- Mesa
-
- revert previous change, since it resulted in Xorg and Mesa no
longer being able to load "/i965"/ driver at all! This affects many
if not almost all Intel GPU users. I can't tell why this happens,
but I'm afraid we need to act immediately (boo#1202850); reopened
boo#1200965 for now ...
- change default driver from 'iris' back to 'i965' for Intel
Gen8-11 hardware; that way we also use the same driver used by X
and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
- audit-secondary
-
- Update audit-secondary.spec: create symbolic link from
/sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).
- bash-completion
-
- Add patch bsc1199724-modules.patch (bsc#1199724)
* Enable upstream commit to list ko.zst modules as well
- bind
-
- Update to release 9.16.31
This is the first of monthly updates of "/bind"/. It is planned
to update bind when a new upstream maintennace release becomes
available, which is usually towards the end of a month, see
https://www.isc.org/blogs/2021-bind-release-model/
Compared to the previous SUSE release, in this release,
53 (minor) bugs were fixed
13 (minor) functional enhancements were made
3 security issues are now fixed upstream:
CVE-2022-0396, CVE-2021-25220, CVE-2021-25219
plus a few minor changes.
For a full list of changes, please refer to the
CHANGES file in the source rpm.
This update obsoletes the following patches:
* bind-fix-build-with-older-sphinx.patch
* bind-CVE-2021-25219.patch
* bind-9.16.27-0001-CVE-2021-25220.patch
* bind-9.16.27-0002-CVE-2022-0396.patch
[bind-9.16.31.tar.xz, bind-9.16.31.tar.xz.sha512.asc,
bind-9.16.20.tar.xz, bind-9.16.20.tar.xz.sha512.asc,
bind-fix-build-with-older-sphinx.patch, bind-CVE-2021-25219.patch,
bind-9.16.27-0001-CVE-2021-25220.patch,
bind-9.16.27-0002-CVE-2022-0396.patch,
jsc#SLE-24600]
- When enabling query_logging by un-commenting an example in
bind.conf, named attempts to create a file in /var/log which
fails due to missing credentials. This also applies to the
"/dump-file"/ and the "/statistics-file"/.
This is solved by having systemd-tmpfiles create a subdirectory
"//var/log/named"/ owned by named:named and changing the file
paths accordingly:
/var/log/named_querylog -> /var/log/named/querylog
/var/log/named_dump.db -> /var/log/named/dump.db
/var/log/named.stats -> /var/log/named/stats
Also, in "/named.service"/, the ReadWritePath was changed to
include "//var/log/named"/ rather than just "/var/log"/.
[bsc#1200685, bind.spec, vendor-files/config/named.conf,
vendor-files/system/named.service]
- A non-existent initialization script (eg a leftorver
"/createNamedConfInclude"/ in /etc/sysconfig/named) may cause named
not to start. A warning message is printed in named.prep and
the fact is ignored.
Also, the return value of a failed script was not handled properly
causing a failed script to not prevent named to start. This
is now fixed properly.
[bsc#1199044, vendor-files.tar.bz2]
- branding-SLE
-
- Support %posttrans with macros provided by update-bootloader-rpm-macros
package (bsc#997317) (bsc#1199818)
- cloud-regionsrv-client
-
- Follow up fix to 10.0.4 (bsc#1202706)
- While the source code was updated to support SLE Micro the spec file
was not updated for the new locations of the cache and the certs.
Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
- Handle exception when trying to deregister a system form the server
- crmsh
-
- Update to version 4.4.0+20220815.5bbf78a8:
* Fix: bootstrap: Use crmsh.parallax instead of parallax module directly (bsc#1202006)
* Dev: parallax: Add strict option to avoid raise exception when set to False
* Dev: bootstrap: Don't open mgmt port since it's deprecated
* Dev: bootstrap: Don't sync csync2 when peer node's csync2 service not ready
- Update to version 4.4.0+20220708.6ed6b56f:
* Fix: utils: use -o and -n to compare files instead of strings for crm_diff (bsc#1201312)
* Dev: ui_cluster: Add examples for 'cluster init' and 'cluster join'
* Dev: cibconfig: enable "/related:"/ prefix to show the objects by given ra type
* Fix: crm report: use sudo when under non root and hacluster user (bsc#1199634)
* Fix: utils: wait4dc: Make change since output of 'crmadmin -S' changed(bsc#1199412)
* Fix: bootstrap: stop and disable csync2.socket on removed node (bsc#1199325)
* Fix: crm report: Read data in a save way, to avoid UnicodeDecodeError(bsc#1198180)
- cups
-
- cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff
is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for
https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b
(except the not needed hunk for patching CHANGES.md which fails)
that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch
bsc#1201511:
Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0
- curl
-
- Security fix: [bsc#1202593, CVE-2022-35252]
* Control codes in cookie denial of service
* Add curl-CVE-2022-35252.patch
- dracut
-
- Update to version 055+suse.294.gc5bc4bb5:
Missing network-manager module fixes (bsc#1201975):
* fix(network-manager): avoid calling unavailable dracut-logger functions
* fix(network-manager): skip non-directories in /sys/class/net
* fix(network-manager): disable tty output if the console is not usable
* fix(network-manager): show output on console only with rd.debug enabled
* fix(network-manager): write DHCP filename option to dhcpopts file
* fix(network-manager): ensure safe content of /tmp/dhclient."/$ifname"/.dhcpopts
* fix(network-manager): include nm-daemon-helper binary
* fix(network-manager): don't pull in systemd-udev-settle
* fix(network-manager): support teaming under NM+systemd
* fix(network-manager): pull in network.target in nm-initrd.service
- Update to version 055+suse.283.ge98ece25:
* fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975)
* fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709)
- Update to version 055+suse.279.g3b3c36b2:
* fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236)
* fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360)
* fix(convertfs): ignore commented lines in fstab (bsc#1200251)
* fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- Update to version 055+suse.271.g70f710e4:
* fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
* fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
* fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
* fix(crypt): remove quotes from cryptsetupopts (bsc#1197635)
* fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604)
* fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267)
* fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
* fix(bluetooth): make hostonly configuration files optional (bsc#1195047)
- fence-agents
-
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
(bsc#1195891)
- Apply proposed patch
0001-fix_support_for_sovereign_clouds_and_MSI-439.patch
- freetype2
-
- disable brotli linkage / WOFF2 support for now to keep dependencies
as before.
- Added patches:
* CVE-2022-27404.patch
+ fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
* CVE-2022-27405.patch
+ fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
* CVE-2022-27406.patch
+ fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
* Fix a heap buffer overflow has been found in the handling of
embedded PNG bitmaps, introduced in FreeType version 2.6
(CVE-2020-15999 bsc#1177914)
* Minor improvements to the B/W rasterizer.
* Auto-hinter support for Medefaidrin script.
* Fix various memory leaks (mainly for CFF) and other issues that
might cause crashes in rare circumstances.
- Update to version 2.10.2
* Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
* Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
MM fonts.
* Type 1 fonts with non-integer metrics are now supported by the new
(CFF) engine introduced in FreeType 2.9.
* Drop support for Python 2 in Freetype's API reference generator
* Auto-hinter support for Hanifi Rohingya
* Document the `FT2_KEEP_ALIVE' debugging environment variable.
- gdk-pixbuf
-
- Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch:
fix loading of larger images (glgo#GNOME/gdk-pixbuf#216).
- avoid bashism in baselibs postscript (bsc#1195391)
- Update to version 2.42.9:
+ Fix the check for maximum value of LZW initial code size
(boo#1194633 CVE-2021-44648).
+ Use CMake for dependencies on Windows/MSVC.
+ Add option for building tests.
+ Move man pages to reStructuredText.
+ Disable relocation when built as a static libary on Windows.
+ Update wrap file for libjpeg-turbo.
+ Limit the memory size when loading image data.
- Add docutils and pkgconfig(gi-docgen) BuildRequires: New
dependencies.
- Update to version 2.42.8 (boo#1201826):
+ Clear the pixbuf's memory buffer to avoid returning
uninitialized memory.
+ Turn GdkPixbufModule functions into typed callbacks.
+ tiff: Use non-deprecated C99 integer types.
+ gif: Check for overflow when compositing or clearing frames.
+ Change png/jpeg/tiff build options from boolean to feature.
+ jpeg: Do not rely on UB around setjmp/longjmp.
+ Build fixes.
+ Documentation fixes.
+ Security fixes: CVE-2021-46829.
+ Updated translations.
- Stop passing options to meson that just follow upstream default,
just rely on upstream providing sane defaults, apart from where
we want to deviate.
- gnutls
-
- Security fix: [bsc#1202020, CVE-2022-2509]
* Fixed double free during verification of pkcs7 signatures
* Add gnutls-CVE-2022-2509.patch
- FIPS:
* Modify gnutls-FIPS-force-self-test.patch [bsc#1198979]
- gnutls_fips140_run_self_tests now properly releases fips_context
- FIPS:
* Add gnutls_ECDSA_signing.patch [bsc#1190698]
- Check minimum keylength for symmetric key generation
- Only allows ECDSA signature with valid set of hashes
(SHA2 and SHA3)
* Add gnutls-FIPS-force-self-test.patch [bsc#1198979]
- Provides interface for running library self tests on-demand
- Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
of 3DES if we are in FIPS mode. (bsc#1196125)
- harfbuzz
-
- Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents
(boo#1200900 CVE-2022-33068).
- hwinfo
-
- merge gh#openSUSE/hwinfo#115
- improve treatment of NVME devices (bsc#1200975)
- fix compiler warnings
- 21.83
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
nvme_core.multipath=1 (bsc#1199948)
- 21.82
- icu
-
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
from upstream, use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- java-1_8_0-ibm
-
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 [bsc#1202427]
[bsc#1201684, CVE-2022-34169] [bsc#1201692, CVE-2022-21541]
[bsc#1201685, CVE-2022-21549] [bsc#1201694, CVE-2022-21540]
* Defect Fixes:
- Java Virtual Machine: Long dely in AttachAPI
- Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643]
[bsc#1198671, CVE-2022-21476] [bsc#1198670, CVE-2022-21449]
[bsc#1198673, CVE-2022-21496] [bsc#1198674, CVE-2022-21434]
[bsc#1198672, CVE-2022-21426] [bsc#1198675, CVE-2022-21443]
[bsc#1191912, CVE-2021-35561] [bsc#1194931, CVE-2022-21299]
* Class Libraries:
- BigDecimal gives incorrect arithmetic results for the add
and subtract operations on the result of a divide
* Java Virtual Machine:
- jstacktrace sub-option of xtrace doesn't print java stack
while doing method trace
* Security:
- 8217633: Configurable Extensions with system properties
- 8241248: NullPointerException in com.ibm.jsse2.ssl.HKDF.extract
- 8270344: Session resumption errors
- 8277967: Validate the SSLLogger object in KeyShareExtension
- JVM crashes computing Diffie-Hellman shared secrets and JNI
errors while creating elliptic curve public key using IBMJCEPlus
- Key Certificate Manager authority key identifier value incorrect
- SSLv2Hello property value is ignored if specified in
jdk.tls.disabledAlgorithms and SSLv2Hello is set by
setEnabledProtocols()
- There is a memory growth observed during digest operations
using IBMJCEPlus as the provider.
- Update to Java 8.0 Service Refresh 7 Fix Pack 6
* Java Virtual Machine: Crash while generating javacore, or
javacore contains 'Unable to walk in-flight data on call stack'
instead of java stack
* JIT Compiler:
- Java JIT, bad field reference from a tenured object into
the nursery
- JIT compiler crash with vmstate=0x0005ff04
* XML: Fix security vulnerability CVE-2022-21299
- kernel-default
-
- fix race between exit_itimers() and /proc/pid/timers
(git-fixes).
- commit 62d2eea
- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094).
- commit 2decf97
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit e9f7bfc
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 87cc728
- sched/core: Do not requeue task on CPU excluded from cpus_mask
(bnc#1199356).
- commit f226af5
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 935d297
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- commit 154606a
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit 6f81977
- blacklist.conf: This is a cleanup, not fixing any bug
- commit 6f050ff
- tee: fix put order in teedev_close_context() (git-fixes).
- commit 1650ec3
- blacklist.conf: duplicate
- commit 1c70642
- random: fix typo in comments (git-fixes).
- commit 6de6114
- blacklist.conf: breaks kABI for a cleanup
- commit 678666e
- random: document add_hwgenerator_randomness() with other input
functions (git-fixes).
- commit 0fb6e8a
- Bluetooth: btusb: Add the new support IDs for WCN6855
(git-fixxes).
- Refresh
patches.suse/Bluetooth-btusb-Add-one-more-Bluetooth-part-for-WCN6.patch.
- commit 91ad5ba
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
(bsc#1201846 ltc#198761).
- commit 4c3e250
- page_alloc: fix invalid watemark check on a negative value
(git fixes (mm/pgalloc)).
- commit 11d19f6
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- commit 91f9b43
- VMCI: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1
(bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA
datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register
defines (bsc#1199291, jsc#SLE-24635).
- commit 0e13b0d
- blacklist.conf: add commit 7acae6183cf3
I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the
commit that introduced the bug fixed by it (which isn't present in SLE15-SP4).
- commit 8ec5489
- net: mscc: ocelot: fix backwards compatibility with single-chain
tc-flower offload (git-fixes).
- commit 5dd0ec2
- net: bcmgenet: skip invalid partial checksums (git-fixes).
- commit af8e915
- ice: Fix race condition during interface enslave (git-fixes).
- commit 873e269
- net: bcmgenet: Don't claim WOL when its not available
(git-fixes).
- commit a981d90
- net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (git-fixes).
- commit 4aa2b33
- net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
- commit b08b10f
- net: ethernet: ti: cpts: Handle error for clk_enable
(git-fixes).
- commit 549b785
- ice: Fix error with handling of bonding MTU (git-fixes).
- commit 03f6b8d
- ice: stop disabling VFs due to PF error responses (git-fixes).
- commit 13b5865
- ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
- commit 1b69809
- net: dsa: mt7530: fix incorrect test in
mt753x_phylink_validate() (git-fixes).
- commit 8344b36
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref
for non DMA transfers (git-fixes).
- commit 2faff78
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- i2c: mlxcpld: Fix register setting for 400KHz frequency
(git-fixes).
- gpio: gpio-xilinx: Fix integer overflow (git-fixes).
- gpio: pca953x: use the correct register address when regcache
sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
(git-fixes).
- drm/imx/dcss: Add missing of_node_put() in fail path
(git-fixes).
- drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
- commit 7a76772
- Update kabi files: import symvers from MU 5.14.21-150400.24.11
- commit 5ac1ff2
- r8152: fix a WOL issue (git-fixes).
- docs: net: dsa: re-explain what port_fdb_dump actually does
(git-fixes).
- docs: net: dsa: delete port_mdb_dump (git-fixes).
- docs: net: dsa: remove port_vlan_dump (git-fixes).
- docs: net: dsa: document port_fast_age (git-fixes).
- docs: net: dsa: document port_setup and port_teardown
(git-fixes).
- docs: net: dsa: document the teardown method (git-fixes).
- docs: net: dsa: document change_tag_protocol (git-fixes).
- docs: net: dsa: add more info about the other arguments to
get_tag_protocol (git-fixes).
- docs: net: dsa: rename tag_protocol to get_tag_protocol
(git-fixes).
- docs: net: dsa: document the shutdown behavior (git-fixes).
- docs: net: dsa: update probing documentation (git-fixes).
- Revert "/e1000e: Fix possible HW unit hang after an s0ix exit"/
(git-fixes).
- e1000e: Enable GPT clock before sending message to CSME
(git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
serial8250_request_std_resource() (git-fixes).
- tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
- drm/i915/gt: Serialize GRDOM access between multiple engine
resets (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
(git-fixes).
- pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux() (git-fixes).
- irqchip: or1k-pic: Undefine mask_ack for level triggered
hardware (git-fixes).
- ASoC: madera: Fix event generation for rate controls
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
(git-fixes).
- ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO
error (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering
problem (git-fixes).
- ASoC: wcd938x: Fix event generation for some controls
(git-fixes).
- ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
(git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues
in probe (git-fixes).
- ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
(git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
(git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- cpufreq: mediatek: Unregister platform device on exit
(git-fixes).
- cpufreq: mediatek: Use module_init and add module_exit
(git-fixes).
- drm/i915/dg2: Add Wa_22011100796 (git-fixes).
- drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
- drm/i915/uc: correctly track uc_fw init failure (git-fixes).
- commit 4bd213d
- ARM: 9214/1: alignment: advance IT state after emulating Thumb
instruction (git-fixes).
- ARM: 9213/1: Print message about disabled Spectre workarounds
only once (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc221 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
model (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
(git-fixes).
- ASoC: rt711: fix calibrate mutex initialization (git-fixes).
- ASoC: Intel: sof_sdw: handle errors on card registration
(git-fixes).
- ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
(git-fixes).
- ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on
remove (git-fixes).
- ASoC: ops: Fix off by one in range control validation
(git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
(git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106
devices (git-fixes).
- ARM: dts: stm32: use the correct clock source for CEC on
stm32mp151 (git-fixes).
- commit 65713d7
- Move upstreamed be2net patch into sorted section
- commit c55a187
- Drop doubly applied arm64 dts patch
Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch
- commit efd9176
- net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
- commit eb2677a
- net: ipa: add an interconnect dependency (git-fixes).
- commit 94e475f
- net: stmmac: fix return value of __setup handler (git-fixes).
- commit 3c858ea
- net: sxgbe: fix return value of __setup handler (git-fixes).
- commit 723d359
- net: sparx5: Fix add vlan when invalid operation (git-fixes).
- commit 1d88b17
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (git-fixes).
- commit 74c8cc9
- net: mv643xx_eth: process retval from of_get_mac_address
(git-fixes).
- commit 810f895
- net: ll_temac: check the return value of devm_kmalloc()
(git-fixes).
- commit 093ee20
- net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
- commit 13c2302
- Revert "/net: ethernet: bgmac: Use
devm_platform_ioremap_resource_byname"/ (git-fixes).
- commit 411126e
- dpaa2-eth: Initialize mutex used in one step timestamping path
(git-fixes).
- commit b952b7a
- net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
- commit 7bd7001
- blacklist.conf: add ARCnet drivers
- commit 1614d85
- Sort patches from bsc#1201323
- commit 4165437
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit c3b4451
- lockdown: Fix kexec lockdown bypass with ima policy
(CVE-2022-21505 bsc#1201458).
- commit 5f6e1e5
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- scsi: make sure that request queue queiesce and unquiesce
balanced (bsc#1201651).
Refresh:
- patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch
- patches.kabi/kABI-fix-adding-field-to-scsi_device.patch
- patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch
- scsi: avoid to quiesce sdev->request_queue two times
(bsc#1201651).
- dm: don't stop request queue after the dm device is suspended
(bsc#1201651).
- commit 4dedd62
- kabi/severities: add intel ice
- commit 77a60f8
- Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch
(bsc#1201691)
This patch leads to a failure to power off.
https://bugzilla.kernel.org/show_bug.cgi?id=216243
- commit f2d59c9
- i2c: smbus: Check for parent device before dereference
(git-fixes).
- net: dsa: mv88e6xxx: fix use-after-free in
mv88e6xxx_mdios_unregister (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit c96154e
- net: dsa: mv88e6xxx: flush switchdev FDB workqueue before
removing VLAN (git-fixes).
- commit c4e0776
- net: dsa: lan9303: fix reset on probe (git-fixes).
- commit 33805f1
- ice: Avoid RTNL lock when re-creating auxiliary device
(git-fixes).
- commit c168b96
- net: mscc: ocelot: fix mutex lock error during ethtool stats
read (git-fixes).
- commit ceff3da
- dpaa2-eth: unregister the netdev before disconnecting from
the PHY (git-fixes).
- commit c46c86b
- net: amd-xgbe: disable interrupts during pci removal
(git-fixes).
- commit c2f5c50
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
- commit 1ebdd4d
- net: dsa: lantiq_gswip: don't use devres for mdiobus
(git-fixes).
- commit 93f4a90
- net: dsa: mt7530: fix kernel bug in mdiobus_free() when
unbinding (git-fixes).
- commit 76cc859
- ethtool: Fix get module eeprom fallback (bsc#1201323).
- commit f5666fa
- nvme: wait until quiesce is done (bsc#1201651).
- blk-mq: add one API for waiting until quiesce is done
(bsc#1201651).
- commit d28bf38
- arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes)
Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch
- commit cbc315a
- arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
- commit b3a2425
- blk-mq: fix kabi support concurrent queue quiesce unquiesce
(bsc#1201651).
- commit def3ab7
- net: dsa: felix: don't use devres for mdiobus (git-fixes).
- commit a03978a
- net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes).
- commit 682abc6
- net: dsa: ar9331: register the mdiobus under devres (git-fixes).
- commit 6f8e329
- net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes).
- commit 61ee304
- gve: Recording rx queue before sending to napi (git-fixes).
- commit 6edbff0
- ixgbevf: Require large buffers for build_skb on 82599VF
(git-fixes).
- commit 2479d47
- net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
- commit ea855e1
- net: stmmac: ensure PTP time register reads are consistent
(git-fixes).
- commit 993d341
- net: macsec: Verify that send_sci is on when setting Tx sci
explicitly (git-fixes).
- commit 3b02b3e
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
(git-fixes).
- commit d048544
- net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
- commit 741baff
- blk-mq: support concurrent queue quiesce/unquiesce
(bsc#1201651).
- nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue
is reallocated (bsc#1201651).
- nvme: paring quiesce/unquiesce (bsc#1201651).
- nvme: prepare for pairing quiescing and unquiescing
(bsc#1201651).
- nvme: apply nvme API to quiesce/unquiesce admin queue
(bsc#1201651).
- nvme: add APIs for stopping/starting admin queue (bsc#1201651).
- commit 6f75240
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
(git-fixes).
- commit c68ab05
- be2net: Fix buffer overflow in be_get_module_eeprom
(bsc#1201323).
- commit 46a7cc8
- net: stmmac: properly handle with runtime pm in
stmmac_dvr_remove() (git-fixes).
- commit 904137a
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit fe79137
- Input: i8042 - Apply probe defer to more ASUS ZenBook models
(bsc#1190256).
- commit cf06848
- net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
- commit 92bd067
- net: ieee802154: hwsim: Ensure proper channel selection at
probe time (git-fixes).
- commit 7ae5bdc
- tun: fix bonding active backup with arp monitoring (git-fixes).
- commit cf865a3
- Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635)
- commit eb3d075
- supported.conf: rvu_mbox as supported (jsc#SLE-24682)
- commit f21578a
- blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872
- commit 932b7ef
- blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig
- commit 1fe0fd9
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- commit e2af2db
- kABI workaround for snd-soc-rt5682-* (git-fixes).
- kabi/severities: ignore dropped symbol rt5682_headset_detect
- commit 5e19e6d
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for
unexpected speed request (git-fixes).
- commit 59356c4
- net: amd-xgbe: ensure to reset the tx_timer_active flag
(git-fixes).
- commit 3831453
- net: amd-xgbe: Fix skb data length underflow (git-fixes).
- commit 50d3988
- net: stmmac: skip only stmmac_ptp_register when resume from
suspend (git-fixes).
- commit b59b0a9
- blacklist: added commit e1a4541ec0b9
- commit 7d0447e
- net: stmmac: configure PTP clock source prior to PTP
initialization (git-fixes).
- commit 6cefa9d
- libceph: fix potential use-after-free on linger ping and resends
(bsc#1201596).
- ceph: fix up non-directory creation in SGID directories
(bsc#1201595).
- commit 8aa4851
- net: cpsw: Properly initialise struct page_pool_params
(git-fixes).
- commit d65aa35
- net: sfp: ignore disabled SFP node (git-fixes).
- commit 5b8ce08
- octeontx2-pf: Forward error codes to VF (git-fixes).
- commit 562327e
- octeontx2-af: cn10k: Do not enable RPM loopback for LPC
interfaces (git-fixes).
- commit b549cad
- octeontx2-af: Do not fixup all VF action entries (git-fixes).
- commit dd1aa95
- net: stmmac: dwmac-visconti: Fix clock configuration for RMII
mode (git-fixes).
- commit e3e3f07
- net: stmmac: dwmac-visconti: Fix bit definitions for
ETHER_CLK_SEL (git-fixes).
- commit 1470b40
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(git-fixes).
- commit f842d14
- net/fsl: xgmac_mdio: Add workaround for erratum A-009885
(git-fixes).
- commit 6cf1273
- net: mscc: ocelot: fix using match before it is set (git-fixes).
- commit 78b3f03
- net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into
account (git-fixes).
- commit cfa26bb
- net: axienet: increase default TX ring size to 128 (git-fixes).
- commit d910ea1
- net: axienet: fix for TX busy handling (git-fixes).
- commit 99e0d80
- net: axienet: fix number of TX ring slots for available check
(git-fixes).
- commit 0c7e435
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
- fuse: make sure reclaim doesn't write the inode (bsc#1201592).
- commit 938aae2
- net: axienet: Fix TX ring slot available check (git-fixes).
- commit c151ff3
- net: axienet: limit minimum TX ring size (git-fixes).
- commit 13afdcb
- net: axienet: add missing memory barriers (git-fixes).
- commit d466816
- net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
- commit 7c11a1f
- net: axienet: increase reset timeout (git-fixes).
- commit 5cd6041
- net: sfp: fix high power modules without diagnostic monitoring
(git-fixes).
- commit 8a29229
- net: ethernet: mtk_eth_soc: fix error checking in
mtk_mac_config() (git-fixes).
- commit 7d643fb
- bcmgenet: add WOL IRQ check (git-fixes).
- commit d56437b
- net: ipa: prevent concurrent replenish (git-fixes).
- commit 63abe4d
- net: ipa: use a bitmap for endpoint replenish_enabled
(git-fixes).
- commit 4d71717
- net: ipa: fix atomic update in ipa_endpoint_replenish()
(git-fixes).
- commit f58c0c8
- fsl/fman: Check for null pointer after calling devm_ioremap
(git-fixes).
- commit 2af3cae
- rocker: fix a sleeping in atomic bug (git-fixes).
- commit 75f1355
- kABI workaround for phy_device changes (git-fixes).
- commit 91e246e
- mm: swap: get rid of livelock in swapin readahead (git fixes
(mm/swap)).
- mm: don't try to NUMA-migrate COW pages that have other uses
(git fixes (mm/numa)).
- mm/large system hash: avoid possible NULL deref in
alloc_large_system_hash (git fixes (mm/pgalloc)).
- mm/vmalloc: make sure to dump unpurged areas in
/proc/vmallocinfo (git fixes (mm/vmalloc)).
- mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node()
(git fixes (mm/vmalloc)).
- kasan: fix tag for large allocations when using CONFIG_SLAB
(git fixes (mm/kasan)).
- mm/vmalloc: fix numa spreading for large hash tables (git fixes
(mm/vmalloc)).
- mm/secretmem: avoid letting secretmem_users drop to zero
(git fixes (mm/secretmem)).
- memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT
(git fixes (mm/pgalloc)).
- commit 4d0f0a6
- Update patch metadata and move to sorted section
patches.suse/mm-page_alloc-Do-not-prefetch-buddies-during-bulk-free.patch.
patches.suse/mm-page_alloc-Drain-the-requested-list-first-during-bulk-free.patch.
patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch.
patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch.
patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch.
patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch.
patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch.
- commit 14b9fbe
- usbnet: fix memory leak in error case (git-fixes).
- commit 7372d17
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
- commit 9119799
- rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
- commit 0d8f996
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes)
- commit 3250248
- crypto: testmgr - allow ecdsa-nist in FIPS mode
(jsc#SLE-21132,bsc#1201258).
- commit d8e5343
- blacklist.conf: ffc95a46: CONFIG_SLAB not set in config
- commit d12fa0c
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit 3919bf9
- usb: typec: add missing uevent when partner support PD
(git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- vt: fix memory overlapping when deleting chars in the buffer
(git-fixes).
- wifi: mac80211_hwsim: set virtio device ready in probe()
(git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
(git-fixes).
- sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- commit 2f456a6
- serial: 8250: Fix PM usage_count for console handover
(git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- reset: Fix devm bulk optional exclusive control getter
(git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- Revert "/serial: sc16is7xx: Clear RS485 bits in the shutdown"/
(git-fixes).
- serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
- commit f48404b
- power/reset: arm-versatile: Fix refcount leak in
versatile_reboot_probe (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
(git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
(git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
(git-fixes).
- net: phy: Don't trigger state machine while in suspend
(git-fixes).
- mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
(git-fixes).
- commit 8948cad
- kABI workaround for rtsx_usb (git-fixes).
- commit ea7f901
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is
configured (git-fixes).
- ima: Fix a potential integer overflow in
ima_appraise_measurement (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
(git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
(git-fixes).
- i2c: piix4: Fix a memory leak in the EFCH MMIO support
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- Input: cpcap-pwrbutton - handle errors from platform_get_irq()
(git-fixes).
- commit 41d4678
- efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
(git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
(git-fixes).
- fbcon: Disallow setting font bigger than screen size
(git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- hwmon: (occ) Prevent power cap command overwriting poll response
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(git-fixes).
- hwmon: (occ) Remove sequence numbering and checksum calculation
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
(git-fixes).
- commit 5a5128b
- drm/amd/display: Only use depth 36 bpp linebuffers on DCN
display engines (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
(git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
(git-fixes).
- drm/i915/gvt: IS_ERR() vs NULL bug in
intel_gvt_update_reg_whitelist() (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
(git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector() (git-fixes).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
(git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
correctly (git-fixes).
- dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
- drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (git-fixes).
- drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
- drm/i915: Fix a race between vma / object destruction and
unbinding (git-fixes).
- drm/mediatek: Detect CMDQ execution timeout (git-fixes).
- drm/mediatek: Remove the pointer of struct cmdq_client
(git-fixes).
- drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
(git-fixes).
- drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
- commit d7feb0b
- dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
broken CRC on TBC register (git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
handling for mcp2517fd (git-fixes).
- can: m_can: m_can_chip_config(): actually enable internal
timestamping (git-fixes).
- can: grcan: grcan_probe(): remove extra of_node_get()
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- Revert "/can: xilinx_can: Limit CANFD brp to 2"/ (git-fixes).
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
(git-fixes).
- batman-adv: Use netif_rx() (git-fixes).
- commit ee36772
- ASoC: Intel: Skylake: Correct the handling of fmt_config
flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: tas2764: Fix amp gain register offset & default
(git-fixes).
- ASoC: tas2764: Correct playback volume range (git-fixes).
- ASoC: tas2764: Fix and extend FSYNC polarity handling
(git-fixes).
- ASoC: tas2764: Add post reset delays (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
.set_jack_detect (git-fixes).
- ASoC: rt711-sdca: Add endianness flag in
snd_soc_component_driver (git-fixes).
- commit 46eda4a
- arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
- commit e9387c5
- ASoC: rt5682: Fix deadlock on resume (git-fixes).
- Refresh
patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch.
- commit b58000f
- ASoC: rt5682: Re-detect the combo jack after resuming
(git-fixes).
- Refresh
patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch.
- commit e602e5e
- arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
(git-fixes).
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
(git-fixes).
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
- arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ASoC: rt5682: fix an incorrect NULL check on list iterator
(git-fixes).
- ASoC: rt5682: Avoid the unexpected IRQ event during going to
suspend (git-fixes).
- ASoC: rt5682: move clk related code to rt5682_i2c_probe
(git-fixes).
- commit 9f44c25
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
(git-fixes).
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
- ACPI: video: Fix acpi_video_handles_brightness_key_presses()
(git-fixes).
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable
(git-fixes).
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU
comes out of idle (git-fixes).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
(git-fixes).
- commit 72aed94
- Move upstreamed netfilter and tty patches to sorted section
- commit 9d5e117
- x86/bugs: Remove apostrophe typo (bsc#1190497).
- commit 0e5e638
- Sort in RETbleed backport into the sorted section
Now that it is upstream...
- Refresh
patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh
patches.suse/objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch.
- Refresh
patches.suse/objtool-Treat-.text.__x86.-as-noinstr.patch.
- Refresh patches.suse/objtool-Update-Retpoline-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-ftrace-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch.
- Refresh patches.suse/x86-objtool-Create-.return_sites.patch.
- Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch.
- Refresh
patches.suse/x86-retpoline-Swizzle-retpoline-thunk.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
patches.suse/x86-speculation-Fix-RSB-filling-with-CONFIG_RETPOLINE-n.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-static_call-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit cc67fa3
- kABI: fix adding field to ufs_hba (git-fixes).
- kABI: fix adding field to scsi_device (git-fixes).
- scsi: iscsi: Exclude zero from the endpoint ID range
(git-fixes).
- scsi: scsi_debug: Fix zone transition to full condition
(git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
- scsi: ufs: Fix runtime PM messages never-ending cycle
(git-fixes).
- scsi: core: sd: Add silence_suspend flag to suppress some PM
messages (git-fixes).
- scsi: ufs: Fix a deadlock in the error handler (git-fixes).
- scsi: ufs: Remove dead code (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
(git-fixes).
- scsi: scsi_debug: Don't call kcalloc() if size arg is zero
(git-fixes).
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
(git-fixes).
- scsi: lpfc: Fix mailbox command failure during driver
initialization (git-fixes).
- commit fb67102
- perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability
attribute (jsc#SLE-24578).
- commit 9992992
- perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
- commit 3de312d
- perf/amd/ibs: Use ->is_visible callback for dynamic attributes
(jsc#SLE-24578).
- commit 1a42a36
- perf/amd/ibs: Cascade pmu init functions' return value
(jsc#SLE-24578).
- commit 82fef3c
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
- commit 3585cf1
- kabi/severities: add stmmac network driver local symbols
- commit 832dcf3
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit 1871bcf
- veth: Do not record rx queue hint in veth_xmit (git-fixes).
- commit 4e81b53
- net: ethernet: mtk_eth_soc: fix return values and refactor
MDIO ops (git-fixes).
- commit 89745b1
- net: stmmac: Add platform level debug register dump feature
(git-fixes).
- commit 1f1e295
- fsl/fman: Fix missing put_device() call in fman_port_probe
(git-fixes).
- commit 1ea5bd4
- net: lantiq_xrx200: fix statistics of received bytes
(git-fixes).
- commit 21661cb
- net: ag71xx: Fix a potential double free in error handling paths
(git-fixes).
- commit bdd4068
- net: stmmac: dwmac-visconti: Fix value of
ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes).
- commit 100c8d7
- net: stmmac: ptp: fix potentially overflowing expression
(git-fixes).
- commit c8a3960
- veth: ensure skb entering GRO are not cloned (git-fixes).
- commit de7c3ec
- net: ks8851: Check for error irq (git-fixes).
- commit c6aa897
- drivers: net: smc911x: Check for error irq (git-fixes).
- commit 76302d7
- fjes: Check for error irq (git-fixes).
- commit 3518c05
- net: marvell: prestera: fix incorrect return of port_find
(git-fixes).
- commit caea254
- net: systemport: Add global locking for descriptor lifecycle
(git-fixes).
- commit ca205ab
- net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
(git-fixes).
- commit d928a50
- net: stmmac: fix tc flower deletion for VLAN priority Rx
steering (git-fixes).
- commit c13727a
- netdevsim: don't overwrite read only ethtool parms (git-fixes).
- commit e49332e
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- commit 14806b1
- net: mvpp2: fix XDP rx queues registering (git-fixes).
- commit 785d73e
- net: fec: only clear interrupt of handling queue in
fec_enet_rx_queue() (git-fixes).
- commit e300fac
- net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
- commit 1aeafc7
- qede: validate non LSO skb length (git-fixes).
- commit a6a6f45
- net: altera: set a couple error code in probe() (git-fixes).
- commit 4b6f9c2
- net: bcm4908: Handle dma_set_coherent_mask error codes
(git-fixes).
- commit 57e402c
- net: annotate data-races on txq->xmit_lock_owner (git-fixes).
- commit 823f883
- octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
- commit ab94872
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf
dev xmit (git-fixes).
- commit eb079a6
- natsemi: xtensa: fix section mismatch warnings (git-fixes).
- commit dbb5264
- dpaa2-eth: destroy workqueue at the end of remove function
(git-fixes).
- commit 1aeeaf7
- net: marvell: mvpp2: Fix the computation of shared CPUs
(git-fixes).
- commit f25bb21
- Remove Half duplex mode speed capabilities (git-fixes).
- commit 92878dd
- net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header
support (git-fixes).
- commit de8c06a
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
(git-fixes).
- commit a6567bd
- net: phylink: Force retrigger in case of latched link-fail
indicator (git-fixes).
- commit 6d547bd
- net: phylink: Force link down and retrigger resolve on interface
change (git-fixes).
- commit 4e89e84
- gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
- commit 6cf809d
- gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
- commit f025bf7
- dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
- commit f8d4262
- spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
- commit e187f9a
- spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
- commit f0be9d3
- spi: tegra210-quad: add acpi support (jsc#SLE-24570)
- commit 55e4b0b
- spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
- commit 45eae59
- spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
- commit 3f5e1a3
- spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
- commit 58f5e5f
- i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
- commit 47fa6c7
- i2c: tegra: Add the ACPI support (jsc#SLE-24569)
- commit d323c6e
- i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
- commit 3dd00f6
- i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
- commit 3c0a341
- docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
- commit 6cd5dd2
- device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
- commit cd979cf
- crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
- hwrng: cavium - fix NULL but dereferenced coccicheck error
(jsc#SLE-24682).
- crypto: octeontx2 - add synchronization between mailbox accesses
(jsc#SLE-24682).
- crypto: octeontx2 - increase CPT HW instruction queue length
(jsc#SLE-24682).
- crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
- crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- arm64: Add cavium_erratum_23154_cpus missing sentinel
(jsc#SLE-24682).
- irqchip/gic-v3: Workaround Marvell erratum 38545 when reading
IAR (jsc#SLE-24682).
- crypto: octeontx2 - Avoid stack variable overflow
(jsc#SLE-24682).
- crypto: octeontx2 - out of bounds access in
otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
- crypto: octeontx2 - Use swap() instead of swap_engines()
(jsc#SLE-24682).
- crypto: octeontx2 - parameters for custom engine groups
(jsc#SLE-24682).
- crypto: octeontx2 - add apis for custom engine groups
(jsc#SLE-24682).
- crypto: octeontx2 - use swap() to make code cleaner
(jsc#SLE-24682).
- commit e64c29a
- crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
- commit 755232f
- supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682)
Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
- commit 2c9f726
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 0702138
- kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569).
kABI fix for "/i2c: smbus: Use device_*() functions instead of of_*()"/
- commit d0b5048
- ldb
-
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
changes for ldb-2.4.4.
+ CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
+ CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
+ CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
+ Fix build problems, waf produces incorrect names for python
extensions; (bso#15071);
- libqt5-qtbase
-
- Add patch to fix some HTTP/2 communication (boo#1200715, kde#455540):
* 0001-H2-remove-a-rather-useless-limit-on-the-number-of-st.patch
- Add mitigate-FORTIFY_SOURCE-3.patch that should mitigate
new -D_FORTIFY_SOURCE=3 level as analyzed in GCC bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105078.
- libtirpc
-
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
- add 0001-fix-parms.r_addr-memory-leak.patch
- libxml2
-
- Update to 2.9.14:
* Security:
+ [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
+ Fix potential double-free in xmlXPtrStringRangeFunction
+ Fix memory leak in xmlFindCharEncodingHandler
+ Normalize XPath strings in-place
+ Prevent integer-overflow in htmlSkipBlankChars() and
xmlSkipBlankChars()
+ Fix leak of xmlElementContent
* Bug fixes:
+ Fix parsing of subtracted regex character classes
+ Fix recursion check in xinclude.c
+ Reset last error in xmlCleanupGlobals
+ Fix certain combinations of regex range quantifiers
+ Fix range quantifier on subregex
* Improvements:
+ Fix recovery from invalid HTML start tags
* Build system, portability:
+ Define LFS macros before including system headers
+ Initialize XPath floating-point globals
+ configure: check for icu DEFS
+ configure.ac: produce tar.xz only (GNOME policy)
+ CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
+ Fix build with older Python versions
+ Fix --without-valid build
- Build python bindings in a 2nd run, using multibuild: otherwise,
libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
to bootstrap.
- Update to version 2.9.13:
* Security fixes:
+ [CVE-2022-23308] Use-after-free of ID and IDREF attributes
(boo#1196490);
+ Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others:
+ xmllint's --maxmem option should work as expected now;
+ xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.
- The full Libxml2 2.9.13 NEWS can be found here:
https://download.gnome.org/sources/libxml2/2.9/+ libxml2-2.9.13.news.
- Replace version-release macros in all 3 Obsoletes tag with
plain 2.9.13 to avoid unwanted behaviors in the future.
- Remove dropped upstream AUTHORS file from list of files to be
installed in the documentation location with 'cp' command.
- Update http://xmlsoft.org URL tag to Libxml2's new web home:
https://gitlab.gnome.org/GNOME/libxml2.
- Update ftp://xmlsoft.org Source tag to Libxml2's new download
host: https://download.gnome.org.
- Drop deprecated Python-2-related macro definitions/conditional
statement from spec file.
- Drop merged upstream patches:
libxml2-fix-lxml-corrupted-subtree-structures.patch;
libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
- Drop libxml2.keyring source file as the new download host doesn't
offer GPG signatures.
- Use ldconfig_scriptlets macro for post(un) handling.
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
- Security fix: [bsc#1185698, CVE-2021-3537]
decompression (boo#1088279 boo#1105166).
(boo#1102046).
- libyajl
-
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
- libzypp
-
- Add PoolItem::statusReinit to reset the status it's initial
state in the ResPool (might help bsc#1199895)
This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
(bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
This commit removes the MediaNetwork tech preview and all related
code. First reason for this is that MediaNetwork was just meant
as a way to test the new CURL based downloader and second: since
the Provide API is going to completely replace the current media
backend it would be extra work to ensure that changes on the
Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
- appdata plugin: Pass path to the repodata/ directory inside the
cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
solvable. May happen if (wrong arch) solvables were removed
at the beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
(fixes #388)
- version 17.30.1 (22)
- lvm2
-
- lvm reports udev database has incomplete information on devices (bsc#1202011)
+ bug-1202011_vgchange-monitor-don-t-use-udev-info.patch
- mozilla-nss
-
- update to NSS 3.79.1 (bsc#1202645)
* bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1759794 - protect SFTKSlot needLogin with slotLock.
* bmo#1760998 - avoid data race on primary password change.
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
rest of the DSA ciphers, keeping signature verification only
(bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI.
- Remove upstreamed patches:
* nss-fips-version-indicators.patch
* nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
- bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- bmo#1766907 - Update mercurial in clang-format docker image.
- bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- bmo#1764788 - Correct invalid record inner and outer content type alerts.
- bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
bmo#1763120 - Add ECH Grease Support to tstclnt
bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
* Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
(bmo#1767590)
- Update nss-fips-constructor-self-tests.patch to scan
LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
test certificate creation and disables the library checksum
validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- ncurses
-
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- open-iscsi
-
- Modify SPEC file so systemd unit files are mode 644 (not 755)
(bsc#1200570)
- For Tumbleweed, moved logrotate files from user-specific
directory /etc/logrotate.d to vendor-specific
/usr/etc/logrotate.d
(for Stefan Schubert <schubi@suse.com>)
- openldap2
-
- bsc#1198341 - Prevent memory reuse which may lead to instability
* 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- pcre2
-
- Added pcre2-bsc1199235-CVE-2022-1587.patch
* CVE-2022-1587 / bsc#1199235
* Fix out-of-bounds read due to bug in recursions
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- perl
-
- fix File::Path rmtree/remove_tree race condition
[bnc#1047178] [CVE-2017-6512]
new patch: perl-file_path_rmtree_fchmod.diff
- perl-HTTP-Daemon
-
- Fix request smuggling in HTTP::Daemon
(CVE-2022-31081, bsc#1201157)
* CVE-2022-31081.patch
* CVE-2022-31081-2.patch
* CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
- permissions
-
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
- Update to version 20201225:
* apptainer: fix starter-suid location (bsc#1198720)
- Update to version 20201225:
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
- Update to version 20201225:
- procps
-
- Add the patches
* procps-3.3.17-library-bsc1181475.patch
* procps-3.3.17-top-bsc1181475.patch
which are backports of current newlib tree to solve bug bsc#1181475
* 'free' command reports misleading "/used"/ value
- python-M2Crypto
-
- update CVE-2020-25657-Bleichenbacher-attack.patch to actually
contain the fix rather than just being empty (CVE-2020-25657,
bsc#1178829)
- python-lxml
-
- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)
- python-parallax
-
- Don't use ssh if command running on local (bsc#1200833)
Add patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
- python-py
-
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
* Fix a regular expression DoS vulnerability in the py.path.svnwc
SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
* Add type annotation stubs
- python-pyOpenSSL
-
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
before calling OpenSSL (gh#pyca/pyopenssl#1056).
- update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
upcoming release of ``cryptography`` without raising deprecation warnings.
- python-pytz
-
- update to 2022.1
* matches tzdata 2022a
* declare python 3.10 compatibility
- update to 2021.3
* matches tzdata 2021c
- regionServiceClientConfigEC2
-
- Update to version 4.1.0 (bsc#1203215)
+ New certs for 52.79.82.165 and 54.247.166.75
- rsync
-
- Security fix: [bsc#1201840, CVE-2022-29154]
* arbitrary file write vulnerability via do_server_recv function
* Added patch rsync-rsync-CVE-2022-29154.patch
- rsyslog
-
- fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
* add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- rubygem-kramdown
-
- security update
- added patches
fix CVE-2020-14001 [bsc#1174297], processing template options inside documents allows unintended read access or embedded Ruby code execution
+ rubygem-kramdown-CVE-2020-14001.patch
- rubygem-rails-html-sanitizer
-
- Add patch 0001_CVE-2022-32209.patch
This patch fixes CVE-2022-32209 (bsc#1201183)
- rubygem-tzinfo
-
- security update
- added patches
fix CVE-2022-31163 [bsc#1201835], Relative path traversal vulnerability allows TZInfo::Timezone.get to load arbitrary files
+ rubygem-tzinfo-CVE-2022-31163.patch
- salt
-
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Added:
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
* save-log-to-logfile-with-docker.build.patch
* add-support-for-gpgautoimport-539.patch
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* normalize-package-names-once-with-pkg.installed-remo.patch
* use-salt-bundle-in-dockermod.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- samba
-
- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
(bso#14833); (bsc#1202803);
- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).
- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
- sg3_utils
-
- Update to version 1.47+5.d13bc56:
* rescan-scsi-bus.sh: add timeout parameter (bsc#1199248)
- supportutils-plugin-ha-sap
-
- Update to version 0.0.3+git.1659022100.39bfcd6:
* Update README.md
* Replace spaces to tabs.
* Search for other groups too.
* Include /etc/group in plugin-ha_sap.txt (bsc#1201831)
* Update ha_sap
* Update pacemaker.log location change
* suppress link path in Readme.md
* add section 'Additional information' to the Readme.md
* change release status of the project
* Update README.md
* Update ha_sap
- sysconfig
-
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
- systemd
-
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one
pointing to /usr/lib/systemd/ (bsc#1201795)
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
To decrease log level of messages about use of KillMode=none from warning to
debug. SAP still uses this deprecated option and the warnings emitted by PID1
confuse both SAP customers and support.
- Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0
- Import commit 4949659dd6ce81845e13034504fe06b85a02f08b
0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent
82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- systemd-presets-common-SUSE
-
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter "/user"/, the save/apply-changes commands now
work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (boo#1200485)
- tar
-
- bsc1200657.patch was previously incomplete leading to deadlocks
* bsc#1202436
* bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- tiff
-
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174]
+ tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
- security update
- tigervnc
-
- U_Handle-pending-data-in-TLS-buffers.patch
* Vncclient wasn't refreshing screen correctly due to an issue on
TLS stream buffers.
* bsc#1199477
- timezone
-
- Update to reflect new Chile DST change, bsc#1202310
* bsc1202310.patch
- util-linux
-
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- util-linux-systemd
-
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- vim
-
- Updated to version 9.0 with patch level 0313, fixes the following problems
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
- xen
-
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- yaml-cpp
-
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol
from the old ABI to prevent ABI breakage and crash of
applications compiled with 0.6.1 (bsc#1200624, bsc#1178332,
bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch).
- yast2-registration
-
- Do not crash when cloning an unregistered system with
additional repositories (bsc#1200035).
- 4.4.22
- yast2-sap-ha
-
- YaST2 sap_ha tool does not allow digits at the beginning of site names
(bsc#1200427)
- 1.0.15
- Introduce a new function refresh_all_proposals.
This reads the proposal for the modules watchdog and fence.
This is neccessary when reading an earlier configuration.
- Use .gsub instead of File.basename to find all modules files.
Replace tab with spaces.
(bsc#1197290)
- 1.0.14
- system/watchdog.rb searches watchdog modules with .ko extension
but we ship .ko.xz (bsc#1197290)
- 1.0.13
- softdog missing in Yast while configuring HA for SAP Products
(bsc#1199029)
- 1.0.12
- kmod-compat has broken dependencies (bsc#1186618)
Update requirement
- 1.0.11
- "/SUSE SAP HA Yast wizard for HANA doesn´t configure the HANA hooks.
(bsc#1190774)
Add SAPHanaSR via global.ini as proposed in
https://documentation.suse.com/sbp/all/html/SLES4SAP-hana-sr-guide-PerfOpt-15/index.html#id-1.10.6.6"/
- 1.0.10
- bsc#1158843 hana-*: Broken gettext support
- 1.0.9
- yast2-storage-ng
-
- Partitioner: Allow min chunk size of 4 KiB (page size) for RAID0 /
RAID10 (bsc#1200018)
- 4.4.40
- Mark properly help text in tmpfs widget for localization
(bsc#1198192)
- 4.4.39
- Fix empty help in some Partitioner dialogs (bsc#1194274)
- 4.4.38
- Fix fstab entry filesystem matching allowing the use of quotes
surrounding the device UUID or label (bsc#1197692)
- 4.4.37
- zlib
-
- Fix heap-based buffer over-read or buffer overflow in inflate via
large gzip header extra field (bsc#1202175, CVE-2022-37434,
CVE-2022-37434-extra-header-1.patch,
CVE-2022-37434-extra-header-2.patch).
- zypper
-
- lr: Allow shortening the Name column if table is wider than the
terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
(bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
resolve argument.
- zypper-download: Handle unresolvable arguments as error.
This commit changes zypper-download such that it behaves more
consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53