect, an LLM-enhanced evolution of Amazon Connect Wisdom.
This release adds generative AI support to Amazon Q Connect QueryAssistant and GetRecommendations
APIs.
* api-change:``s3``: Adds support for S3 Express One Zone.
* api-change:``s3control``: Adds support for S3 Express One Zone, and InvocationSchemaVersion 2.0
for S3 Batch Operations.
- from version 1.33.1
* api-change:``elasticache``: Launching Amazon ElastiCache Serverless that enables you to create a
cache in under a minute without any capacity management. ElastiCache Serverless monitors the
cache's memory, CPU, and network usage and scales both vertically and horizontally to support your
application's requirements.
- from version 1.33.0
* feature:Versioning: With the release of Botocore 1.33.0, Boto3 and Botocore will share the same
version number.
* api-change:``appsync``: This update enables introspection of Aurora cluster databases using the
RDS Data API
* api-change:``b2bi``: This is the initial SDK release for AWS B2B Data Interchange.
* api-change:``backup``: AWS Backup now supports restore testing, a new feature that allows
customers to automate restore testing and validating their backups. Additionally, this release adds
support for EBS Snapshots Archive tier.
* api-change:``controltower``: This release adds the following support: 1. The EnableControl API
can configure controls that are configurable. 2. The GetEnabledControl API shows the configured
parameters on an enabled control. 3. The new UpdateEnabledControl API can change parameters on an
enabled control.
* api-change:``efs``: Update efs client to latest version
* api-change:``fis``: AWS FIS adds support for multi-account experiments & empty target resolution.
This release also introduces the CreateTargetAccountConfiguration API that allows experiments
across multiple AWS accounts, and the ListExperimentResolvedTargets API to list target details.
* api-change:``glue``: add observations support to DQ CodeGen config model + update document for
connectiontypes supported by ConnectorData entities
* api-change:``rds``: Updates Amazon RDS documentation for support for RDS for Db2.
* api-change:``securityhub``: Adds and updates APIs to support central configuration. This feature
allows the Security Hub delegated administrator to configure Security Hub for their entire AWS Org
across multiple regions from a home Region. With this release, findings also include account name
and application metadata.
* api-change:``transcribe``: This release adds support for AWS HealthScribe APIs within Amazon
Transcribe
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.32.7
* api-change:``accessanalyzer``: IAM Access Analyzer now continuously monitors IAM roles and users
in your AWS account or organization to generate findings for unused access. Additionally, IAM
Access Analyzer now provides custom policy checks to validate that IAM policies adhere to your
security standards ahead of deployments.
* api-change:``amp``: This release adds support for the Amazon Managed Service for Prometheus
collector, a fully managed, agentless Prometheus metrics scraping capability.
* api-change:``bcm-data-exports``: Users can create, read, update, delete Exports of billing and
cost management data. Users can get details of Export Executions and details of Tables for
exporting. Tagging support is provided for Exports
* api-change:``cloudtrail``: CloudTrail Lake now supports federating event data stores. giving
users the ability to run queries against their event data using Amazon Athena.
* api-change:``codestar-connections``: This release adds support for the CloudFormation Git sync
feature. Git sync enables updating a CloudFormation stack from a template stored in a Git
repository.
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
generate recommendations with customization and discounts preferences.
* api-change:``config``: Support Periodic Recording for Configuration Recorder
* api-change:``controltower``: Add APIs to create and manage a landing zone.
* api-change:``cost-optimization-hub``: This release launches Cost Optimization Hub, a new AWS
Billing and Cost Management feature that helps you consolidate and prioritize cost optimization
recommendations across your AWS Organizations member accounts and AWS Regions, so that you can get
the most out of your AWS spend.
* api-change:``detective``: Added new APIs in Detective to support resource investigations
* api-change:``ecs``: Adds a new 'type' property to the Setting structure. Adds a new
AccountSetting - guardDutyActivate for ECS.
* api-change:``efs``: Update efs client to latest version
* api-change:``eks``: This release adds support for EKS Pod Identity feature. EKS Pod Identity
makes it easy for customers to obtain IAM permissions for the applications running in their EKS
clusters.
* api-change:``eks-auth``: This release adds support for EKS Pod Identity feature. EKS Pod Identity
makes it easy for customers to obtain IAM permissions for their applications running in the EKS
clusters.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``freetier``: This is the initial SDK release for the AWS Free Tier GetFreeTierUsage
API
* api-change:``fsx``: Added support for FSx for ONTAP scale-out file systems and FlexGroup volumes.
Added the HAPairs field and ThroughputCapacityPerHAPair for filesystem. Added
AggregateConfiguration (containing Aggregates and ConstituentsPerAggregate) and SizeInBytes for
volume.
* api-change:``guardduty``: Add support for Runtime Monitoring for ECS and ECS-EC2.
* api-change:``iotfleetwise``: AWS IoT FleetWise introduces new APIs for vision system data, such
as data collected from cameras, radars, and lidars. You can now model and decode complex data types.
* api-change:``lakeformation``: This release adds four new APIs
"DescribeLakeFormationIdentityCenterConfiguration",
"CreateLakeFormationIdentityCenterConfiguration",
"DescribeLakeFormationIdentityCenterConfiguration", and
"DeleteLakeFormationIdentityCenterConfiguration", and also updates the corresponding documentation.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``logs``: Added APIs to Create, Update, Get, List and Delete LogAnomalyDetectors and
List and Update Anomalies in Detector. Added LogGroupClass attribute for LogGroups to classify
loggroup as Standard loggroup with all capabilities or InfrequentAccess loggroup with limited
capabilities.
* api-change:``managedblockchain``: Add optional NetworkType property to Accessor APIs
* api-change:``personalize``: Enables metadata in recommendations, recommendations with themes, and
next best action recommendations
* api-change:``personalize-events``: This release enables PutActions and PutActionInteractions
* api-change:``personalize-runtime``: Enables metadata in recommendations and next best action
recommendations
* api-change:``quicksight``: This release launches new APIs for trusted identity propagation setup
and supports creating datasources using trusted identity propagation as authentication method for
QuickSight accounts configured with IAM Identity Center.
* api-change:``redshift``: This release adds support for multi-data warehouse writes through data
sharing.
* api-change:``repostspace``: Initial release of AWS re:Post Private
* api-change:``s3``: Adding new params - Key and Prefix, to S3 API operations for supporting S3
Access Grants. Note - These updates will not change any of the existing S3 API functionality.
* api-change:``s3control``: Introduce Amazon S3 Access Grants, a new S3 access control feature that
maps identities in directories such as Active Directory, or AWS Identity and Access Management
(IAM) Principals, to datasets in S3.
* api-change:``secretsmanager``: AWS Secrets Manager has released the BatchGetSecretValue API,
which allows customers to fetch up to 20 Secrets with a single request using a list of secret names
or filters.
* api-change:``securityhub``: Adds and updates APIs to support customizable security controls. This
feature allows Security Hub customers to provide custom parameters for security controls. With this
release, findings for controls that support custom parameters will include the parameters used to
generate the findings.
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``transcribe``: This release adds support for transcriptions from audio sources in 64
new languages and introduces generative call summarization in Transcribe Call Analytics (Post call)
* api-change:``workspaces``: The release introduces Multi-Region Resilience one-way data
replication that allows you to replicate data from your primary WorkSpace to a standby WorkSpace in
another AWS Region. DescribeWorkspaces now returns the status of data replication.
* api-change:``workspaces-thin-client``: Initial release of Amazon WorkSpaces Thin Client
* enhancement:AWSCRT: Update awscrt version to 0.19.17
- Update to 1.32.6:
* bugfix:sqs: Rolled back recent change to wire format protocol
* api-change:``kinesis``: This release adds support for resource based policies on streams and
consumers.
* api-change:``s3control``: Amazon S3 Batch Operations now manages buckets or prefixes in a single
step.
* api-change:``sagemaker``: This feature adds the end user license agreement status as a model
access configuration parameter.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.32.5
* api-change:``cloudfront``: This release adds support for CloudFront KeyValueStore, a globally
managed key value datastore associated with CloudFront Functions.
* api-change:``cloudfront-keyvaluestore``: This release adds support for CloudFront KeyValueStore,
a globally managed key value datastore associated with CloudFront Functions.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``inspector-scan``: This release adds support for the new Amazon Inspector Scan API.
The new Inspector Scan API can synchronously scan SBOMs adhering to the CycloneDX v1.5 format.
* api-change:``iotsitewise``: Adds 1/ user-defined unique identifier for asset and model metadata,
2/ asset model components, and 3/ query API for asset metadata and telemetry data. Supports 4/
multi variate anomaly detection using Amazon Lookout for Equipment, 5/ warm storage tier, and 6/
buffered ingestion of time series data.
* api-change:``iottwinmaker``: This release adds following support. 1. New APIs for metadata bulk
operations. 2. Modify the component type API to support composite component types - nesting
component types within one another. 3. New list APIs for components and properties. 4. Support the
larger scope digital twin modeling.
* api-change:``s3``: Add support for automatic date based partitioning in S3 Server Access Logs.
- from version 1.32.4
* enhancement:IMDS: Adds a config option to opt out of IMDSv1 fallback
* api-change:``codestar-connections``: This release updates a few CodeStar Connections related APIs.
* api-change:``docdb``: Amazon DocumentDB updates for new cluster storage configuration: Amazon
DocumentDB I/O-Optimized.
* api-change:``ec2``: This release adds support for Security group referencing over Transit
gateways, enabling you to simplify Security group management and control of instance-to-instance
traffic across VPCs that are connected by Transit gateway.
- from version 1.32.3
* api-change:``appmesh``: Change the default value of these fields from 0 to null: MaxConnections,
MaxPendingRequests, MaxRequests, HealthCheckThreshold, PortNumber, and HealthCheckPolicy -> port.
Users are not expected to perceive the change, except that badRequestException is thrown when
required fields missing configured.
* api-change:``athena``: Adding SerivicePreProcessing time metric
* api-change:``cloud9``: A minor doc only update related to changing the date of an API change.
* api-change:``cloudformation``: This release adds a new flag ImportExistingResources to
CreateChangeSet. Specify this parameter on a CREATE- or UPDATE-type change set to import existing
resources with custom names instead of recreating them.
* api-change:``codepipeline``: CodePipeline now supports overriding source revisions to achieve
manual re-deploy of a past revision
* api-change:``codestar-connections``: This release adds support for the CloudFormation Git sync
feature. Git sync enables updating a CloudFormation stack from a template stored in a Git
repository.
* api-change:``connect``: This release adds WISDOM_QUICK_RESPONSES as new IntegrationType of
Connect IntegrationAssociation resource and bug fixes.
* api-change:``dlm``: Added support for SAP HANA in Amazon Data Lifecycle Manager EBS snapshot
lifecycle policies with pre and post scripts.
* api-change:``ec2``: This release adds new features for Amazon VPC IP Address Manager (IPAM)
Allowing a choice between Free and Advanced Tiers, viewing public IP address insights across
regions and in Amazon Cloudwatch, use IPAM to plan your subnet IPs within a VPC and bring your own
autonomous system number to IPAM.
* api-change:``ecr``: Documentation and operational updates for Amazon ECR, adding support for pull
through cache rules for upstream registries that require authentication.
* api-change:``emr``: Update emr client to latest version
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``internetmonitor``: Adds new querying capabilities for running data queries on a
monitor
* api-change:``ivs``: type & defaulting refinement to various range properties
* api-change:``ivschat``: type & defaulting refinement to various range properties
* api-change:``kinesisvideo``: Docs only build to bring up-to-date with public docs.
* api-change:``location``: Remove default value and allow nullable for request parameters having
minimum value larger than zero.
* api-change:``macie``: The macie client has been removed following the deprecation of the service.
* api-change:``medialive``: MediaLive has now added support for per-output static image overlay.
* api-change:``mgn``: Removed invalid and unnecessary default values.
* api-change:``osis``: Add support for enabling a persistent buffer when creating or updating an
OpenSearch Ingestion pipeline. Add tags to Pipeline and PipelineSummary response models.
* api-change:``pipes``: TargetParameters now properly supports
BatchJobParameters.ArrayProperties.Size and BatchJobParameters.RetryStrategy.Attempts being
optional, and EcsTaskParameters.Overrides.EphemeralStorage.SizeInGiB now properly required when
setting EphemeralStorage
* api-change:``rds``: This release adds support for option groups and replica enhancements to
Amazon RDS Custom.
* api-change:``redshift``: Updated SDK for Amazon Redshift, which you can use to configure a
connection with IAM Identity Center to manage access to databases. With these, you can create a
connection through a managed application. You can also change a managed application, delete it, or
get information about an existing one.
* api-change:``redshift-serverless``: Updated SDK for Amazon Redshift Serverless, which provides
the ability to configure a connection with IAM Identity Center to manage user and group access to
databases.
* api-change:``s3``: Removes all default 0 values for numbers and false values for booleans
* api-change:``sso-admin``: Improves support for configuring RefreshToken and TokenExchange grants
on applications.
* api-change:``sso-oidc``: Adding support for `sso-oauth:CreateTokenWithIAM`.
* api-change:``sts``: API updates for the AWS Security Token Service
* api-change:``trustedadvisor``: AWS Trusted Advisor introduces new APIs to enable you to
programmatically access Trusted Advisor best practice checks, recommendations, and prioritized
recommendations. Trusted Advisor APIs enable you to integrate Trusted Advisor with your operational
tools to automate your workloads.
* api-change:``verifiedpermissions``: Adding BatchIsAuthorized API which supports multiple
authorization requests against a PolicyStore
* api-change:``wisdom``: This release adds QuickResponse as a new Wisdom resource and Wisdom APIs
for import, create, read, search, update and delete QuickResponse resources.
- from version 1.32.2
* api-change:``codecatalyst``: This release includes updates to the Dev Environment APIs to include
an optional vpcConnectionName parameter that supports using Dev Environments with Amazon VPC.
* api-change:``dlm``: This release adds support for Amazon Data Lifecycle Manager default policies
for EBS snapshots and EBS-backed AMIs.
* api-change:``ec2``: Enable use of tenant-specific PublicSigningKeyUrl from device trust providers
and onboard jumpcloud as a new device trust provider.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: Enables customers to update their PerUnitStorageThroughput on their Lustre
file systems.
* api-change:``glue``: Introduces new column statistics APIs to support statistics generation for
tables within the Glue Data Catalog.
* api-change:``imagebuilder``: This release adds the Image Lifecycle Management feature to automate
the process of deprecating, disabling and deleting outdated images and their associated resources.
* api-change:``iot``: GA release the ability to index and search devices based on their GeoLocation
data. With GeoQueries you can narrow your search to retrieve devices located in the desired
geographic boundary.
* api-change:``ivs-realtime``: This release introduces server side composition and recording for
stages.
* api-change:``kafka``: Added a new API response field which determines if there is an action
required from the customer regarding their cluster.
* api-change:``lambda``: Adds support for logging configuration in Lambda Functions. Customers will
have more control how their function logs are captured and to which cloud watch log group they are
delivered also.
* api-change:``macie2``: This release adds support for configuring Macie to assume an IAM role when
retrieving sample occurrences of sensitive data reported by findings.
* api-change:``mediapackage``: DRM_TOP_LEVEL_COMPACT allows placing content protection elements at
the MPD level and referenced at the AdaptationSet level
* api-change:``pinpoint-sms-voice-v2``: Amazon Pinpoint now offers additional operations as part of
version 2 of the SMS and voice APIs. This release includes 26 new APIs to create and manage phone
number registrations, add verified destination numbers, and request sender IDs.
* api-change:``polly``: Add new engine - long-form - dedicated for longer content, such as news
articles, training materials, or marketing videos.
* api-change:``quicksight``: Custom permission support for QuickSight roles; Three new datasources
STARBURST, TRINO, BIGQUERY; Lenient mode changes the default behavior to allow for exporting and
importing with certain UI allowed errors, Support for permissions and tags export and import.
* api-change:``sagemaker``: Amazon SageMaker Studio now supports Trainium instance types -
trn1.2xlarge, trn1.32xlarge, trn1n.32xlarge.
* api-change:``ssm``: This release introduces the ability to filter automation execution steps
which have parent steps. In addition, runbook variable information is returned by
GetAutomationExecution and parent step information is returned by the
DescribeAutomationStepExecutions API.
* api-change:``ssm-incidents``: Introduces new APIs ListIncidentFindings and
BatchGetIncidentFindings to use findings related to an incident.
* api-change:``sso-admin``: Instances bound to a single AWS account, API operations for managing
instances and applications, and assignments to applications are now supported. Trusted identity
propagation is also supported, with new API operations for managing trusted token issuers and
application grants and scopes.
* api-change:``transfer``: Introduced S3StorageOptions for servers to enable directory listing
optimizations and added Type fields to logical directory mappings.
- from version 1.32.1
* enhancement:Package Size: The botocore .whl file distributed on PyPI now provides compressed
service models to improve total size on disk.
* api-change:``autoscaling``: This release introduces Instance Maintenance Policy, a new EC2 Auto
Scaling capability that allows customers to define whether instances are launched before or after
existing instances are terminated during instance replacement operations.
* api-change:``cloudtrail``: The Lake Repricing feature lets customers configure a BillingMode for
an event data store. The BillingMode determines the cost for ingesting and storing events and the
default and maximum retention period for the event data store.
* api-change:``codecatalyst``: This release adds functionality for retrieving information about
workflows and workflow runs and starting workflow runs in Amazon CodeCatalyst.
* api-change:``ec2``: AWS EBS now supports Snapshot Lock, giving users the ability to lock an EBS
Snapshot to prohibit deletion of the snapshot. This release introduces the LockSnapshot,
UnlockSnapshot & DescribeLockedSnapshots APIs to manage lock configuration for snapshots. The
release also includes the dl2q_24xlarge.
* api-change:``finspace-data``: Adding deprecated trait to APIs in this name space.
* api-change:``finspace``: Adding deprecated trait on Dataset Browser Environment APIs
* api-change:``lambda``: Add Java 21 (java21) support to AWS Lambda
* api-change:``mwaa``: This Amazon MWAA release adds support for customer-managed VPC endpoints.
This lets you choose whether to create, and manage your environment's VPC endpoints, or to have
Amazon MWAA create, and manage them for you.
* api-change:``rds``: Updates Amazon RDS documentation for support for upgrading RDS for MySQL
snapshots from version 5.7 to version 8.0.
* api-change:``redshift``: The custom domain name SDK for Amazon Redshift provisioned clusters is
updated with additional required parameters for modify and delete operations. Additionally, users
can provide domain names with longer top-level domains.
* api-change:``s3control``: Add 5 APIs to create, update, get, list, delete S3 Storage Lens
group(eg. CreateStorageLensGroup), 3 APIs for
tagging(TagResource,UntagResource,ListTagsForResource), and update to StorageLensConfiguration to
allow metrics to be aggregated on Storage Lens groups.
* api-change:``ssm-sap``: Update the default value of MaxResult to 50.
- from version 1.32.0
* feature:ContainerProvider: Added Support for EKS container credentials
* api-change:``backup``: AWS Backup - Features: Provide Job Summary for your backup activity.
* api-change:``cleanrooms``: This feature provides the ability for the collaboration creator to
configure either the member who can run queries or a different member in the collaboration to be
billed for query compute costs.
* api-change:``connect``: Introducing SegmentAttributes parameter for StartChatContact API
* api-change:``glue``: Introduces new storage optimization APIs to support automatic compaction of
Apache Iceberg tables.
* api-change:``iot``: This release introduces new attributes in API CreateSecurityProfile,
UpdateSecurityProfile and DescribeSecurityProfile to support management of Metrics Export for AWS
IoT Device Defender Detect.
* api-change:``lambda``: Add Python 3.12 (python3.12) support to AWS Lambda
* api-change:``mediatailor``: Removed unnecessary default values.
* api-change:``pipes``: Added support (via new LogConfiguration field in CreatePipe and UpdatePipe
APIs) for logging to Amazon CloudWatch Logs, Amazon Simple Storage Service (Amazon S3), and Amazon
Kinesis Data Firehose
* api-change:``resource-explorer-2``: Resource Explorer supports multi-account search. You can now
use Resource Explorer to search and discover resources across AWS accounts within your organization
or organizational unit.
* api-change:``sagemaker``: This release makes Model Registry Inference Specification fields as not
required.
* api-change:``signer``: Documentation updates for AWS Signer
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.85
* enhancement:AWSCRT: Update awscrt version to 0.19.12
* api-change:``dataexchange``: Removed Required trait for DataSet.OriginDetails.ProductId.
* api-change:``dms``: Added new Db2 LUW Target endpoint with related endpoint settings. New
executeTimeout endpoint setting for mysql endpoint. New ReplicationDeprovisionTime field for
serverless describe-replications.
* api-change:``ec2``: Adds the new EC2 DescribeInstanceTopology API, which you can use to retrieve
the network topology of your running instances on select platform types to determine their relative
proximity to each other.
* api-change:``ecs``: Adds a Client Token parameter to the ECS RunTask API. The Client Token
parameter allows for idempotent RunTask requests.
* api-change:``emr``: Update emr client to latest version
* api-change:``servicecatalog-appregistry``: When the customer associates a resource collection to
their application with this new feature, then a new application tag will be applied to all
supported resources that are part of that collection. This allows customers to more easily find the
application that is associated with those resources.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.84
* enhancement:AWSCRT: Update awscrt version to 0.19.10
* api-change:``controltower``: AWS Control Tower supports tagging for enabled controls. This
release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in
existing enabled controls. It updates EnabledControl API to tag resources at creation time.
* api-change:``cur``: This release adds support for tagging and customers can now tag report
definitions. Additionally, ReportStatus is now added to report definition to show when the last
delivered time stamp and if it succeeded or not.
* api-change:``ec2``: EC2 adds API updates to enable ENA Express at instance launch time.
* api-change:``fms``: Adds optimizeUnassociatedWebACL flag to ManagedServiceData, updates
third-party firewall examples, and other minor documentation updates.
* api-change:``marketplace-entitlement``: Update marketplace-entitlement client to latest version
* api-change:``mediaconvert``: This release includes the ability to specify any input source as the
primary input for corresponding follow modes, and allows users to specify fit and fill behaviors
without resizing content.
* api-change:``rds``: Updates Amazon RDS documentation for zero-ETL integrations.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.83
* api-change:``cloudformation``: Added new ConcurrencyMode feature for AWS CloudFormation StackSets
for faster deployments to target accounts.
* api-change:``cloudtrail``: The Insights in Lake feature lets customers enable CloudTrail Insights
on a source CloudTrail Lake event data store and create a destination event data store to collect
Insights events based on unusual management event activity in the source event data store.
* api-change:``comprehend``: This release adds support for toxicity detection and prompt safety
classification.
* api-change:``connect``: This release adds the ability to integrate customer lambda functions with
Connect attachments for scanning and updates the ListIntegrationAssociations API to support
filtering on IntegrationArn.
* api-change:``ec2``: AWS EBS now supports Block Public Access for EBS Snapshots. This release
introduces the EnableSnapshotBlockPublicAccess, DisableSnapshotBlockPublicAccess and
GetSnapshotBlockPublicAccessState APIs to manage account-level public access settings for EBS
Snapshots in an AWS Region.
* api-change:``eks``: Adding EKS Anywhere subscription related operations.
* api-change:``lambda``: Add Custom runtime on Amazon Linux 2023 (provided.al2023) support to AWS
Lambda.
* api-change:``logs``: Update to support new APIs for delivery of logs from AWS services.
* api-change:``omics``: Support UBAM filetype for Omics Storage and make referenceArn optional
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.82
* api-change:``sqs``: This release enables customers to call SQS using AWS JSON-1.0 protocol and
bug fix.
- from version 1.31.81
* api-change:``connect``: This release clarifies in our public documentation that InstanceId is a
requirement for SearchUsers API requests.
* api-change:``connectcases``: This release adds the ability to add/view comment authors through
CreateRelatedItem and SearchRelatedItems API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``datasync``: This change allows for 0 length access keys and secret keys for object
storage locations. Users can now pass in empty string credentials.
* api-change:``guardduty``: Added API support for new GuardDuty EKS Audit Log finding types.
* api-change:``lambda``: Add Node 20 (nodejs20.x) support to AWS Lambda.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``omics``: Adding Run UUID and Run Output URI: GetRun and StartRun API response has
two new fields "uuid" and "runOutputUri".
* api-change:``rds``: This Amazon RDS release adds support for patching the OS of an RDS Custom for
Oracle DB instance. You can now upgrade the database or operating system using the
modify-db-instance command.
* api-change:``redshift-serverless``: Added a new parameter in the workgroup that helps you control
your cost for compute resources. This feature provides a ceiling for RPUs that Amazon Redshift
Serverless can scale up to. When automatic compute scaling is required, having a higher value for
MaxRPU can enhance query throughput.
* api-change:``resiliencehub``: AWS Resilience Hub enhances Resiliency Score, providing actionable
recommendations to improve application resilience. Amazon Elastic Kubernetes Service (EKS)
operational recommendations have been added to help improve the resilience posture of your
applications.
* api-change:``sqs``: This release enables customers to call SQS using AWS JSON-1.0 protocol.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.80
* api-change:``dataexchange``: Updated SendDataSetNotificationRequest Comment to be maximum length
4096.
* api-change:``dlm``: Added support for pre and post scripts in Amazon Data Lifecycle Manager EBS
snapshot lifecycle policies.
* api-change:``rds``: This Amazon RDS release adds support for the multi-tenant configuration. In
this configuration, an RDS DB instance can contain multiple tenant databases. In RDS for Oracle, a
tenant database is a pluggable database (PDB).
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.79
* api-change:``ce``: This release extends the GetReservationPurchaseRecommendation API to support
recommendations for Amazon MemoryDB reservations.
* api-change:``codebuild``: AWS CodeBuild now supports AWS Lambda compute.
* api-change:``connect``: Added new API that allows Amazon Connect Outbound Campaigns to create
contacts in Amazon Connect when ingesting your dial requests.
* api-change:``docdb``: Update the input of CreateDBInstance and ModifyDBInstance to support
setting CA Certificates. Update the output of DescribeDBInstance and DescribeDBEngineVersions to
show current and supported CA certificates.
* api-change:``iam``: Add partitional endpoint for iso-e.
* api-change:``mwaa``: This release adds support for Apache Airflow version 2.7.2. This version
release includes support for deferrable operators and triggers.
* api-change:``polly``: Amazon Polly adds new US English voices - Danielle and Gregory. Danielle
and Gregory are available as Neural voices only.
* api-change:``route53``: Add partitional endpoints for iso-e and iso-f.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.78
* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config
in October 2023.
* api-change:``connect``: Amazon Connect Chat introduces Create Persistent Contact Association API,
allowing customers to choose when to resume previous conversations from previous chats, eliminating
the need to repeat themselves and allowing agents to provide personalized service with access to
entire conversation history.
* api-change:``iotwireless``: Added LoRaWAN version 1.0.4 support
* api-change:``launch-wizard``: AWS Launch Wizard is a service that helps reduce the time it takes
to deploy applications to the cloud while providing a guided deployment experience.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.77
* api-change:``apprunner``: AWS App Runner now supports using dual-stack address type for the
public endpoint of your incoming traffic.
* api-change:``connect``: GetMetricDataV2 API: Update to include new metrics PERCENT_NON_TALK_TIME,
PERCENT_TALK_TIME, PERCENT_TALK_TIME_AGENT, PERCENT_TALK_TIME_CUSTOMER
* api-change:``gamelift``: Amazon GameLift adds support for shared credentials, which allows
applications that are deployed on managed EC2 fleets to interact with other AWS resources.
* api-change:``glue``: This release introduces Google BigQuery Source and Target in AWS Glue
CodeGenConfigurationNode.
* api-change:``network-firewall``: This release introduces the stateless rule analyzer, which
enables you to analyze your stateless rules for asymmetric routing.
* api-change:``quicksight``: This release introduces Float Decimal Type as SubType in QuickSight
SPICE datasets and Custom week start and Custom timezone options in Analysis and Dashboard
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.76
* api-change:``connect``: Adds the BatchGetFlowAssociation API which returns flow associations
(flow-resource) corresponding to the list of resourceArns supplied in the request. This release
also adds IsDefault, LastModifiedRegion and LastModifiedTime fields to the responses of several
Describe and List APIs.
* api-change:``globalaccelerator``: Global Accelerator now support accelerators with cross account
endpoints.
* api-change:``rds``: This release adds support for customized networking resources to Amazon RDS
Custom.
* api-change:``redshift``: Added support for Multi-AZ deployments for Provisioned RA3 clusters that
provide 99.99% SLA availability.
* api-change:``sagemaker``: Support for batch transform input in Model dashboard
- from version 1.31.75
* api-change:``amplify``: Add backend field to CreateBranch and UpdateBranch requests. Add
pagination support for ListApps, ListDomainAssociations, ListBranches, and ListJobs
* api-change:``application-insights``: Automate attaching managed policies
* api-change:``ec2``: Capacity Blocks for ML are a new EC2 purchasing option for reserving GPU
instances on a future date to support short duration machine learning (ML) workloads. Capacity
Blocks automatically place instances close together inside Amazon EC2 UltraClusters for
low-latency, high-throughput networking.
* api-change:``m2``: Added name filter ability for ListDataSets API, added ForceUpdate for Updating
environment and BatchJob submission using S3BatchJobIdentifier
* api-change:``neptunedata``: Minor change to not retry CancelledByUserException
* api-change:``translate``: Added support for Brevity translation settings feature.
- from version 1.31.74
* api-change:``connect``: This release adds InstanceId field for phone number APIs.
* api-change:``dataexchange``: We added a new API action: SendDataSetNotification.
* api-change:``datasync``: Platform version changes to support AL1 deprecation initiative.
* api-change:``finspace``: Introducing new API UpdateKxClusterCodeConfiguration, introducing new
cache types for clusters and introducing new deployment modes for updating clusters.
* api-change:``mediapackagev2``: This feature allows customers to create a combination of manifest
filtering, startover and time delay configuration that applies to all egress requests by default.
* api-change:``rds``: This release launches the CreateIntegration, DeleteIntegration, and
DescribeIntegrations APIs to manage zero-ETL Integrations.
* api-change:``redshift-serverless``: Added support for custom domain names for Amazon Redshift
Serverless workgroups. This feature enables customers to create a custom domain name and use ACM to
generate fully secure connections to it.
* api-change:``resiliencehub``: Introduced the ability to filter applications by their last
assessment date and time and have included metrics for the application's estimated workload
Recovery Time Objective (RTO) and estimated workload Recovery Point Objective (RPO).
* api-change:``s3outposts``: Updated ListOutpostsWithS3 API response to include S3OutpostArn for
use with AWS RAM.
* api-change:``wisdom``: This release added necessary API documents on creating a Wisdom knowledge
base to integrate with S3.
- from version 1.31.73
* api-change:``emr``: Update emr client to latest version
* api-change:``neptune``: Update TdeCredentialPassword type to SensitiveString
* api-change:``pinpoint``: Updated documentation to describe the case insensitivity for EndpointIds.
* api-change:``redshift``: added support to create a dual stack cluster
* api-change:``wafv2``: Updates the descriptions for the calls that manage web ACL associations, to
provide information for customer-managed IAM policies.
- from version 1.31.72
* api-change:``appstream``: This release introduces multi-session fleets, allowing customers to
provision more than one user session on a single fleet instance.
* api-change:``ec2``: Launching GetSecurityGroupsForVpc API. This API gets security groups that can
be associated by the AWS account making the request with network interfaces in the specified VPC.
* api-change:``network-firewall``: Network Firewall now supports inspection of outbound SSL/TLS
traffic.
* api-change:``opensearch``: You can specify ipv4 or dualstack IPAddressType for cluster endpoints.
If you specify IPAddressType as dualstack, the new endpoint will be visible under the 'EndpointV2'
parameter and will support IPv4 and IPv6 requests. Whereas, the 'Endpoint' will continue to serve
IPv4 requests.
* api-change:``redshift``: Add Redshift APIs GetResourcePolicy, DeleteResourcePolicy,
PutResourcePolicy and DescribeInboundIntegrations for the new Amazon Redshift Zero-ETL integration
feature, which can be used to control data ingress into Redshift namespace, and view inbound
integrations.
* api-change:``sagemaker``: Amazon Sagemaker Autopilot now supports Text Generation jobs.
* api-change:``sns``: Message Archiving and Replay is now supported in Amazon SNS for FIFO topics.
* api-change:``ssm-sap``: AWS Systems Manager for SAP added support for registration and discovery
of SAP ABAP applications
* api-change:``transfer``: No API changes from previous release. This release migrated the model to
Smithy keeping all features unchanged.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.31.71
* enhancement:Configuration: Adds client context params support to ``Config``.
* api-change:``connectcases``: Increase maximum length of CommentBody to 3000, and increase maximum
length of StringValue to 1500
* api-change:``groundstation``: This release will allow KMS alias names to be used when creating
Mission Profiles
* api-change:``iam``: Updates to GetAccessKeyLastUsed action to replace NoSuchEntity error with
AccessDeniedException error.
- from version 1.31.70
* api-change:``codepipeline``: Add ability to trigger pipelines from git tags, define variables at
pipeline level and new pipeline type V2.
* api-change:``ec2``: This release updates the documentation for InstanceInterruptionBehavior and
HibernationOptionsRequest to more accurately describe the behavior of these two parameters when
using Spot hibernation.
* api-change:``eks``: Added support for Cluster Subnet and Security Group mutability.
* api-change:``iam``: Add the partitional endpoint for IAM in iso-f.
* api-change:``migrationhub-config``: This release introduces DeleteHomeRegionControl API that
customers can use to delete the Migration Hub Home Region configuration
* api-change:``migrationhubstrategy``: This release introduces multi-data-source feature in
Migration Hub Strategy Recommendations. This feature now supports vCenter as a data source to fetch
inventory in addition to ADS and Import from file workflow that is currently supported with MHSR
collector.
* api-change:``opensearchserverless``: This release includes the following new APIs:
CreateLifecyclePolicy, UpdateLifecyclePolicy, BatchGetLifecyclePolicy, DeleteLifecyclePolicy,
ListLifecyclePolicies and BatchGetEffectiveLifecyclePolicy to support the data lifecycle management
feature.
- from version 1.31.69
* api-change:``marketplacecommerceanalytics``: The StartSupportDataExport operation has been
deprecated as part of the Product Support Connection deprecation. As of December 2022, Product
Support Connection is no longer supported.
* api-change:``networkmanager``: This release adds API support for Tunnel-less Connect (NoEncap
Protocol) for AWS Cloud WAN
* api-change:``redshift-serverless``: This release adds support for customers to see the patch
version and workgroup version in Amazon Redshift Serverless.
* api-change:``rekognition``: Amazon Rekognition introduces StartMediaAnalysisJob,
GetMediaAnalysisJob, and ListMediaAnalysisJobs operations to run a bulk analysis of images with a
Detect Moderation model.
- from version 1.31.68
* api-change:``appconfig``: Update KmsKeyIdentifier constraints to support AWS KMS multi-Region
keys.
* api-change:``appintegrations``: Updated ScheduleConfig to be an optional input to
CreateDataIntegration to support event driven downloading of files from sources such as Amazon s3
using Amazon Connect AppIntegrations.
* api-change:``connect``: This release adds support for updating phone number metadata, such as
phone number description.
* api-change:``discovery``: This release introduces three new APIs:
StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
* api-change:``medical-imaging``: Updates on documentation links
* api-change:``ssm``: This release introduces a new API: DeleteOpsItem. This allows deletion of an
OpsItem.
- from version 1.31.67
* api-change:``gamesparks``: The gamesparks client has been removed following the deprecation of
the service.
* api-change:``ec2``: Amazon EC2 C7a instances, powered by 4th generation AMD EPYC processors, are
ideal for high performance, compute-intensive workloads such as high performance computing. Amazon
EC2 R7i instances are next-generation memory optimized and powered by custom 4th Generation Intel
Xeon Scalable processors.
* api-change:``managedblockchain-query``: This release adds support for Ethereum Sepolia network
* api-change:``neptunedata``: Doc changes to add IAM action mappings for the data actions.
* api-change:``omics``: This change enables customers to retrieve failure reasons with detailed
status messages for their failed runs
* api-change:``opensearch``: Added Cluster Administrative options for node restart, opensearch
process restart and opensearch dashboard restart for Multi-AZ without standby domains
* api-change:``quicksight``: This release adds the following: 1) Trino and Starburst Database
Connectors 2) Custom total for tables and pivot tables 3) Enable restricted folders 4) Add rolling
dates for time equality filters 5) Refine DataPathValue and introduce DataPathType 6) Add
SeriesType to ReferenceLineDataConfiguration
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``servicecatalog``: Introduce support for EXTERNAL product and provisioning artifact
type in CreateProduct and CreateProvisioningArtifact APIs.
* api-change:``verifiedpermissions``: Improving Amazon Verified Permissions Create experience
* api-change:``workspaces``: Documentation updates for WorkSpaces
- from version 1.31.66
* api-change:``cloud9``: Update to imageId parameter behavior and dates updated.
* api-change:``dynamodb``: Updating descriptions for several APIs.
* api-change:``kendra``: Changes for a new feature in Amazon Kendra's Query API to Collapse/Expand
query results
* api-change:``rds``: This release adds support for upgrading the storage file system configuration
on the DB instance using a blue/green deployment or a read replica.
* api-change:``wisdom``: This release adds an max limit of 25 recommendation ids for
NotifyRecommendationsReceived API.
- from version 1.31.65
* api-change:``codepipeline``: Add retryMode ALL_ACTIONS to RetryStageExecution API that retries a
failed stage starting from first action in the stage
* api-change:``discovery``: This release introduces three new APIs:
StartBatchDeleteConfigurationTask, DescribeBatchDeleteConfigurationTask, and BatchDeleteAgents.
* api-change:``ecs``: Documentation only updates to address Amazon ECS tickets.
* api-change:``globalaccelerator``: Fixed error where ListCustomRoutingEndpointGroups did not have
a paginator
* api-change:``guardduty``: Add domainWithSuffix finding field to dnsRequestAction
* api-change:``kafka``: AWS Managed Streaming for Kafka is launching MSK Replicator, a new feature
that enables customers to reliably replicate data across Amazon MSK clusters in same or different
AWS regions. You can now use SDK to create, list, describe, delete, update, and manage tags of MSK
Replicators.
* api-change:``route53-recovery-cluster``: Adds Owner field to ListRoutingControls API.
* api-change:``route53-recovery-control-config``: Adds permissions for GetResourcePolicy to support
returning details about AWS Resource Access Manager resource policies for shared resources.
- from version 1.31.64
* api-change:``cloudformation``: SDK and documentation updates for UpdateReplacePolicy
* api-change:``drs``: Updated exsiting API to allow AWS Elastic Disaster Recovery support of
launching recovery into existing EC2 instances.
* api-change:``entityresolution``: This launch expands our matching techniques to include
provider-based matching to help customer match, link, and enhance records with minimal data
movement. With data service providers, we have removed the need for customers to build bespoke
integrations,.
* api-change:``managedblockchain-query``: This release introduces two new APIs: GetAssetContract
and ListAssetContracts. This release also adds support for Bitcoin Testnet.
* api-change:``mediapackagev2``: This release allows customers to manage MediaPackage v2 resource
using CloudFormation.
* api-change:``opensearch``: This release allows customers to list and associate optional plugin
packages with compatible Amazon OpenSearch Service clusters for enhanced functionality.
* api-change:``redshift-serverless``: Added support for managing credentials of serverless
namespace admin using AWS Secrets Manager.
* api-change:``redshift``: Added support for managing credentials of provisioned cluster admin
using AWS Secrets Manager.
* api-change:``sesv2``: This release provides enhanced visibility into your SES identity
verification status. This will offer you more actionable insights, enabling you to promptly address
any verification-related issues.
* api-change:``transfer``: Documentation updates for AWS Transfer Family
* api-change:``xray``: This releases enhances GetTraceSummaries API to support new TimeRangeType
Service to query trace summaries by segment end time.
- from version 1.31.63
* api-change:``auditmanager``: This release introduces a new limit to the awsAccounts parameter.
When you create or update an assessment, there is now a limit of 200 AWS accounts that can be
specified in the assessment scope.
* api-change:``autoscaling``: Update the NotificationMetadata field to only allow visible ascii
characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and
DescribeLoadBalancerTargetGroups
* api-change:``config``: Add enums for resource types supported by Config
* api-change:``controltower``: Added new EnabledControl resource details to ListEnabledControls API
and added new GetEnabledControl API.
* api-change:``customer-profiles``: Adds sensitive trait to various shapes in Customer Profiles
Calculated Attribute API model.
* api-change:``ec2``: This release adds Ubuntu Pro as a supported platform for On-Demand Capacity
Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state.
Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance
launches from it.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``glue``: Extending version control support to GitLab and Bitbucket from AWSGlue
* api-change:``inspector2``: Add MacOs ec2 platform support
* api-change:``ivs-realtime``: Update GetParticipant to return additional metadata.
* api-change:``lambda``: Adds support for Lambda functions to access Dual-Stack subnets over IPv6,
via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
* api-change:``location``: This release adds endpoint updates for all AWS Location resource
operations.
* api-change:``machinelearning``: This release marks Password field as sensitive
* api-change:``pricing``: Documentation updates for Price List
* api-change:``rds``: This release adds support for adding a dedicated log volume to open-source
RDS instances.
* api-change:``rekognition``: Amazon Rekognition introduces support for Custom Moderation. This
allows the enhancement of accuracy for detect moderation labels operations by creating custom
adapters tuned on customer data.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings
support for CanvasAppSettings
* api-change:``textract``: This release adds 9 new APIs for adapter and adapter version management,
3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for
using adapters.
* api-change:``transcribe``: This release is to enable m4a format to customers
* api-change:``workspaces``: Updated the CreateWorkspaces action documentation to clarify that the
PCoIP protocol is only available for Windows bundles.
- from version 1.31.62
* enhancement:Dependencies: Add support for urllib3 2.0 for Python 3.10+
* api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2).
* api-change:``fsx``: After performing steps to repair the Active Directory configuration of a file
system, use this action to initiate the process of attempting to recover to the file system.
* api-change:``marketplace-catalog``: This release adds support for Document type as an alternative
for stringified JSON for StartChangeSet, DescribeChangeSet and DescribeEntity APIs
* api-change:``quicksight``: NullOption in FilterListConfiguration; Dataset schema/table max length
increased; Support total placement for pivot table visual; Lenient mode relaxes the validation to
create resources with definition; Data sources can be added to folders; Redshift data sources
support IAM Role-based authentication
* api-change:``transfer``: This release updates the max character limit of
PreAuthenticationLoginBanner and PostAuthenticationLoginBanner to 4096 characters
- Update to 1.31.61:
* api-change:``omics``: Add Etag Support for Omics Storage in ListReadSets and GetReadSetMetadata
API
* api-change:``rds``: Updates Amazon RDS documentation for corrections and minor improvements.
* api-change:``route53``: Add hostedzonetype filter to ListHostedZones API.
* api-change:``securityhub``: Added new resource detail objects to ASFF, including resources for
AwsEventsEventbus, AwsEventsEndpoint, AwsDmsEndpoint, AwsDmsReplicationTask,
AwsDmsReplicationInstance, AwsRoute53HostedZone, and AwsMskCluster
* api-change:``storagegateway``: Add SoftwareVersion to response of DescribeGatewayInformation.
* api-change:``workspaces``: This release introduces Manage applications. This feature allows users
to manage their WorkSpaces applications by associating or disassociating their WorkSpaces with
applications. The DescribeWorkspaces API will now additionally return OperatingSystemName in its
responses.
- from version 1.31.60
* api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption
support for data saved to AppConfig's hosted configuration store.
* api-change:``datazone``: Initial release of Amazon DataZone
* api-change:``mediatailor``: Updates DescribeVodSource to include a list of ad break opportunities
in the response
* api-change:``mgn``: This release includes the following new APIs: ListConnectors,
CreateConnector, UpdateConnector, DeleteConnector and UpdateSourceServer to support the source
action framework feature.
* api-change:``sagemaker``: Adding support for AdditionalS3DataSource, a data source used for
training or inference that is in addition to the input dataset or model data.
- from version 1.31.59
* api-change:``connect``: GetMetricDataV2 API: Update to include new metrics CONTACTS_RESOLVED_IN_X
, AVG_HOLD_TIME_ALL_CONTACTS , AVG_RESOLUTION_TIME , ABANDONMENT_RATE ,
AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS with added features: Interval Period, TimeZone, Negate
MetricFilters, Extended date time range.
* api-change:``location``: Amazon Location Service adds support for bounding polygon queries.
Additionally, the GeofenceCount field has been added to the DescribeGeofenceCollection API response.
* api-change:``mediaconvert``: This release adds the ability to replace video frames without
modifying the audio essence.
* api-change:``oam``: This release adds support for sharing AWS::ApplicationInsights::Application
resources.
* api-change:``sagemaker``: This release allows users to run Selective Execution in SageMaker
Pipelines without SourcePipelineExecutionArn if selected steps do not have any dependent steps.
* api-change:``wellarchitected``: AWS Well-Architected now supports Review Templates that allows
you to create templates with pre-filled answers for Well-Architected and Custom Lens best practices.
- from version 1.31.58
* api-change:``bedrock``: Provisioned throughput feature with Amazon and third-party base models,
and update validators for model identifier and taggable resource ARNs.
* api-change:``bedrock-runtime``: Add model timeout exception for InvokeModelWithResponseStream API
and update validator for invoke model identifier.
* api-change:``ec2``: Introducing Amazon EC2 R7iz instances with 3.9 GHz sustained all-core turbo
frequency and deliver up to 20% better performance than previous generation z1d instances.
* api-change:``managedblockchain``: Remove Rinkeby as option from Ethereum APIs
* api-change:``rds``: Adds DefaultCertificateForNewLaunches field in the DescribeCertificates API
response.
* api-change:``sso``: Fix FIPS Endpoints in aws-us-gov.
* api-change:``sts``: STS API updates for assumeRole
* api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.31.57
* api-change:``bedrock-runtime``: Run Inference: Added support to run the inference on models.
Includes set of APIs for running inference in streaming and non-streaming mode.
* api-change:``bedrock``: Model Invocation logging added to enable or disable logs in customer
account. Model listing and description support added. Provisioned Throughput feature added. Custom
model support added for creating custom models. Also includes list, and delete functions for custom
model.
* api-change:``budgets``: Update DescribeBudgets and DescribeBudgetNotificationsForAccount
MaxResults limit to 1000.
* api-change:``ec2``: Adds support for Customer Managed Key encryption for Amazon Verified Access
resources
* api-change:``iotfleetwise``: AWS IoT FleetWise now supports encryption through a customer managed
AWS KMS key. The PutEncryptionConfiguration and GetEncryptionConfiguration APIs were added.
* api-change:``sagemaker-featurestore-runtime``: Feature Store supports read/write of records with
collection type features.
* api-change:``sagemaker``: Online store feature groups supports Standard and InMemory tier storage
types for low latency storage for real-time data retrieval. The InMemory tier supports collection
types List, Set, and Vector.
* api-change:``wafv2``: Correct and improve the documentation for the FieldToMatch option JA3
fingerprint.
- from version 1.31.56
* api-change:``cognito-idp``: The UserPoolType Status field is no longer used.
* api-change:``firehose``: Features : Adding support for new data ingestion source to Kinesis
Firehose - AWS Managed Services Kafka.
* api-change:``iot``: Added support for IoT Rules Engine Kafka Action Headers
* api-change:``textract``: This release adds new feature - Layout to Analyze Document API which can
automatically extract layout elements such as titles, paragraphs, headers, section headers, lists,
page numbers, footers, table areas, key-value areas and figure areas and order the elements as a
human would read.
- from version 1.31.55
* api-change:``appintegrations``: The Amazon AppIntegrations service adds a set of APIs (in
preview) to manage third party applications to be used in Amazon Connect agent workspace.
* api-change:``apprunner``: This release allows an App Runner customer to specify a custom source
directory to run the build & start command. This change allows App Runner to support monorepo based
repositories
* api-change:``codedeploy``: CodeDeploy now supports In-place and Blue/Green EC2 deployments with
multiple Classic Load Balancers and multiple Target Groups.
* api-change:``connect``: This release updates a set of Amazon Connect APIs that provides the
ability to integrate third party applications in the Amazon Connect agent workspace.
* api-change:``dynamodb``: Amazon DynamoDB now supports Incremental Export as an enhancement to the
existing Export Table
* api-change:``ec2``: The release includes AWS verified access to support FIPs compliance in North
America regions
* api-change:``lakeformation``: This release adds three new API support "CreateLakeFormationOptIn",
"DeleteLakeFormationOptIn" and "ListLakeFormationOptIns", and also updates the corresponding
documentation.
* api-change:``pinpoint``: Update documentation for RemoveAttributes to more accurately reflect its
behavior when attributes are deleted.
* api-change:``s3``: This release adds a new field COMPLETED to the ReplicationStatus Enum. You can
now use this field to validate the replication status of S3 objects using the AWS SDK.
- from version 1.31.54
* api-change:``amplifyuibuilder``: Support for generating code that is compatible with future
versions of amplify project dependencies.
* api-change:``chime-sdk-media-pipelines``: Adds support for sending WebRTC audio to Amazon Kineses
Video Streams.
* api-change:``emr-serverless``: This release adds support for application-wide default job
configurations.
* api-change:``finspace-data``: Adding sensitive trait to attributes. Change max SessionDuration
from 720 to 60. Correct "ApiAccess" attribute to "apiAccess" to maintain consistency between APIs.
* api-change:``quicksight``: Added ability to tag users upon creation.
* api-change:``ssm``: This release updates the enum values for ResourceType in SSM
DescribeInstanceInformation input and ConnectionStatus in GetConnectionStatus output.
* api-change:``wafv2``: You can now perform an exact match against the web request's JA3
fingerprint.
- from version 1.31.53
* api-change:``braket``: This release adds support to view the device queue depth (the number of
queued quantum tasks and hybrid jobs on a device) and queue position for a quantum task and hybrid
job.
* api-change:``dms``: new vendors for DMS CSF: MongoDB, MariaDB, DocumentDb and Redshift
* api-change:``ec2``: EC2 M2 Pro Mac instances are powered by Apple M2 Pro Mac Mini computers
featuring 12 core CPU, 19 core GPU, 32 GiB of memory, and 16 core Apple Neural Engine and uniquely
enabled by the AWS Nitro System through high-speed Thunderbolt connections.
* api-change:``efs``: Update efs client to latest version
* api-change:``guardduty``: Add `EKS_CLUSTER_NAME` to filter and sort key.
* api-change:``mediaconvert``: This release supports the creation of of audio-only tracks in CMAF
output groups.
- from version 1.31.52
* api-change:``appconfig``: Enabling boto3 paginators for list APIs and adding documentation around
ServiceQuotaExceededException errors
* api-change:``apprunner``: This release adds improvements for managing App Runner auto scaling
configuration resources. New APIs: UpdateDefaultAutoScalingConfiguration and
ListServicesForAutoScalingConfiguration. Updated API: DeleteAutoScalingConfiguration.
* api-change:``codeartifact``: Add support for the Swift package format.
* api-change:``kinesisvideo``: Updated DescribeMediaStorageConfiguration,
StartEdgeConfigurationUpdate, ImageGenerationConfiguration$SamplingInterval, and
UpdateMediaStorageConfiguration to match AWS Docs.
* api-change:``logs``: Add ClientToken to QueryDefinition CFN Handler in CWL
* api-change:``s3``: Fix an issue where the SDK can fail to unmarshall response due to
NumberFormatException
* api-change:``servicediscovery``: Adds a new DiscoverInstancesRevision API and also adds
InstanceRevision field to the DiscoverInstances API response.
* api-change:``sso-oidc``: Update FIPS endpoints in aws-us-gov.
- from version 1.31.51
* api-change:``ec2``: This release adds support for C7i, and R7a instance types.
* api-change:``outposts``: This release adds the InstanceFamilies field to the ListAssets response.
* api-change:``sagemaker``: This release adds support for one-time model monitoring schedules that
are executed immediately without delay, explicit data analysis windows for model monitoring
schedules and exclude features attributes to remove features from model monitor analysis.
- from version 1.31.50
* api-change:``discovery``: Add sensitive protection for customer information
* api-change:``macie2``: This release changes the default managedDataIdentifierSelector setting for
new classification jobs to RECOMMENDED. By default, new classification jobs now use the recommended
set of managed data identifiers.
* api-change:``workmail``: This release includes four new APIs UpdateUser, UpdateGroup,
ListGroupsForEntity and DescribeEntity, along with RemoteUsers and some enhancements to existing
APIs.
- from version 1.31.49
* api-change:``appstream``: This release introduces app block builder, allowing customers to
provision a resource to package applications into an app block
* api-change:``connect``: New rule type (OnMetricDataUpdate) has been added
* api-change:``datasync``: Documentation-only updates for AWS DataSync.
* api-change:``sagemaker``: This release introduces Skip Model Validation for Model Packages
- from version 1.31.48
* api-change:``appstream``: This release introduces multi-session fleets, allowing customers to
provision more than one user session on a single fleet instance.
* api-change:``cloudformation``: Documentation updates for AWS CloudFormation
* api-change:``entityresolution``: Changed "ResolutionTechniques" and "MappedInputFields" in
workflow and schema mapping operations to be required fields.
* api-change:``lookoutequipment``: This release adds APIs for the new scheduled retraining feature.
- from version 1.31.47
* api-change:``cloud9``: Update to include information on Ubuntu 18 deprecation.
* api-change:``drs``: Updated existing APIs and added new ones to support using AWS Elastic
Disaster Recovery post-launch actions. Added support for new regions.
* api-change:``firehose``: DocumentIdOptions has been added for the Amazon OpenSearch destination.
* api-change:``guardduty``: Add `managementType` field to ListCoverage API response.
* api-change:``internetmonitor``: This release updates the Amazon CloudWatch Internet Monitor API
domain name.
* api-change:``ivs-realtime``: Doc only update that changes description for ParticipantToken.
* api-change:``simspaceweaver``: Edited the introductory text for the API reference.
* api-change:``xray``: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
- from version 1.31.46
* api-change:``ec2``: This release adds support for restricting public sharing of AMIs through AMI
Block Public Access
* api-change:``events``: Update events client to latest version
* api-change:``kendra``: Amazon Kendra now supports confidence score buckets for retrieved passage
results using the Retrieve API.
- from version 1.31.45
* api-change:``ecr``: This release will have ValidationException be thrown from ECR LifecyclePolicy
APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud
(ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
* api-change:``medialive``: AWS Elemental Link now supports attaching a Link UHD device to a
MediaConnect flow.
* api-change:``quicksight``: This release launches new updates to QuickSight KPI visuals - support
for sparklines, new templated layout and new targets for conditional formatting rules.
- from version 1.31.44
* api-change:``fsx``: Amazon FSx documentation fixes
* api-change:``sagemaker``: Autopilot APIs will now support holiday featurization for Timeseries
models. The models will now hold holiday metadata and should be able to accommodate holiday effect
during inference.
* api-change:``sso-admin``: Content updates to IAM Identity Center API for China Regions.
* api-change:``workspaces``: A new field "ErrorDetails" will be added to the output of
"DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred
during image import process. These details include the possible causes of the errors and
troubleshooting information.
- from version 1.31.43
* api-change:``neptunedata``: Minor changes to send unsigned requests to Neptune clusters
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``simspaceweaver``: BucketName and ObjectKey are now required for the S3Location data
type. BucketName is now required for the S3Destination data type.
- from version 1.31.42
* api-change:``appflow``: Adding OAuth2.0 support for servicenow connector.
* api-change:``ec2``: This release adds 'outpost' location type to the
DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to
query their offerings in the API.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``medialive``: Adds advanced Output Locking options for Epoch Locking: Custom Epoch
and Jam Sync Time
* api-change:``wafv2``: The targeted protection level of the Bot Control managed rule group now
provides optional, machine-learning analysis of traffic statistics to detect some bot-related
activity. You can enable or disable the machine learning functionality through the API.
- from version 1.31.41
* api-change:``billingconductor``: This release adds support for line item filtering in for the
custom line item resource.
* api-change:``cloud9``: Added support for Ubuntu 22.04 that was not picked up in a previous
Trebuchet request. Doc-only update.
* api-change:``compute-optimizer``: This release adds support to provide recommendations for G4dn
and P3 instances that use NVIDIA GPUs.
* api-change:``ec2``: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of
local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors,
delivering up to 25% better performance over Graviton2-based instances.
* api-change:``ecs``: Documentation only update for Amazon ECS.
* api-change:``events``: Update events client to latest version
* api-change:``rds``: Add support for feature integration with AWS Backup.
* api-change:``sagemaker``: SageMaker Neo now supports data input shape derivation for Pytorch 2.0
and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during
compilation job creation. You can also access derived information from model in
DescribeCompilationJob response.
* api-change:``vpc-lattice``: This release adds Lambda event structure version config support for
LAMBDA target groups. It also adds newline support for auth policies.
- from version 1.31.40
* api-change:``chime-sdk-media-pipelines``: This release adds support for the Voice Analytics
feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
* api-change:``connect``: Amazon Connect adds the ability to read, create, update, delete, and list
view resources, and adds the ability to read, create, delete, and list view versions.
* api-change:``identitystore``: New Identity Store content for China Region launch
* api-change:``neptunedata``: Removed the descriptive text in the introduction.
- from version 1.31.39
* api-change:``chime-sdk-media-pipelines``: This release adds support for feature Voice Enhancement
for Call Recording as part of Amazon Chime SDK call analytics.
* api-change:``cloudhsm``: Deprecating CloudHSM Classic API Service.
* api-change:``connectcampaigns``: Amazon Connect outbound campaigns has launched agentless dialing
mode which enables customers to make automated outbound calls without agent engagement. This
release updates three of the campaign management API's to support the new agentless dialing mode
and the new dialing capacity field.
* api-change:``connectparticipant``: Amazon Connect Participant Service adds the ability to get a
view resource using a view token, which is provided in a participant message, with the release of
the DescribeView API.
* api-change:``customer-profiles``: Adds sensitive trait to various shapes in Customer Profiles API
model.
* api-change:``ecs``: This release adds support for an account-level setting that you can use to
configure the number of days for AWS Fargate task retirement.
* api-change:``grafana``: Marking SAML RoleValues attribute as sensitive and updating
VpcConfiguration attributes to match documentation.
* api-change:``health``: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity
aggregates across your organization. Also adds support for resource status filtering in
DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates
response, and new resource statuses.
* api-change:``ivs``: Updated "type" description for CreateChannel, UpdateChannel, Channel, and
ChannelSummary.
* api-change:``kafkaconnect``: Minor model changes for Kafka Connect as well as endpoint updates.
* api-change:``payment-cryptography-data``: Make KeyCheckValue field optional when using asymmetric
keys as Key Check Values typically only apply to symmetric keys
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
- from version 1.31.38
* api-change:``appflow``: Add SAP source connector parallel and pagination feature
* api-change:``apprunner``: App Runner adds support for Bitbucket. You can now create App Runner
connection that connects to your Bitbucket repositories and deploy App Runner service with the
source code stored in a Bitbucket repository.
* api-change:``auditmanager``: This release marks some assessment metadata as sensitive. We added a
sensitive trait to the following attributes: assessmentName, emailAddress, scope, createdBy,
lastUpdatedBy, and userName.
* api-change:``cleanrooms``: This release decouples member abilities in a collaboration. With this
change, the member who can run queries no longer needs to be the same as the member who can receive
results.
* api-change:``datasync``: AWS DataSync introduces Task Reports, a new feature that provides
detailed reports of data transfer operations for each task execution.
* api-change:``neptunedata``: Allows customers to execute data plane actions like bulk loading
graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
* api-change:``network-firewall``: Network Firewall increasing pagination token string length
* api-change:``pca-connector-ad``: The Connector for AD allows you to use a fully-managed AWS
Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or
proxy servers. Enterprises that use AD to manage Windows environments can reduce their private
certificate authority (CA) costs and complexity.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for
CanvasAppSettings
- from version 1.31.37
* api-change:``cognito-idp``: Added API example requests and responses for several operations.
Fixed the validation regex for user pools Identity Provider name.
* api-change:``fsx``: Documentation updates for project quotas.
* api-change:``omics``: Add RetentionMode support for Runs.
* api-change:``sesv2``: Adds support for the new Export and Message Insights features: create, get,
list and cancel export jobs; get message insights.
- Update to 1.31.36:
* api-change:``backup``: Add support for customizing time zone for backup window in backup plan
rules.
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: Documentation updates for permissions and links.
* api-change:``securitylake``: Remove incorrect regex enforcement on pagination tokens.
* api-change:``service-quotas``: Service Quotas now supports viewing the applied quota value and
requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: WorkSpaces Web now enables Admins to configure which cookies are
synchronized from an end-user's local browser to the in-session browser. In conjunction with a
browser extension, this feature enables enhanced Single-Sign On capability by reducing the number
of times an end-user has to authenticate.
- from version 1.31.35
* api-change:``cloudtrail``: Add ThrottlingException with error code 429 to handle CloudTrail
Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``detective``: Added protections to interacting with fields containing customer
information.
- from version 1.31.34
* api-change:``ec2``: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors,
deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered
by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a
instances.
* api-change:``glue``: Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: This release includes additional audio channel tags in Quicktime
outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC
outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: MediaLive now supports passthrough of KLV data to a HLS output group
with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the
coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in
RTMP output group settings.
* api-change:``mediatailor``: Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: Excel support in Snapshot Export APIs. Removed Required trait for some
insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column
support.
* api-change:``rds``: This release updates the supported versions for Percona XtraBackup in Aurora
MySQL.
* api-change:``s3control``: Updates to endpoint ruleset tests to address Smithy validation issues
and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions.
- from version 1.31.33
* api-change:``apigateway``: This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: Amazon Polly adds 1 new voice - Zayd (ar-AE)
- from version 1.31.32
* api-change:``ce``: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you
manage your cost allocation tags.
* api-change:``globalaccelerator``: Global Accelerator now supports Client Ip Preservation for
Network Load Balancer endpoints.
* api-change:``rds``: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions.
Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs
from 20 to 50.
- from version 1.31.31
* api-change:``cloud9``: Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
* api-change:``ec2``: The DeleteKeyPair API has been updated to return the keyPairId when an
existing key pair is deleted.
* api-change:``finspace``: Allow customers to manage outbound traffic from their Kx Environment
when attaching a transit gateway by providing network acl entries. Allow the customer to choose how
they want to update the databases on a cluster allowing updates to possibly be faster than usual.
* api-change:``rds``: Adding support for RDS Aurora Global Database Unplanned Failover
* api-change:``route53domains``: Fixed typos in description fields
- from version 1.31.30
* api-change:``codecommit``: Add new ListFileCommitHistory operation to retrieve commits which
introduced changes to a specific file.
* api-change:``securityhub``: Added Inspector Lambda code Vulnerability section to ASFF, including
GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
- from version 1.31.29
* api-change:``ec2``: Adds support for SubnetConfigurations to allow users to select their own IPv4
and IPv6 addresses for Interface VPC endpoints
* api-change:``gamelift``: Amazon GameLift updates its instance types support.
- from version 1.31.28
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``lexv2-models``: Update lexv2-models client to latest version
- Update to 1.31.27:
* enhancement:Python: Added provisional Python 3.12 support to Botocore
* api-change:``chime-sdk-meetings``: Updated API documentation to include additional exceptions.
* api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2).
* api-change:``glue``: AWS Glue Crawlers can now accept SerDe overrides from a custom csv
classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the user wants
crawler to do the selection, "None" can be selected for this purpose.
* api-change:``pi``: AWS Performance Insights for Amazon RDS is launching Performance Analysis On
Demand, a new feature that allows you to analyze database performance metrics and find out the
performance issues. You can now use SDK to create, list, get, delete, and manage tags of
performance analysis reports.
* api-change:``route53domains``: Provide explanation if CheckDomainTransferability return false.
Provide requestId if a request is already submitted. Add sensitive protection for customer
information
* api-change:``sagemaker``: SageMaker Inference Recommender now provides SupportedResponseMIMETypes
from DescribeInferenceRecommendationsJob response
- from version 1.31.26
* api-change:``mediapackage``: Fix SDK logging of certain fields.
* api-change:``omics``: This release provides support for annotation store versioning and cross
account sharing for Omics Analytics
* api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.31.25
* api-change:``amplifybackend``: Adds sensitive trait to required input shapes.
* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config
in July 2023.
* api-change:``ec2``: Amazon EC2 P5 instances, powered by the latest NVIDIA H100 Tensor Core GPUs,
deliver the highest performance in EC2 for deep learning (DL) and HPC applications. M7i-flex and
M7i instances are next-generation general purpose instances powered by custom 4th Generation Intel
Xeon Scalable processors.
* api-change:``quicksight``: New Authentication method for Account subscription - IAM Identity
Center. Hierarchy layout support, default column width support and related style properties for
pivot table visuals. Non-additive topic field aggregations for Topic API
* api-change:``ses``: Update ses client to latest version
* api-change:``swf``: This release adds new API parameters to override workflow task list for
workflow executions.
- from version 1.31.24
* api-change:``cloudtrail``: Documentation updates for CloudTrail.
* api-change:``connect``: This release adds APIs to provision agents that are global / available in
multiple AWS regions and distribute them across these regions by percentage.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``omics``: This release adds instanceType to GetRunTask & ListRunTasks responses.
* api-change:``secretsmanager``: Add additional InvalidRequestException to list of possible
exceptions for ListSecret.
* api-change:``transfer``: Documentation updates for AW Transfer Family
- from version 1.31.23
* api-change:``chime-sdk-voice``: Updating CreatePhoneNumberOrder, UpdatePhoneNumber and
BatchUpdatePhoneNumbers APIs, adding phone number name
* api-change:``fsx``: For FSx for Lustre, add new data repository task type,
RELEASE_DATA_FROM_FILESYSTEM, to release files that have been archived to S3. For FSx for Windows,
enable support for configuring and updating SSD IOPS, and for updating storage type. For FSx for
OpenZFS, add new deployment type, MULTI_AZ_1.
* api-change:``globalaccelerator``: Documentation update for dualstack EC2 endpoint support
* api-change:``guardduty``: Added autoEnable ALL to UpdateOrganizationConfiguration and
DescribeOrganizationConfiguration APIs.
* api-change:``sagemaker``: This release adds support for cross account access for SageMaker Model
Cards through AWS RAM.
- from version 1.31.22
* api-change:``backup``: This release introduces a new logically air-gapped vault (Preview) in AWS
Backup that stores immutable backup copies, which are locked by default and isolated with
encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure recovery of
application data across accounts.
* api-change:``elasticache``: Added support for cluster mode in online migration and test migration
API
* api-change:``servicecatalog``: Introduce support for HashiCorp Terraform Cloud in Service Catalog
by addying TERRAFORM_CLOUD product type in CreateProduct and CreateProvisioningArtifact API.
- from version 1.31.21
* api-change:``detective``: Updated the email validation regex to be in line with the TLD name
specifications.
* api-change:``ivs-realtime``: Add QUOTA_EXCEEDED and PUBLISHER_NOT_FOUND to EventErrorCode for
stage health events.
* api-change:``kinesis-video-archived-media``: This release enables minimum of Images
SamplingInterval to be as low as 200 milliseconds in Kinesis Video Stream Image feature.
* api-change:``kinesisvideo``: This release enables minimum of Images SamplingInterval to be as low
as 200 milliseconds in Kinesis Video Stream Image feature.
* api-change:``rekognition``: This release adds code snippets for Amazon Rekognition Custom Labels.
- from version 1.31.20
* api-change:``acm-pca``: Documentation correction for AWS Private CA
* api-change:``connect``: Added a new API UpdateRoutingProfileAgentAvailabilityTimer to update
agent availability timer of a routing profile.
* api-change:``datasync``: Display cloud storage used capacity at a cluster level.
* api-change:``ecs``: This is a documentation update to address various tickets.
* api-change:``sagemaker``: Including DataCaptureConfig key in the Amazon Sagemaker Search's
transform job object
- from version 1.31.19
* api-change:``autoscaling``: Documentation changes related to Amazon EC2 Auto Scaling APIs.
* api-change:``cloud9``: Updated the deprecation date for Amazon Linux. Doc only update.
* api-change:``dms``: The release makes public API for DMS Schema Conversion feature.
* api-change:``ec2``: This release adds new parameter isPrimaryIPv6 to allow assigning an IPv6
address as a primary IPv6 address to a network interface which cannot be changed to give equivalent
functionality available for network interfaces with primary IPv4 address.
* api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on p5.48xlarge
instance types.
- from version 1.31.18
* api-change:``budgets``: As part of CAE tagging integration we need to update our budget names
regex filter to prevent customers from using "/action/" in their budget names.
* api-change:``cognito-idp``: New feature that logs Cognito user pool error messages to CloudWatch
logs.
* api-change:``glue``: This release includes additional Glue Streaming KAKFA SASL property types.
* api-change:``resiliencehub``: Drift Detection capability added when applications policy has moved
from a meet to breach state. Customers will be able to exclude operational recommendations and
receive credit in their resilience score. Customers can now add ARH permissions to an existing or
new role.
* api-change:``sagemaker``: SageMaker Inference Recommender introduces a new API
GetScalingConfigurationRecommendation to recommend auto scaling policies based on completed
Inference Recommender jobs.
- from version 1.31.17
* api-change:``batch``: This release adds support for price capacity optimized allocation strategy
for Spot Instances.
* api-change:``dms``: Adding new API describe-engine-versions which provides information about the
lifecycle of a replication instance's version.
* api-change:``internetmonitor``: This release adds a new feature for Amazon CloudWatch Internet
Monitor that enables customers to set custom thresholds, for performance and availability drops,
for impact limited to a single city-network to trigger creation of a health event.
* api-change:``medialive``: AWS Elemental Link devices now report their Availability Zone. Link
devices now support the ability to change their Availability Zone.
* api-change:``polly``: Amazon Polly adds new French Belgian voice - Isabelle. Isabelle is
available as Neural voice only.
* api-change:``rds``: Added support for deleted clusters PiTR.
* api-change:``sagemaker``: Add Stairs TrafficPattern and FlatInvocations to
RecommendationJobStoppingConditions
- from version 1.31.16
* api-change:``amplifyuibuilder``: Amplify Studio releases GraphQL support for codegen job action.
* api-change:``autoscaling``: You can now configure an instance refresh to set its status to
'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state. You can
also choose to roll back the instance refresh automatically when the alarm threshold is met.
* api-change:``cleanrooms``: This release introduces custom SQL queries - an expanded set of SQL
you can run. This release adds analysis templates, a new resource for storing pre-defined custom
SQL queries ahead of time. This release also adds the Custom analysis rule, which lets you approve
analysis templates for querying.
* api-change:``codestar-connections``: New integration with the Gitlab provider type.
* api-change:``drs``: Add support for in-aws right sizing
* api-change:``inspector2``: This release adds 1 new API: BatchGetFindingDetails to retrieve
enhanced vulnerability intelligence details for findings.
* api-change:``lookoutequipment``: This release includes new import resource, model versioning and
resource policy features.
* api-change:``omics``: Add CreationType filter for ListReadSets
* api-change:``rds``: This release adds support for Aurora MySQL local write forwarding, which
allows for forwarding of write operations from reader DB instances to the writer DB instance.
* api-change:``route53``: Amazon Route 53 now supports the Israel (Tel Aviv) Region (il-central-1)
for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
* api-change:``scheduler``: This release introduces automatic deletion of schedules in EventBridge
Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule after the schedule
has completed its last invocation.
- from version 1.31.15
* enhancement:HTTP: Move 100-continue behavior to use `HTTPConnections` request interface.
* api-change:``application-insights``: This release enable customer to add/remove/update more than
one workload for a component
* api-change:``cloudformation``: This SDK release is for the feature launch of AWS CloudFormation
RetainExceptOnCreate. It adds a new parameter retainExceptOnCreate in the following APIs:
CreateStack, UpdateStack, RollbackStack, ExecuteChangeSet.
* api-change:``cloudfront``: Add a new JavaScript runtime version for CloudFront Functions.
* api-change:``connect``: This release adds support for new number types.
* api-change:``kafka``: Amazon MSK has introduced new versions of ListClusterOperations and
DescribeClusterOperation APIs. These v2 APIs provide information and insights into the ongoing
operations of both MSK Provisioned and MSK Serverless clusters.
* api-change:``pinpoint``: Added support for sending push notifications using the FCM v1 API with
json credentials. Amazon Pinpoint customers can now deliver messages to Android devices using both
FCM v1 API and the legacy FCM/GCM API
- from version 1.31.14
* enhancement:compression: Adds support for the ``requestcompression`` operation trait.
* api-change:``sqs``: Documentation changes related to SQS APIs.
- from version 1.31.13
* api-change:``autoscaling``: This release updates validation for instance types used in the
AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements property of a
MixedInstancesPolicy.
* api-change:``ebs``: SDK and documentation updates for Amazon Elastic Block Store API
* api-change:``ec2``: SDK and documentation updates for Amazon Elastic Block Store APIs
* api-change:``eks``: Add multiple customer error code to handle customer caused failure when
managing EKS node groups
* api-change:``sagemaker``: Expose ProfilerConfig attribute in SageMaker Search API response.
- from version 1.31.12
* api-change:``cloudcontrol``: Updates the documentation for CreateResource.
* api-change:``entityresolution``: AWS Entity Resolution can effectively match a source record from
a customer relationship management (CRM) system with a source record from a marketing system
containing campaign information.
* api-change:``glue``: Release Glue Studio Snowflake Connector Node for SDK/CLI
* api-change:``healthlake``: Updating the HealthLake service documentation.
* api-change:``managedblockchain-query``: Amazon Managed Blockchain (AMB) Query provides serverless
access to standardized, multi-blockchain datasets with developer-friendly APIs.
* api-change:``mediaconvert``: This release includes general updates to user documentation.
* api-change:``omics``: The service is renaming as a part of AWS Health.
* api-change:``opensearchserverless``: This release adds new collection type VectorSearch.
* api-change:``polly``: Amazon Polly adds 1 new voice - Lisa (nl-BE)
* api-change:``route53``: Update that corrects the documents for received feedback.
- from version 1.31.11
* api-change:``billingconductor``: Added support for Auto-Assocate Billing Groups for
CreateBillingGroup, UpdateBillingGroup, and ListBillingGroups.
* api-change:``customer-profiles``: Amazon Connect Customer Profiles now supports rule-based
resolution to match and merge similar profiles into unified profiles, helping companies deliver
faster and more personalized customer service by providing access to relevant customer information
for agents and automated experiences.
* api-change:``datasync``: AWS DataSync now supports Microsoft Azure Blob Storage locations.
* api-change:``dynamodb``: Documentation updates for DynamoDB
* api-change:``ec2``: This release adds an instance's peak and baseline network bandwidth as well
as the memory sizes of an instance's inference accelerators to DescribeInstanceTypes.
* api-change:``emr-serverless``: This release adds support for publishing application logs to
CloudWatch.
* api-change:``lambda``: Add Python 3.11 (python3.11) support to AWS Lambda
* api-change:``rds``: This release adds support for monitoring storage optimization progress on the
DescribeDBInstances API.
* api-change:``sagemaker``: Mark ContentColumn and TargetLabelColumn as required Targets in
TextClassificationJobConfig in CreateAutoMLJobV2API
* api-change:``securityhub``: Add support for CONTAINS and NOT_CONTAINS comparison operators for
Automation Rules string filters and map filters
* api-change:``sts``: API updates for the AWS Security Token Service
* api-change:``transfer``: This release adds support for SFTP Connectors.
* api-change:``wisdom``: This release added two new data types: AssistantIntegrationConfiguration,
and SessionIntegrationConfiguration to support Wisdom integration with Amazon Connect Chat
- from version 1.31.10
* api-change:``apigatewayv2``: Documentation updates for Amazon API Gateway.
* api-change:``ce``: This release introduces the new API
'GetSavingsPlanPurchaseRecommendationDetails', which retrieves the details for a Savings Plan
recommendation. It also updates the existing API 'GetSavingsPlansPurchaseRecommendation' to include
the recommendation detail ID.
* api-change:``chime-sdk-media-pipelines``: AWS Media Pipeline compositing enhancement and Media
Insights Pipeline auto language identification.
* api-change:``cloudformation``: This release supports filtering by DRIFT_STATUS for existing API
ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can
now view resource drift information from their StackSet management accounts.
* api-change:``ec2``: Add "disabled" enum value to SpotInstanceState.
* api-change:``glue``: Added support for Data Preparation Recipe node in Glue Studio jobs
* api-change:``quicksight``: This release launches new Snapshot APIs for CSV and PDF exports, adds
support for info icon for filters and parameters in Exploration APIs, adds modeled exception to the
DeleteAccountCustomization API, and introduces AttributeAggregationFunction's ability to add
UNIQUE_VALUE aggregation in tooltips.
- from version 1.31.9
* api-change:``glue``: This release adds support for AWS Glue Crawler with Apache Hudi Tables,
allowing Crawlers to discover Hudi Tables in S3 and register them in Glue Data Catalog for query
engines to query against.
* api-change:``mediaconvert``: This release includes improvements to Preserve 444 handling,
compatibility of HEVC sources without frame rates, and general improvements to MP4 outputs.
* api-change:``rds``: Adds support for the DBSystemID parameter of CreateDBInstance to RDS Custom
for Oracle.
* api-change:``workspaces``: Fixed VolumeEncryptionKey descriptions
- from version 1.31.8
* api-change:``codecatalyst``: This release adds support for updating and deleting spaces and
projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source
repositories in CodeCatalyst projects.
* api-change:``connectcases``: This release adds the ability to assign a case to a queue or user.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``route53resolver``: This release adds support for Route 53 On Outposts, a new feature
that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
* api-change:``s3``: Improve performance of S3 clients by simplifying and optimizing endpoint
resolution.
* api-change:``sagemaker-featurestore-runtime``: Cross account support for SageMaker Feature Store
* api-change:``sagemaker``: Cross account support for SageMaker Feature Store
* api-change:``securitylake``: Adding support for Tags on Create and Resource Tagging API.
* api-change:``transcribe``: Added API argument --toxicity-detection to startTranscriptionJob API,
which allows users to view toxicity scores of submitted audio.
- from version 1.31.7
* enhancement:AWSCRT: Upgrade awscrt version to 0.16.26
* api-change:``savingsplans``: Savings Plans endpoints update
- from version 1.31.6
* api-change:``cloudformation``: SDK and documentation updates for GetTemplateSummary API
(unrecognized resources)
* api-change:``ec2``: Amazon EC2 documentation updates.
* api-change:``grafana``: Amazon Managed Grafana now supports grafanaVersion update for existing
workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally
returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId,
the versions it can upgrade to.
* api-change:``medical-imaging``: General Availability (GA) release of AWS Health Imaging, enabling
customers to store, transform, and analyze medical imaging data at petabyte-scale.
* api-change:``ram``: This release adds support for securely sharing with AWS service principals.
* api-change:``ssm-sap``: Added support for SAP Hana High Availability discovery (primary and
secondary nodes) and Backint agent installation with SSM for SAP.
* api-change:``wafv2``: Added the URI path to the custom aggregation keys that you can specify for
a rate-based rule.
- from version 1.31.5
* api-change:``codeguru-security``: Documentation updates for CodeGuru Security.
* api-change:``connect``: GetMetricDataV2 API: Update to include Contact Lens Conversational
Analytics Metrics
* api-change:``es``: Regex Validation on the ElasticSearch Engine Version attribute
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``m2``: Allows UpdateEnvironment to update the environment to 0 host capacity. New
GetSignedBluinsightsUrl API
* api-change:``snowball``: Adds support for RACK_5U_C. This is the first AWS Snow Family device
designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a
portable, compact 5U, half-rack width form-factor.
* api-change:``translate``: Added DOCX word document support to TranslateDocument API
- from version 1.31.4
* api-change:``codeartifact``: Doc only update for AWS CodeArtifact
* api-change:``docdb``: Added major version upgrade option in ModifyDBCluster API
* api-change:``ec2``: Add Nitro TPM support on DescribeInstanceTypes
* api-change:``glue``: Adding new supported permission type flags to get-unfiltered endpoints that
callers may pass to indicate support for enforcing Lake Formation fine-grained access control on
nested column attributes.
* api-change:``ivs``: This release provides the flexibility to configure what renditions or
thumbnail qualities to record when creating recording configuration.
* api-change:``lakeformation``: Adds supports for ReadOnlyAdmins and
AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to
SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and
GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
- from version 1.31.3
* api-change:``cognito-idp``: API model updated in Amazon Cognito
* api-change:``connect``: Add support for deleting Queues and Routing Profiles.
* api-change:``datasync``: Added LunCount to the response object of
DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system
resource.
* api-change:``dms``: Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
* api-change:``ec2``: This release adds support for the C7gn and Hpc7g instances. C7gn instances
are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances
are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
* api-change:``fsx``: Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that
enables you to protect your files in a volume by transitioning them to a write once, read many
(WORM) state.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: Adds categories to MediaTailor channel assembly alerts
* api-change:``personalize``: This release provides ability to customers to change schema
associated with their datasets in Amazon Personalize
* api-change:``proton``: This release adds support for deployment history for Proton provisioned
resources
* api-change:``s3``: S3 Inventory now supports Object Access Control List and Object Owner as
available object metadata fields in inventory reports.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds WorkspeceSettings support for
CanvasAppSettings
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
- Update to 1.31.2:
* bugfix:s3: Fix s3 presigned URLs for operations with query components (`#2962
<https://github.com/boto/botocore/issues/2962>`__)
* api-change:``cognito-idp``: API model updated in Amazon Cognito
- from version 1.31.1
* api-change:``dms``: Releasing DMS Serverless. Adding support for PostgreSQL 15.x as source and
target endpoint. Adding support for DocDB Elastic Clusters with sharded collections, PostgreSQL
datatype mapping customization and disabling hostname validation of the certificate authority in
Kafka endpoint settings
* api-change:``glue``: This release enables customers to create new Apache Iceberg tables and
associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
* api-change:``logs``: Add CMK encryption support for CloudWatch Logs Insights query result data
* api-change:``medialive``: This release enables the use of Thumbnails in AWS Elemental MediaLive.
* api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added
support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs, including
support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
- from version 1.31.0
* api-change:``ec2``: Add Nitro Enclaves support on DescribeInstanceTypes
* api-change:``location``: This release adds support for authenticating with Amazon Location
Service's Places & Routes APIs with an API Key. Also, with this release developers can publish
tracked device position updates to Amazon EventBridge.
* api-change:``outposts``: Added paginator support to several APIs. Added the ISOLATED enum value
to AssetState.
* api-change:``quicksight``: This release includes below three changes: small multiples axes
improvement, field based coloring, removed required trait from Aggregation function for
TopBottomFilter.
* api-change:``rds``: Updates Amazon RDS documentation for creating DB instances and creating
Aurora global clusters.
* bugfix:configprovider: Fix bug when deep copying config value store where overrides were not
preserved
* enhancement:configprovider: Always use shallow copy of session config value store for clients
* feature:configuration: Configure the endpoint URL in the shared configuration file or via an
environment variable for a specific AWS service or all AWS services.
- from version 1.30.1
* api-change:``comprehendmedical``: Update to Amazon Comprehend Medical documentation.
* api-change:``connect``: GetMetricDataV2 API: Channels filters do not count towards overall
limitation of 100 filter values.
* api-change:``kms``: Added Dry Run Feature to cryptographic and cross-account mutating KMS APIs
(14 in all). This feature allows users to test their permissions and parameters before making the
actual API call.
* api-change:``mgn``: This release introduces the Global view feature and new Replication state
APIs.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
- from version 1.30.0
* feature:Useragent: Update User-Agent header format
* api-change:``batch``: This feature allows customers to use AWS Batch with Linux with ARM64 CPU
Architecture and X86_64 CPU Architecture with Windows OS on Fargate Platform.
* api-change:``sagemaker``: SageMaker Inference Recommender now accepts new fields
SupportedEndpointType and ServerlessConfiguration to support serverless endpoints.
- from version 1.29.165
* api-change:``amp``: AWS SDK service model generation tool version upgrade.
* api-change:``ecs``: Added new field "credentialspecs" to the ecs task definition to support gMSA
of windows/linux in both domainless and domain-joined mode
* api-change:``ivs``: Corrects the HTTP response code in the generated docs for PutMetadata and
DeleteRecordingConfiguration APIs.
* api-change:``mediaconvert``: This release includes improved color handling of overlays and
general updates to user documentation.
* api-change:``sagemaker``: This release adds support for rolling deployment in SageMaker Inference.
* api-change:``transfer``: Add outbound Basic authentication support to AS2 connectors
* api-change:``verifiedpermissions``: This release corrects several broken links in the
documentation.
- from version 1.29.164
* api-change:``appstream``: This release introduces app block builder, allowing customers to
provision a resource to package applications into an app block
* api-change:``chime``: The Amazon Chime SDK APIs in the Chime namespace are no longer supported.
Customers should use APIs in the dedicated Amazon Chime SDK namespaces: ChimeSDKIdentity,
ChimeSDKMediaPipelines, ChimeSDKMeetings, ChimeSDKMessaging, and ChimeSDKVoice.
* api-change:``cleanrooms``: This release adds support for the OR operator in RSQL join match
conditions and the ability to control which operators (AND, OR) are allowed in a join match
condition.
* api-change:``dynamodb``: This release adds ReturnValuesOnConditionCheckFailure parameter to
PutItem, UpdateItem, DeleteItem, ExecuteStatement, BatchExecuteStatement and ExecuteTransaction
APIs. When set to ALL_OLD, API returns a copy of the item as it was when a conditional write failed
* api-change:``gamelift``: Amazon GameLift now supports game builds that use the Amazon Linux 2023
(AL2023) operating system.
* api-change:``glue``: This release adds support for AWS Glue Crawler with Iceberg Tables, allowing
Crawlers to discover Iceberg Tables in S3 and register them in Glue Data Catalog for query engines
to query against.
* api-change:``sagemaker``: Adding support for timeseries forecasting in the CreateAutoMLJobV2 API.
- Update 1.29.163:
* api-change:``internetmonitor``: This release adds a new feature for Amazon CloudWatch Internet
Monitor that enables customers to set custom thresholds, for performance and availability drops,
for triggering when to create a health event.
* api-change:``kinesisanalyticsv2``: Support for new runtime environment in Kinesis Data Analytics
Studio: Zeppelin-0.10, Apache Flink-1.15
* api-change:``lambda``: Surface ResourceConflictException in DeleteEventSourceMapping
* api-change:``omics``: Add Common Workflow Language (CWL) as a supported language for Omics
workflows
* api-change:``rds``: Amazon Relational Database Service (RDS) now supports joining a RDS for SQL
Server instance to a self-managed Active Directory.
* api-change:``s3``: The S3 LISTObjects, ListObjectsV2 and ListObjectVersions API now supports a
new optional header x-amz-optional-object-attributes. If header contains RestoreStatus as the
value, then S3 will include Glacier restore status i.e. isRestoreInProgress and RestoreExpiryDate
in List response.
* api-change:``sagemaker``: This release adds support for Model Cards Model Registry integration.
- from version 1.29.162
* bugfix:Parsers: Fixes datetime parse error handling for out-of-range and negative timestamps
(`#2564 <https://github.com/boto/botocore/issues/2564>`__).
* api-change:``appfabric``: Initial release of AWS AppFabric for connecting SaaS applications for
better productivity and security.
* api-change:``appflow``: This release adds support to bypass SSO with the SAPOData connector when
connecting to an SAP instance.
* api-change:``emr-serverless``: This release adds support to update the release label of an EMR
Serverless application to upgrade it to a different version of Amazon EMR via UpdateApplication API.
* api-change:``ivs``: IVS customers can now revoke the viewer session associated with an auth
token, to prevent and stop playback using that token.
* api-change:``kinesisvideo``: General Availability (GA) release of Kinesis Video Streams at Edge,
enabling customers to provide a configuration for the Kinesis Video Streams EdgeAgent running on an
on-premise IoT device. Customers can now locally record from cameras and stream videos to the cloud
on a configured schedule.
* api-change:``macie2``: This release adds support for configuring new classification jobs to use
the set of managed data identifiers that we recommend for jobs. For the managed data identifier
selection type (managedDataIdentifierSelector), specify RECOMMENDED.
* api-change:``privatenetworks``: This release allows Private5G customers to choose different
commitment plans (60-days, 1-year, 3-years) when placing new orders, enables automatic renewal
option for 1-year and 3-years commitments. It also allows customers to update the commitment plan
of an existing radio unit.
* api-change:``sagemaker-featurestore-runtime``: Introducing TTL for online store records for
feature groups.
* api-change:``sagemaker``: Introducing TTL for online store records in feature groups.
* api-change:``ssm``: Systems Manager doc-only update for June 2023.
* api-change:``verifiedpermissions``: This update fixes several broken links to the Cedar
documentation.
- from version 1.29.161
* api-change:``connect``: This release provides a way to search for existing tags within an
instance. Before tagging a resource, ensure consistency by searching for pre-existing key:value
pairs.
* api-change:``glue``: Timestamp Starting Position For Kinesis and Kafka Data Sources in a Glue
Streaming Job
* api-change:``guardduty``: Add support for user.extra.sessionName in Kubernetes Audit Logs
Findings.
* api-change:``iam``: Support for a new API "GetMFADevice" to present MFA device metadata such as
device certifications
* api-change:``pinpoint``: Added time zone estimation support for journeys
- from version 1.29.160
* api-change:``devops-guru``: This release adds support for encryption via customer managed keys.
* api-change:``fsx``: Update to Amazon FSx documentation.
* api-change:``rds``: Documentation improvements for create, describe, and modify DB clusters and
DB instances.
* api-change:``verifiedpermissions``: Added improved descriptions and new code samples to SDK
documentation.
- from version 1.29.159
* api-change:``chime-sdk-identity``: AppInstanceBots can be configured to be invoked or not using
the Target or the CHIME.mentions attribute for ChannelMessages
* api-change:``chime-sdk-messaging``: ChannelMessages can be made visible to sender and intended
recipient rather than all channel members with the target attribute. For example, a user can send
messages to a bot and receive messages back in a group channel without other members seeing them.
* api-change:``kendra``: Introducing Amazon Kendra Retrieve API that can be used to retrieve
relevant passages or text excerpts given an input query.
* api-change:``stepfunctions``: Update stepfunctions client to latest version
- from version 1.29.158
* api-change:``dynamodb``: Documentation updates for DynamoDB
* api-change:``emr``: Update emr client to latest version
* api-change:``inspector2``: This release adds support for Software Bill of Materials (SBOM) export
and the general availability of code scanning for AWS Lambda functions.
* api-change:``mediaconvert``: This release introduces the bandwidth reduction filter for the HEVC
encoder, increases the limits of outputs per job, and updates support for the Nagra SDK to version
- from version 1.14.7.
* api-change:``mq``: The Cross Region Disaster Recovery feature allows to replicate a brokers state
from one region to another in order to provide customers with multi-region resiliency in the event
of a regional outage.
* api-change:``sagemaker``: This release provides support in SageMaker for output files in training
jobs to be uploaded without compression and enable customer to deploy uncompressed model from S3 to
real-time inference Endpoints. In addition, ml.trn1n.32xlarge is added to supported instance type
list in training job.
* api-change:``transfer``: This release adds a new parameter StructuredLogDestinations to
CreateServer, UpdateServer APIs.
- from version 1.29.157
* api-change:``appflow``: This release adds new API to reset connector metadata cache
* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config
in May 2023.
* api-change:``ec2``: Adds support for targeting Dedicated Host allocations by assetIds in AWS
Outposts
* api-change:``lambda``: This release adds RecursiveInvocationException to the Invoke API and
InvokeWithResponseStream API.
* api-change:``redshift``: Added support for custom domain names for Redshift Provisioned clusters.
This feature enables customers to create a custom domain name and use ACM to generate fully secure
connections to it.
- from version 1.29.156
* api-change:``cloudformation``: Specify desired CloudFormation behavior in the event of ChangeSet
execution failure using the CreateChangeSet OnStackFailure parameter
* api-change:``ec2``: API changes to AWS Verified Access to include data from trust providers in
logs
* api-change:``ecs``: Documentation only update to address various tickets.
* api-change:``glue``: This release adds support for creating cross region table/database resource
links
* api-change:``pricing``: This release updates the PriceListArn regex pattern.
* api-change:``route53domains``: Update MaxItems upper bound to 1000 for ListPricesRequest
* api-change:``sagemaker``: Amazon Sagemaker Autopilot releases CreateAutoMLJobV2 and
DescribeAutoMLJobV2 for Autopilot customers with ImageClassification, TextClassification and
Tabular problem type config support.
- from version 1.29.155
* api-change:``account``: Improve pagination support for ListRegions
* api-change:``connect``: Updates the *InstanceStorageConfig APIs to support a new ResourceType:
SCREEN_RECORDINGS to enable screen recording and specify the storage configurations for publishing
the recordings. Also updates DescribeInstance and ListInstances APIs to include InstanceAccessUrl
attribute in the API response.
* api-change:``discovery``: Add Amazon EC2 instance recommendations export
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``s3``: This release adds SDK support for request-payer request header and
request-charged response header in the "GetBucketAccelerateConfiguration", "ListMultipartUploads",
"ListObjects", "ListObjectsV2" and "ListObjectVersions" S3 APIs.
- from version 1.29.154
* api-change:``auditmanager``: This release introduces 2 Audit Manager features: CSV exports and
new manual evidence options. You can now export your evidence finder results in CSV format. In
addition, you can now add manual evidence to a control by entering free-form text or uploading a
file from your browser.
* api-change:``efs``: Update efs client to latest version
* api-change:``guardduty``: Updated descriptions for some APIs.
* api-change:``location``: Amazon Location Service adds categories to places, including filtering
on those categories in searches. Also, you can now add metadata properties to your geofences.
- Add _constraints to avoid OOM in %check
- Update 1.29.153:
* api-change:``cloudtrail``: This feature allows users to view dashboards for CloudTrail Lake event
data stores.
* api-change:``codeguru-security``: Initial release of Amazon CodeGuru Security APIs
* api-change:``drs``: Added APIs to support network replication and recovery using AWS Elastic
Disaster Recovery.
* api-change:``ec2``: This release introduces a new feature, EC2 Instance Connect Endpoint, that
enables you to connect to a resource over TCP, without requiring the resource to have a public IPv4
address.
* api-change:``imagebuilder``: Change the Image Builder ImagePipeline dateNextRun field to more
accurately describe the data.
* api-change:``lightsail``: This release adds pagination for the Get Certificates API operation.
* api-change:``s3``: Integrate double encryption feature to SDKs.
* api-change:``securityhub``: Add support for Security Hub Automation Rules
* api-change:``simspaceweaver``: This release fixes using aws-us-gov ARNs in API calls and adds
documentation for snapshot APIs.
* api-change:``verifiedpermissions``: GA release of Amazon Verified Permissions.
* api-change:``wafv2``: You can now detect and block fraudulent account creation attempts with the
new AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group
AWSManagedRulesACFPRuleSet.
* api-change:``wellarchitected``: AWS Well-Architected now supports Profiles that help customers
prioritize which questions to focus on first by providing a list of prioritized questions that are
better aligned with their business goals and outcomes.
- from version 1.29.152
* api-change:``amplifyuibuilder``: AWS Amplify UIBuilder is launching Codegen UI, a new feature
that enables you to generate your amplify uibuilder components and forms.
* api-change:``dynamodb``: Documentation updates for DynamoDB
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``fsx``: Amazon FSx for NetApp ONTAP now supports joining a storage virtual machine
(SVM) to Active Directory after the SVM has been created.
* api-change:``opensearch``: This release adds support for SkipUnavailable connection property for
cross cluster search
* api-change:``rekognition``: This release adds support for improved accuracy with user vector in
Amazon Rekognition Face Search. Adds new APIs: AssociateFaces, CreateUser, DeleteUser,
DisassociateFaces, ListUsers, SearchUsers, SearchUsersByImage. Also adds new face metadata that can
be stored: user vector.
* api-change:``sagemaker``: Sagemaker Neo now supports compilation for inferentia2 (ML_INF2) and
Trainium1 (ML_TRN1) as available targets. With these devices, you can run your workloads at highest
performance with lowest cost. inferentia2 (ML_INF2) is available in CMH and Trainium1 (ML_TRN1) is
available in IAD currently
- from version 1.29.151
* api-change:``acm-pca``: Document-only update to refresh CLI documentation for AWS Private CA. No
change to the service.
* api-change:``connect``: This release adds search APIs for Prompts, Quick Connects and Hours of
Operations, which can be used to search for those resources within a Connect Instance.
- from version 1.29.150
* api-change:``athena``: You can now define custom spark properties at start of the session for use
cases like cluster encryption, table formats, and general Spark tuning.
* api-change:``comprehendmedical``: This release supports a new set of entities and traits.
* api-change:``payment-cryptography-data``: Initial release of AWS Payment Cryptography DataPlane
Plane service for performing cryptographic operations typically used during card payment processing.
* api-change:``payment-cryptography``: Initial release of AWS Payment Cryptography Control Plane
service for creating and managing cryptographic keys used during card payment processing.
* api-change:``servicecatalog``: New parameter added in ServiceCatalog DescribeProvisioningArtifact
api - IncludeProvisioningArtifactParameters. This parameter can be used to return information about
the parameters used to provision the product
* api-change:``timestream-write``: This release adds the capability for customers to define how
their data should be partitioned, optimizing for certain access patterns. This definition will take
place as a part of the table creation.
- from version 1.29.149
* api-change:``cloudformation``: AWS CloudFormation StackSets is updating the deployment experience
for all stackset operations to skip suspended AWS accounts during deployments. StackSets will skip
target AWS accounts that are suspended and set the Detailed Status of the corresponding stack
instances as SKIPPED_SUSPENDED_ACCOUNT
* api-change:``customer-profiles``: This release introduces event stream related APIs.
* api-change:``directconnect``: This update corrects the jumbo frames mtu values from 9100 to 8500
for transit virtual interfaces.
* api-change:``emr-containers``: EMR on EKS adds support for log rotation of Spark container logs
with EMR-6.11.0 onwards, to the StartJobRun API.
* api-change:``iotdeviceadvisor``: AWS IoT Core Device Advisor now supports new Qualification Suite
test case list. With this update, customers can more easily create new qualification test suite
with an empty rootGroup input.
* api-change:``logs``: This change adds support for account level data protection policies using 3
new APIs, PutAccountPolicy, DeleteAccountPolicy and DescribeAccountPolicy. DescribeLogGroup API has
been modified to indicate if account level policy is applied to the LogGroup via
"inheritedProperties" list in the response.
- from version 1.29.148
* api-change:``connect``: GetMetricDataV2 API is now available in AWS GovCloud(US) region.
* api-change:``emr``: Update emr client to latest version
* api-change:``iam``: This release updates the AccountAlias regex pattern with the same length
restrictions enforced by the length constraint.
* api-change:``inspector2``: Adds new response properties and request parameters for 'last scanned
at' on the ListCoverage operation. This feature allows you to search and view the date of which
your resources were last scanned by Inspector.
* api-change:``iot-data``: Update thing shadow name regex to allow '$' character
* api-change:``iot``: Adding IoT Device Management Software Package Catalog APIs to register,
store, and report system software packages, along with their versions and metadata in a centralized
location.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``quicksight``: QuickSight support for pivot table field collapse state, radar chart
range scale and multiple scope options in conditional formatting.
* api-change:``signer``: AWS Signer is launching Container Image Signing, a new feature that
enables you to sign and verify container images. This feature enables you to validate that only
container images you approve are used in your enterprise.
* api-change:``sqs``: Amazon SQS adds three new APIs - StartMessageMoveTask, CancelMessageMoveTask,
and ListMessageMoveTasks to automate redriving messages from dead-letter queues to source queues or
a custom destination.
- from version 1.29.147
* api-change:``cloudformation``: AWS CloudFormation StackSets provides customers with three new
APIs to activate, deactivate, and describe AWS Organizations trusted access which is needed to get
started with service-managed StackSets.
* api-change:``ec2``: Making InstanceTagAttribute as the required parameter for the
DeregisterInstanceEventNotificationAttributes and RegisterInstanceEventNotificationAttributes APIs.
* api-change:``finspace``: Releasing new Managed kdb Insights APIs
* api-change:``frauddetector``: Added new variable types, new DateTime data type, and new rules
engine functions for interacting and working with DateTime data types.
* api-change:``keyspaces``: This release adds support for MRR GA launch, and includes multiregion
support in create-keyspace, get-keyspace, and list-keyspace.
* api-change:``kms``: This release includes feature to import customer's asymmetric (RSA and ECC)
and HMAC keys into KMS. It also includes feature to allow customers to specify number of days to
schedule a KMS key deletion as a policy condition key.
* api-change:``lambda``: Add Ruby 3.2 (ruby3.2) Runtime support to AWS Lambda.
* api-change:``mwaa``: This release adds ROLLING_BACK and CREATING_SNAPSHOT environment statuses
for Amazon MWAA environments.
- from version 1.29.146
* api-change:``athena``: This release introduces the DeleteCapacityReservation API and the ability
to manage capacity reservations using CloudFormation
* api-change:``cloudtrail``: This feature allows users to start and stop event ingestion on a
CloudTrail Lake event data store.
* api-change:``sagemaker``: This release adds Selective Execution feature that allows SageMaker
Pipelines users to run selected steps in a pipeline.
* api-change:``wafv2``: Added APIs to describe managed products. The APIs retrieve information
about rule groups that are managed by AWS and by AWS Marketplace sellers.
- from version 1.29.145
* api-change:``alexaforbusiness``: Alexa for Business has been deprecated and is no longer
supported.
* api-change:``appflow``: Added ability to select DataTransferApiType for DescribeConnector and
CreateFlow requests when using Async supported connectors. Added supportedDataTransferType to
DescribeConnector/DescribeConnectors/ListConnector response.
* api-change:``customer-profiles``: This release introduces calculated attribute related APIs.
* api-change:``ivs``: API Update for IVS Advanced Channel type
* api-change:``sagemaker``: Amazon Sagemaker Autopilot adds support for Parquet file input to NLP
text classification jobs.
* api-change:``wafv2``: Corrected the information for the header order FieldToMatch setting
- update to 1.29.144:
* see https://raw.githubusercontent.com/boto/botocore/1.29.144/CHANGELOG.rst
- use vendored urllib3/requests to avoid conflicts with
urllib3 2.x and requests
- Update 1.29.130:
* api-change:``glue``: Support large worker types G.4x and G.8x for Glue Spark
* api-change:``guardduty``: Add AccessDeniedException 403 Error message code to support 3 Tagging
related APIs
* api-change:``iotsitewise``: Provide support for 20,000 max results for
GetAssetPropertyValueHistory/BatchGetAssetPropertyValueHistory and 15 minute aggregate resolution
for GetAssetPropertyAggregates/BatchGetAssetPropertyAggregates
* api-change:``sts``: Documentation updates for AWS Security Token Service.
- from version 1.29.129
* api-change:``ec2``: This release adds support the inf2 and trn1n instances. inf2 instances are
purpose built for deep learning inference while trn1n instances are powered by AWS Trainium
accelerators and they build on the capabilities of Trainium-powered trn1 instances.
* api-change:``inspector2``: Amazon Inspector now allows customers to search its vulnerability
intelligence database if any of the Inspector scanning types are activated.
* api-change:``mediatailor``: This release adds support for AFTER_LIVE_EDGE mode configuration for
avail suppression, and adding a fill-policy setting that sets the avail suppression to
PARTIAL_AVAIL or FULL_AVAIL_ONLY when AFTER_LIVE_EDGE is enabled.
* api-change:``sqs``: Revert previous SQS protocol change.
- from version 1.29.128
* bugfix:``sqs``: Rolled back recent change to wire format protocol
- from version 1.29.127
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config
in April 2023.
* api-change:``connect``: Remove unused InvalidParameterException from CreateParticipant API
* api-change:``ecs``: Documentation update for new error type NamespaceNotFoundException for
CreateCluster and UpdateCluster
* api-change:``network-firewall``: This release adds support for the Suricata REJECT option in
midstream exception configurations.
* api-change:``opensearch``: DescribeDomainNodes: A new API that provides configuration information
for nodes part of the domain
* api-change:``quicksight``: Add support for Topic, Dataset parameters and VPC
* api-change:``rekognition``: This release adds a new attribute FaceOccluded. Additionally, you can
now select attributes individually (e.g. ["DEFAULT", "FACE_OCCLUDED", "AGE_RANGE"] instead of
["ALL"]), which can reduce response time.
* api-change:``s3``: Documentation updates for Amazon S3
* api-change:``sagemaker``: We added support for ml.inf2 and ml.trn1 family of instances on Amazon
SageMaker for deploying machine learning (ML) models for Real-time and Asynchronous inference. You
can use these instances to achieve high performance at a low cost for generative artificial
intelligence (AI) models.
* api-change:``securityhub``: Add support for Finding History.
* api-change:``sqs``: This release enables customers to call SQS using AWS JSON-1.0 protocol.
- from version 1.29.126
* api-change:``appsync``: Private API support for AWS AppSync. With Private APIs, you can now
create GraphQL APIs that can only be accessed from your Amazon Virtual Private Cloud ("VPC").
* api-change:``ec2``: Adds an SDK paginator for GetNetworkInsightsAccessScopeAnalysisFindings
* api-change:``inspector2``: This feature provides deep inspection for linux based instance
* api-change:``iottwinmaker``: This release adds a field for GetScene API to return error code and
message from dependency services.
* api-change:``network-firewall``: AWS Network Firewall now supports policy level HOME_NET variable
overrides.
* api-change:``opensearch``: Amazon OpenSearch Service adds the option to deploy a domain across
multiple Availability Zones, with each AZ containing a complete copy of data and with nodes in one
AZ acting as a standby. This option provides 99.99% availability and consistent performance in the
event of infrastructure failure.
* api-change:``wellarchitected``: This release deepens integration with AWS Service Catalog
AppRegistry to improve workload resource discovery.
- update to 1.29.125:
* api-change:``appflow``: This release adds new API to cancel
flow executions.
* api-change:``connect``: Amazon Connect Service Rules API update:
Added OnContactEvaluationSubmit event source to support user
configuring evaluation form rules.
* api-change:``ecs``: Documentation only update to address Amazon
ECS tickets.
* api-change:``kendra``: AWS Kendra now supports configuring
document fields/attributes via the GetQuerySuggestions API.
You can now base query suggestions on the contents of document
fields.
* api-change:``resiliencehub``: This release will improve resource
level transparency in applications by discovering previously
hidden resources.
* api-change:``sagemaker``: Amazon Sagemaker Autopilot supports
training models with sample weights and additional objective
metrics.
* api-change:``compute-optimizer``: support for tag filtering within
compute optimizer. ability to filter recommendation results by tag
and tag key value pairs. ability to filter by inferred workload
type added.
* api-change:``kms``: This release makes the NitroEnclave request
parameter Recipient and the response field for CiphertextForRecipient
available in AWS SDKs. It also adds the regex pattern for
CloudHsmClusterId validation.
* api-change:``appflow``: Adds Jwt Support for Salesforce Credentials.
* api-change:``athena``: You can now use capacity reservations on
Amazon Athena to run SQL queries on fully-managed compute capacity.
* api-change:``directconnect``: This release corrects the jumbo frames
MTU from 9100 to 8500.
* api-change:``efs``: Update efs client to latest version
* api-change:``grafana``: This release adds support for the
grafanaVersion parameter in CreateWorkspace.
* api-change:``iot``: This release allows AWS IoT Core users to
specify a TLS security policy when creating and updating AWS IoT
Domain Configurations.
* api-change:``rekognition``: Added support for aggregating moderation
labels by video segment timestamps for Stored Video Content Moderation
APIs and added additional information about the job to all Stored
Video Get API responses.
* api-change:``simspaceweaver``: Added a new CreateSnapshot API. For
the StartSimulation API, SchemaS3Location is now optional, added
a new SnapshotS3Location parameter. For the DescribeSimulation
API, added SNAPSHOT_IN_PROGRESS simulation state, deprecated
SchemaError, added new fields: StartError and SnapshotS3Location.
* api-change:``wafv2``: You can now associate a web ACL with a
Verified Access instance.
* api-change:``workspaces``: Added Windows 11 to support
Microsoft_Office_2019
* api-change:``ec2``: This release adds support for AMD SEV-SNP on EC2
instances.
* api-change:``emr-containers``: This release adds
GetManagedEndpointSessionCredentials, a new API that allows customers to
generate an auth token to connect to a managed endpoint, enabling features
such as self-hosted Jupyter notebooks for EMR on EKS.
* api-change:``guardduty``: Added API support to initiate on-demand malware
scan on specific resources.
* api-change:``iotdeviceadvisor``: AWS IoT Core Device Advisor now supports
MQTT over WebSocket. With this update, customers can run all three test
suites of AWS IoT Core Device Advisor - qualification, custom, and long
duration tests - using Signature Version 4 for MQTT over WebSocket.
* api-change:``kafka``: Amazon MSK has added new APIs that allows
multi-VPC private connectivity and cluster policy support for
Amazon MSK clusters that simplify connectivity and access between
your Apache Kafka clients hosted in different VPCs and AWS accounts
and your Amazon MSK clusters.
* api-change:``lambda``: Add Java 17 (java17) support to AWS Lambda
* api-change:``marketplace-catalog``: Enabled Pagination for List
Entities and List Change Sets operations
* api-change:``osis``: Documentation updates for OpenSearch Ingestion
* api-change:``qldb``: Documentation updates for Amazon QLDB
* api-change:``sagemaker``: Added ml.p4d.24xlarge and ml.p4de.24xlarge
as supported instances for SageMaker Studio
* api-change:``xray``: Updated X-Ray documentation with Resource Policy API descriptions.
* api-change:``osis``: Initial release for OpenSearch Ingestion
* api-change:``chime-sdk-messaging``: Remove non actionable field
from UpdateChannelReadMarker and DeleteChannelRequest.
Add precise exceptions to DeleteChannel and
DeleteStreamingConfigurations error cases.
* api-change:``connect``: Amazon Connect, Contact Lens Evaluation API
release including ability to manage forms and to submit contact
evaluations.
* api-change:``datasync``: This release adds 13 new APIs to support
AWS DataSync Discovery GA.
* api-change:``ds``: New field added in AWS Managed Microsoft AD
DescribeSettings response and regex pattern update for
UpdateSettings value. Added length validation to RemoteDomainName.
* api-change:``pinpoint``: Adds support for journey runs and
querying journey execution metrics based on journey runs.
Adds execution metrics to campaign activities. Updates docs
for Advanced Quiet Time.
* api-change:``appflow``: Increased the max length for RefreshToken
and AuthCode from 2048 to 4096.
* api-change:``codecatalyst``: Documentation updates for Amazon
CodeCatalyst.
* api-change:``ec2``: API changes to AWS Verified Access related to
identity providers' information.
* api-change:``mediaconvert``: This release introduces a noise
reduction pre-filter, linear interpolation deinterlace mode,
video pass-through, updated default job settings, and expanded
LC-AAC Stereo audio bitrate ranges.
* api-change:``rekognition``: Added new status result to Liveness
session status.
* api-change:``connect``: This release adds a new API CreateParticipant.
For Amazon Connect Chat, you can use this new API to customize
chat flow experiences.
* api-change:``ecs``: Documentation update to address various
Amazon ECS tickets.
* api-change:``fms``: AWS Firewall Manager adds support for multiple
administrators. You can now delegate more than one administrator
per organization.
* api-change:``chime-sdk-media-pipelines``: This release adds support
for specifying the recording file format in an S3 recording sink
configuration.
* api-change:``chime-sdk-meetings``: Adds support for Hindi and Thai
languages and additional Amazon Transcribe parameters to the
StartMeetingTranscription API.
* api-change:``chime``: Adds support for Hindi and Thai languages
and additional Amazon Transcribe parameters to the
StartMeetingTranscription API.
* api-change:``gamelift``: Amazon GameLift supports creating Builds
for Windows 2016 operating system.
* api-change:``guardduty``: This release adds support for the new
Lambda Protection feature.
* api-change:``iot``: Support additional OTA states in
GetOTAUpdate API
* api-change:``sagemaker``: Amazon SageMaker Canvas adds
ModelRegisterSettings support for CanvasAppSettings.
* api-change:``snowball``: Adds support for Amazon S3 compatible
storage. AWS Snow Family customers can now use Amazon S3
compatible storage on Snowball Edge devices. Also adds
support for V3_5S. This is a refreshed AWS Snowball
Edge Storage Optimized device type with 210TB SSD (customer usable).
* api-change:``wafv2``: You can now create encrypted API keys to use
in a client application integration of the JavaScript
CAPTCHA API . You can also retrieve a list of your API keys
and the JavaScript application integration URL.
* api-change:``comprehend``: This release supports native document
models for custom classification, in addition to plain-text models.
You train native document models using documents (PDF, Word, images)
in their native format.
* api-change:``ecs``: This release supports the Account Setting
"TagResourceAuthorization" that allows for enhanced Tagging
security controls.
* api-change:``ram``: This release adds support for customer
managed permissions. Customer managed permissions enable customers
to author and manage tailored permissions for resources shared
using RAM.
* api-change:``rds``: Adds support for the ImageId parameter of
CreateCustomDBEngineVersion to RDS Custom for Oracle
* api-change:``s3``: Provides support for "Snow" Storage class.
* api-change:``s3control``: Provides support for overriding endpoint
when region is "snow". This will enable bucket APIs for Amazon S3
Compatible storage on Snow Family devices.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
- Update to 1.29.115
* api-change:``appflow``: This release adds a Client Token parameter to the following AppFlow APIs:
Create/Update Connector Profile, Create/Update Flow, Start Flow, Register Connector, Update
Connector Registration. The Client Token parameter allows idempotent operations for these APIs.
* api-change:``drs``: Changed existing APIs and added new APIs to support using an account-level
launch configuration template with AWS Elastic Disaster Recovery.
* api-change:``dynamodb``: Documentation updates for DynamoDB API
* api-change:``emr-serverless``: The GetJobRun API has been updated to include the job's billed
resource utilization. This utilization shows the aggregate vCPU, memory and storage that AWS has
billed for the job run. The billed resources include a 1-minute minimum usage for workers, plus
additional storage over 20 GB per worker.
* api-change:``internetmonitor``: This release includes a new configurable value,
TrafficPercentageToMonitor, which allows users to adjust the amount of traffic monitored by
percentage
* api-change:``iotwireless``: Supports the new feature of LoRaWAN roaming, allows to configure
MaxEirp for LoRaWAN gateway, and allows to configure PingSlotPeriod for LoRaWAN multicast group
* api-change:``lambda``: Add Python 3.10 (python3.10) support to AWS Lambda
- from version 1.29.114
* api-change:``ecs``: This release supports ephemeral storage for AWS Fargate Windows containers.
* api-change:``lambda``: This release adds SnapStart related exceptions to InvokeWithResponseStream
API. IAM access related documentation is also added for this API.
* api-change:``migration-hub-refactor-spaces``: Doc only update for Refactor Spaces environments
without network bridge feature.
* api-change:``rds``: This release adds support of modifying the engine mode of database clusters.
- from version 1.29.113
* api-change:``chime-sdk-voice``: This release adds tagging support for Voice Connectors and SIP
Media Applications
* api-change:``mediaconnect``: Gateway is a new feature of AWS Elemental MediaConnect. Gateway
allows the deployment of on-premises resources for the purpose of transporting live video to and
from the AWS Cloud.
- from version 1.29.112
* api-change:``groundstation``: AWS Ground Station Wideband DigIF GA Release
* api-change:``managedblockchain``: Removal of the Ropsten network. The Ethereum foundation ceased
support of Ropsten on December 31st, 2022..
- from version 1.29.111
* api-change:``ecr-public``: This release will allow using registry alias as registryId in
BatchDeleteImage request.
* api-change:``emr-serverless``: This release extends GetJobRun API to return job run timeout
(executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720 minutes if
none was specified).
* api-change:``events``: Update events client to latest version
* api-change:``iot-data``: This release adds support for MQTT5 user properties when calling the AWS
IoT GetRetainedMessage API
* api-change:``wafv2``: For web ACLs that protect CloudFront protections, the default request body
inspection size is now 16 KB, and you can use the new association configuration to increase the
inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
- from version 1.29.110
* api-change:``connect``: This release adds the ability to configure an agent's routing profile to
receive contacts from multiple channels at the same time via extending the
UpdateRoutingProfileConcurrency, CreateRoutingProfile and DescribeRoutingProfile APIs.
* api-change:``ecs``: This release adds support for enabling FIPS compliance on Amazon ECS Fargate
tasks
* api-change:``marketplace-catalog``: Added three new APIs to support resource sharing:
GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added new OwnershipType field to
ListEntities request to let users filter on entities that are shared with them. Increased max page
size of ListEntities response from 20 to 50 results.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK now supports conversion of 608
paint-on captions to pop-on captions for SCC sources.
* api-change:``omics``: Remove unexpected API changes.
* api-change:``rekognition``: This release adds support for Face Liveness APIs in Amazon
Rekognition. Updates UpdateStreamProcessor to return ResourceInUseException Exception. Minor
updates to API documentation.
- from version 1.29.109
* api-change:``dlm``: Updated timestamp format for GetLifecyclePolicy API
* api-change:``docdb``: This release adds a new parameter 'DBClusterParameterGroupName' to
'RestoreDBClusterFromSnapshot' API to associate the name of the DB cluster parameter group while
performing restore.
* api-change:``fsx``: Amazon FSx for Lustre now supports creating data repository associations on
Persistent_1 and Scratch_2 file systems.
* api-change:``lambda``: This release adds a new Lambda InvokeWithResponseStream API to support
streaming Lambda function responses. The release also adds a new InvokeMode parameter to Function
Url APIs to control whether the response will be streamed or buffered.
* api-change:``quicksight``: This release has two changes: adding the OR condition to tag-based RLS
rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental RefreshProperties
operations for users to programmatically configure SPICE dataset ingestions.
* api-change:``redshift-data``: Update documentation of API descriptions as needed in support of
temporary credentials with IAM identity.
* api-change:``servicecatalog``: Updates description for property
- from version 1.29.108
* api-change:``cloudformation``: Including UPDATE_COMPLETE as a failed status for DeleteStack
waiter.
* api-change:``greengrassv2``: Add support for SUCCEEDED value in coreDeviceExecutionStatus field.
Documentation updates for Greengrass V2.
* api-change:``proton``: This release adds support for the AWS Proton service sync feature. Service
sync enables managing an AWS Proton service (creating and updating instances) and all of it's
corresponding service instances from a Git repository.
* api-change:``rds``: Adds and updates the SDK examples
- from version 1.29.107
* api-change:``apprunner``: App Runner adds support for seven new vCPU and memory configurations.
* api-change:``config``: This release adds resourceType enums for types released in March 2023.
* api-change:``ecs``: This is a document only updated to add information about Amazon Elastic
Inference (EI).
* api-change:``identitystore``: Documentation updates for Identity Store CLI command reference.
* api-change:``ivs-realtime``: Fix ParticipantToken ExpirationTime format
* api-change:``network-firewall``: AWS Network Firewall now supports IPv6-only subnets.
* api-change:``servicecatalog``: removed incorrect product type value
* api-change:``vpc-lattice``: This release removes the entities in the API doc model package for
auth policies.
- from version 1.29.106
* api-change:``amplifyuibuilder``: Support StorageField and custom displays for data-bound options
in form builder. Support non-string operands for predicates in collections. Support choosing client
to get token from.
* api-change:``autoscaling``: Documentation updates for Amazon EC2 Auto Scaling
* api-change:``dataexchange``: This release updates the value of MaxResults.
* api-change:``ec2``: C6in, M6in, M6idn, R6in and R6idn bare metal instances are powered by 3rd
Generation Intel Xeon Scalable processors and offer up to 200 Gbps of network bandwidth.
* api-change:``elastic-inference``: Updated public documentation for the Describe and Tagging APIs.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: Amazon SageMaker Asynchronous Inference now allows customer's to
receive failure model responses in S3 and receive success/failure model responses in SNS
notifications.
* api-change:``wafv2``: This release rolls back association config feature for webACLs that protect
CloudFront protections.
- from version 1.29.105
* api-change:``glue``: Add support for database-level federation
* api-change:``lakeformation``: Add support for database-level federation
* api-change:``license-manager``: This release adds grant override options to the
CreateGrantVersion API. These options can be used to specify grant replacement behavior during
grant activation.
* api-change:``mwaa``: This Amazon MWAA release adds the ability to customize the Apache Airflow
environment by launching a shell script at startup. This shell script is hosted in your
environment's Amazon S3 bucket. Amazon MWAA runs the script before installing requirements and
initializing the Apache Airflow process.
* api-change:``servicecatalog``: This release introduces Service Catalog support for Terraform open
source. It enables 1. The notify* APIs to Service Catalog. These APIs are used by the terraform
engine to notify the result of the provisioning engine execution. 2. Adds a new
TERRAFORM_OPEN_SOURCE product type in CreateProduct API.
* api-change:``wafv2``: For web ACLs that protect CloudFront protections, the default request body
inspection size is now 16 KB, and you can use the new association configuration to increase the
inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
- from version 1.29.104
* api-change:``ec2``: Documentation updates for EC2 On Demand Capacity Reservations
* api-change:``internetmonitor``: This release adds a new feature for Amazon CloudWatch Internet
Monitor that enables customers to deliver internet measurements to Amazon S3 buckets as well as
CloudWatch Logs.
* api-change:``resiliencehub``: Adding EKS related documentation for appTemplateBody
* api-change:``s3``: Documentation updates for Amazon S3
* api-change:``sagemaker-featurestore-runtime``: In this release, you can now chose between soft
delete and hard delete when calling the DeleteRecord API, so you have more flexibility when it
comes to managing online store data.
* api-change:``sms``: Deprecating AWS Server Migration Service.
- from version 1.29.103
* api-change:``athena``: Make DefaultExecutorDpuSize and CoordinatorDpuSize fields optional in
StartSession
* api-change:``autoscaling``: Amazon EC2 Auto Scaling now supports Elastic Load Balancing traffic
sources with the AttachTrafficSources, DetachTrafficSources, and DescribeTrafficSources APIs. This
release also introduces a new activity status, "WaitingForConnectionDraining", for VPC Lattice to
the DescribeScalingActivities API.
* api-change:``batch``: This feature allows Batch on EKS to support configuration of Pod Labels
through Metadata for Batch on EKS Jobs.
* api-change:``compute-optimizer``: This release adds support for HDD EBS volume types and io2
Block Express. We are also adding support for 61 new instance types and instances that have non
consecutive runtime.
* api-change:``drs``: Adding a field to the replication configuration APIs to support the auto
replicate new disks feature. We also deprecated RetryDataReplication.
* api-change:``ec2``: This release adds support for Tunnel Endpoint Lifecycle control, a new
feature that provides Site-to-Site VPN customers with better visibility and control of their VPN
tunnel maintenance updates.
* api-change:``emr``: Update emr client to latest version
* api-change:``glue``: This release adds support for AWS Glue Data Quality, which helps you
evaluate and monitor the quality of your data and includes the API for creating, deleting, or
updating data quality rulesets, runs and evaluations.
* api-change:``guardduty``: Added EKS Runtime Monitoring feature support to existing detector,
finding APIs and introducing new Coverage APIs
* api-change:``imagebuilder``: Adds support for new image workflow details and image vulnerability
detection.
* api-change:``ivs``: Amazon Interactive Video Service (IVS) now offers customers the ability to
configure IVS channels to allow insecure RTMP ingest.
* api-change:``kendra``: AWS Kendra now supports featured results for a query.
* api-change:``network-firewall``: AWS Network Firewall added TLS inspection configurations to
allow TLS traffic inspection.
* api-change:``sagemaker-geospatial``: Amazon SageMaker geospatial capabilities now supports
server-side encryption with customer managed KMS key and SageMaker notebooks with a SageMaker
geospatial image in a Amazon SageMaker Domain with VPC only mode.
* api-change:``vpc-lattice``: General Availability (GA) release of Amazon VPC Lattice
* api-change:``wellarchitected``: AWS Well-Architected SDK now supports getting consolidated report
metrics and generating a consolidated report PDF.
- from version 1.29.102
* api-change:``opensearchserverless``: This release includes two new exception types
"ServiceQuotaExceededException" and "OcuLimitExceededException".
* api-change:``rds``: Add support for creating a read replica DB instance from a Multi-AZ DB
cluster.
- from version 1.29.101
* api-change:``iot-data``: Add endpoint ruleset support for cn-north-1.
* api-change:``ssm-contacts``: This release adds 12 new APIs as part of Oncall Schedule feature
release, adds support for a new contact type: ONCALL_SCHEDULE. Check public documentation for AWS
ssm-contacts for more information
* api-change:``ssm-incidents``: Increased maximum length of "TriggerDetails.rawData" to 10K
characters and "IncidentSummary" to 8K characters.
- from version 1.29.100
* api-change:``athena``: Enforces a minimal level of encryption for the workgroup for query and
calculation results that are written to Amazon S3. When enabled, workgroup users can set encryption
only to the minimum level set by the administrator or higher when they submit queries.
* api-change:``chime-sdk-voice``: Documentation updates for Amazon Chime SDK Voice.
* api-change:``connect``: This release introduces support for RelatedContactId in the
StartChatContact API. Interactive message and interactive message response have been added to the
list of supported message content types for this API as well.
* api-change:``connectparticipant``: This release provides an update to the SendMessage API to
handle interactive message response content-types.
* api-change:``iotwireless``: Introducing new APIs that enable Sidewalk devices to communicate with
AWS IoT Core through Sidewalk gateways. This will empower AWS customers to connect Sidewalk devices
with other AWS IoT Services, creating possibilities for seamless integration and advanced device
management.
* api-change:``medialive``: AWS Elemental MediaLive now supports ID3 tag insertion for audio only
HLS output groups. AWS Elemental Link devices now support tagging.
* api-change:``sagemaker``: Fixed some improperly rendered links in SDK documentation.
* api-change:``securityhub``: Added new resource detail objects to ASFF, including resources for
AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.
* api-change:``servicecatalog-appregistry``: In this release, we started supporting ARN in
applicationSpecifier and attributeGroupSpecifier. GetAttributeGroup, ListAttributeGroups and
ListAttributeGroupsForApplication APIs will now have CreatedBy field in the response.
* api-change:``voice-id``: Amazon Connect Voice ID now supports multiple fraudster watchlists.
Every domain has a default watchlist where all existing fraudsters are placed by default. Custom
watchlists may now be created, managed, and evaluated against for known fraudster detection.
- from version 1.29.99
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``comprehend``: This release adds a new field (FlywheelArn) to the
EntitiesDetectionJobProperties object. The FlywheelArn field is returned in the
DescribeEntitiesDetectionJob and ListEntitiesDetectionJobs responses when the EntitiesDetection job
is started with a FlywheelArn instead of an EntityRecognizerArn .
* api-change:``rds``: Added error code CreateCustomDBEngineVersionFault for when the create custom
engine version for Custom engines fails.
- from version 1.29.98
* api-change:``batch``: This feature allows Batch to support configuration of ephemeral storage
size for jobs running on FARGATE
* api-change:``chime-sdk-identity``: AppInstanceBots can be used to add a bot powered by Amazon Lex
to chat channels. ExpirationSettings provides automatic resource deletion for AppInstanceUsers.
* api-change:``chime-sdk-media-pipelines``: This release adds Amazon Chime SDK call analytics. Call
analytics include voice analytics, which provides speaker search and voice tone analysis. These
capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate
machine-learning-powered insights from real-time audio.
* api-change:``chime-sdk-messaging``: ExpirationSettings provides automatic resource deletion for
Channels.
* api-change:``chime-sdk-voice``: This release adds Amazon Chime SDK call analytics. Call analytics
include voice analytics, which provides speaker search and voice tone analysis. These capabilities
can be used with Amazon Transcribe and Transcribe Call Analytics to generate
machine-learning-powered insights from real-time audio.
* api-change:``codeartifact``: Repository CreationTime is added to the CreateRepository and
ListRepositories API responses.
* api-change:``guardduty``: Adds AutoEnableOrganizationMembers attribute to
DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.
* api-change:``ivs-realtime``: Initial release of the Amazon Interactive Video Service RealTime API.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK now supports passthrough of ID3v2
tags for audio inputs to audio-only HLS outputs.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds two new APIs - CreateAutoMLJobV2 and
DescribeAutoMLJobV2. Amazon SageMaker Notebook Instances now supports the ml.geospatial.interactive
instance type.
* api-change:``servicediscovery``: Reverted the throttling exception RequestLimitExceeded for AWS
Cloud Map APIs introduced in SDK version 1.12.424 2023-03-09 to previous exception specified in the
ErrorCode.
* api-change:``textract``: The AnalyzeDocument - Tables feature adds support for new elements in
the API: table titles, footers, section titles, summary cells/tables, and table type.
- from version 1.29.97
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``iottwinmaker``: This release adds support of adding metadata when creating a new
scene or updating an existing scene.
* api-change:``networkmanager``: This release includes an update to
create-transit-gateway-route-table-attachment, showing example usage for
TransitGatewayRouteTableArn.
* api-change:``pipes``: This release improves validation on the ARNs in the API model
* api-change:``resiliencehub``: This release provides customers with the ability to import
resources from within an EKS cluster and assess the resiliency of EKS cluster workloads.
* api-change:``ssm``: This Patch Manager release supports creating, updating, and deleting Patch
Baselines for AmazonLinux2023, AlmaLinux.
- from version 1.29.96
* api-change:``chime-sdk-messaging``: Amazon Chime SDK messaging customers can now manage streaming
configuration for messaging data for archival and analysis.
* api-change:``cleanrooms``: GA Release of AWS Clean Rooms, Added Tagging Functionality
* api-change:``ec2``: This release adds support for AWS Network Firewall, AWS PrivateLink, and
Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path destination
optional as long as a destination address in the filter at source is provided.
* api-change:``iotsitewise``: Provide support for tagging of data streams and enabling tag based
authorization for property alias
* api-change:``mgn``: This release introduces the Import and export feature and expansion of the
post-launch actions
- from version 1.29.95
* api-change:``application-autoscaling``: With this release customers can now tag their Application
Auto Scaling registered targets with key-value pairs and manage IAM permissions for all the tagged
resources centrally.
* api-change:``neptune``: This release makes following few changes. db-cluster-identifier is now a
required parameter of create-db-instance. describe-db-cluster will now return PendingModifiedValues
and GlobalClusterIdentifier fields in the response.
* api-change:``s3outposts``: S3 On Outposts added support for endpoint status, and a failed
endpoint reason, if any
* api-change:``workdocs``: This release adds a new API, SearchResources, which enable users to
search through metadata and content of folders, documents, document versions and comments in a
WorkDocs site.
- from version 1.29.94
* api-change:``billingconductor``: This release adds a new filter to ListAccountAssociations API
and a new filter to ListBillingGroups API.
* api-change:``config``: This release adds resourceType enums for types released from October 2022
through February 2023.
* api-change:``dms``: S3 setting to create AWS Glue Data Catalog. Oracle setting to control
conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map boolean
from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to control
access of database logs.
- from version 1.29.93
* api-change:``guardduty``: Updated 9 APIs for feature enablement to reflect expansion of GuardDuty
to features. Added new APIs and updated existing APIs to support RDS Protection GA.
* api-change:``resource-explorer-2``: Documentation updates for APIs.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
- from version 1.29.92
* api-change:``migrationhubstrategy``: This release adds the binary analysis that analyzes IIS
application DLLs on Windows and Java applications on Linux to provide anti-pattern report without
configuring access to the source code.
* api-change:``s3control``: Added support for S3 Object Lambda aliases.
* api-change:``securitylake``: Make Create/Get/ListSubscribers APIs return resource share ARN and
name so they can be used to validate the RAM resource share to accept. GetDatalake can be used to
track status of UpdateDatalake and DeleteDatalake requests.
- from version 1.29.91
* api-change:``application-autoscaling``: Application Auto Scaling customers can now use
mathematical functions to customize the metric used with Target Tracking policies within the policy
configuration itself, saving the cost and effort of publishing the customizations as a separate
metric.
* api-change:``dataexchange``: This release enables data providers to license direct access to S3
objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data Exchange.
Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with them,
without creating or managing copies.
* api-change:``directconnect``: describe-direct-connect-gateway-associations includes a new status,
updating, indicating that the association is currently in-process of updating.
* api-change:``ec2``: This release adds a new DnsOptions key
(PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.
* api-change:``iam``: Documentation only updates to correct customer-reported issues
* api-change:``keyspaces``: Adding support for client-side timestamps
- from version 1.29.90
* api-change:``appintegrations``: Adds FileConfiguration to Amazon AppIntegrations
CreateDataIntegration supporting scheduled downloading of third party files into Amazon Connect
from sources such as Microsoft SharePoint.
* api-change:``lakeformation``: This release updates the documentation regarding Get/Update
DataCellsFilter
* api-change:``s3control``: Added support for cross-account Multi-Region Access Points. Added
support for S3 Replication for S3 on Outposts.
* api-change:``tnb``: This release adds tagging support to the following Network Instance APIs :
Instantiate, Update, Terminate.
* api-change:``wisdom``: This release extends Wisdom CreateKnowledgeBase API to support SharePoint
connector type by removing the @required trait for objectField
- python-six is not required
- python-colorama
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 0.4.6:
* https://github.com/tartley/colorama/pull/139 Add alternative to 'init()',
called 'just_fix_windows_console'. This fixes many longstanding problems
with 'init', such as working incorrectly on modern Windows terminals, and
wonkiness when init gets called multiple times. The intention is that it
just makes all Windows terminals treat ANSI the same way as other terminals
do. Many thanks the njsmith for fixing our messes.
* https://github.com/tartley/colorama/pull/352 Support Windows 10's ANSI/VT
console. This didn't exist when Colorama was created, and avoiding us
causing havok there is long overdue. Thanks to segeviner for the initial
approach, and to njsmith for getting it merged.
* https://github.com/tartley/colorama/pull/338 Internal overhaul of package
metadata declaration, which abolishes our use of the now heavily
discouraged setuptools (and hence setup.py, setup.cfg and MANIFEST.in), in
favor of hatchling (and hence pyproject.toml), generously contributed by
ofek (author of hatchling). This includes dropping support Python3.5 and
3.6, which are EOL, and were already dropped from setuptools, so this
should not affect our users.
* https://github.com/tartley/colorama/pull/353 Attention to detail award to
LqdBcnAtWork for a spelling fix in demo06
- update to 0.4.5:
* Catch a racy ValueError that could occur on exit.
* Create README-hacking.md, for Colorama contributors.
* Tweak some README unicode characters that don't render correctly on PyPI.
* Fix some tests that were failing on some operating systems.
* Add support for Python 3.9.
* Add support for PyPy3.
* Add support for pickling with the ``dill`` module.
- python-mock is actually not required for build
- python-docutils
-
- add sle15_python_module_pythons (jsc#PED-68)
- Update single spec from Factory
- Refactor pygments-2.14.patch to not use distutils.
- Delete sphix-6.0.0.patch
- Add pygments-2.14.patch
- The patch is related to pygments not Sphinx and the patch is updated to make
it conditional so it work with older versions of pygments, shp#docutils#201
- Add sphinx-6.0.0.patch to fix tests for new version of sphinx.
- Release 0.19 (2022-07-05)
- General
- Dropped support for Python 2.7, 3.5, and 3.6. and removed
compatibility hacks from code and tests.
- Code cleanup, check PEP 8 conformity with flake8
(exceptions in file tox.ini).
- New module. Support for python -m docutils. Also used for
the docutils console script entry point.
- Let Publisher.publish() print info and prompt
when waiting for input from a terminal (cf.
https://clig.dev/#interactivity).
- Respect "input_encoding_error_handler" setting when opening
a source.
- New function error_string() obsoletes
utils.error_reporting.ErrorString.
- Class ErrorOutput moved here from utils/error_reporting.
- Use "utf-8-sig" instead of Python's default encoding if the
"input_encoding" setting is None.
- Fix error when reading of UTF-16 encoded source without
trailing newline.
- Aliases "markdown" and "commonmark" point to
"commonmark_wrapper".
- Alias for the "myst" parser
(https://pypi.org/project/myst-docutils).
- Use absolute module names in _parser_aliases instead
of two import attempts. (Keeps details if the
recommonmark_wrapper.py module raises an ImportError.)
- Prepend parser name to ImportError if importing a parser
class fails.
- New module for parsing CommonMark input. Selects a
locally installed 3rd-party parser (pycmark, myst, or
recommonmark).
- Raise ImportError, if import of the upstream parser
module fails. If called from an "include" directive, the
system-message now has source/line info.
- Adapt to and test with "recommonmark" versions 0.6.0 and
0.7.1.
- Update PEP base URL (fixes bug #445), use "https:" scheme
in RFC base URL.
- Add reporter to Directive class attributes.
- parser_name() keeps details if converting ImportError to
ValueError.
- Don't use mutable default values for function
arguments. Fixes bug #430.
- Fix bug #435: invalid references in problematic nodes with
report_level=4.
- decode_path() returns str instance instead of
nodes.reprunicode.
- Add deprecation warning.
- Add "html writers" to config_section_dependencies. Fixes
bug #443.
- Write table column widths with 3 digits precision. Fixes
bug #444.
- Add space before "charset" meta tag closing sequence.
- Remove class value "controls" from an image node with video
content after converting it to a "control" attribute of the
<video> tag.
- Wrap groups of footnotes in an <aside> for easier styling.
- Use "https:" scheme in "python_home" URL default.
- Fix links in template.txt.
- New "docutils" console script entry point. Fixes bug #447.
- Always encode the log file "alltests.out" using 'utf-8'.
- exception_data() now returns None if no exception was
raised.
- recommonmark_wrapper only imported if upstream parser is
present.
- Fix bug #436: Null char valid in CSV since Python 3.11.
- Allow 3rd-party drop-in components for reader and parser,
too.
- Fix help output.
- Actual code moved to docutils.__main__.py.
- Options -h and --help print short usage message.
- Release 0.18.1 (2021-11-23)
- Node.traverse() returns a list again to restore backwards
compatibility. Fixes bug #431.
- New method Node.findall(): like Node.traverse() but returns
an iterator. Obsoletes Node.traverse().
- Fix behaviour of get_stylesheet_list(): do not look up
stylesheets given as "stylesheet" setting. Cf. bug #434.
- Fix handling of footnote_backlinks==False (report Alan G
Isaac).
- Fix typo (bug #432).
- Fix spurious output with Windows (bug #350).
- Fix a false positive (bug #434).
- Release 0.18 (2021-10-26)
- mark as provisional (will switch from using "optparse" to
"argparse").
- remove hack for the now obsolete "mod_python" Apache
module.
- new function get_default_settings()
- Don't change a list while looping over it (in
document.set_name_id_map()). Thanks to Mickey Endito.
- Test and update to work with recommonmark version
0.6.0. Still provisional.
- Unfortunately, recommonmark is no longer maintained.
- Fix bug #424 Wrong circular inclusion detection. Use a
"magic" comment instead of line numbers to keep a log of
recursive inclusions.
- Use a "magic" comment to update the log of recursive
inclusions.
- New option `image_loading`_. Support "lazy" loading of
images. Obsoletes "embed_images".
- Fix spelling of option "detailed".
- Read settings from standard configuration files.
- Release 0.18b1 (2021-10-05)
- The default value for the "auto_id_prefix" setting changed to
"%": auto-generated IDs use the tag name as prefix.
- Make meta a standard Docutils doctree node. Writers may
ignore "meta" nodes if they are not supported by the output
format.
- document.make_id(): Do not strip leading number and hyphen
characters from name if the id_prefix setting is non-empty.
- Node.traverse() returns an iterator instead of a list.
- Removed. (Meta directive moved to misc.py.)
- Meta directive class (moved from html.py) inserts meta
(instead of pending) nodes.
- Add class option to Raw directive.
- Unify behaviour of "widths" option: check that the length of
an integer list equals the number of table columns also for
the "table" directive.
- Fork from elyxer and remove code that is not required for
math conversion.
- Scale variable sized operators and big delimiters with CSS
- Support more commands, fix mapping of commands to Unicode
characters (cf. LaTeX syntax for mathematics).
- Fix bug #244 Wrong subscript/superscript order.
- Don't use <tt> element (deprecated in HTML5).
- Use STIX fonts if available.
- Fix source location (line number) for attribution
elements. Patch by Mickey Endito.
- Add line, source, and rawsource internal attributes for
blockquote elements. Patch by Mickey Endito.
- Skip system_messages when propagating targets. Fixes bug
[#425].
- Removed unique_combinations() (obsoleted by
itertools.combinations()).
- Major update (fixes and support for additional commands and
symbols). Fixes bug #407.
- Write footnote brackets and field term colons to HTML, so
that they are present also without CSS and when copying
text. Adapt minimal.css.
- Use semantic tags <aside> for footnote text, topics,
admonitions, and system-messages and <nav> for the table of
contents. Use <div> for citations.
- Only specify table column widths, if the "widths" option
is set and is not "auto" (fixes bug #426). The table_style
setting "colwidths-grid" restores the current default.
- Use ARIA roles to enable accessible HTML for abstract,
dedication, the table of contents, footnote, references,
footnotes, citations, and backlinks.
- Use "aria-level" attribute instead of invalid tags <h7>,
<h8>, ... for headings of deeply nested sections.
- Do not set classes "compound-first", "compound-middle",
or "compound-last" to elements nested in a compound. Use
class value "backrefs" instead of "fn-backref" for a span of
back-references.
- Do not write class values handled by the HTML writer
("colwidths-auto", "colwidths-given", "colwidths-grid") to
the output.
- Move space character between section number and heading into
"sectnum" span.
- Removed attribute HTMLTranslator.topic_classes
- Items of a definition list with class argument "details" are
converted to details disclosure elements.
- Overwrite methods in _html_base.HTMLTranslator that use
HTML5 tags (details, aside, nav, ...) and attributes (role,
aria-level).
- The setting legacy_class_functions now defaults to
"False". Adapt stylesheets modifying \DUadmonition and/or
\DUtitle.
- Apply patch #181 "Fix tocdepth when chapter/part in use" by
John Thorvald Wodder II.
- Fix newlines after/before ids_to_labels() (cf. patch #183).
- Refactor/revise ToC writing.
- Don't add \phantomsection to labels in math-blocks.
- Improve spacing and allow customization of Docutils-generated
table of contents.
- New algorithm for table column widths. Fixes bug #422. New
configuration setting legacy_column_widths.
- Table.set_table_style() arguments changed.
- Only write "continued on next page..." if it fits without
making the table columns wider.
- Table width option overrides conflicting "auto" column
widths.
- Fix excessive padding above sidebar titles.
- Fix option "detailed" under Python 2.7.
- Remove IE 6 compatibility workarounds iepngfix.htc and
blank.gif (fixes bug #169).
- Fix: double quotes need to be escaped on macro
invocation. Done everywhere.
- update to 0.17.1:
* Fix bug #406 (MathML translation of ``\mathbf``).
* Open "docutils.sty" with encoding set to "utf8".
* Provide fallbacks for parser config settings
to facilitate programmatic use.
* Installing with ``setup.py`` now requires ``setuptools``.
Alternatively, install with `pip`_ (or "manually").
* Use importlib.import_module() to programmatically import modules.
* Fix bug #385: Import of language modules.
* Arabic mappings by Shahin.
* Fixes in Korean translation by Shinjo Park.
* Fix error when copying `system_message` node
* Make the sidebar's "title" argument optional
* Make "meta" elements available for "latex" and "odt".
* Prevent infinite inclusion loops.
* Move non-essential styling to ``plain.css``.
* Support "captionbelow" class value for tables.
* Display code line numbers as pseudo-elements which are skipped
when copying text from code blocks. Solves feature request #32.
* Support numbered figures.
* New optional style that adapts to different screen sizes.
* Fix #394 fix missing new line after rubric.
* Patch #168 fix crashing on empty citation (by Takeshi KOMIYA).
* Fix #126 manpage title with spaces.
* Fix #380 commandline option problem in sphinx.
* Fix/improve metadata handling:
fix "keyword" splitting,
allow generic fields (stored as "Custom Properties").
__ docs/user/config.html#detailled
* Run python3 test like python2 against source not the build/-directory
* New generic command line front end that allows the free selection of
reader, parser, and writer components.
- remove pygments25.patch (upstream)
- In a world with more than one python 3 flavor, provide "docutils"
with the default python3 provider.
gh#openSUSE/python-rpm-macros#66
- Fix the condition to really generate the direct binaries
- Remove %python3_only and use full alternatives.
- Add patch to fix build with pygments 2.4 and newer:
* pygments25.patch
- Update to 0.16:
- Dropped support for Python 2.6, 3.3 and 3.4
- Docutils now supports Python 2.7 and Python 3.5+ natively
(without conversion by ``2to3``).
- Keep `backslash escapes`__ in the document tree. Backslash characters in
text are be represented by NULL characters in the ``text`` attribute of
Doctree nodes and removed in the writing stage by the node's
``astext()`` method.
- Remove merged patch fix_tests_38.patch
- Add fix_tests_38.patch to overcome failing
test_writers.test_odt.DocutilsOdtTestCase with Python 3.8.
Also, failed as shp#docutils#161.
- Skip the tests for the flavors not being built
- update to version 0.15.2
* Docutils 0.14.x is the last version supporting Python 2.4, 2.5,
3.1, and 3.2.
* reStructured text: Allow embedded colons in field list field
names (before, tokens like :this:example: were considered ordinary text).
* Fixed a bug with the "trim" options of the "unicode" directive.
- Add multibuild in order to avoid buildcycle with Pillow and friends
- Add optional build dependencies Pillow, Pygments and roman,
causing 16 additonal test methods to run
- Add Recommends for Pillow, Pygments and roman
- Use %license
- Simplify test invocation
- Remove unnecessary node BR
- Remove superfluous devel dependency for noarch package
- python-paramiko
-
- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
* Transport grew a new packetizer_class kwarg for overriding the
packet-handler class used internally.
* Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
in the SSH protocol re: treatment of packet sequence numbers) as follows:
+ The vulnerability only impacts encrypt-then-MAC digest algorithms in
tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
currently only implements hmac-sha2-(256|512)-etm in tandem with
AES-CBC.
+ As the fix for the vulnerability requires both ends of the connection
to cooperate, the below changes will only take effect when the remote
end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
as of this patch version) and configured to use the new
"strict kex" mode.
+ Paramiko will now raise an SSHException subclass (MessageOrderError)
when protocol messages are received in unexpected order. This includes
situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
exchange, which are no longer allowed during strict mode.
+ Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
now resets packet sequence numbers. (This should be invisible to users
during normal operation, only causing exceptions if the exploit is
encountered, which will usually result in, again, MessageOrderError.)
+ Sequence number rollover will now raise SSHException if it occurs
during initial key exchange (regardless of strict mode status).
* Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
original implementation made assumptions based on an OpenSSH
implementation detail.
- Add patch use-64-bit-maxsize-everywhere.patch:
* Use the 64-bit value of sys.maxsize.
- refresh remove-icecream-dep.patch
- update to 3.3.1
detailed changelog: https://www.paramiko.org/changelog.html#
- Delete paramiko-pr1665-remove-pytest-relaxed.patch
- Add remove-icecream-dep.patch
- Update to 3.1.0:
* [Feature] #2173: Accept single tabs as field separators (in
addition to single spaces) in
<paramiko.hostkeys.HostKeyEntry.from_line> for parity with
OpenSSH’s KnownHosts parser. Patched by Alex Chavkin.
* [Feature] #2013: (solving #2009, plus others) Add an explicit
channel_timeout keyword argument to
paramiko.client.SSHClient.connect, allowing users to configure the
previously-hardcoded default value of 3600 seconds. Thanks to
@VakarisZ and @ilija-lazoroski for the report and patch, with
credit to Mike Salvatore for patch review.
* [Support] #2178: Apply codespell to the codebase, which found a
lot of very old minor spelling mistakes in docstrings. Also
modernize many instances of *largs vs *args and **kwarg vs
* *kwargs. Patch courtesy of Yaroslav Halchenko, with review from
Brian Skinn.
- 3.0.0:
* [Bug]: A handful of lower-level classes (notably
paramiko.message.Message and paramiko.pkey.PKey) previously
returned bytes objects from their implementation of __str__, even
under Python 3; and there was never any __bytes__ method.
* These issues have been fixed by renaming __str__ to __bytes__ and
relying on Python’s default “stringification returns the output of
__repr__” behavior re: any real attempts to str() such objects.
* [Bug] #2165: Streamline some redundant (and costly) byte
conversion calls in the packetizer and the core SFTP module. This
should lead to some SFTP speedups at the very least. Thanks to
Alex Gaynor for the patch.
* [Bug] #2110: Remove some unnecessary __repr__ calls when handling
bytes-vs-str conversions. This was apparently doing a lot of
unintentional data processing, which adds up in some use cases –
such as SFTP transfers, which may now be significantly faster.
Kudos to Shuhua Zhong for catch & patch.
* [Support]: Drop support for Python versions less than 3.6,
including Python 2. So long and thanks for all the fish!
* [Support]: Remove the now irrelevant paramiko.py3compat module.
* [Support]: paramiko.common.asbytes has been moved to
paramiko.util.asbytes.
* [Support]: PKey.__cmp__ has been removed. Ordering-oriented
comparison of key files is unlikely to have ever made sense (the
old implementation attempted to order by the hashes of the key
material) and so we have not bothered setting up __lt__ and
friends at this time. The class continues to have its original
__eq__ untouched.
* [Support]: The behavior of private key classes’ (ie anything
inheriting from PKey) private key writing methods used to perform
a manual, extra chmod call after writing. This hasn’t been
strictly necessary since the mid 2.x release line (when key
writing started giving the mode argument to os.open), and has now
been removed entirely.
* This should only be observable if you were mocking Paramiko’s
system calls during your own testing, or similar.
* [Support] #732: (also re: #630) SSHConfig used to straight-up
delete the proxycommand key from config lookup results when the
source config said ProxyCommand none. This has been altered to
preserve the key and give it the Python value None, thus making
the Python representation more in line with the source config
file.
* [Support]: paramiko.util.retry_on_signal (and any internal uses of
same, and also any internal retries of EINTR on eg socket
operations) has been removed. As of Python 3.5, per PEP 475, this
functionality (and retrying EINTR generally) is now part of the
standard library.
- python-python-dateutil
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 2.8.2:
- Updated tzdata version to 2021a. (gh pr #1128)
- Fixed a bug in the parser where non-``ValueError`` exceptions would be raised
during exception handling; this would happen, for example, if an
``IllegalMonthError`` was raised in ``dateutil`` code. Fixed by Mark Bailey.
(gh issue #981, pr #987).
- Fixed the custom ``repr`` for ``dateutil.parser.ParserError``, which was not
defined due to an indentation error. (gh issue #991, gh pr #993)
- Fixed a bug that caused ``b'`` prefixes to appear in parse_isodate exception
messages. Reported and fixed by Paul Brown (@pawl) (gh pr #1122)
- Make ``isoparse`` raise when trying to parse times with inconsistent use of
`:` separator. Reported and fixed by @mariocj89 (gh pr #1125).
- Fixed ``tz.gettz()`` not returning local time when passed an empty string.
Reported by @labrys (gh issues #925, #926). Fixed by @ffe4 (gh pr #1024)
* Documentation changes
* Simplified handling of bytes and bytearray in ``_parser._timelex``.
- python-rsa
-
- add sle15_python_module_pythons (jsc#PED-68)
- python-s3transfer
-
- Drop Provides for SLE 15 SP4 and openSUSE Leap 15.4 and later
- Switch to Python 3.11 build in SLE 15 SP4 and openSUSE Leap 15.4 and
later (jsc#PCT-371).
- Switch to wheel build
- Update to 0.10.0
* feature:``s3``: Added CRT support for S3 Express One Zone
- From 0.9.0
* feature:Python: End of support for Python 3.7
- Update 0.8.2
* bugfix:Subscribers: Added caching for Subscribers to improve
throughput by up to 24% in high volume transfer
- from version 0.8.1
* enhancement:``s3``: Added support for defaulting checksums
to CRC32 for s3express.
- from version 0.8.0
* enhancement:``crt``: Automatically configure CRC32 checksums for
uploads and checksum validation for downloads through the CRT
transfer manager.
* feature:``crt``: S3transfer now supports a wider range of CRT
functionality for uploads to improve throughput in the CLI/Boto3.
* enhancement:``Botocore``: S3Transfer now requires Botocore >=1.32.7
* enhancement:``crt``: Update ``target_throughput`` defaults. If not
configured, s3transfer will use the AWS CRT to attempt to determine
a recommended target throughput to use based on the system. If there
is no recommended throughput, s3transfer now falls back to ten
gigabits per second.
* enhancement:``crt``: Add support for uploading and downloading file-like
objects using CRT transfer manager. It supports both seekable and
non-seekable file-like objects.
- Update BuildRequires and Requires from setup.py
- Update to 0.7.0
* feature:``SSE-C``: Pass SSECustomer* arguments to
CompleteMultipartUpload for upload operations
- Update to 0.6.2
* enhancement:Python: Added provisional Python 3.12
support to s3transfer
- Update to 0.6.1
* bugfix:copy: Added support for ``ChecksumAlgorithm``
when uploading copy data in parts
- drop no-bundled-packages.patch to allow unpinning urllib3
boo#1211830
- pin to urllib3 1.x
- regionServiceClientConfigEC2
-
- Update to version 4.3.0 (bsc#1228363)
+ The IPv6 cert was switched up for the region server running in us-west-2
and as such the SSL handshake was failing. Drop the incorrect cert
and add the correct cert.
- Switch the patch syntax away form the deprecated shorthand macro
- Version 4.2.0
Replace certs (length 4096):
rgnsrv-ec2-cn-north1 -> 54.223.148.145 expires in 8 years
rgnsrv-ec2-us-west2-2 -> 54.245.101.47 expires in 9 years
Sidenote: We have one server with a short cert (2048) left;
34.197.223.242 expires in 2027
- Version 4.1.1
Add patch no-ipv6.patch to not serve IPv6 addresses on SLES12
Related to bsc#1218656
- release-notes-sles
-
- 15.6.20240926 (tracked in bsc#933411)
- Corrected a wrong entry regarding 389 and OpenLDAP
* OpenLDAP will be replaced by 389 in future SLE versions
* OpenLDAP has been re-added to SLE 15 SP5 and SP6 to prolong
the migration time window
- 15.5.20240924 (tracked in bsc#933411)
- updated max user space limit (bsc#1227524)
- Added note about OpenLDAP deprecation (jsc#PED-8118)
- Added warning about changing system Python (bsc#1222226)
- Updated product names and abbrevs (jsc#DOCTEAM-1133)
- Added note about systemd effective limit properties (jsc#PED-7978)
- Added note about FRR (jsc#PED-7549)
- Added note about FRR (jsc#PED-754)
- aarch64: Added warning about NVIDIA JetPack 6.0 for Orin
(jsc#PED-7863 / bsc#1212541)
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- restart daemon after update at the end of the transaction
(bsc#1230984)
- rubygem-nokogiri
-
- added only-complain-about-version-diff-if-it-is-older.patch:
make nokogiri only complain about mismatching libxml2 version
if the runtime version is older than the build version as we
assume newer versions should be ABI compatible (boo#1213999)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.13>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- samba
-
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
- Regression DFS not working with widelinks = true, updated to
fix DFS link enumeration; (bso#15435); (bsc#1213607);
- use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE; (bsc#1223345);
(bso#15423).
- Reduce winbind error msg to debug for a PDC/NT4 domain
(bsc#1221168).
- scap-security-guide
-
- updated to 0.1.74 (jsc#ECO-3319)
- Add Amazon Linux 2023 product (#12006)
- Introduce new remediation type Kickstart (#12144)
- Make PAM macros more flexible to variables (#12133)
- Remove Debian 10 Product (#12205)
- Remove Red Hat Enterprise Linux 7 product (#12093)
- Update CIS RHEL9 control file to v2.0.0 (#12067)
- updated to 0.1.73 (jsc#ECO-3319)
- CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651)
- Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0
- Generate rule references from control files (#11540)
- Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820)
- updated to 0.1.72 (jsc#ECO-3319)
- ANSSI BP 028 profile for debian12 (#11368)
- Building on Windows (#11406)
- Control for BSI APP.4.4 (#11342)
- update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks
- various fixes to SLE profiles
- add openeuler to -redhat package
- removed ssg-fix-journald.patch: fixed upstream
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- Changes in version 3.1.30
+ Added -V key:value pair option (bsc#1222021, PED-8211)
+ Avoid getting duplicate kernel verifications in boot.text (pr#193)
+ Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
+ Includes container log timestamps (pr#197)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- added missing ; in shell script (bsc#1227681)
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them. (bsc#1227429)
gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.
- suse-module-tools
-
- Update to version 15.5.5:
* Include unblacklist in initramfs (bsc#1224320)
* regenerate-initrd-posttrans: run update-bootloader --refresh for XEN
(bsc#1223278)
* 60-io-scheduler.rules: test for "scheduler" sysfs attribute (boo#1216717)
- systemd-presets-branding-SLE
-
- Enable sysctl-logger (jsc#PED-5024)
- tpm2.0-tools
-
- Add 0001-tpm2_checkquote-Fix-check-of-magic-number.patch: tpm2_checkquote
did not check whether the magic number in the attest is equal to
TPM2_GENERATED_VALUE, which might allow a malicious actor to generate
arbitrary quote data, undetected by tpm2_checkquote (bsc#1223687, CVE-2024-29038).
- Add 0001-tpm2_checkquote-Add-comparison-of-pcr-selection.patch:
tpm2_checkquote did not compare the --pcr parameter passed to the tool with
the attest. A malicious actor might thus be able to fake a valid
attestation (bsc#1223689, CVE-2024-29039).
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch,
util-linux-chcpu-document-zVM-limitations-generated.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- vim
-
- Fix for bsc#1231373 / CVE-2024-47814.
- Fix for bsc#1229238 / CVE-2024-43374.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- wget
-
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- Fix mishandled semicolons in the userinfo subcomponent could lead to an
insecure behavior in which data that was supposed to be in the userinfo
subcomponent is misinterpreted to be part of the host subcomponent.
[bsc#1226419, CVE-2024-38428, properly-re-implement-userinfo-parsing.patch]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- arp: increase arp-send retry value to avoid address configuration
failure due to ENOBUF reported by kernel while duplicate address
detection with underlying bonding in 802.3ad mode reporting link
"up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020,
gh#openSUSE/wicked#1022).
[+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- client: fix ifreload to pull UP ports/links again when the config
of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
[+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
[- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
[- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
[- 0003-move-all-attribute-definitions-to-compiler-h.patch]
[- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
[- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- xen
-
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop the following patches
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
xen-4.17.5-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
- xfsprogs
-
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
- Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch
- yast2-country
-
- Rename Europe/Kiev to Europe/Kyiv as per 2022b release of
tz code and data by ICANN (bsc#1224387)
- 4.5.6
- yast2-installation
-
- Don't block in AutoYaST upgrade (bsc#1181625)
- 4.5.20
- yast2-iscsi-client
-
- Don't leak passwords to the log (bsc#1225432)
- 4.5.9
- yast2
-
- Properly close nested progress callbacks (bsc#1223281)
- 4.5.27
- yast2-network
-
- Try to assign default global routes to an specific connection
when possible (bsc#1232531).
- 4.5.25
- yast2-registration
-
- Ensure add_on_others in autoyast profile are added (bsc#1223301)
- 4.5.10
- zypper
-
- Don't try to download missing raw metadata if cache is not
writable (bsc#1225451)
- man: Update 'search' command description.
Hint to "se -v" showing the matches within the packages metadata.
Explain that search strings starting with a "/" will implicitly
look into the filelist as well. Otherfise an explicit "-f" is
needed.
- version 1.14.78
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)