- aaa_base
-
- silence the output in the case of broken symlinks (bsc#1218232)
- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to actually apply
- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
* fix the issues from bsc#1107342 and bsc#1215434 and just
use the settings from update-alternatives to set JAVA_HOME
- bind
-
- Update to release 9.16.48
Feature Changes:
* The IP addresses for B.ROOT-SERVERS.NET have been updated to
170.247.170.2 and 2801:1b8:10::b.
Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service
condition. This has been fixed. (CVE-2023-50387)
[bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessive
CPU load, leading to a denial-of-service condition. This has
been fixed. (CVE-2023-50868)
[bsc#1219826]
* Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
[bsc#1219851]
* Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been
fixed. (CVE-2023-5517)
[bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these
features were enabled. This has been fixed. (CVE-2023-5679)
[bsc#1219853]
* Query patterns that continuously triggered cache database
maintenance could cause an excessive amount of memory to be
allocated, exceeding max-cache-size and potentially leading to
all available memory on the host running named being exhausted.
This has been fixed. (CVE-2023-6516)
[bsc#1219854]
Removed Features:
* Support for using AES as the DNS COOKIE algorithm
(cookie-algorithm aes;) has been deprecated and will be removed
in a future release. Please use the current default,
SipHash-2-4, instead.
- cloud-init
-
- Add cloud-init-skip-empty-conf.patch
+ Skip tests with empty config
- Add cloud-init-pckg-reboot.patch (boo#1198533, bsc#1218952, jsc#SMO-326)
+ Support reboot on package update/upgrade via the cloud-init config
- Switch build dependency to the generic distribution-release package
- Move fdupes call back to %install (boo#1214169)
- Update to version 23.3 (bsc#1216011, bsc#1215794, bsc#1215740)
+ Remove patches included upstream:
- cloud-init-fix-ca-test.patch
- cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
- cloud-init-power-rhel-only.patch
- cloud-init-flake8-fixes.patch
+ Add
- cloud-init-keep-flake.patch
- cloud-init-lint-fixes.patch
+ Update
- cloud-init-write-routes.patch (bsc#1216007)
+ Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
+ Fix cc_keyboard in mantic (LP: #2030788)
+ ec2: initialize get_instance_userdata return value to bytes (#4387)
[Noah Meyerhans]
+ cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
+ Fix pip-managed ansible
+ status: treat SubState=running and MainPID=0 as service exited
+ azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
+ collect-logs fix memory usage (SC-1590) (#4289)
[Alec Warren] (LP: #1980150)
+ cc_mounts: Use fallocate to create swapfile on btrfs (#4369) [王煎饼]
+ Undocument nocloud-net (#4318)
+ feat(akamai): add akamai to settings.py and apport.py (#4370)
+ read-version: fallback to get_version when git describe fails (#4366)
+ apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
+ integration tests: Pass username to pycloudlib (#4324)
+ Bump pycloudlib to 1!5.1.0 (#4353)
+ cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
[dermotbradley]
+ analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić]
+ cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić]
+ subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić]
+ cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić]
+ util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić]
+ cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić]
+ unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
(#4328) [Ani Sinha]
+ Fix test_tools.py collection (#4315)
+ cc_keyboard: add Alpine support (#4278) [dermotbradley]
+ Flake8 fixes (#4340) [Robert Schweikert]
+ cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127)
+ ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281)
[Wei Zhou]
+ ec2: Support double encoded userdata (#4276) [Noah Meyerhans]
+ cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić]
+ tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
[Chris Patterson]
+ change openEuler to openeuler and fix some bugs in openEuler (#4317)
[sxt1001]
+ Replace flake8 with ruff (#4314)
+ NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
(#4291) [Ani Sinha]
+ cc_ssh_import_id: add Alpine support and add doas support (#4277)
[dermotbradley]
+ sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539)
+ Added support for Akamai Connected Cloud (formerly Linode) (#4167)
[Will Smith]
+ Fix reference before assignment (#4292)
+ Overhaul module reference page (#4237) [Sally]
+ replaced spaces with commas for setting passenv (#4269) [Alec Warren]
+ DS VMware: modify a few log level (#4284) [PengpengSun]
+ tools/read-version refactors and unit tests (#4268)
+ Ensure get_features() grabs all features (#4285)
+ Don't always require passlib dependency (#4274)
+ tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
+ Fix NoCloud kernel commandline key parsing (#4273)
+ testing: Clear all LRU caches after each test (#4249)
+ Remove the crypt dependency (#2139) [Gonéri Le Bouder]
+ logging: keep current file mode of log file if its stricter than the
new mode (#4250) [Ani Sinha]
+ Remove default membership in redundant groups (#4258)
[Dave Jones] (LP: #1923363)
+ doc: improve datasource_creation.rst (#4262)
+ Remove duplicate Integration testing button (#4261) [Rishita Shaw]
+ tools/read-version: fix the tool so that it can handle version parsing
errors (#4234) [Ani Sinha]
+ net/dhcp: add udhcpc support (#4190) [Jean-François Roche]
+ DS VMware: add i386 arch dir to deployPkg plugin search path
[PengpengSun]
+ LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
+ cc_mounts.py: Add note about issue with creating mounts inside mounts
(#4232) [dermotbradley]
+ lxd: install lxd from snap, not deb if absent in image
+ landscape: use landscape-config to write configuration
+ Add deprecation log during init of DataSourceDigitalOcean (#4194)
[tyb-truth]
+ doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
+ Inspect systemd state for cloud-init status (#4230)
+ instance-data: add system-info and features to combined-cloud-config
(#4224)
+ systemd: Block login until config stage completes (#2111) (LP: #2013403)
+ tests: proposed should invoke apt-get install -t=<release>-proposed
(#4235)
+ cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley]
+ Remove feature flag override ability (#4228)
+ tests: drop stray unrelated file presence test (#4227)
+ Update LXD URL (#4223) [Sally]
+ schema: add network v1 schema definition and validation functions
+ tests: daily PPA for devel series is version 99.daily update tests to
match (#4225)
+ instance-data: write /run/cloud-init/combined-cloud-config.json
+ mount parse: Fix matching non-existent directories (#4222) [Mina Galić]
+ Specify build-system for pep517 (#4218)
+ Fix network v2 metric rendering (#4220)
+ Migrate content out of FAQ page (SD-1187) (#4205) [Sally]
+ setup: fix generation of init templates (#4209) [Mina Galić]
+ docs: Correct some bootcmd example wording
+ fix changelog
+ tests: reboot client to assert x-shellscript-per-boot is triggered
+ nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204)
(LP: 4203, #2025180)
+ Add docstring and typing to mergemanydict (#4200)
+ BSD: add dsidentify to early startup scripts (#4182) [Mina Galić]
+ handler: report errors on skipped merged cloud-config.txt parts
(LP: #1999952)
+ Add cloud-init summit writeups (#4179) [Sally]
+ tests: Update test_clean_log for oci (#4187)
+ gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163)
+ tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184)
+ Ephemeral Networking for FreeBSD (#2165) [Mina Galić]
+ Clarify directory syntax for nocloud local filesystem. (#4178)
+ Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha]
+ Test static routes and netplan 0.106
+ FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić]
+ test: add tracking bug id (#4164)
+ tests: can't match MAC for LXD container veth due to netplan 0.106
(#4162)
+ Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar]
+ BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić]
+ launching salt-minion in masterless mode (#4110) [Denis Halturin]
+ tools: fix run-container builds for rockylinux/8 git hash mismatch
(#4161)
+ fix doc lint: spellchecker tripped up (#4160) [Mina Galić]
+ Support Ephemeral Networking for BSD (#2127)
+ Added / fixed support for static routes on OpenBSD and FreeBSD (#2157)
[Kadir Mueller]
+ cc_rsyslog: Refactor for better multi-platform support (#4119)
[Mina Galić] (LP: #1798055)
+ tests: fix test_lp1835584 (#4154)
+ cloud.cfg mod names: docs and rename salt_minion and set_password (#4153)
+ tests: apt support for deb822 format .sources files on mantic
+ vultr: remove check_route check (#2151) [Jonas Chevalier]
+ Update SECURITY.md (#4150) [Indrranil Pawar]
+ Update CONTRIBUTING.rst (#4149) [Indrranil Pawar]
+ Update .github-cla-signers (#4151) [Indrranil Pawar]
+ Standardise module names in cloud.cfg.tmpl to only use underscore
(#4128) [dermotbradley]
+ tests: update test_webhook_reporting
+ Modify PR template so autoclose works
+ doc: add missing semi-colon to nocloud cmdline docs (#4120)
+ .gitignore: extend coverage pattern (#4143) [Mina Galić]
From 23.2.2
+ Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271)
(LP: #2028562)
+ Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784)
From 23.2.1
+ nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204)
(Fixes: 4203) (LP: #2025180)
From 23.2
+ BSD: simplify finding MBR partitions by removing duplicate code
[Mina Galić]
+ tests: bump pycloudlib version for mantic builds
+ network-manager: Set higher autoconnect priority for nm keyfiles (#3671)
[Ani Sinha]
+ alpine.py: change the locale file used (#4139) [dermotbradley]
+ cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić]
+ config: drop refresh_rmc_and_interface as RHEL 7 no longer supported
[Robert Schweikert]
+ docs: Add feedback button to docs
+ net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh
plugin (#4132) [Ani Sinha]
+ For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley]
+ network_manager: add a method for ipv6 static IP configuration (#4127)
[Ani Sinha]
+ correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley]
+ nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115)
[Ani Sinha]
+ Add templates for GitHub Issues
+ Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela]
+ FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594)
+ FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić]
+ Update tests in Azure TestCanDevBeReformatted class (#2771)
[Ksenija Stanojevic]
+ Replace Launchpad references with GitHub Issues
+ Fix KeyError in iproute pformat (#3287) [Dmitry Zykov]
+ schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance
+ azure/errors: introduce reportable errors for imds (#3647)
[Chris Patterson]
+ FreeBSD (and friends): better identify MBR slices (#2168)
[Mina Galić] (LP: #2016350)
+ azure/errors: add host reporting for dhcp errors (#2167)
[Chris Patterson]
+ net: purge blacklist_drivers across net and azure (#2160)
[Chris Patterson]
+ net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153)
[Chris Patterson]
+ tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d
(#2251)
+ net: refactor find_candidate_nics_on_linux() to use get_interfaces()
(#2159) [Chris Patterson]
+ resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden]
+ Remove mount NTFS error message (#2134) [Ksenija Stanojevic]
+ integration tests: fix image specification parsing (#2166)
+ ci: add hypothesis scheduled GH check (#2149)
+ Move supported distros list to docs (#2162)
+ Fix logger, use instance rather than module function (#2163)
+ README: Point to Github Actions build status (#2158)
+ Revert "fix linux-specific code on bsd (#2143)" (#2161)
+ Do not generate dsa and ed25519 key types when crypto FIPS mode is
enabled (#2142) [Ani Sinha] (LP: 2017761)
+ Add documentation label automatically (#2156)
+ sources/azure: report success to host and introduce kvp module (#2141)
[Chris Patterson]
+ setup.py: use pkg-config for udev/rules path (#2137) [dankm]
+ openstack/static: honor the DNS servers associated with a network
(#2138) [Gonéri Le Bouder]
+ fix linux-specific code on bsd (#2143)
+ cli: schema validation of jinja template user-data (SC-1385) (#2132)
(LP: #1881925)
+ gce: activate network discovery on every boot (#2128)
+ tests: update integration test to assert 640 across reboots (#2145)
+ Make user/vendor data sensitive and remove log permissions (#2144)
(LP: #2013967)
+ Update kernel command line docs (SC-1457) (#2133)
+ docs: update network configuration path links (#2140) [d1r3ct0r]
+ sources/azure: report failures to host via kvp (#2136) [Chris Patterson]
+ net: Document use of `ip route append` to add routes (#2130)
+ dhcp: Add missing mocks (#2135)
+ azure/imds: retry fetching metadata up to 300 seconds (#2121)
[Chris Patterson]
+ [1/2] DHCP: Refactor dhcp client code (#2122)
+ azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson]
+ azure/errors: introduce reportable errors (#2129) [Chris Patterson]
+ users: schema permit empty list to indicate create no users
+ azure: introduce identity module (#2116) [Chris Patterson]
+ Standardize disabling cloud-init on non-systemd (#2112)
+ Update .github-cla-signers (#2126) [Rob Tongue]
+ NoCloud: Use seedfrom protocol to determine mode (#2107)
+ rhel: Remove sysvinit files. (#2114)
+ tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson]
+ Fix NoCloud kernel commandline semi-colon args
+ run-container: make the container/VM timeout configurable (#2118)
[Paride Legovini]
+ suse: Remove sysvinit files. (#2115)
+ test: Backport assert_call_count for old requests (#2119)
+ Add "licebmi" as contributor (#2113) [Mark Martinez]
+ Adapt DataSourceScaleway to upcoming IPv6 support (#2033)
[Louis Bouchard]
+ rhel: make sure previous-hostname file ends with a new line (#2108)
[Ani Sinha]
+ Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai]
+ Cleanup ephemeral IP routes on exception (#2100) [sxt1001]
+ commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291)
+ Standardize kernel commandline user interface (#2093)
+ config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson]
+ Fix test_dhclient_exits_with_error (#2105)
+ net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083)
[Chris Patterson]
+ sources/azure: move pps handling out of _poll_imds() (#2075)
[Chris Patterson]
+ tests: bump pycloudlib version (#2102)
+ schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098)
+ sources/azure/imds: don't count timeout errors as connection errors
(#2074) [Chris Patterson]
+ Fix Python 3.12 unit test failures (#2099)
+ integration tests: Refactor instance checking (#1989)
+ ci: migrate remaining jobs from travis to gh (#2085)
+ missing ending quote in instancedata docs(#2094) [Hong L]
+ refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r]
+ tests/vmware: fix test_no_data_access_method failure (#2092)
[Chris Patterson]
+ Don't change permissions of netrules target (#2076) (LP: #2011783)
+ tests/sources: patch util.get_cmdline() for datasource tests (#2091)
[Chris Patterson]
+ macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090)
(LP: #2008888)
+ Fedora: Enable CA handling (#2086) [František Zatloukal]
+ Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa]
+ cc_ansible: complete the examples and doc (#2082) [Yves]
+ bddeb: for dev package, derive debhelper-compat from host system
+ apport: only prompt for cloud_name when instance-data.json is absent
+ datasource: Optimize datasource detection, fix bugs (#2060)
+ Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi]
+ sources/azure: add networking check for all source PPS (#2061)
[Chris Patterson]
+ do not attempt dns resolution on ip addresses (#2040)
+ chore: fix style tip (#2071)
+ Fix metadata IP in instancedata.rst (#2063) [Brian Haley]
+ util: Pass deprecation schedule in deprecate_call() (#2064)
+ config: Update grub-dpkg docs (#2058)
+ docs: Cosmetic improvements and styling (#2057) [s-makin]
+ cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner]
+ tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059)
+ oracle-ds: prefer system_cfg over ds network config source (#1998)
(LP: #1956788)
+ Remove dead code (#2038)
+ source: Force OpenStack when it is only option (#2045) (LP: #2008727)
+ cc_ubuntu_advantage: improve UA logs discovery
+ sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson]
+ tests: fix test_schema (#2042)
+ dhcp: Cleanup unused kwarg (#2037)
+ sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027)
[PengpengSun]
+ dhclient_hook: remove vestigal dhclient_hook command (#2015)
+ log: Add standardized deprecation tooling (SC-1312) (#2026)
+ Enable SUSE based distros for ca handling (#2036) [Robert Schweikert]
From 23.1.2
+ Make user/vendor data sensitive and remove log permissions
(LP: #2013967) (CVE-2023-1786)
From 23.1.1
+ source: Force OpenStack when it is only option (#2045)
+ sources/azure: fix regressions in IMDS behavior (#2041)
[Chris Patterson]
- Add cloud-init-flake8-fixes.patch
- Revert chnages from previous commit
+ Disabling checks the primary maintainer enabled for specific reasons
is not a fix.
- update to 23.1.2:
* Make user/vendor data sensitive and remove log permissions
* source: Force OpenStack when it is only option (#2045)
* sources/azure: fix regressions in IMDS behavior
- drop
cloud-init-cve-2023-1786-redact-instance-data-json-main.patch (upstream)
- spec-file cleanups, including dropping flake8 (as build fails
with newer flake8 versions)
- cloud-netconfig
-
- Update to version 1.12 (bsc#1221202)
+ If token access succeeds using IPv4 do not use the IPv6 endpoint
only use the IPv6 IMDS endpoint if IPv4 access fails.
- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d
on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d
parent directory
- Update to version 1.11:
+ Revert address metadata lookup in GCE to local lookup (bsc#1219454)
+ Fix hang on warning log messages
+ Check whether getting IPv4 addresses from metadata failed and abort
if true
+ Only delete policy rules if they exist
+ Skip adding/removing IPv4 ranges if metdata lookup failed
+ Improve error handling and logging in Azure
+ Set SCRIPTDIR when installing netconfig wrapper
- Update to version 1.10:
+ Drop cloud-netconfig-nm sub package and include NM dispatcher
script in main packages (bsc#1219007)
+ Spec file cleanup
- Update to version 1.9:
+ Drop package dependency on sysconfig-netconfig
+ Improve log level handling
+ Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
- cloud-regionsrv-client
-
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
+ Fix the failover path to a new target update server. At present a new
server is not found since credential validation fails. We targeted
the server detected in down condition to verify the credentials instead
of the replacement server.
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
+ Fix the algorithm to determine the region from the availability zone
information retrieved from IMDS.
- Update to version 10.1.6
+ Support specifying an IPv6 address for a manually configured target
update server.
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed
over IPv4
+ Enable IMDS access over IPv6
- Update to version 10.1.4 (bsc#1217451)
+ Fetch cert for new update server during failover
- containerd
-
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
- Update to containerd v1.7.10. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- cpio
-
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
* fix-bsc1219238.patch
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
* fix-CVE-2023-7207.patch
- gcc7
-
- Add gcc7-pr88345-min-func-alignment.diff to add support for
- fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Add gcc7-pr87723.patch to avoid ICE when hitting a broken pattern
in the s390 backend.
- Add gcc7-bsc1216488.patch to avoid creating recursive DIE references
through DW_AT_abstract_origin when using LTO. [bsc#1216488]
- curl
-
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
* Add curl-libssh_Implement_SFTP_packet_size_limit.patch
- docker
-
- Vendor latest buildkit v0.11:
Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
vendors in the latest v0.11 buildkit branch including bugfixes for the following:
* bsc#1219438: CVE-2024-23653
* bsc#1219268: CVE-2024-23652
* bsc#1219267: CVE-2024-23651
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
completion warnings
- Update to Docker 24.0.7-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
version-specific templating for the default apparmor profile. bsc#1213500
+ 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Update to Docker 24.0.6-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- glibc
-
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
(bsc#1218866)
- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
(bsc#1217445, BZ #31113)
- grub2
-
- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
(bsc#1219248) (bsc#1181762)
* grub2-xen-pv-firmware.cfg
* 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- java-1_8_0-ibm
-
- Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843]
* www.ibm.com/support/pages/java-sdk-security-vulnerabilities
* Security fixes in IBM Security Update February 2024:
- [bsc#1219843, CVE-2023-33850]
* Security fixes in Oracle January 16 2024 CPU:
- [bsc#1218908, CVE-2024-20932] OpenJDK: incorrect handling of ZIP
files with duplicate entries (8276123)
- [bsc#1218911, CVE-2024-20952] OpenJDK: RSA padding issue and
timing side-channel attack against TLS (8317547)
- [bsc#1218907, CVE-2024-20918] OpenJDK: array out-of-bounds access
due to missing range check in C1 compiler (8314468)
- [bsc#1218905 , CVE-2024-20921] OpenJDK: range check loop
optimization issue (8314307)
- [bsc#1218903, CVE-2024-20919] OpenJDK: JVM class file verifier
flaw allows unverified bytecode execution (8314295)
- [bsc#1218906, CVE-2024-20926] OpenJDK: arbitrary Java code
execution in Nashorn (8314284)
- [bsc#1218909, CVE-2024-20945] OpenJDK: logging of digital
signature private keys (8316976)
* Defect Fixes:
- IJ48866 Java JIT: Crash due to stale data running on power
or aarch64 cpus
- IJ49451 Service, Build, Packaging and Deliver:
The /usr/lpp/java/current symlink is not created when the
semeru17 or 11 ptf package is installed on Z/OS
- IJ50007 Java 8/Integration: Unable to launch applet while
using java8 windows MSI
- IJ49634 Class Libraries: Remove the com.ibm.disableludclrefresh
system property
- IJ49047 JIT Compiler: Reordering code with a call to
currenttimemillis() can result in inaccurate results
- IJ49741 JIT Compiler: Unexpected nullpointerexception
- IJ49090 Security: +JAZZ-150121 JGSS: Error bad tgs server
instance due to invalid cross-realm referral tgt in krb5.ccache
- IJ49974 Security: Add password based encryption (PBE) to IBMJCEPlus
- IJ48865 Security: Always upper case the XDH curve names X448 and X25519
- IJ49126 Security: Cached exception was not cleared while creating sslcontext
- IJ48893 Security: EC named curve not disabled when specified on the
jdk.disabled.namedcurves or jdk.tls.disabledalgorithms security property
- IJ49480 Security: Encrypting and decrypting empty string with RSA key fails
- IJ49450 Security: Increase minimum legacy ephemeral DH
- IJ49514 Security: Print debug statement if FIPS 140-3 enabled
- IJ49116 Security: Use server cipher suites preference by default
- kdump
-
- dracut: always create fstab, even if empty (bsc#1218494)
- fix NOSPLIT option
- Honor the KDUMP_VERBOSE setting in kdump-save
- kernel-default
-
- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit 7f00c86
- x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746).
- commit ee70608
- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit c955133
- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
(bsc#1220254 CVE-2024-26591).
- commit fc948d3
- selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255
CVE-2024-26589).
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
CVE-2024-26589).
- commit 8a833ce
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- commit 1306bff
- kabi: restore return type of dst_ops::gc() callback
(CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
bsc#1219295).
- commit b8eec42
- netfilter: nf_tables: fix 64-bit load issue in
nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit e095cd0
- netfilter: nft_set_pipapo: skip inactive elements during set
walk (CVE-2023-6817 bsc#1218195).
- commit 4032aa7
- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
CVE-2024-26622).
- commit c8e5b38
- btrfs: fix double free of anonymous device after snapshot
creation failure (bsc#1219126 CVE-2024-23850).
- commit 257a534
- btrfs: do not ASSERT() if the newly created subvolume already
got read (bsc#1219126 CVE-2024-23850).
- commit a2ac581
- bpf: Minor cleanup around stack bounds (bsc#1220257
CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
CVE-2023-52452).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
(git-fixes).
- bpf: Minor cleanup around stack bounds (bsc#1220257
CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
CVE-2023-52452).
- bpf: Add some comments to stack representation (bsc#1220257
CVE-2023-52452).
- Refresh patches.kabi/kABI-fix-bpf-Tighten-ptr_to_btf_id-checks.patch
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
(git-fixes).
- bpf: Minor logging improvement (bsc#1220257).
- commit 7d03125
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457).
- commit c82f528
- serial: imx: fix tx statemachine deadlock (bsc#1220364
CVE-2023-52456).
- commit cd9f92c
- powerpc/pseries/memhp: Fix access beyond end of drmem array
(bsc#1220250,CVE-2023-52451).
- commit fdc7254
- Update patch reference for input fix (CVE-2021-46932 bsc#1220444)
- commit e44e0b1
- usb: dwc3: gadget: Ignore End Transfer delay on teardown
(git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Add-1ms-delay-after-end-transfer-com.patch.
- commit 251cd08
- tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
- wifi: nl80211: reject iftype change with mesh ID change
(git-fixes).
- usb: dwc3: gadget: Don't disconnect if not started (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call
(git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen
(git-fixes).
- usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit
(git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- usb: dwc3: gadget: Queue PM runtime idle on disconnect event
(git-fixes).
- usb: dwc3: gadget: Handle EP0 request dequeuing properly
(git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro
(git-fixes).
- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
(git-fixes).
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for
IT8784/IT8786 (git-fixes).
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
(git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
(git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
(git-fixes).
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
(git-fixes).
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset
(git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow
(git-fixes).
- wifi: wext-core: Fix -Wstringop-overflow warning in
ioctl_standard_iw_point() (git-fixes).
- wifi: ath11k: fix registration of 6Ghz-only phy without the
full channel range (git-fixes).
- usb: dwc3: gadget: Refactor EP0 forced stall/restart into a
separate API (git-fixes).
- usb: dwc3: gadget: Submit endxfer command if delayed during
disconnect (git-fixes).
- commit 8b4f9a3
- power: supply: bq27xxx-i2c: Do not free non existing IRQ
(git-fixes).
- mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
- mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
- mmc: core: Fix eMMC initialization with 1-bit bus connection
(git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
(git-fixes).
- mtd: spinand: gigadevice: Fix the get ecc status issue
(git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission
(git-fixes).
- mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
- regulator: pwm-regulator: Add validity checks in continuous
.get_voltage (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the TECLAST X16
Plus tablet (git-fixes).
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were
detected (git-fixes).
- PCI: switchtec: Fix stdev_release() crash after surprise hot
remove (git-fixes).
- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
- PCI: Only override AMD USB controller if required (git-fixes).
- PCI/AER: Decode Requester ID when no error info found
(git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe
(git-fixes).
- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
(git-fixes).
- pstore/ram: Fix crash when setting number of cpus to an odd
number (git-fixes).
- PNP: ACPI: fix fortify warning (git-fixes).
- regulator: core: Only increment use_count when enable_count
changes (git-fixes).
- PM: core: Remove unnecessary (void *) conversions (git-fixes).
- serial: 8250: Remove serial_rs485 sanitization from em485
(git-fixes).
- PM: runtime: Have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
- commit 9894050
- gpio: fix resource unwinding order in error path (git-fixes).
- commit f4d7f82
- gpiolib: Fix the error path order in
gpiochip_add_data_with_key() (git-fixes).
- commit 9367441
- Update patches.suse/i2c-Fix-a-potential-use-after-free.patch
(git-fixes bsc#1220409 CVE-2019-25162).
Add bug and CVE references.
- commit 6df4ebd
- Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and
pm_sleep_ptr() (git-fixes).
- Refresh
patches.suse/Input-iqs269a-do-not-poll-during-suspend-or-resume.patch.
- commit 7360a05
- i2c: imx: Add timer for handling the stop condition (git-fixes).
- Refresh
patches.suse/i2c-imx-Make-sure-to-unregister-adapter-on-remove.patch.
- commit 3a3d0f8
- gpio: 74x164: Enable output pins after registers are reset
(git-fixes).
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font()
(git-fixes).
- lan78xx: enable auto speed configuration for LAN7850 if no
EEPROM is detected (git-fixes).
- i2c: imx: when being a target, mark the last read as processed
(git-fixes).
- i2c: i801: Fix block process call transactions (git-fixes).
- iio: hid-sensor-als: Return 0 for
HID_USAGE_SENSOR_TIME_TIMESTAMP (git-fixes).
- firewire: core: send bus reset promptly on gap count error
(git-fixes).
- efi: Don't add memblocks for soft-reserved memory (git-fixes).
- hwmon: (coretemp) Enlarge per package core count limit
(git-fixes).
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
(git-fixes).
- fbdev: sis: Error out if pixclock equals zero (git-fixes).
- fbdev: savage: Error out if pixclock equals zero (git-fixes).
- libsubcmd: Fix memory leak in uniq() (git-fixes).
- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
- i3c: master: cdns: Update maximum prescaler value for i2c clock
(git-fixes).
- leds: trigger: panic: Don't register panic notifier if creating
the trigger failed (git-fixes).
- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
- media: stk1160: Fixed high volume of stk1160_dbg messages
(git-fixes).
- i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
- HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
- HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
- commit 0f0032c
- dmaengine: ptdma: use consistent DMA masks (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization
(git-fixes).
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
(git-fixes).
- Revert "drm/amd/pm: resolve reboot exception for si oland"
(git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE
flag is set (git-fixes).
- drm/ttm: Fix an invalid freeing on already freed page in error
path (git-fixes).
- drm/amd/display: Preserve original aspect ratio in create stream
(git-fixes).
- Revert "drm/amd/display: increased min_dcfclk_mhz and
min_fclk_mhz" (git-fixes).
- drm/prime: Support page array >= 4GB (git-fixes).
- efi: runtime: Fix potential overflow of soft-reserved region
size (git-fixes).
- drm/amd/display: Increase frame-larger-than for all
display_mode_vba files (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program GFXDEC registers for suspend abort
(git-fixes).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
command DMA (git-fixes).
- dmaengine: ti: edma: Add some null pointer checks to the
edma_probe (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
(git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- commit 61b82a0
- ALSA: Drop leftover snd-rtctimer stuff from Makefile
(git-fixes).
- ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
- Bluetooth: qca: Fix wrong event type for patch config command
(git-fixes).
- Bluetooth: Enforce validation on max value of connection
interval (git-fixes).
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
(git-fixes).
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
(git-fixes).
- Bluetooth: hci_sync: Fix accept_list when attempting to suspend
(git-fixes).
- Bluetooth: Avoid potential use-after-free in hci_error_reset
(git-fixes).
- Bluetooth: hci_sync: Check the correct flag before starting
a scan (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED For HP mt645
(git-fixes).
- ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
(git-fixes).
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
- bus: moxtet: Add spi device table (git-fixes).
- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
- crypto: api - Disallow identical driver names (git-fixes).
- commit a409ffd
- ALSA: usb-audio: Ignore clock selector errors for single
connection (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
(git-fixes).
- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287
thinkpads (git-fixes).
- ALSA: usb-audio: Check presence of valid altsetting control
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
(git-fixes).
- ALSA: hda/realtek: Fix the external mic not being recognised
for Acer Swift 1 SF114-32 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
(git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
synchronous events (git-fixes).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
(git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1
and iMac12,2 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad
X131e (3371 AMD version) (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
(git-fixes).
- ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
(git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
(git-fixes).
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
(git-fixes).
- ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
- commit 728134a
- efivarfs: force RO when remounting if SetVariable is not
supported (bsc#1220328 CVE-2023-52463).
- commit 6239d33
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- commit b7359fc
- btrfs: fix double free of anonymous device after snapshot
creation failure (bsc#1219126 CVE-2024-23850).
- commit f8ba729
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238 CVE-2023-52449).
- commit c132b67
- fs/mount_setattr: always cleanup mount_kattr (bsc#1220457
CVE-2021-46923).
- commit 89afe2f
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- commit bec1c61
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- commit aa6db76
- Update patch reference for HID fix (CVE-2023-52478 bsc#1220796)
- commit 4aec836
- Update patch reference for input fix (CVE-2023-52475 bsc#1220649)
- commit 00a87c8
- topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618).
- Refresh
patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit e74360b
- topology/sysfs: Add format parameter to macro defining "show" functions for proc (jsc#PED-7618).
- Refresh
patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit 978a12d
- x86/cpu: X86_FEATURE_INTEL_PPIN finally has a CPUID bit (jsc#PED-7618).
- Refresh patches.suse/x86-speculation-disable-rrsba-behavior.patch.
- commit f7bed0d
- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
cache (bsc#1220326, CVE-2024-26598).
- commit 74fd0dd
- scsi: lpfc: Replace deprecated strncpy() with strscpy()
(bsc#1220021).
- scsi: lpfc: Copyright updates for 14.4.0.0 patches
(bsc#1220021).
- scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: Change lpfc_vport load_flag member into a bitmask
(bsc#1220021).
- scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask
(bsc#1220021).
- scsi: lpfc: Protect vport fc_nodes list with an explicit spin
lock (bsc#1220021).
- scsi: lpfc: Change nlp state statistic counters into atomic_t
(bsc#1220021).
- scsi: lpfc: Remove shost_lock protection for fc_host_port
shost APIs (bsc#1220021).
- scsi: lpfc: Move handling of reset congestion statistics events
(bsc#1220021).
- scsi: lpfc: Save FPIN frequency statistics upon receipt of
peer cgn notifications (bsc#1220021).
- scsi: lpfc: Add condition to delete ndlp object after sending
BLS_RJT to an ABTS (bsc#1220021).
- scsi: lpfc: Fix failure to delete vports when discovery is in
progress (bsc#1220021).
- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN
processing for ndlps (bsc#1220021).
- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute
for Fabric nodes (bsc#1220021).
- scsi: lpfc: Remove D_ID swap log message from trace event logger
(bsc#1220021).
- scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's
length (bsc#1220021).
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
(bsc#1220021).
- scsi: lpfc: Initialize status local variable in
lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal
(bsc#1220021).
- PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
- commit 41ec061
- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603).
- commit 4cbbdbf
- Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459)
- commit 8ac32a8
- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- commit 71868f2
- media: pvrusb2: fix use after free on context disconnection
(CVE-2023-52445 bsc#1220241).
- commit e4643a5
- RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
- commit 62d6d3a
- RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
- Delete patches.suse/EDAC-amd64-Add-MI300-row-retirement-support.patch.
- commit 3cc5727
- uio: Fix use-after-free in uio_open (bsc#1220140
CVE-2023-52439).
- commit fbf52b1
- apparmor: avoid crash when parsed profile name is empty
(CVE-2023-52443 bsc#1220240).
- commit 732bc93
- ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
- commit c9fe433
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- commit 6df2cbb
- xfs: short circuit xfs_growfs_data_private() if delta is zero
(git-fixes).
- commit fcba050
- xfs: remove unused fields from struct xbtree_ifakeroot
(git-fixes).
- commit 86da8f9
- fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
- commit 595274a
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
(git-fixes).
- commit 8b6113c
- nilfs2: fix data corruption in dsync block recovery for small
block sizes (git-fixes).
- commit 3bf00f7
- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
- commit 95bef1f
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- commit d7a8248
- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit e676b4f
- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
- commit fc7d276
- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
- commit bcf9251
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit 9b22efe
- afs: Increase buffer size in afs_update_volume_status()
(git-fixes).
- commit dd84cc3
- afs: Hide silly-rename files from userspace (git-fixes).
- commit 3ff836d
- afs: fix the usage of read_seqbegin_or_lock() in
afs_find_server*() (git-fixes).
- commit c7a2b9c
- afs: fix the usage of read_seqbegin_or_lock() in
afs_lookup_volume_rcu() (git-fixes).
- commit 4fa847b
- btrfs: do not ASSERT() if the newly created subvolume already
got read (bsc#1219126 CVE-2024-23850).
- commit 087f1fb
- Update
patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch
(git-fixes, bsc1220398, CVE-2024-26602).
- commit 7349e3e
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- commit edd994d
- i2c: i801: Fix block process call transactions (bsc#1220009
CVE-2024-26593).
- commit 1b64da9
- RDMA/core: Fix uninit-value access in ib_get_eth_speed()
(bsc#1219934).
- commit 3ebf8e4
- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
CVE-2024-26586).
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
error path (bsc#1220344 CVE-2024-26595).
- commit 6e8b589
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464)
- commit 369d1fd
- RDMA/core: Get IB width and speed from netdev (bsc#1219934).
- commit 24279f3
- KVM: s390: vsie: fix race during shadow creation (git-fixes
bsc#1220393).
- commit 72fd28e
- Update config files.
Cleanup with run_oldconfig.sh
- commit ef734e5
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
- commit 8d2ffe7
- supported.conf: remove external flag from IBM supported modules.
(bsc#1209412)
- commit a25e99f
- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes)
- commit 7e2b55c
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- commit b343796
- arm64: irq: set the correct node for VMAP stack (git-fixes)
- commit f682ae8
- blacklist.conf: ("arm64: lib: Import latest version of Arm Optimized Routines' strncmp")
- commit 88ead84
- Refresh sorted patches.
- commit 9f45380
- powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
(bsc#1220348).
- powerpc/pseries: Add a clear modifier to ibm,pa/pi-features
parser (bsc#1220348).
- commit 7e988f6
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed
NTBs (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet
(git-fixes).
- usb: cdns3: fixed memory use after free at
cdns3_gadget_ep_disable() (git-fixes).
- usb: roles: don't get/set_role() when usb_role_switch is
unregistered (git-fixes).
- usb: roles: fix NULL pointer issue when put module's reference
(git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting CDNSP family
controllers (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- USB: serial: option: add Fibocom FM101-GL variant (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
(git-fixes).
- USB: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
- commit 6aacbee
- s390: use the correct count for __iowrite64_copy() (git-fixes
bsc#1220317).
- commit 3d0908e
- md: bypass block throttle for superblock update (bsc#1220154,
CVE-2023-52437).
- commit 3b94bb4
- cachefiles: fix memory leak in cachefiles_add_cache()
(bsc#1220267).
- commit 9bb720c
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253 CVE-2023-52448).
- commit 12cdab5
- platform/x86: thinkpad_acpi: Only update profile if successfully
converted (git-fixes).
- platform/x86: touchscreen_dmi: Allow partial (prefix) matches
for ACPI names (git-fixes).
- commit d153a3a
- USB: gadget: core: adjust uevent timing on gadget unbind
(git-fixes).
- commit e3b30d8
- blacklist.conf: entry for usb/gadget/udc/core that has been reverted
- commit 50292b0
- mm,page_owner: Update Documentation regarding page_owner_stacks
(jsc-PED#7423).
- commit 96f4587
- mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
- commit e683246
- mm,page_owner: Display all stacks and their count
(jsc-PED#7423).
- commit cfad590
- mm,page_owner: Implement the tracking of the stacks count
(jsc-PED#7423).
- commit 4c2de65
- mm,page_owner: Maintain own list of stack_records structs
(jsc-PED#7423).
- commit 91e49cb
- scsi: ibmvfc: Open-code reset loop for target reset
(bsc#1220106).
- commit 8ab46b6
- scsi: ibmvfc: Limit max hw queues by num_online_cpus()
(bsc#1220106).
- commit 648a1af
- lib/stackdepot: Move stack_record struct definition into the
header (jsc-PED#7423).
- commit 6077ffb
- lib/stackdepot: Fix first entry having a 0-handle
(jsc-PED#7423).
- commit 992fd7d
- lib/stackdepot: add refcount for records (jsc-PED#7423).
- commit 714c529
- sched/membarrier: reduce the ability to hammer on sys_membarrier
(git-fixes).
- commit 050cced
- lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
- commit 2786362
- RDMA/srpt: fix function pointer cast warnings (git-fixes)
- commit dac438c
- RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
- commit b146859
- RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
- commit 8d48d24
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
- commit da3f72a
- RDMA/irdma: Add AE for too many RNRS (git-fixes)
- commit f63a394
- RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
- commit 3b512eb
- RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
- commit 98f2343
- RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
- commit 83211d5
- RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
- commit 675dc2d
- RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
- commit c51f388
- IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
- commit 2afc750
- x86/mm: Fix memory encryption features advertisement (bsc#1206453).
- commit 143c33b
- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
goto" issue").
- commit be1bdab
- net: openvswitch: limit the number of recursions from action
sets (bsc#1219835 CVE-2024-1151).
- commit ed2fd55
- scsi: core: Move scsi_host_busy() out of host lock if it is
for per-command (git-fixes).
- commit 65a3d05
- mfd: syscon: Fix null pointer dereference in
of_syscon_register() (git-fixes).
- commit ac6a500
- powerpc/64: Set task pt_regs->link to the LR value on scv entry
(bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y
(bsc#1194869).
- powerpc/watchpoints: Annotate atomic context in more places
(bsc#1194869).
- powerpc/watchpoint: Disable pagefaults when getting user
instruction (bsc#1194869).
- powerpc/watchpoints: Disable preemption in thread_change_pc()
(bsc#1194869).
- powerpc/pseries: Rework lppaca_shared_proc() to avoid
DEBUG_PREEMPT (bsc#1194869).
- powerpc: Don't include lppaca.h in paca.h (bsc#1194869).
- powerpc/powernv: Fix fortify source warnings in opal-prd.c
(bsc#1194869).
- commit 148ec5a
- modpost: trim leading spaces when processing source files list
(git-fixes).
- kbuild: Fix changing ELF file type for output of gen_btf for
big endian (git-fixes).
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
(git-fixes).
- driver core: Fix device_link_flag_is_sync_state_only()
(git-fixes).
- iio: accel: bma400: Fix a compilation problem (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value
read from RM3100_REG_TMRC (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- commit 55c0c3a
- compute-PATCHVERSION: Do not produce output when awk fails
compute-PATCHVERSION uses awk to produce a shell script that is
subsequently executed to update shell variables which are then printed
as the patchversion.
Some versions of awk, most notably bysybox-gawk do not understand the
awk program and fail to run. This results in no script generated as
output, and printing the initial values of the shell variables as
the patchversion.
When the awk program fails to run produce 'exit 1' as the shell script
to run instead. That prevents printing the stale values, generates no
output, and generates invalid rpm spec file down the line. Then the
problem is flagged early and should be easier to diagnose.
- commit 8ef8383
- Drop bcm5974 input patch causing a regression (bsc#1220030)
- commit cdfe144
- nvme-fabrics: fix I/O connect error handling (git-fixes).
- commit 1cf32dd
- scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
bsc#1219141).
- scsi: Revert "scsi: fcoe: Fix potential deadlock on
&fip->ctlr_lock" (git-fixes bsc#1219141).
- scsi: core: Move scsi_host_busy() out of host lock for waking
up EH handler (git-fixes).
- scsi: isci: Fix an error code problem in isci_io_request_build()
(git-fixes).
- scsi: mpi3mr: Refresh sdev queue depth after controller reset
(git-fixes).
- commit bb93e52
- scsi: hisi_sas: Prevent parallel FLR and controller reset
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- commit 90473ca
- drm/amdgpu/display: Initialize gamma correction mode variable
in dcn30_get_gamcor_current() (git-fixes).
- drm/amd/display: Fix possible NULL dereference on device
remove/driver unload (git-fixes).
- Revert "drm/amd: flush any delayed gfxoff on suspend entry"
(git-fixes).
- drm/amd/display: Fix possible buffer overflow in
'find_dcfclk_for_voltage()' (git-fixes).
- drm/crtc: fix uninitialized variable use even harder
(git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- can: j1939: Fix UAF in j1939_sk_match_filter during
setsockopt(SO_J1939_FILTER) (git-fixes).
- wifi: iwlwifi: uninitialized variable in
iwl_acpi_get_ppag_table() (git-fixes).
- wifi: iwlwifi: Fix some error codes (git-fixes).
- spi-mxs: Fix chipselect glitch (git-fixes).
- spi: ppc4xx: Drop write-only variable (git-fixes).
- HID: wacom: generic: Avoid reporting a serial of '0' to
userspace (git-fixes).
- HID: wacom: Do not register input devices until after
hid_hw_start (git-fixes).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
(git-fixes).
- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in
BPC unknown case (git-fixes).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
(git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- crypto: ccp - Fix null pointer dereference in
__sev_platform_shutdown_locked (git-fixes).
- commit 8c41a3a
- ALSA: usb-audio: More relaxed check of MIDI jack names
(git-fixes).
- ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
(git-fixes).
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks
table (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix device ID / model name
(git-fixes).
- ALSA: usb-audio: Sort quirk table entries (git-fixes).
- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
(git-fixes).
- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
(git-fixes).
- commit 4ee9775
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 515312a
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
Also add mds_user_clear to kABI severities since it's strictly
mitigation related so should be low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit f298aab
- netfs, fscache: Prevent Oops in fscache_put_cache()
(bsc#1220003).
- commit 70831f5
- mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
- commit 4c346fc
- netfilter: nf_tables: disallow rule removal from chain binding
(bsc#1218216 CVE-2023-5197).
- commit dcfc62f
- netfilter: nf_tables: skip bound chain in netns release path
(bsc#1218216 CVE-2023-5197).
- commit 29d741f
- netfilter: nf_tables: disallow rule removal from chain binding
(bsc#1218216 CVE-2023-5197).
- commit d7a1a4d
- netfilter: nf_tables: skip bound chain in netns release path
(bsc#1218216 CVE-2023-5197).
- commit af879c8
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- commit e5b6bde
- mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE
(bsc#1218663).
- commit d6fa958
- mm/hwpoison: mf_mutex for soft offline and unpoison
(bsc#1218663).
- commit 177fcfa
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127 CVE-2024-23849).
- commit 43577c1
- Refresh
patches.suse/scsi-lpfc-use-unsigned-type-for-num_sge.patch.
- commit 6b5c8aa
- USB: hub: check for alternate port before enabling
A_ALT_HNP_SUPPORT (bsc#1218527).
- Delete patches.suse/usb-otg-numberpad-exception.patch.
Removal of temporary work around
- commit 51410f7
- blacklist.conf: irrelevant in our configs
- commit 011570e
- dm: limit the number of targets and parameter size area
(bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit 26dc83e
- usb: cdns3: Modify the return value of cdns_set_active ()
to void when CONFIG_PM_SLEEP is disabled (git-fixes).
- Refresh patches.kabi/usb-cdns-readd-old-API.patch.
- commit f63fe1f
- usb: cdns: readd old API (git-fixes).
- commit e63cfaf
- usb: gadget: f_hid: fix report descriptor allocation
(git-fixes).
- commit b1aee6d
- Refresh
patches.suse/USB-dwc2-write-HCINT-with-INTMASK-applied.patch.
moved into sorted section
- commit 19ade31
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
(git-fixes).
- commit e5f0b82
- usb: cdns3: Put the cdns set active part outside the spin lock
(git-fixes).
- commit 86f2eb0
- USB: Gadget: core: Help prevent panic during UVC unconfigure
(git-fixes).
- commit 00fdbf2
- usb: gadget: core: remove unbalanced mutex_unlock in
usb_gadget_activate (git-fixes).
- commit 4803ff6
- usb: gadget: udc: Handle gadget_connect failure during bind
operation (git-fixes).
- commit 70218de
- USB: gadget: core: Add missing kerneldoc for vbus_work
(git-fixes).
- commit 25e9543
- usb: gadget: udc: core: Prevent soft_connect_store() race
(git-fixes).
- commit eb5f8ac
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
(git-fixes).
- commit 7a7bf5a
- blacklist.conf: changed reason
The old reason applied only to SP4. However
this patch by coincidence still needs to be blacklisted in SP5
for a completely different reason
- commit 5f8bebe
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(git-fixes).
- Refresh
patches.suse/USB-gadget-Fix-use-after-free-during-usb-config-swit.patch.
- commit a8658e1
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(git-fixes).
- commit 6205e50
- s390/qeth: Fix potential loss of L3-IP@ in case of network
issues (git-fixes bsc#1219840).
- commit 4987d16
- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
- commit 47fbb44
- Add reference to recently released CVE
- Update
patches.suse/x86-entry-convert-int-0x80-emulation-to-idtentry.patch
(bsc#1217927 CVE-2024-25744).
- Update
patches.suse/x86-entry-do-not-allow-external-0x80-interrupts.patch
(bsc#1217927 CVE-2024-25744).
- commit 1dc32d2
- nvme-host: fix the updating of the firmware version (git-fixes).
- commit 27cca59
- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
- commit 8b0cea9
- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- commit 713244d
- arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
- commit 2aa2cc1
- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
Fix following error when building kvmsmall config by removing left over
declaration:
[ 216s] In file included from ../arch/x86/kernel/cpu/mce/core.c:52:0:
[ 216s] ../arch/x86/include/asm/mce.h:366:1: error: duplicate 'static'
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~~~
[ 216s] ../arch/x86/include/asm/mce.h:366:15: error: two or more data types in declaration specifiers
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~
[ 216s] ../arch/x86/include/asm/mce.h: In function 'mce_hygon_feature_init':
[ 216s] ../arch/x86/include/asm/mce.h:366:75: error: void value not ignored as it ought to be
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~~~~~~~~~~~~~~~~~~~~
[ 216s] ../arch/x86/include/asm/mce.h:366:50: error: control reaches end of non-void function [-Werror=return-type]
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
- commit 7015e17
- arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
Enable workaround.
- commit 72bb690
- arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
- Update config files.
- Refresh caps file
- commit 12d16a6
- arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443)
Enable workaround without kABI break.
- Update config files.
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 2067234
- arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes)
Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
- Update config files
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 4d24e79
- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
Fix build due to incomplete line removal
- commit 720d084
- vhost: use kzalloc() instead of kmalloc() followed by memset()
(CVE-2024-0340, bsc#1218689).
- commit 4c5a740
- README.BRANCH: Update cve/linux-5.14 maintainers
Add myself to match SLE15-SP5 consumer + fix typo in branch name.
- commit da26653
- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
Accidentally removed nfs4_get_stateowner
- commit ad106c0
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
(git-fixes bsc#1219608 CVE-2024-24860).
- commit a1186fd
- Update
patches.suse/Bluetooth-Fix-atomicity-violation-in-min-max-_key_si.patch
(git-fixes bsc#1219608 CVE-2024-24860).
- commit dedfe8a
- README.BRANCH: update branch name to cve/linux-5.14, update maintainers
as requested
- commit 8e34879
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
(bsc#1219653)
They are put into -devel subpackage. And a proper link to
/usr/share/gdb/auto-load/ is created.
- commit 1dccf2a
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- commit fb688f3
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- commit a26a502
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- commit 83df5af
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- commit 761e3c8
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- commit d6e1334
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- commit f1baba4
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- commit d6ad6ba
- netfilter: nf_tables: check if catch-all set element is active
in next generation (CVE-2024-1085 bsc#1219429).
- commit 7b3f4c4
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
(CVE-2024-1086 bsc#1219434).
- commit 5f917ff
- fs: indicate request originates from old mount API (git-fixes).
- commit 8ccbbb1
- tracefs: Add missing lockdown check to tracefs_create_dir()
(git-fixes).
- commit 36d0f04
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- commit b1a5e63
- attr: block mode changes of symlinks (git-fixes).
- commit c0d7be1
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- commit 3a099ca
- kernfs: fix missing kernfs_idr_lock to remove an ID from the
IDR (git-fixes).
- commit 5156b80
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based
tmpfs (git-fixes).
- commit a75bdfb
- fs: drop peer group ids under namespace lock (git-fixes).
- commit b6028f3
- nsfs: add compat ioctl handler (git-fixes).
- commit 38694b2
- aio: fix mremap after fork null-deref (git-fixes).
- commit 22e33d9
- fs: don't audit the capability check in simple_xattr_list()
(git-fixes).
- commit 5b6e2cc
- mm: fs: initialize fsdata passed to write_begin/write_end
interface (git-fixes).
- commit af45b4c
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- commit 088d52b
- vfs: make freeze_super abort when sync_filesystem returns error
(git-fixes).
- commit 6a3b59b
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- commit 113e698
- Update
patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-v2.patch
(bsc#1219128 CVE-2023-51042 git-fixes).
- commit 4b937fc
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
(git-fixes).
- drm/amdkfd: Fix 'node' NULL check in
'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in
'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table'
in 'get_platform_power_management_table()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070
and SN6140 (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in
'kfd_add_peer_prop()' (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
(git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in
'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable
(git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases
(git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on
same heap (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
time (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp
(git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- commit 3c1f8a7
- rpm/mkspec: sort entries in _multibuild
Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
due to readdir() using "random" order as served by the underlying
filesystem.
See for example:
https://build.opensuse.org/request/show/1144457/changes
- commit d1155de
- Revert "tracing: Increase trace array ref count on enable and
filter files" (bsc#1219490).
Deleted:
patches.suse/tracing-Increase-trace-array-ref-count-on-enable-and-filter-files.patch
patches.suse/tracing-Fix-uaf-issue-when-open-the-hist-or-hist_debug-file.patch
patches.suse/tracing-Have-event-inject-files-inc-the-trace-array-ref-count.patch
Backported commit f5ca233e2e66 ("tracing: Increase trace array ref count
on enable and filter files") causes a kernel panic and its upstream
fix-up bb32500fb9b7 ("tracing: Have trace_event_file have ref counters")
cannot be easily backported because it affects kABI. Revert the commit
and its two related + dependent patches, at least for now.
- commit b75b68d
- fs: Move notify_change permission checks into may_setattr
(git-fixes).
- commit 9c54f53
- blacklist.conf: add 'nvme: fix error-handling for io_uring
nvme-passthrough'
- commit 580a5ab
- nvme-rdma: Fix transfer length when write_generate/read_verify
are 0 (git-fixes).
- commit b0bd240
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context
(git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- commit 45d7afe
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID
reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after
FDISC (bsc#1219582).
- scsi: lpfc: Change VMID driver load time parameters to read only
(bsc#1219582).
- commit bb7c841
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- commit 5e28675
- misc: fastrpc: Mark all sessions as invalid in cb_remove
(git-fixes).
- serial: max310x: fail probe if clock crystal is unstable
(git-fixes).
- serial: max310x: improve crystal stable clock detection
(git-fixes).
- serial: max310x: set default value when reading clock ready bit
(git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget
(git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: host: xhci-plat: Add support for
XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- dmaengine: fix is_slave_direction() return false when
DMA_DEV_TO_DEV (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
(git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
(git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor
(git-fixes).
- commit 4d4442b
- Input: atkbd - do not skip atkbd_deactivate() when skipping
ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping
ATKBD_CMD_GETID (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic
(git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack
(git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls
(git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
(git-fixes).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
(git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- firewire: core: correct documentation of fw_csr_string()
kernel API (git-fixes).
- commit 2100750
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- commit a1a4e04
- perf/x86/uncore: Use u64 to replace unsigned for the uncore
offsets array (bsc#1219512).
- commit 1425233
- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
bsc#1218730).
- commit 658d424
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
Update an existing patch to fix bsc#1216441.
- commit 1c5c5fe
- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
XSA-448, bsc#1218836).
- commit 9a897ff
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- commit fe7e152
- nouveau/vmm: don't set addr on the fail path to avoid warning
(git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable
W/A (git-fixes).
- drm: Don't unref the same fb many times by mistake due to
deadlock handling (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event
(git-fixes).
- commit 962c8b3
- Update
patches.suse/ext4-fix-kernel-BUG-in-ext4_write_inline_data_end.patch
(CVE-2021-33631 bsc#1219412 bsc#1206894).
- commit 2260246
- kabi, vmstat: skip periodic vmstat update for isolated CPUs
(bsc#1217895).
- commit 8cb5798
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- trace,smp: Add tracepoints around remotelly called functions
(bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs
(bsc#1217895).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 668c0e0
- kernel-source: Fix description typo
- commit 8abff35
- nvmet-tcp: Fix the H2C expected PDU len calculation
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
CVE-2023-6536 CVE-2023-6356).
- commit d968940
- clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
- commit b33ffd8
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968
bsc#1219349).
- commit e7c782d
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
(CVE-2023-47233 bsc#1216702).
- commit 433859d
- rpm/constraints.in: set jobs for riscv to 8
The same workers are used for x86 and riscv and the riscv builds take
ages. So align the riscv jobs count to x86.
- commit b2c82b9
- blacklist.conf: add a not-relevant module commit
- commit d1799c4
- tracing/trigger: Fix to return error if failed to alloc snapshot
(git-fixes).
- commit 6a3a4f2
- blacklist.conf: Add bunch of uclamp fixups
244226035a1f sched/uclamp: Fix fits_capacity() check in feec()
b759caa1d9f6 sched/uclamp: Make select_idle_capacity() use util_fits_cpu()
c56ab1b3506b sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
d81304bc6193 sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition
6b00a4014765 sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
- commit 6be119f
- platform/x86: ISST: Reduce noise for missing numa information
in logs (bsc#1219285).
- commit 017b316
- tracing: Ensure visibility when inserting an element into
tracing_map (git-fixes).
- commit 95dfb0f
- bpf: Limit the number of kprobes when attaching program to
multiple kprobes (git-fixes).
- commit ecd4878
- ring-buffer: Do not record in NMI if the arch does not support
cmpxchg in NMI (git-fixes).
- commit 2ced0ce
- tracing: Fix uaf issue when open the hist or hist_debug file
(git-fixes).
- commit 8c95da9
- tracing: Add size check when printing trace_marker output
(git-fixes).
- commit ea9dc7e
- tracing: Have large events show up as '[LINE TOO BIG]' instead of
nothing (git-fixes).
- commit 57bb6f3
- asix: Add check for usbnet_get_endpoints (git-fixes).
- commit ce1c3e3
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250
(git-fixes).
- commit a726891
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in
the error case (git-fixes).
- commit b1d3207
- clocksource: Skip watchdog check for large watchdog intervals
(git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable()
(git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in
.post_disable() (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma
tm070jvhg[30/33] (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX
transfer (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in
gsc_runtime_resume (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane
(git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type
(git-fixes).
- commit 0576231
- net: sched: sch_qfq: Use non-work-conserving warning handler
(CVE-2023-4921 bsc#1215275).
- commit b50ba0e
- mkspec: Use variant in constraints template
Constraints are not applied consistently with kernel package variants.
Add variant to the constraints template as appropriate, and expand it
in mkspec.
- commit cc68ab9
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol
It's an internal function that shouldn't have been exported
- commit eb24ddf
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry
(git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
(git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- pstore: ram_core: fix possible overflow in
persistent_ram_init_ecc() (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference
(git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
(git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where
applicable (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of
streamon (git-fixes).
- commit d4f3c53
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
boost on HP ZBook (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
(git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command
(git-fixes).
- drivers: clk: zynqmp: update divider round rate logic
(git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
(git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab
S10346 (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- ASoC: ops: add correct range check for limiting volume
(git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure
(git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration
(git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function
(git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to
restricted __be16 (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path
(git-fixes).
- commit f91e3c6
- Drop clk imx patch that was reverted in the stable tree
- commit ab74263
- Drop ASoC atmel patch that was reverted on stable tree
- commit 7e99407
- rpm/constraints.in: add static multibuild packages
Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
constraints on multibuild) added "kernel-source:" prefix to the
dynamically generated kernels. But there are also static ones like
kernel-docs. Those fail to build as the constraints are still not
applied.
So add the prefix also to the static ones.
Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
will ever be multibuilt...
- commit c2e0681
- Update
patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonblocki.patch
(bsc#1219120 CVE-2023-51043 git-fixes).
- commit d004027
- Revert "Limit kernel-source build to architectures for which the kernel binary"
This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a
- mkspec: Include constraints for both multibuild and plain package always
There is no need to check for multibuild flag, the constraints can be
always generated for both cases.
- commit 308ea09
- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b
- scsi: hisi_sas: Correct the number of global debugfs registers
(git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed
(git-fixes).
- commit 2336743
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Add-more-logs-for-runtime-suspend-resume.patch.
- Refresh
patches.suse/scsi-hisi_sas-Fix-rescan-after-deleting-a-disk.
- Refresh
patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- Refresh
patches.suse/scsi-hisi_sas-Use-libsas-internal-abort-support.patch.
- Refresh
patches.suse/scsi-libsas-Don-t-always-drain-event-workqueue-for-HA-resume.patch.
- commit 6d49430
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- commit afe2033
- rpm/kernel-source.rpmlintrc: add action-ebpf
Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
plugin) added this precompiled binary blob. Adapt rpmlintrc for
kernel-source.
- commit b5ccb33
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- commit ef8225f
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
(bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13
(bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common
code (bsc#1219136).
- commit 4161e83
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
(bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming
Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting
Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols
(bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols
(bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies
(bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings
(bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform
(bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file
(bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and
config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream
(bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver
(bsc#1219136).
- ASoC: amd: acp: store platform device reference created in
pci probe call (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable
interrupts functions (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for
rembrandt platform (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence
(bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- commit 120d62d
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table
(bsc#1219136).
- commit 150a883
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
(bsc#1219136).
- commit c977ecd
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
(bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh
platform (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions
(bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers
(bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver
(bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the
quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
(8A42) (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false
condition (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function
(bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop
16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
(8A43) (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
(bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms
(bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver
(bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence
(bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation
(bsc#1219136).
- ASoC: amd: acp: Add new cpu dai's in machine driver
(bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in
create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in
pdm driver (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers
(bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler
(bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic
(bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config
(bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms
(bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table
(bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver
(bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention
(bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine
driver (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S
controller (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header
(bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks
table (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo
ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of
devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc()
(bsc#1219136).
- ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build
(bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic
(bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver
(bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build
(bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic
driver (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header
(bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic
(bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean
(bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream
(bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during
pcm_open (bsc#1219136).
- commit 14632ae
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- commit 3eba4f6
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- commit ee809a9
- xhci: track port suspend state correctly in unsuccessful resume
cases (git-fixes).
- commit 5f8b948
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- commit a7b727f
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- commit f3c4bfe
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- commit 7e17ca6
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- commit ed0fb4a
- blacklist.conf: ("arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer")
- commit 76fd77c
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- commit 872bee1
- scsi: hisi_sas: Replace with standard error code return value
(git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: core: Always send batch on reset or error handling command
(git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
(git-fixes).
- commit 3a87f07
- blacklist.conf: add commit that breaks kabi
- commit 4ab1644
- scsi: qla2xxx: Fix system crash due to bad pointer access
(git-fixes).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from
3 to 30 for selected registers (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in
fc_lport_ptp_setup() (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall
return code (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing
debugfs (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending
PHY_START command (git-fixes).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump
(git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed
(git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
(git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing
(git-fixes).
- commit d038b1c
- xhci: pass port pointer as parameter to xhci_set_port_power()
(git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- commit b297848
- USB: xhci: workaround for grace period (git-fixes).
- commit 66e1fb8
- xhci: Add grace period after xHC start to prevent premature
runtime suspend (git-fixes).
- blacklist.conf: I wanted to avoid the kABI workaround for this, but it
is needed; reinstate it.
- Refresh
patches.suse/xhci-remove-unused-command-member-from-struct-xhci_h.patch.
- commit e6ea339
- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
The previous change added the manual entry from kernel-sources.change.old
to old_changelog.txt unnecessarily. Let's fix it.
- commit fb033e8
- Update
patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch
(bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 97ea702
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- commit e0e972e
- blacklist.conf: add 4fbc3a52cd4d ("RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz")
- commit 294e9b8
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- commit 345f1ff
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- commit 4a6aa38
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- commit 281db3f
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- commit 63679fd
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- commit 3c73c12
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- commit 8cc2bd1
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- commit 8d9fb90
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- commit e242a3d
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- commit 29a41f7
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- commit 538f2e3
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- commit 263fc9c
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- commit 59ab729
- rpm/kernel-docs.spec.in: fix build with 6.8
Since upstream commit f061c9f7d058 (Documentation: Document each netlink
family), the build needs python yaml.
- commit 6a7ece3
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Handle-NCQ-error-when-IPTT-is-valid.patch.
- commit 44aa3a5
- blacklist.conf: kABI
- commit d83f18a
- blacklist.conf: kABI
- commit 59ff7e1
- Update patch reference for ax88179 fix (bsc#1218948)
- commit 5a21b74
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize
hv_nmi_unknown() (git-fixes).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM
(git-fixes).
- commit 7633c65
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel
null pointer (git-fixes).
- commit 3bf351b
- dmaengine: fix NULL pointer in channel unregistration function
(git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type
on io.h (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer
(git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs
(git-fixes).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init
(git-fixes).
- apparmor: avoid crash when parsed profile name is empty
(git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360
13-ay0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models
(git-fixes).
- drm/amd/display: get dprefclk ss info from integration info
table (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix a potential error pointer dereference
(git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32
bps format (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- commit 091325f
- net: usb: ax88179_178a: avoid two consecutive device resets
(bsc#1218948).
- net: usb: ax88179_178a: Bind only to vendor-specific interface
(bsc#1218948).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- commit d91b154
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- commit ad625bb
- badblocks: avoid checking invalid range in badblocks_check()
(bsc#1174649).
- badblocks: switch to the improved badblock handling code
(bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges
handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges
handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling
(bsc#1174649).
- badblocks: add helper routines for badblock ranges handling
(bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h
(bsc#1174649).
- commit 6a46786
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- commit 4ac18f0
- perf/x86/intel/uncore: Factor out topology_gidnid_map()
(bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology() (bsc#1218958).
- commit fe3658c
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- Refresh
patches.suse/net-usb-ax88179_178a-wol-optimizations.patch.
- commit 8b1488e
- s390/vfio-ap: let on_scan_complete() callback filter matrix
and update guest's APCB (git-fixes bsc#1219014).
- commit b83db20
- s390/vfio-ap: loop over the shadow APCB when filtering guest's
AP configuration (git-fixes bsc#1219013).
- commit 0f291d1
- s390/vfio-ap: always filter entire AP matrix (git-fixes
bsc#1219012).
- commit a461bd5
- s390/pci: fix max size calculation in zpci_memcpy_toio()
(git-fixes bsc#1219006).
- commit 18b0ac3
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h
(git-fixes).
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling
mode (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- pwm: jz4740: Don't use dev_err_probe() in .request()
(git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate()
(git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault
(git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
(git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer
(git-fixes).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for
mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq
(git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg
enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled
(git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
(git-fixes).
- Revert "usb: dwc3: don't reset device side if dwc3 was
configured as host-only" (git-fixes).
- Revert "usb: dwc3: Soft reset phy on probe for host"
(git-fixes).
- Revert "usb: typec: class: fix typec_altmode_put_partner to
put plugs" (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency
(git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during
probe (git-fixes).
- serial: imx: Correct clock error message in function probe()
(git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable()
fails (git-fixes).
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed (git-fixes).
- software node: Let args be NULL in
software_node_get_reference_args (git-fixes).
- acpi: property: Let args be NULL in
__acpi_node_get_property_reference (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: don't ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers
(git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing
TREs (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer
(git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs
(git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- pinctrl: intel: Revert "Unexport intel_pinctrl_probe()"
(git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate
(git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags
(git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen
machines and ASM108x/VT630x PCIe cards (git-fixes).
- mmc: core: Cancel delayed work before releasing host
(git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- commit 050b9b3
- blacklist.conf: documentation fix
- commit 056879c
- KVM: s390: vsie: Fix STFLE interpretive execution identification
(git-fixes bsc#1218997).
- commit a78caf7
- nvme: move nvme_stop_keep_alive() back to original position
(bsc#1211515).
- commit d640b69
- netfilter: nf_tables: Reject tables of unsupported family
(bsc#1218752 CVE-2023-6040).
- commit e03f1d3
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme-loop: always quiesce and cancel commands before destroying
admin q (bsc#1211515).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue()
(bsc#1211515).
- commit f407c87
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- commit 79783f0
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
(git-fixes).
- commit cc469c7
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under
@c->lp_mutex (git-fixes).
- commit d5d1991
- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
CVE-2024-0641).
- commit d898738
- Drop PCI vmd patches that caused a regression (bsc#1218005)
Deleted:
patches.suse/PCI-vmd-Fix-secondary-bus-reset-for-Intel-bridges.patch
patches.suse/PCI-vmd-Fix-uninitialized-variable-usage-in-vmd_enab.patch
- commit 1697177
- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
CVE-2024-0641).
- commit 7953be2
- Update metadata
- commit c015ae2
- smb: client: fix OOB in receive_encrypted_standard()
(bsc#1218832 CVE-2024-0565).
- commit 3cac9c2
- smb: client: fix OOB in receive_encrypted_standard()
(bsc#1218832 CVE-2024-0565).
- commit e9083ae
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- commit b54373d
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- commit 69805de
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- commit 17233cd
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- commit 3e4d18d
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- commit c22413e
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- commit 366f439
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- commit bb70cd4
- Documentation: Begin a RAS section (jsc#PED-7622).
- commit b55cb06
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- commit 2a68e97
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- commit 44e51c1
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- commit 05504bb
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- commit ea69eb6
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- Refresh
patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit 7126e83
- ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804
CVE-2023-6915).
- commit 7caa324
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- commit 12e7799
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- commit 1360d63
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- commit 289eab7
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- commit ac44ea2
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- Refresh
patches.suse/platform-x86-amd-pmc-remove-CONFIG_DEBUG_FS-checks.patch.
- commit 9b51c97
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- commit 58aa5aa
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- commit f30c55c
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- commit ffa78e3
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- commit cfe246e
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- Refresh
patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit cb392fd
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- Refresh
patches.suse/edac-add-rddr5-and-lrddr5-memory-types.patch.
- commit eca21a4
- usb: otg numberpad exception (bsc#1218527).
- commit 3d70e84
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- commit 16c2c66
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- commit b84231c
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- commit b7d2f10
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- commit ea43a00
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- commit 2c6263f
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- commit 375eb6a
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- commit 2903760
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- commit 9071635
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- commit 21842b7
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- commit 93157a0
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- commit 01c4123
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- commit 59d41b9
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- commit ddb7d7a
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- commit cb412ef
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- commit f32e3e6
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- commit e87aae6
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- commit 555ada3
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- commit 8839a23
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- commit 9f0bb93
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- commit 13890aa
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- commit 78d7b48
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- commit a00b2ae
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- commit 49bc10d
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- commit c2e9755
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- commit 320ccbc
- EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- commit 85a16a7
- EDAC/amd64: Add context struct (jsc#PED-7615).
- commit 98c3472
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- commit d8a1ed8
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- commit deabf4e
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- commit c071d82
- s390: vfio-ap: tighten the NIB validity check (git-fixes)
blacklist.conf: the reason for valid for SLE15-SP4, not so much for SP5
- commit fbc62d2
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- commit 854c05d
- blacklist.conf: not a fix
- commit e48ddb7
- Delete
patches.suse/s390-sles15sp2-kdump-fix-out-of-memory-with-PCI.patch.
Patch obsoleted by 73045a08cf55 ("s390: unify identity mapping limits
handling")
- commit efb62ac
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- commit 3b938a7
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- commit a6bc99c
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- commit 36e1498
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- commit aa5d7f2
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- commit cf6ac73
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- commit 1e7e6ff
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- commit 86846ee
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- commit 6ecb7b5
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- Fix crash in vmw_context_cotables_unref when 3d support is enabled
(bsc#1218738)
- commit 99a9f67
- of: unittest: Fix of_count_phandle_with_args() expected value
message (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking
(git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS
irq (git-fixes).
- commit e43eec3
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- commit 29695c1
- of: Fix double free in of_parse_phandle_with_args_map
(git-fixes).
- HID: wacom: Correct behavior when processing some confidence ==
false touches (git-fixes).
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync()
(git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency
from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error
handling path of m88ds3103_probe() (git-fixes).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- media: ov9734: Enable runtime PM before registering async
sub-device (git-fixes).
- media: imx355: Enable runtime PM before registering async
sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection
(git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog
is unused (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
(git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init
(git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing
list_first_entry in kfd_topology.c (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the
clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from
dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match
its functionality (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt
leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/amd/pm: fix a double-free in
amdgpu_parse_extended_power_table (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors
are NULL (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in
trinity_parse_power_table (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table
(git-fixes).
- drm/radeon: check the alloc_workqueue return value in
radeon_crtc_init() (git-fixes).
- drm/bridge: tc358767: Fix return value on error case
(git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable
(git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
(git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all()
(git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/radeon: check return value of radeon_ring_lock()
(git-fixes).
- drm/radeon/r100: Fix integer overflow issues in
r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in
r600_cs_check_reg() (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- commit 10ca9c4
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property
(git-fixes).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
(git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in
si5341_output_clk_set_rate (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]
(git-fixes).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common
(git-fixes).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION
(git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch
(git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include
(git-fixes).
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table
(git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove
function (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu
pointer (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare
(git-fixes).
- drm/panfrost: Really power off GPU cores in
panfrost_gpu_power_off() (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- Revert "drm/omapdrm: Annotate dma-fence critical section in
commit path" (git-fixes).
- Revert "drm/tidss: Annotate dma-fence critical section in
commit path" (git-fixes).
- commit 335f137
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS
is encrypted (git-fixes).
- commit 8930a6f
- exfat: support handle zero-size directory (git-fixes).
- commit aa8d54f
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
(git-fixes).
- commit eabf8a7
- exfat: fix reporting fs error when reading dir beyond EOF
(git-fixes).
- commit 006310e
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
(git-fixes).
- commit bd29027
- gfs2: low-memory forced flush fixes (git-fixes).
- commit 7520dfb
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- commit de4f7d3
- gfs2: Always check inode size of inline inodes (git-fixes).
- commit 6a40877
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- Refresh
patches.suse/gfs2-Fix-inode-height-consistency-check.patch.
- commit 2086607
- gfs2: Disable page faults during lockless buffered reads
(git-fixes).
- commit 083a438
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- commit 4875ffd
- gfs2: release iopen glock early in evict (git-fixes).
- Refresh patches.suse/gfs2-fix-an-oops-in-gfs2_permission.patch.
- commit c3246bf
- gfs2: Eliminate ip->i_gh (git-fixes).
- commit c0a896f
- gfs2: Move the inode glock locking to gfs2_file_buffered_write
(git-fixes).
- commit 25a5c4c
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- commit fb547d4
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- commit 4f703a1
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- commit e22854c
- Update patch reference for rose fix (CVE-2023-51782 bsc#1218757)
- commit da9f8e9
- ring-buffer/Documentation: Add documentation on buffer_percent
file (git-fixes).
- kernel-doc: handle a void function without producing a warning
(git-fixes).
- scripts/kernel-doc: restore warning for Excess struct/union
(git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
(git-fixes).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
(git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request
(git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP
(git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA
association fail (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915
(git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
(git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable
code (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift
behavior (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix
(git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- crypto: sahara - do not resize req->src when doing hash
operations (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes <
sg->length (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process()
(git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error
handling (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
(git-fixes).
- crypto: sahara - fix processing requests with cryptlen <
sg->length (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error
(git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- commit bb694d9
- powerpc/powernv: Add a null pointer check to
scom_debug_init_one() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in
init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- powerpc/fadump: reset dump area size if fadump memory reserve
fails (bsc#1194869).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1194869).
- commit 0f8bc2c
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct
mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- commit f1ad417
- powerpc/powernv: Add a null pointer check in
opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
- powerpc/pseries/memhp: Fix access beyond end of drmem array
(bsc#1065729).
- commit 960ba4e
- s390/vfio-ap: unpin pages on gisc registration failure
(git-fixes bsc#1218723).
- commit e07d25b
- series.conf: the patch is not in git and breaks series_insert.py
- commit fae10c6
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- commit c8d4ebe
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- commit b7954e5
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- commit 78d747c
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
The old entries are found in kernel-docs/old_changelog.txt in docdir.
rpm/old_changelog.txt can be an optional file that stores the similar
info like rpm/kernel-sources.changes.old. It can specify the commit
range that have been truncated. scripts/tar-up.sh expands from the
git log accordingly.
- commit c9a2566
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- commit 8afebed
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- PM: hibernate: Enforce ordering during image
compression/decompression (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC
handled the error (git-fixes).
- ACPI: video: check for error while searching for backlight
device parent (git-fixes).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc
comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller
response (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
(git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
(git-fixes).
- usr/Kconfig: fix typos of "its" (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static
(git-fixes).
- EDAC/thunderx: Fix possible out-of-bounds string access
(git-fixes).
- ACPI: property: Allow _DSD buffer data only for byte accessors
(git-fixes).
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map
(git-fixes).
- commit 7e9a91a
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1218447 CVE-2023-6531).
Requires a kABI fix due to the following:
net/core/scm.c:135: warning: __scm_destroy: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:217: warning: __scm_send: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:266: warning: put_cmsg: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:280: warning: put_cmsg_scm_timestamping64: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:294: warning: put_cmsg_scm_timestamping: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:353: warning: scm_detach_fds: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:373: warning: scm_fp_dup: modversion changed because of changes in struct io_uring_cmd (became defined)
- commit aa4f175
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
(bsc#1218659).
- commit 4ee6819
- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- commit a036bcf
- xen/events: fix delayed eoi list handling (git-fixes).
- commit eb0149c
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
(git-fixes).
- commit f6ed3e4
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- commit a41e3fe
- Update patches.kabi/kabi-fix-zone-unaccepted-memory.patch
(jsc#PED-7167 bsc#1218643).
- commit f781e3d
- vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space() (git-fixes).
- commit db5c328
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
(git-fixes).
- commit ad9e29a
- virtio_balloon: Fix endless deflation and inflation on arm64
(git-fixes).
- commit 6583f74
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- commit d624528
- swiotlb: use the calculated number of areas (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- commit b9aedb4
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
(git-fixes).
- commit 8696527
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- commit 146bca2
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1218447, CVE-2023-6531).
- commit fdc256b
- swiotlb: reduce the number of areas to match actual memory
pool size (git-fixes).
- swiotlb: always set the number of areas before allocating the
pool (git-fixes).
- swiotlb: fix debugfs reporting of reserved memory pools
(git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure
(git-fixes).
- swiotlb: don't panic! (git-fixes).
- Revert "swiotlb: panic if nslabs is too small" (git-fixes).
- commit 1b89825
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit cfca7f7
- x86/purgatory: Remove LTO flags (git-fixes).
- commit bbd4f84
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- commit 46d60b3
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- commit 7686df9
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- Refresh patches.suse/x86-srso-set-cpuid-feature-bits-independently-of-bug-or-mitigation-status.patch.
- commit c22f4b4
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- commit d74349c
- vsprintf/kallsyms: Prevent invalid data when printing symbol
(bsc#1217602).
- commit 8dab9cc
- Limit kernel-source build to architectures for which the kernel binary
is built (bsc#1108281).
- commit 08a9e44
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- commit fdc98a7
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- commit 6bf16e1
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
(git-fixes).
- commit 3929c70
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit 4a0b72a
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- commit 7029135
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- commit 8087b92
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- commit 7b8dfd1
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- Refresh
patches.suse/x86-srso-fix-vulnerability-reporting-for-missing-microcode.patch.
- commit b121d1d
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 43e31d9
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- commit 98085ae
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- commit 270b9c8
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- commit 1bd102b
- gfs2: fix an oops in gfs2_permission (git-fixes).
- commit 60a8e84
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- commit a2dd84b
- gfs2: ignore negated quota changes (git-fixes).
- commit c2a4d43
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- commit 50de71c
- gfs2: Fix possible data races in gfs2_show_options()
(git-fixes).
- commit 7592b99
- gfs2: Fix inode height consistency check (git-fixes).
- commit 935054a
- gfs2: jdata writepage fix (git-fixes).
- commit e5f9516
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- commit 86c44aa
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 130df3d
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- commit 3054547
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- commit 4e4b75a
- gfs2: Fix filesystem block deallocation for short writes
(git-fixes).
- commit 87cd867
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
(git-fixes).
- commit 62669a7
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- commit d0e789c
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- commit 1a34aa3
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- commit 09da26e
- gfs2: Clean up function may_grant (git-fixes).
- commit ce33b14
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- commit e045f1b
- locks: fix KASAN: use-after-free in
trace_event_raw_event_filelock_lock (git-fixes).
- commit 4758492
- fs: avoid empty option when generating legacy mount string
(git-fixes).
- commit 00945db
- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit d4a18c5
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
(git-fixes).
- commit b9e9b76
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
(git-fixes).
- commit 1d47e4a
- orangefs: Fix sysfs not cleanup when dev init failed
(git-fixes).
- commit f7a82d1
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- commit e861bd6
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- commit 41989d9
- orangefs: Fix the size of a memory allocation in
orangefs_bufmap_alloc() (git-fixes).
- commit 6623b23
- iomap: Fix iomap_dio_rw return value for user copies
(git-fixes).
- commit 2b65ea1
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- commit dfe9a1f
- ubifs: fix possible dereference after free (git-fixes).
- commit 971dae9
- fs: ocfs2: namei: check return value of ocfs2_add_entry()
(git-fixes).
- commit 63eae38
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- commit 8906b9a
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- commit 28815ad
- fs/jfs: Add validity check for db_maxag and db_agpref
(git-fixes).
- commit 39d5b5e
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- commit f831778
- jfs: validate max amount of blocks before allocation
(git-fixes).
- commit 4be1419
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
(git-fixes).
- commit 5b4b023
- fs/jfs: prevent double-free in dbUnmount() after failed
jfs_remount() (git-fixes).
- commit 51a993a
- reiserfs: Replace 1-element array with C99 style flex-array
(git-fixes).
- commit 6ad83f4
- reiserfs: Check the return value from __getblk() (git-fixes).
- commit 0e912c9
- afs: Fix use-after-free due to get/remove race in volume tree
(git-fixes).
- commit f4a57bf
- afs: Fix overwriting of result of DNS query (git-fixes).
- commit fe0f4c6
- afs: Fix dynamic root lookup DNS check (git-fixes).
- commit 1e86064
- afs: Fix the dynamic root's d_delete to always delete unused
dentries (git-fixes).
- commit 3d5b3d7
- afs: Fix refcount underflow from error handling race
(git-fixes).
- commit 0a9c8bb
- afs: Fix file locking on R/O volumes to operate in local mode
(git-fixes).
- commit 5431cb3
- afs: Return ENOENT if no cell DNS record can be found
(git-fixes).
- commit 863355b
- afs: Make error on cell lookup failure consistent with OpenAFS
(git-fixes).
- commit 5fcd2cf
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- commit 8fc4f69
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- commit 6bd8135
- i2c: core: Fix atomic xfer check for non-preempt config
(git-fixes).
- commit 1b8a296
- Bluetooth: MGMT/SMP: Fix address type when using SMP over
BREDR/LE (git-fixes).
- commit ea51a70
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- Refresh
patches.suse/net-usb-ax88179_178a-fix-failed-operations-during-ax.patch.
- commit 10095df
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset
(git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions
(git-fixes).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- USB: serial: option: add Quectel EG912Y module support
(git-fixes).
- USB: serial: ftdi_sio: update Actisense PIDs constant names
(git-fixes).
- USB: serial: option: add Quectel RM500Q R13 firmware support
(git-fixes).
- USB: serial: option: add Foxconn T99W265 with new baseline
(git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device
is disconnected (git-fixes).
- Input: soc_button_array - add mapping for airplane mode button
(git-fixes).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf
(git-fixes).
- Bluetooth: L2CAP: Send reject on command corrupted request
(git-fixes).
- Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has
been sent (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order
(git-fixes).
- wifi: cfg80211: Add my certificate (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- commit 8fe75c7
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit b8b3309
- ALSA: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- ALSA: hda - Fix speaker and headset mic pin config for CHUWI
CoreBook XPro (git-fixes).
- commit a14754c
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook
440 G6 (git-fixes).
- ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook
(git-fixes).
- ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion
14-ec1xxx series (git-fixes).
- commit 379d8d1
- r8169: Fix PCI error on system resume (git-fixes).
- wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
(git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a
ref to llcp_local (git-fixes).
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
(git-fixes).
- ASoC: meson: g12a-toacodec: Fix event generation (git-fixes).
- ASoC: meson: g12a-tohdmitx: Validate written enum values
(git-fixes).
- ASoC: meson: g12a-toacodec: Validate written enum values
(git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV,
G200SE (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len
(git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size
bytes in AUX xfer (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size
bytes in AUX xfer (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for
drm_dp_set_phy_test_pattern (git-fixes).
- commit eecc30f
- Delete doc/config-options.changes (jsc#PED-5021)
Following on adedbd2a5c6 ("kernel-source: Remove config-options.changes
(jsc#PED-5021)"), remove the now unused file from the tree.
- commit d1b9e97
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- commit f6f3907
- ring-buffer: Fix wake ups when buffer_percent is set to 100
(git-fixes).
- commit 21c1070
- tracing / synthetic: Disable events after testing in
synth_event_gen_test_init() (git-fixes).
- commit e21c29f
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- commit 62cdcf8
- powerpc/pseries/vas: Migration suspend waits for no in-progress
open windows (bsc#1218397 ltc#204523).
- commit 26a4d82
- net: mana: select PAGE_POOL (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets
(git-fixes).
- net: ena: Destroy correct number of xdp queues upon failure
(git-fixes).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc
(jsc#PED-1526).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic
(jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic()
(jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume
(jsc#PED-1495).
- RDMA/bnxt_re: Correct module description string (jsc#PED-1495).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc
(jsc#PED-1495).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
(jsc#PED-372).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
(jsc#PED-370).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- i40e: prevent crash on probe if hw registers have invalid values
(jsc#PED-372).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
(jsc#PED-1526).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
(jsc#PED-1495).
- net: ena: Flush XDP packets on error (git-fixes).
- i40e: Fix VF VLAN offloading when port VLAN is configured
(jsc#PED-372).
- igc: Fix infinite initialization loop with early XDP redirect
(jsc#PED-375).
- igb: clean up in all error paths when enabling SR-IOV
(jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
(jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64
and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
(jsc#PED-375).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- i40e: fix potential NULL pointer dereferencing of pf->vf
i40e_sync_vsi_filters() (jsc#PED-372).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- i40e: fix misleading debug logs (jsc#PED-372).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K
(jsc#PED-1495).
- bnxt: don't handle XDP in netpoll (jsc#PED-1495).
- commit 64a4c85
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
(git-fixes).
- commit 9be35d2
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- blacklist.conf: Add c98c18270be1 sched, cgroup: Restore meaning to hierarchical_quota
- commit 6115840
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
(bsc#1218515).
- commit 00f113e
- blacklist.conf: e63a57303599 blk-cgroup: bypass blkcg_deactivate_policy after destroying
- commit 895355e
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- commit dbe7edd
- ring-buffer: Remove useless update to write_stamp in
rb_try_to_discard() (git-fixes).
- commit 64ff947
- RDMA/hfi1: Workaround truncation compilation error (git-fixes)
- commit 2302fb3
- RDMA/hns: The UD mode can only be configured with DCQCN (git-fixes)
- commit ca9d38d
- RDMA/hns: Add check for SL (git-fixes)
- commit cf9e8e3
- RDMA/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- commit 34178f4
- RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- commit 47c4074
- RDMA/hns: Fix printing level of asynchronous events (git-fixes)
- commit 892f8ec
- IB/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- commit ffaf04e
- RDMA/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- commit 4b8aeed
- RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- commit 605983a
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate
3.0 G3 (git-fixes).
- ALSA: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- Bluetooth: hci_event: shut up a false-positive warning
(git-fixes).
- Bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded
(git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free
(git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling
(git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/mediatek: Add spinlock for setting vblank event in
atomic_begin (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT
(git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >=
14 (git-fixes).
- commit 6c0ae87
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks
(bsc#1212139).
- commit a070291
- Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
(bsc#1218461).
- commit 456e758
- uapi: propagate __struct_group() attributes to the container
union (jsc#SLE-18978).
- commit 3b553e2
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: don't use blocking calls from tasklets (git-fixes).
- dm: don't attempt to queue IO under RCU protection (git-fixes).
- null_blk: fix poll request timeout handling (git-fixes).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter
(git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO
(bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- commit 09d4263
- Update References
patches.suse/Bluetooth-Reject-connection-with-the-device-which-ha.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 0b8be40
- Update References
patches.suse/Bluetooth-hci_event-Ignore-NULL-link-key.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 3386934
- iio: adc: ti_am335x_adc: Fix return value check of
tiadc_request_dma() (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer
(git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in
inv_mpu6050_read_raw (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion
time table (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error
(git-fixes).
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
(git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0
(git-fixes).
- ASoC: hdmi-codec: fix missing report for jack initial status
(git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the
start conditions (git-fixes).
- pinctrl: at91-pio4: use dedicated lock class for IRQ
(git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for
rxq->lock (git-fixes).
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
omap_soc_device_init (git-fixes).
- spi: atmel: Fix clock issue when using devices with different
polarities (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link
(git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
(git-fixes).
- PCI: loongson: Limit MRRS to 256 (git-fixes).
- ALSA: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170
variants (git-fixes).
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
(git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- commit ed00079
- Drop PCI AER patch that has been reverted on stable trees
Deleted:
patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch
- commit 43c7676
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- commit b9351c7
- Rename before merging SLE15-SP4
- commit 0506236
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 97b24d1
- Update References
patches.suse/tty-n_gsm-fix-the-UAF-caused-by-race-condition-in-gs.patch
(git-fixes bsc#1218335 CVE-2023-6546).
- commit ad12641
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit f91848d
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 00427a6
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
(git-fixes).
- commit 6c500e1
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218357).
- commit 4f47f85
- blacklist.conf: add nvme entries
- commit 9216151
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap
pointers (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none
(git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-pci: factor the iod mempool creation into a helper
(git-fixes).
Refresh:
- patches.suse/nvme-pci-fix-page-size-checks.patch
- commit 19bc755
- Rename to
patches.suse/nvme-auth-use-chap-s2-to-indicate-bidirectional-auth.patch.
and move the patch into the sorted section
- commit 633cfe2
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit 513a67c
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit a8b1f21
- bus: ti-sysc: Flush posted write only after srst_udelay
(git-fixes).
- commit c942b7c
- reset: Fix crash when freeing non-existent optional resets
(git-fixes).
- commit 6de5ad5
- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
(git-fixes).
- commit 60dd723
- HID: hid-asus: reset the backlight brightness level on resume
(git-fixes).
- commit 79eff80
- HID: hid-asus: add const to read-only outgoing usb buffer
(git-fixes).
- commit 1c939ed
- HID: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- commit d088123
- restore renamed device IDs for USB HID devices (git-fixes).
- commit 5519e39
- HID: glorious: fix Glorious Model I HID report (git-fixes).
- commit ad69d7e
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 95f41ac
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- commit 513fc35
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 3ae518f
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
(git-fixes).
- commit d714a95
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
(git-fixes).
- commit ad9ad0d
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 697b74c
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit 87dfb84
- Refresh patches.suse/gve-Tx-path-for-DQO-QPL.patch.
Fix backport.
- commit f5531ee
- Input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- commit 6d0690b
- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
(git-fixes).
- commit 8fa7ef8
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
(git-fixes).
- commit a4fe241
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- commit df9fac1
- ring-buffer: Have saved event hold the entire event (git-fixes).
- commit 5347597
- ring-buffer: Do not update before stamp when switching
sub-buffers (git-fixes).
- commit 9c594ba
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit d5996f1
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit ee5f869
- ring-buffer: Fix writing to the buffer with max_data_size
(git-fixes).
- commit bb90d48
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- Fix drm gem object underflow (bsc#1218092)
- Fix crash on screen resize (bsc#1218229)
- commit b7258e7
- blacklist.conf: cleanup
- commit 16dcb62
- usb: hub: Guard against accesses to uninitialized BOS
descriptors (git-fixes).
- commit 573da1a
- kABI: restore void return to typec_altmode_attention
(git-fixes).
- commit 9821aa3
- usb: typec: bus: verify partner exists in
typec_altmode_attention (git-fixes).
- commit 5fea3d2
- blacklist.conf: it changes only logging
- commit 3cbbd08
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit f62163f
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 064cc95
- Refresh
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch. (bsc#1216776, bsc#1220277)
- commit c790172
- Documentation: drop more IDE boot options and ide-cd.rst
(git-fixes).
- commit 7993dcc
- Update patches.suse/spi-tegra210-quad-Fix-duplicate-resource-error.patch (git-fixes, jsc#PED-3459
Add reference to PED-3459
- commit c4a5ea6
- Update patches.suse/spi-tegra210-quad-Multi-cs-support.patch (bsc#1212584, jsc#PED-3459
Add reference to PED-3459.
- commit fc374a4
- Update patches.suse/spi-tegra210-quad-Fix-combined-sequence.patch (bsc#1212584, jsc#PED-3459)
Add reference to PED-3459.
- commit bff7fca
- Drop Documentation/ide/ (git-fixes).
- commit d3eb72d
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- commit 5219779
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- commit bc081b4
- tracing: Set actual size after ring buffer resize (git-fixes).
- commit b915dbf
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- commit 9da609b
- tracing: Reuse logic from perf's get_recursion_context()
(git-fixes).
- commit adc2c65
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit 017c09c
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- commit 8b953cc
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler
(git-fixes).
- commit 7981c03
- fprobe: Fix to ensure the number of active retprobes is not zero
(git-fixes).
- commit fe2f6d2
- ALSA: hda/realtek: Add Framework laptop 16 to quirks
(git-fixes).
- ALSA: hda/realtek: add new Framework laptop to quirks
(git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS
(git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0
(git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct
intel_sdvo (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address
(git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address
(git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid
(git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips
(git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery
(git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and
v13_0_10 (git-fixes).
- commit 27aa9c9
- ring-buffer: Force absolute timestamp on discard of event
(git-fixes).
- commit 703d47b
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit ea1804c
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 416045c
- tracing: Always update snapshot buffer size (git-fixes).
- commit ab3ac02
- kprobes: consistent rcu api usage for kretprobe holder
(git-fixes).
- commit bd133f6
- tracing/kprobes: Fix the order of argument descriptions
(git-fixes).
- commit 4822ad0
- tracing: Have the user copy of synthetic event address use
correct context (git-fixes).
- commit ee4a2b2
- nvme-core: check for too small lba shift (bsc#1214117).
- commit 5f6e755
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- commit 5b3fa66
- kabi/severities: ignore kABI for asus-wmi drivers
Tolerate the kABI changes, as used only locally for asus-wmi stuff
- commit 42dad1e
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode
(git-fixes).
- commit 1640ab2
- serial: sc16is7xx: address RX timeout interrupt errata
(git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards
(git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
(git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
(git-fixes).
- ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
(git-fixes).
- nilfs2: fix missing error check for sb_set_blocksize call
(git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared
asus-wmi code (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count
(git-fixes).
- kconfig: fix memory leak from range properties (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR
(git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
(git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch
reporting (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use
struct wmi_driver (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling
(git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing
(git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use
enum (git-fixes).
- commit e47d99c
- tracing/kprobes: Fix the description of variable length
arguments (git-fixes).
- commit ee78d8b
- x86/cpu: Don't write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- commit a99a85b
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
(git-fixes).
- commit 946e077
- netfilter: nf_tables: bail out on mismatching dynset and set
expressions (bsc#1217938 CVE-2023-6622).
- commit de1dd10
- HID: lenovo: Restrict detection of patched firmware only to
USB cptkbd (git-fixes).
- commit 1bd99d4
- mm/pgtable: Fix multiple -Wstringop-overflow warnings
(jsc#PED-7167).
- commit f790208
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
(git-fixes).
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- Documentation: qat: Use code block for qat sysfs example
(git-fixes).
- commit c75f6d8
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
(git-fixes).
- ALSA: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
(git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad
Z470 (git-fixes).
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- ALSA: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- commit 200c0a2
- blacklist.conf: add two ceph commits
- commit d8d4641
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- libceph: use kernel_connect() (bsc#1217981).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1217980).
- commit e3e482f
- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- commit 794f0e7
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- commit 4dcfded
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- commit 0fd1b8d
- arm64: dts: arm: add missing cache properties (git-fixes)
- commit 710ea40
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames")
- commit 37fe1b1
- netfilter: nf_tables: bail out on mismatching dynset and set
expressions (bsc#1217938 CVE-2023-6622).
- commit a69497c
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- commit 8cd5213
- Update metadata
- commit 17c3e48
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- commit 68db0d6
- IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- commit afc5184
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 26540da
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit ec57b73
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 2d81a3a
- tracing: Disable preemption when using the filter buffer
(bsc#1217036).
- commit 0ade134
- tracing: Use __this_cpu_read() in
trace_event_buffer_lock_reserver() (bsc#1217036).
- commit 8aa5d9a
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit b71b6ff
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- commit e923023
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
(git-fixes).
- commit 19f2446
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit e359ed1
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217933).
- commit e39e7a6
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- commit d94a391
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- commit 66b3050
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD
xHC 1.1" (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
(git-fixes).
- ARM: PL011: Fix DMA support (git-fixes).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
(git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
(git-fixes).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in
mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write
(git-fixes).
- commit 09a57bf
- md/raid5-cache: fix null-ptr-deref for
r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in
backlog_store() (git-fixes).
- md: don't update recovery_cp when curr_resync is ACTIVE
(git-fixes).
- commit 0812db6
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- md: raid0: account for split bio in iostat accounting
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
(git-fixes).
- md/md-bitmap: remove unnecessary local variable in
backlog_store() (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices
(git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in
action_store" (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct()
(git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in
raid5_read_one_chunk() (git-fixes).
- md/raid10: don't call bio_start_io_acct twice for bio which
experienced read error (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- commit 75c9e76
- md/raid10: fix task hung in raid10d (git-fixes).
- Refresh patches.suse/md-display-timeout-error.patch for the above change.
- commit 90d12ef
- md: avoid signed overflow in slot_store() (git-fixes).
- md/raid10: factor out code from wait_barrier() to
stop_waiting_barrier() (git-fixes).
- commit c35659b
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- Update patches.suse/md-display-timeout-error.patch for the above change.
- commit 77abf5c
- md: raid10 add nowait support (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md/bitmap: don't set max_write_behind if there is no write
mostly device (git-fixes).
- commit 44a1c08
- blacklist.conf: add non-backport commits
- commit 731fcaa
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- regmap: fix bogus error on regcache_sync success (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value
(git-fixes).
- commit e5d6930
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- efi/unaccepted: Fix off-by-one when checking for overlapping
ranges (jsc#PED-7167).
- commit cbbb7d9
- blacklist.conf: Cleanup entries that are backported
- commit d22e603
- doc/README.SUSE: Remove how to build modules using kernel-source
(jsc#PED-5021)
Remove the first method how to build kernel modules from the readme. It
describes a process consisting of the kernel-source installation,
configuring this kernel and then performing an ad-hoc module build.
This method is not ideal as no modversion data is involved in the
process. It results in a module with no symbol CRCs which can be wrongly
loaded on an incompatible kernel.
Removing the method also simplifies the readme because only two main
methods how to build the modules are then described, either doing an
ad-hoc build using kernel-devel, or creating a proper Kernel Module
Package.
- commit 9285bb8
- blacklist.conf: just in case fix for a corner case
- commit a3fc582
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit d5adf2a
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit 5cdcb2d
- usb: host: xhci-plat: fix possible kernel oops while resuming
(git-fixes).
- commit b0504f4
- NFS: More fixes for nfs_direct_write_reschedule_io()
(bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group()
(bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths
(bsc#1211162).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling
(bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group()
(bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted
data (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release
semantics (bsc#1211162).
- commit e61bcf9
- md: Put the right device in md_seq_next (bsc#1217822).
- commit 99a688a
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 2b9fc44
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 95e2620
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- commit bfb62b0
- xfs: return EINTR when a fatal signal terminates scrub
(git-fixes).
- commit e6f4fe7
- xfs: fix a bug in the online fsck directory leaf1 bestcount
check (git-fixes).
- commit e328537
- xfs: fix incorrect unit conversion in scrub tracepoint
(git-fixes).
- Refresh
patches.suse/xfs-standardize-AG-block-number-formatting-in-ftrace-output.patch.
- Refresh
patches.suse/xfs-standardize-AG-number-formatting-in-ftrace-output.patch.
- commit e256630
- xfs: decode scrub flags in ftrace output (git-fixes).
- commit d1fe7f7
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- commit 4e9f379
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- commit e9c4821
- xfs: convert flex-array declarations in struct xfs_attrlist*
(git-fixes).
- commit e33e297
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- commit c807e19
- xfs: convert flex-array declarations in xfs attr shortform
objects (git-fixes).
- commit 757cbc7
- xfs: convert flex-array declarations in xfs attr leaf blocks
(git-fixes).
- commit 1823624
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- commit d160cc2
- xfs: fix silly whitespace problems with kernel libxfs
(git-fixes).
- commit d822e52
- xfs: rename xfs_has_attr() (git-fixes).
- commit fe8702c
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- commit 6ea2cef
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- commit 74d9b5c
- xfs: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 84db35d
- xfs: simplify two-level sysctl registration for xfs_table
(git-fixes).
- commit 0321d28
- xfs: add selinux labels to whiteout inodes (git-fixes).
- commit 8dc479c
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- Refresh
patches.suse/xfs-reject-crazy-array-sizes-being-fed-to-XFS_IOC_GE.patch.
- commit 89900e3
- xfs: clean up "%Ld/%Lu" which doesn't meet C standard
(git-fixes).
- commit dbcc289
- xfs: aborting inodes on shutdown may need buffer lock
(git-fixes).
- commit 8b202be
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- commit 4747a77
- xfs: dump log intent items that cannot be recovered due to
corruption (git-fixes).
- commit 6f8c678
- xfs: sb verifier doesn't handle uncached sb buffer (git-fixes).
- commit c0c7079
- xfs: remove kmem_alloc_io() (git-fixes).
- commit 831b642
- x86/platform/uv: Use alternate source for socket to node data
(bsc#1215696 bsc#1217790).
- commit ec7f699
- avahi
-
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
- util-linux
-
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- libxcrypt
-
- fix variable name for datamember in 'struct crypt_data' [bsc#1215496]
- added patches
fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
+ libxcrypt-man-fix-variable-name.patch
- duktape
-
- Ship libduktape206-32bit: needed by libproxy since version 0.5.
- mozilla-nss
-
- update to NSS 3.90.2
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
decryption in TLS. (bsc#1216198)
* bmo#1867408 - add a defensive check for large ssl_DefSend
return values.
- update to NSS 3.90.1
* bmo#1813401 - regenerate NameConstraints test certificates.
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.
- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- gnustep-base
-
- use pkgconfig(icu-i18n) to select current icu (jsc#PED-6193)
- gnustep-icu-truefalse.patch: NULL now not provided by icu includes
- gnutls
-
- Security fix: [bsc#1218862, CVE-2024-0567]
* gnutls: rejects certificate chain with distributed trust
* Cockpit (which uses gnuTLS) rejects certificate chain with
distributed trust.
* Add gnutls-CVE-2024-0567.patch
- Security fix: [bsc#1218865, CVE-2024-0553]
* Incomplete fix for CVE-2023-5981.
* The response times to malformed ciphertexts in RSA-PSK
ClientKeyExchange differ from response times of ciphertexts
with correct PKCS#1 v1.5 padding.
* Add gnutls-CVE-2024-0553.patch
- Security fix: [bsc#1217277, CVE-2023-5981]
* Fix timing side-channel inside RSA-PSK key exchange.
* auth/rsa_psk: side-step potential side-channel
* Add curl-CVE-2023-5981.patch
- icu73_2
-
- icu4c-73_c-ICU-22512-Fix-broken-TestHebrewCalendarInTemporalLeapYear.patch
Fix testsuite issue in hebrew calendar (bsc#1217479)
- jbigkit
-
- security update
- added patches
fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
+ jbigkit-CVE-2022-1210.patch
- ncurses
-
- Add patch bsc1218014-cve-2023-50495.patch
* Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
- Add patch boo1201384.patch
* Do not fully reset serial lines
- nftables
-
- port python-single-spec logic from Factory package to allow shipment of
python311 modules as well (bsc#1219253).
- openssl-1_1
-
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
- procps
-
- Submit latest procps 3.3.17 to SLE-15 tree for jira#PED-3244
and jira#PED-6369
- The patches now upstream had been dropped meanwhile
* procps-vmstat-1b9ea611.patch (bsc#1185417)
- For support up to 2048 CPU as well
* bsc1209122-a6c0795d.patch (bnc#1209122)
- allow `-´ as leading character to ignore possible errors
on systctl entries
* patch procps-ng-3.3.9-bsc1121753-Cpus.patch (bsc#1121753)
- was a backport of an upstream fix to get the first CPU
summary correct
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Modify patches
* procps-ng-3.3.9-w-notruncate.diff
* procps-ng-3.3.17-logind.patch
to real to not truncate output of w with option -n
- procps-ng-3.3.17-logind.patch: Backport from 4.x git, prefer
logind over utmp (jsc#PED-3144)
- python3
-
- (bsc#1219666, CVE-2023-6597) Add
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
gh#python/cpython!99930) fixing symlink bug in cleanup of
tempfile.TemporaryDirectory.
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
skip_SSL_tests.patch, and make them include all conditionals.
- Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- libsolv
-
- build for multiple python versions [jsc#PED-6218]
- bump version to 0.7.28
- add zstd support for the installcheck tool
- add putinowndirpool cache to make file list handling in
repo_write much faster
- bump version to 0.7.27
- fix evr roundtrip in testcases
- do not use deprecated headerUnload with newer rpm versions
- bump version to 0.7.26
- support complex deps in SOLVABLE_PREREQ_IGNOREINST
- fix minimization not prefering installed packages in some cases
- reduce memory usage in repo_updateinfoxml
- fix lock-step interfering with architecture selection
- fix choice rule handing for package downgrades
- fix complex dependencies with an "else" part sometimes leading
to unsolved dependencies
- bump version to 0.7.25
- libssh
-
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
* Added libssh-fix-ipv6-hostname-regression.patch
- Update to version 0.9.8
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
- libssh2_org
-
- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
* Add libssh2_org-CVE-2023-48795-ext.patch
- Security fix: [bsc#1218127, CVE-2023-48795]
* Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
* Add libssh2_org-CVE-2023-48795.patch
- suseconnect-ng
-
- Update to version 1.7.0~git0.5338270
* Allow SUSEConnect on read write transactional systems (bsc#1219425)
- Update to version 1.6.0
* Disable EULA display for addons (bsc#1218649 and bsc#1217961)
- Update to version 1.5.0
* Configure docker credentials for registry authentication
* Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
* Add --json output option
- systemd
-
- Import commit 2cb4d40f1c6a388706af8a83d5344fc0de3c6f4d (merge of v249.17)
c8578cef7f resolved: actually check authenticated flag of SOA transaction
- Import commit 86f0670d3a01c1a2d4df17f1c68d03f1586195e3
ba7f1df7a5 vconsole-setup: simplify error handling
94f4eaea77 Introduce RET_GATHER and use it in src/shared/
e02406fcc1 mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
0b8db54511 mount: drop UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT and UNIT_DEPENDENCY_MOUNTINFO_DEFAULT
98ba536bd1 mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
73c7b2bb48 core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
ba585a28d7 core: Add trace logging to mount_add_device_dependencies()
36e0a4f80f core/mount: also remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
bc107c86c3 core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
ce4907c7c3 core: wrap some long comment
- Import commit e677079182c975ecdad88a76f657fecb4de523d9
7692c5bda8 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
29c3eb4681 utmp-wtmp: fix error in case isatty() fails
98970eb90b homed: handle EINTR gracefully when waiting for device node
0305809edd resolved: handle -EINTR returned from fd_wait_for_event() better
40db4d6abe sd-netlink: handle EINTR from poll() gracefully, as success
5e681711c6 varlink: also handle EINTR gracefully when waiting for EIO via ppoll()
6bbd70f092 stdio-bridge: don't be bothered with EINTR
f978feb591 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
746962ff40 core: replace slice dependencies as they get added (bsc#1214668)
- systemd.spec: add missing `%tmpfiles_create systemd-resolve.conf`
- Rename 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch into
1013-strip-the-domain-part-from-etc-hostname-when-setting.patch
- Rename 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch into
1014-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
- Rename 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch into
1015-networkd-make-network.service-an-alias-of-systemd-ne.patch
- Rename 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch into
1016-core-disable-session-keyring-per-system-sevice-entir.patch
- Rename 0011-core-disable-session-keyring-per-system-sevice-entir.patch into
1017-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Hence these patch files can be easily identified as SLE specific ones.
- tiff
-
- security update:
* CVE-2023-52356 [bsc#1219213]
Fix segfault in TIFFReadRGBATileExt()
+ tiff-CVE-2023-52356.patch
- security update:
* CVE-2023-2731 [bsc#1211478]
Fix null pointer deference in LZWDecode()
This patch also contains a required commit which is marked
to fix CVE-2022-1622 [bsc#1199483] but we are not vulnerable
to that CVE because relevant code is not present.
+ tiff-CVE-2023-2731.patch
* CVE-2023-26965 [bsc#1212398]
Fix heap-based use after free in loadImage()
+ tiff-CVE-2023-26965.patch
* CVE-2022-40090 [bsc#1214680]
Fix infinite loop in TIFFReadDirectory()
+ tiff-CVE-2022-40090.patch
* CVE-2023-1916 [bsc#1210231]
Fix out-of-bounds read in extractImageSection()
+ tiff-CVE-2023-1916.patch
- libxml2
-
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
* Added libxml2-CVE-2024-25062.patch
- libzypp
-
- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
output.
- version 17.31.31 (22)
- applydeltaprm: Create target directory if it does not exist
(bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
bsc#1215698)
- version 17.31.30 (22)
- CheckAccessDeleted: fix running_in_container detection
(bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
(bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
(openSUSE/zypper#522)
This patch adds a mechanism to signal libzypp that a shutdown was
requested, usually when CTRL+C was pressed by the user. Currently
only the media backend will utilize this, but can be extended to
all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
Using curl_easy_perform does not give us the required control on
when we want to cancel a download. Switching to the MultiCurl
implementation with a external poll() event loop will give us
much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)
- Fix to build with libxml 2.12.x (fixes #505)
- version 17.31.28 (22)
- CheckAccessDeleted: fix 'running in container' filter
(bsc#1218291)
- version 17.31.27 (22)
- Call zypp commit plugins during transactional update (fixes #506)
- Add support for loongarch64 (fixes #504)
- Teach MediaMultiCurl to download HTTP Multibyte ranges.
- Teach zsync downloads to MultiCurl.
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
Convenient and helps documentation as it may refer to a single
command for a bunch of distributions. Like e.g. "zypper ar
'https://server.my/$releasever/my.repo'".
- version 17.31.26 (22)
- Fix build issue with zchunk build flags (fixes #500)
- version 17.31.25 (22)
- Open rpmdb just once during execution of %posttrans scripts
(bsc#1216412)
- Avoid using select() since it does not support fd numbers >
1024 (fixes #447)
- tools/DownloadFiles: use standard zypp progress bar (fixes #489)
- Revert "Color download progress bar" (fixes #475)
Cyan is already used for the output of RPM scriptlets. Avoid this
colorific collision between download progress bar and scriptlet
output.
- Fix ProgressBar's calculation of the printed tag position (fixes #494)
- Switch zypp::Digest to Openssl 3.0 Provider API (fixes #144)
- Fix usage of deprecated CURL features (fixes #486)
- version 17.31.24 (22)
- Stop using boost version 1 timer library (fixes #489,
bsc#1215294)
- version 17.31.23 (22)
- netcfg
-
- Add krb-prop entry, fix for bsc#1211886.
- openssh
-
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
This limits the use of shell metacharacters in host- and
user names.
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
This mitigates a prefix truncation attack that could be used to
undermine channel security.
- Enhanced SELinux functionality. Added
* openssh-7.8p1-role-mls.patch
Proper handling of MLS systems and basis for other SELinux
improvements
* openssh-6.6p1-privsep-selinux.patch
Properly set contexts during privilege separation
* openssh-6.6p1-keycat.patch
Add ssh-keycat command to allow retrival of authorized_keys
on MLS setups with polyinstantiation
* openssh-6.6.1p1-selinux-contexts.patch
Additional changes to set the proper context during privilege
separation
* openssh-7.6p1-cleanup-selinux.patch
Various changes and putting the pieces together
For now we don't ship the ssh-keycat command, but we need the patch
for the other SELinux infrastructure
This change fixes issues like bsc#1214788, where the ssh daemon
needs to act on behalf of a user and needs a proper context for this
- pam
-
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- pam_lastlog: check localtime_r() return value (bsc#1217000)
* Added: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
- python-instance-billing-flavor-check
-
- Version 0.0.6 (bsc#1218561)
Support proxy setup on the client to access the update infrastructure
API
- Version 0.0.5
Add IPv6 support (bsc#1218739)
- Version 0.0.4
Run the command as sudo only (bsc#1217696, bsc#1217695)
- Version 0.0.3
Handle exception for Python 3.4
- python3-M2Crypto
-
- Disable broken tests with openssl 3.2, bsc#1217782
- add timeout_300hz.patch to accept a small deviation from time
in the testsuite (bsc#1212757)
- Adapt tests for OpenSSL v3.1.0
* Add openssl-adapt-tests-for-3.1.0.patch
- add openssl-stop-parsing-header.patch (bsc#1205042)
- add m2crypto-0.38-ossl3-tests.patch
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765
- python3-cryptography
-
- Add CVE-2023-49083.patch to fix A null-pointer-dereference and
segfault could occur when loading certificates from a PKCS#7 bundle.
bsc#1217592
- release-notes-sles
-
- 15.5.20231213 (tracked in bsc#933411)
- Added note about vncserver removal (bsc#1211550)
- rpm
-
- backport lua support for rpm.execute to ease migrating [bnc#1216752]
* new patch: luaexecute.diff
- rsyslog
-
- suppress installation errors when systemd is not running
(bsc#1218799)
- restart daemon after modules packages have been updated
(bsc#1217292)
- runc
-
- Update to runc v1.1.12. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
* This release fixes a container breakout vulnerability (CVE-2024-21626). For
more details, see the upstream security advisory:
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
* Remove upstreamed patches:
- CVE-2024-21626.patch
* Update runc.keyring to match upstream changes.
[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+ CVE-2024-21626.patch
- Update to runc v1.1.11. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
- samba
-
- Add new idmap_nss option 'use_upn' for those NSS modules able to
handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Add "net offlinejoin composeodj" command; (bsc#1214076);
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- 000release-packages:SLES-release
-
n/a
- sudo
-
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
[bsc#1221151, bsc#1221134]
* Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
* Enable running regression selftests during build time.
- Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465]
* Try to make sudo less vulnerable to ROWHAMMER attacks.
* Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
+ Remove duplicate data collection for the plugin itself
+ Collect archive metering data when available
+ Query billing flavor status
- supportutils
-
- Additional changes in version 3.1.28
+ ipset - List entries for all sets
+ ipvsadm - Inspect the virtual server table (pr#185)
+ Correctly detects Xen Dom0 (bsc#1218201)
+ Fixed smart disk error (bsc#1218282)
- Changes in version 3.1.28
+ Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250)
+ powerpc: collect rtas_errd.log and lp_diag.log files (pr#175)
+ Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2)
+ Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
+ Added missing klp information to kernel-livepatch.txt (bsc#1216390)
+ Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
+ Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
+ Optimize lsof usage (bsc#1183663)
+ Added mokutil commands for secureboot (pr#179)
+ Collects chrony or ntp as needed (bsc#1196293)
- Changes in version 3.1.27
+ Fixed podman display issue (bsc#1217287)
+ Added nvme-stas configuration to nvme.txt (bsc#1216049)
+ Added timed command to fs-files.txt (bsc#1216827)
+ Collects zypp history file issue#166 (bsc#1216522)
+ Changed -x OPTION to really be exclude only (issue#146)
+ Collect HA related rpm package versions in ha.txt (pr#169)
- suse-build-key
-
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
- run import script also in %posttrans section, but only when
libzypp is not active. bsc#1219189 bsc#1219123
- suse-module-tools
-
- Update to version 15.5.4:
* rpm-script: add symlink /boot/.vmlinuz.hmac (bsc#1217775)
- tar
-
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
PAX archives can lead to a crash, bsc#1217969
* fix-CVE-2023-39804.patch
- timezone
-
- update to 2024a:
* Kazakhstan unifies on UTC+5. This affects Asia/Almaty and
Asia/Qostanay which together represent the eastern portion of the
country that will transition from UTC+6 on 2024-03-01 at 00:00 to
join the western portion. (Thanks to Zhanbolat Raimbekov.)
* Palestine springs forward a week later than previously predicted
in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward
predictions to the second Saturday after Ramadan, not the first;
this also affects other predictions starting in 2039.
* Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
not 00:00. (Thanks to Đoàn Trần Công Danh.)
* From 1947 through 1949, Toronto's transitions occurred at 02:00
not 00:00. (Thanks to Chris Walton.)
* In 1911 Miquelon adopted standard time on June 15, not May 15.
* The FROM and TO columns of Rule lines can no longer be "minimum"
or an abbreviation of "minimum", because TZif files do not support
DST rules that extend into the indefinite past - although these
rules were supported when TZif files had only 32-bit data, this
stopped working when 64-bit TZif files were introduced in 1995.
This should not be a problem for realistic data, since DST was
first used in the 20th century. As a transition aid, FROM columns
like "minimum" are now diagnosed and then treated as if they were
the year 1900; this should suffice for TZif files on old systems
with only 32-bit time_t, and it is more compatible with bugs in
2023c-and-earlier localtime.c. (Problem reported by Yoshito
Umaoka.)
* localtime and related functions no longer mishandle some
timestamps that occur about 400 years after a switch to a time
zone with a DST schedule. In 2023d data this problem was visible
for some timestamps in November 2422, November 2822, etc. in
America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.)
* strftime %s now uses tm_gmtoff if available. (Problem and draft
patch reported by Dag-Erling Smørgrav.)
* The strftime man page documents which struct tm members affect
which conversion specs, and that tzset is called. (Problems
reported by Robert Elz and Steve Summit.)
- update to 2023d:
* Ittoqqortoormiit, Greenland changes time zones on
2024-03-31.
* Vostok, Antarctica changed time zones on 2023-12-18.
* Casey, Antarctica changed time zones five times since
2020.
* Code and data fixes for Palestine timestamps starting in
2072.
* A new data file zonenow.tab for timestamps starting now.
* Fix predictions for DST transitions in Palestine in
2072-2075, correcting a typo introduced in 2023a.
* Vostok, Antarctica changed to +05 on 2023-12-18. It had
been at +07 (not +06) for years.
* Change data for Casey, Antarctica to agree with
timeanddate.com, by adding five time zone changes since 2020.
Casey is now at +08 instead of +11.
* Much of Greenland, represented by America/Nuuk, changed
its standard time from -03 to -02 on 2023-03-25, not on
2023-10-28.
* localtime.c no longer mishandles TZif files that contain
a single transition into a DST regime. Previously,
it incorrectly assumed DST was in effect before the transition
too.
* tzselect no longer creates temporary files.
* tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL,
PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles
regular expressions of the form /X{2,}/.
* ISO 6709 coordinates when using an awk that lacks the
GNU extension of newlines in -v option-arguments.
* Non UTF-8 locales when using an iconv command that
lacks the GNU //TRANSLIT extension.
* zic no longer mishandles data for Palestine after the
year 2075.
- Refresh tzdata-china.diff
- wicked
-
- update to version 0.6.74
+ team: add new options like link_watch_policy (jsc#PED-7183)
+ Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001)
+ xpath: allow underscore in node identifier (gh#openSUSE/wicked#999)
+ vxlan: don't format unknown rtnl attrs (bsc#1219751)
- removed patches included in the source archive:
[- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
[- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
[- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
[- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
[- 0005-duid-fix-comment-for-v6time.patch]
[- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
[- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
[- 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
[- 0001-fix_arp_notify_loop_and_burst_sending.patch]
- ifreload: VLAN changes require device deletion (bsc#1218927)
[+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
- ifcheck: fix config changed check (bsc#1218926)
[+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
- client: fix exit code for no-carrier status (bsc#1219265)
[+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
[+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
- duid: fix comment for v6time
(https://github.com/openSUSE/wicked/pull/989)
[+ 0005-duid-fix-comment-for-v6time.patch]
- rtnl: fix peer address parsing for non ptp-interfaces
(https://github.com/openSUSE/wicked/pull/987,
https://github.com/openSUSE/wicked/pull/988)
[+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
[+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
- system-updater: Parse updater format from XML configuration to
ensure install calls can run.
(https://github.com/openSUSE/wicked/pull/985)
[+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
- xen
-
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
- Upstream bug fixes (bsc#1027519)
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches replaced by newer upstream versions
xsa449.patch
xsa450.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
- Update to Xen 4.17.3 bug fix release (bsc#1027519)
xen-4.17.3-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
64763137-x86-AutoIBRS-definitions.patch
64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
64f71f50-Arm-handle-cache-flush-at-top.patch
65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
65087004-x86-entry-restore_all_xen-stack_end.patch
65087005-x86-entry-track-IST-ness-of-entry.patch
65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
65087007-x86-AMD-Zen-1-2-predicates.patch
65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
650abbfe-x86-shadow-defer-PV-top-level-release.patch
65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
65263471-libfsimage-xfs-remove-dead-code.patch
65263472-libfsimage-xfs-amend-mask32lo.patch
65263473-libfsimage-xfs-sanity-check-superblock.patch
65263474-libfsimage-xfs-compile-time-check.patch
65263475-pygrub-remove-unnecessary-hypercall.patch
65263476-pygrub-small-refactors.patch
65263477-pygrub-open-output-files-earlier.patch
65263478-libfsimage-function-to-preload-plugins.patch
65263479-pygrub-deprivilege.patch
6526347a-libxl-allow-bootloader-restricted-mode.patch
6526347b-libxl-limit-bootloader-when-restricted.patch
6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
6526347d-x86-PV-auditing-of-guest-breakpoints.patch
652fef4f-x86-AMD-erratum-1485.patch
65319724-VT-d-SAGAW-parsing.patch
6532858d-x86-DOITM.patch
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
65536847-AMD-IOMMU-correct-level-for-quarantine-pt.patch
65536848-x86-spec-ctrl-remove-conditional-IRQs-on-ness.patch
655b2ba9-fix-sched_move_domain.patch
xsa440.patch
- Upstream bug fixes (bsc#1027519)
64763137-x86-AutoIBRS-definitions.patch
652fef4f-x86-AMD-erratum-1485.patch
65319724-VT-d-SAGAW-parsing.patch
6532858d-x86-DOITM.patch
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
IOMMU quarantine page table levels (XSA-445)
65536847-AMD-IOMMU-correct-level-for-quarantine-pt.patch
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
fully effective (XSA-446)
65536848-x86-spec-ctrl-remove-conditional-IRQs-on-ness.patch
- Patches replaced by newer upstream versions
xsa445.patch
xsa446.patch
- xorg-x11-server
-
- U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
* SELinux unlabeled GLX PBuffer (CVE-2024-0408, bsc#1218845)
- U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
* SELinux context corruption (CVE-2024-0409, bsc#1218846)
- bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
* Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
(CVE-2023-6816, bsc#1218582)
- bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
* Reattaching to different master device may lead to out-of-bounds memory
access ((CVE-2024-0229, bsc#1218583)
- bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
* Heap buffer overflow in XISendDeviceHierarchyEvent
(CVE-2024-21885, bsc#1218584)
- bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
* Heap buffer overflow in DisableDevice (CVE-2024-21886, bsc#1218585)
- u_miCloseScreen_check_for_null_pScreen_dev_private.patch
* miCloseScreen check for null pScreen dev private (bsc#1218176);
another regression introduced by
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
- n_xserver-optimus-autoconfig-hack.patch
u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
u_xfree86-activate-GPU-screens-on-autobind.patch
* check dixPrivateKeyRegistered(rrPrivKey) before calling
rrGetScrPriv() to avoid xserver crash when Xinerama is enabled
(boo#1218240)
- Add missing fixes on U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
(bsc#1217765).
- xrdp
-
- Update xrdp-CVE-2023-42822.patch
+ fix bsc#1217759: xrdp login screen does not show any text
- yast2-firewall
-
- In case of autoinstallation keep the firewall service state in
the Installation::SecuritySettings for not conflicting with the
proposal (bsc#1216615)
- 4.5.1
- yast2-http-server
-
- bsc#1218943
- followup of previous fix - fixed internal issue which caused
Server modules not to be displayed at all.
- 4.5.2
- yast2-installation
-
- Enclose IPv6 addresses within square brackets when calling
the mount command (bsc#1217637).
- 4.5.19
- yast2
-
- Allow host/domain names starting with an underscore (bsc#1219920)
- 4.5.26
- yast2-network
-
- Consider firmware configured interfaces as non bridgeable
(bsc#1218595).
- 4.5.23
- Read all the driver modules from hwinfo instead of just the first
driver ones (bsc#1217652).
- 4.5.22
- yast2-packager
-
- Fixed ERB template loading in self update, if the template
cannot be found using a relative path then fallback to the
absolute path (bsc#1219174)
- 4.5.19
- After installation disable the empty installation repository
from the SLE15 Online medium (bsc#1182303)
- 4.5.18
- yast2-pkg-bindings
-
- Fixed repository and service probing with libzypp 7.31.26
and newer, fixes broken repository handling (bsc#1218977,
bsc#1218399)
- 4.5.3
- yast2-security
-
- Do not load the security settings from the security policy until
needed (bsc#1216615).
- 4.5.7
- zypper
-
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
The switch makes search commands return 0 rather than 104 for
empty search results.
- version 1.14.68
- patch: Make sure reboot-needed is remembered until next boot
(bsc#1217873)
- version 1.14.67