- audit
-
- Enable livepatching on main library on x86_64.
- audit-secondary
-
- Check for AF_UNIX unnamed sockets (bsc#1210004)
* add check-for-AF_UNIX-unnamed-sockets.patch
- cloud-regionsrv-client
-
- Update to version 10.1.2 (bsc#1211282)
+ Properly handle Ipv6 when checking update server responsiveness. If not
available fall back and use IPv4 information
+ Use systemd_ordered to allow use in a container without pulling systemd
into the container as a requirement
- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
+ Clean up the system if baseproduct registraion fails to leave the
system in prestine state
+ Log when the registercloudguest command is invoked with --clean
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
- Removes a warning about system_token entry present in the credentials
file.
- Adds logrotate configuration for log rotation.
- containerd
-
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
(bsc#1210298)
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.20>
- curl
-
- Security fix: [bsc#1213237, CVE-2023-32001]
* fopen race condition: libcurl can be told to save cookie,
HSTS and/or alt-svc data to files. When doing this, it
called 'stat()' followed by 'fopen()' in a way that made
it vulnerable to a TOCTOU race condition problem.
* Add curl-CVE-2023-32001.patch
- Security fixes:
* [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
fingerprint check.
- Add curl-CVE-2023-28319.patch
* [bsc#1211231, CVE-2023-28320] siglongjmp race condition
- Add curl-CVE-2023-28320.patch
* [bsc#1211232, CVE-2023-28321] IDN wildcard matching
- Add curl-CVE-2023-28321.patch
* [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
- Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
* Rebase curl-secure-getenv.patch
* Remove patches fixed in the update:
- curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
- curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
- curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
- curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
- curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
- curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
- curl-CVE-2022-27774-disabletest-1568.patch
- curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
- curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
- curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
- curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
- curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
- curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
* Bugfixes:
- fix crash in curl_easy_cleanup
- Update to 8.0.0:
* Security fixes:
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
- HSTS double-free [bsc#1209213, CVE-2023-27537]
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
* Changes:
- build: remove support for curl_off_t < 8 bytes
* Bugfixes:
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
- BINDINGS: add Fortran binding
- cf-socket: use port 80 when resolving name for local bind
- cookie: don't load cookies again when flushing
- curl_path: create the new path with dynbuf
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
- ftp: active mode with SSL, add the filter
- hostip: avoid sscanf and extra buffer copies
- http2: fix for http2-prior-knowledge when reusing connections
- http2: fix handling of RST and GOAWAY to recognize partial transfers
- http: don't send 100-continue for short PUT requests
- http: fix unix domain socket use in https connects
- libssh: use dynbuf instead of realloc
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
- sectransp: make read_cert() use a dynbuf when loading
- telnet: only accept option arguments in ascii
- telnet: parse telnet options without sscanf
- url: fix the SSH connection reuse check
- url: only reuse connections with same GSS delegation
- urlapi: '%' is illegal in host names
- ws: keep the socket non-blocking
* Rebase libcurl-ocloexec.patch
- Update to 7.88.1:
* Bugfix release
- Drop upstreamed patch:
* curl-fix-uninitialized-value-in-tests.patch
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
[bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
* Security fixes:
- CVE-2023-23914: HSTS ignored on multiple requests
- CVE-2023-23915: HSTS amnesia with --parallel
- CVE-2023-23916: HTTP multi-header compression denial of service
* Changes:
- curl.h: add CURL_HTTP_VERSION_3ONLY
- share: add sharing of HSTS cache among handles
- src: add --http3-only
- tool_operate: share HSTS between handles
- urlapi: add CURLU_PUNYCODE
- writeout: add %{certs} and %{num_certs}
* Bugfixes:
- cf-socket: keep sockaddr local in the socket filters
- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
- curl.h: allow up to 10M buffer size
- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
- curl/websockets.h: extend the websocket frame struct
- curl: output warning at --verbose output for debug-enabled version
- curl_free.3: fix return type of `curl_free`
- curl_log: for failf/infof and debug logging implementations
- dict: URL decode the entire path always
- docs/DEPRECATE.md: deprecate gskit
- easyoptions: fix header printing in generation script
- haxproxy: send before TLS handhshake
- hsts.d: explain hsts more
- hsts: handle adding the same host name again
- HTTP/[23]: continue upload when state.drain is set
- http: decode transfer encoding first
- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
- http_proxy: do not assign data->req.p.http use local copy
- lib: connect/h2/h3 refactor
- libssh2: try sha2 algos for hostkey methods
- md4: fix build with GnuTLS + OpenSSL v1
- ngtcp2: replace removed define and stop using removed function
- noproxy: support for space-separated names is deprecated
- nss: implement data_pending method
- openldap: fix missing sasl symbols at build in specific configs
- openssl: adapt to boringssl's error code type
- openssl: don't ignore CA paths when using Windows CA store (redux)
- openssl: don't log raw record headers
- openssl: make the BIO_METHOD a local variable in the connection filter
- openssl: only use CA_BLOB if verifying peer
- openssl: remove attached easy handles from SSL instances
- openssl: store the CA after first send (ClientHello)
- setopt: use >, not >=, when checking if uarg is larger than uint-max
- smb: return error on upload without size
- socketpair: allow localhost MITM sniffers
- strdup: name it Curl_strdup
- tool_getparam: fix hiding of command line secrets
- tool_operate: fix error codes on bad URL & OOM
- tool_operate: repair --rate
- transfer: break the read loop when RECV is cleared
- typecheck: accept expressions for option/info parameters
- urlapi: avoid Curl_dyn_addf() for hex outputs
- urlapi: skip path checks if path is just "//"/
- urlapi: skip the extra dedotdot alloc if no dot in path
- urldata: cease storing TLS auth type
- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
- urldata: make set.http200aliases conditional on HTTP being present
- urldata: move the cookefilelist to the 'set' struct
- urldata: remove unused struct fields, made more conditional
- vquic: stabilization and improvements
- vtls: fix hostname handling in filters
- vtls: manage current easy handle in nested cfilter calls
- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
* Rebase libcurl-ocloexec.patch
* Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
- runtests: fix "/uninitialized value $port"/
- Add curl-fix-uninitialized-value-in-tests.patch
- Update to 7.87.0:
* Security fixes:
- CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
- CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
* Changes
- curl: add --url-query
- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
- openssl: reduce CA certificate bundle reparsing by caching
- version: add a feature names array to curl_version_info_data
* Bugfixes
- altsvc: fix rejection of negative port numbers
- aws_sigv4: consult x-%s-content-sha256 for payload hash
- aws_sigv4: fix typos in aws_sigv4.c
- base64: better alloc size
- base64: encode without using snprintf
- base64: faster base64 decoding
- build: assume assert.h is always available
- build: assume errno.h is always available
- c-hyper: CONNECT respones are not server responses
- c-hyper: fix multi-request mechanism
- CI: Change FreeBSD image from 12.3 to 12.4
- CI: LGTM.com will be shut down in December 2022
- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
- cmake: check for cross-compile, not for toolchain
- CMake: fix build with `CURL_USE_GSSAPI`
- cmake: really enable warnings with clang
- cmake: set the soname on the shared library
- cmdline-opts/gen.pl: fix the linkifier
- cmdline-opts/page-footer: remove long option nroff formatting
- config-mac: define HAVE_SYS_IOCTL_H
- config-mac: fix typo: size_T -> size_t
- config-mac: remove HAVE_SYS_SELECT_H
- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
- configure: require fork for NTLM-WB
- contributors.sh: actually use $CURLWWW instead of just setting it
- cookie: compare cookie prefixes case insensitively
- cookie: expire cookies at once when max-age is negative
- cookie: open cookie jar as a binary file
- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
- curl-rustls.m4: on macOS, rustls also needs the Security framework
- curl.h: include <sys/select.h> on SerenityOS
- curl.h: name all public function parameters
- curl.h: reword comment to not use deprecated option
- curl: override the numeric locale and set "/C"/ by force
- curl: timeout in the read callback
- curl_endian: remove Curl_write64_le from header
- curl_get_line: allow last line without newline char
- curl_path: do not add '/' if homedir ends with one
- curl_url_get.3: remove spurious backtick
- curl_url_set.3: document CURLU_DISALLOW_USER
- curl_url_set.3: fix typo
- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
- CURLOPT_COOKIEFILE.3: advice => advise
- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "/raw"/
- CURLOPT_POST.3: Explain setting to 0 changes request type
- docs/curl_ws_send: Fixed typo in websocket docs
- docs/EARLY-RELEASE.md: how to determine an early release
- docs/examples: spell correction ('Retrieve')
- docs/INSTALL.md: expand on static builds
- docs/WEBSOCKET.md: explain the URL use
- docs: add missing parameters for --retry flag
- docs: add more "/SEE ALSO"/ links to CA related pages
- docs: explain the noproxy CIDR notation support
- docs: extend the dump-header documentation
- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
- examples/10-at-a-time: fix possible skipped final transfers
- examples: update descriptions
- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
- GHA: clarify workflows permissions, set least possible privilege
- GHA: NSS use clang instead of clang-9
- gnutls: use common gnutls init and verify code for ngtcp2
- headers: add endif comments
- HTTP-COOKIES.md: mention that http://localhost is a secure context
- HTTP-COOKIES.md: update the 6265bis link to draft-11
- http: do not send PROXY more than once
- http: fix the ::1 comparison for IPv6 localhost for cookies
- http: set 'this_is_a_follow' in the Location: logic
- http: use the IDN decoded name in HSTS checks
- hyper: classify headers as CONNECT and 1XX
- hyper: fix handling of hyper_task's when reusing the same address
- idn: remove Curl_win32_ascii_to_idn
- INSTALL: update operating systems and CPU archs
- KNOWN_BUGS: remove eight entries
- lib1560: add some basic IDN host name tests
- lib: connection filters (cfilter) addition to curl:
- lib: feature deprecation warnings in gcc >= 4.3
- lib: fix some type mismatches and remove unneeded typecasts
- lib: parse numbers with fixed known base 10
- lib: remove bad set.opt_no_body assignments
- lib: rewind BEFORE request instead of AFTER previous
- lib: sync guard for Curl_getaddrinfo_ex() definition and use
- lib: use size_t or int etc instead of longs
- libcurl-errors.3: remove duplicate word
- libssh2: return error when ssh_hostkeyfunc returns error
- limit-rate.d: see also --rate
- log2changes.pl: wrap long lines at 80 columns
- Makefile.mk: address minor issues
- Makefile.mk: improve a GNU Make hack
- Makefile.mk: portable Makefile.m32
- maketgz: set the right version in lib/libcurl.plist
- mime: relax easy/mime structures binding
- misc: Fix incorrect spelling
- misc: remove duplicated include files
- misc: typo and grammar fixes
- negtelnetserver.py: have it call its close() method
- netrc.d: provide mutext info
- netware: remove leftover traces
- noproxy: also match with adjacent comma
- noproxy: guard against empty hostnames in noproxy check
- noproxy: tailmatch like in 7.85.0 and earlier
- nroff-scan.pl: detect double highlights
- ntlm: improve comment for encrypt_des
- ntlm: silence ubsan warning about copying from null target_info pointer
- openssl/mbedtls: use %d for outputing port with failf (int)
- openssl: prefix errors with '[lib]/[version]: '
- os400: use platform socklen_t in Curl_getnameinfo_a
- page-header: grammar improvement (display transfer rate)
- proxy: refactor haproxy protocol handling as connection filter
- README.md: remove badges and xmas-tree garnish
- rtsp: fix RTSP auth
- runtests: --no-debuginfod now disables DEBUGINFOD_URLS
- runtests: do CRLF replacements per section only
- scripts/checksrc.pl: detect duplicated include files
- sendf: change Curl_read_plain to wrap Curl_recv_plain
- sendf: remove unnecessary if condition
- setup: do not require __MRC__ defined for Mac OS 9 builds
- smb/telnet: do not free the protocol struct in *_done()
- socks: fix username max size is 255 (0xFF)
- spellcheck.words: remove 'github' as an accepted word
- ssl-reqd.d: clarify that this is for upgrading connections only
- strcase: use curl_str(n)equal for case insensitive matches
- styled-output.d: this option does not work on Windows
- system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
- system.h: support 64-bit curl_off_t for NonStop 32-bit
- test1421: fix typo
- test3026: reduce runtime in legacy mingw builds
- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
- tests: add authorityInfoAccess to generated certs
- tests: add HTTP/3 test case, custom location for proper nghttpx
- tls: backends use connection filters for IO, enabling HTTPS-proxy
- tool: determine the correct fopen option for -D
- tool_cfgable: free the ssl_ec_curves on exit
- tool_cfgable: make socks5_gssapi_nec a boolean
- tool_formparse: avoid clobbering on function params
- tool_getparam: make --no-get work as the opposite of --get
- tool_operate: provide better errmsg for -G with bad URL
- tool_operate: when aborting, make sure there is a non-NULL error buffer
- tool_paramhlp: free the proto strings on exit
- url: move back the IDN conversion of proxy names
- urlapi: reject more bad letters from the host name: &+()
- urldata: change port num storage to int and unsigned short
- vms: remove SIZEOF_SHORT
- vtls: fix build without proxy support
- vtls: localization of state data in filters
- WEBSOCKET.md: fix broken link
- Websocket: fixes for partial frames and buffer updates
- websockets: fix handling of partial frames
- windows: fail early with a missing windres in autotools
- windows: fix linking .rc to shared curl with autotools
- winidn: drop WANT_IDN_PROTOTYPES
- ws: if no connection is around, return error
- ws: return CURLE_NOT_BUILT_IN when websockets not built in
- x509asn1: avoid freeing unallocated pointers
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
a bandaid. Curl's 7.86.0 release introduces the use of
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
introduced by nghttp2 1.50.0 release, without introducing a check
for the function/right version in their build scripts. This will
make Zypper/cURL unusable in some corner cases where users
installing something that requires libcurl4 before doing full
system upgrade, thus updating the cURL stack, but not
libnghttp2's. Background: boo#1204983, Factory mailing list
threadd:
"/? broken dependency in curl and/or *zyp* ?"/, and forums thread:
Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
- Update to 7.86.0:
* Security fixes:
- POST following PUT confusion [bsc#1204383, CVE-2022-32221]
- .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
- HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
- HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
* Changes:
- NPN: remove support for and use of
- Websockets: initial support
* Bugfixes:
- altsvc: reject bad port numbers
- autotools: reduce brute-force when detecting recv/send arg list
- aws_sigv4: fix header computation
- cli tool: do not use disabled protocols
- connect: change verbose IPv6 address:port to [address]:port
- connect: fix builds without AF_INET6
- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
- connect: fix the wrong error message on connect failures
- content_encoding: use writer struct subclasses for different encodings
- cookie: reject cookie names or content with TAB characters
- curl/add_file_name_to_url: use the libcurl URL parser
- curl/get_url_file_name: use libcurl URL parser
- curl: warn for --ssl use, considered insecure
- docs/libcurl/symbols-in-versions: add several missing symbols
- ftp: ignore a 550 response to MDTM
- functypes: provide the recv and send arg and return types
- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
- header: define public API functions as extern c
- headers: reset the requests counter at transfer start
- hostip: guard PF_INET6 use
- hostip: lazily wait to figure out if IPv6 works until needed
- http, vauth: always provide Curl_allow_auth_to_host() functionality
- http2: make nghttp2 less picky about field whitespace
- http: try parsing Retry-After: as a number first
- http_proxy: restore the protocol pointer on error
- lib: add missing limits.h includes
- lib: prepare the incoming of additional protocols
- lib: sanitize conditional exclusion around MIME
- libssh: if sftp_init fails, don't get the sftp error code
- mprintf: reject two kinds of precision for the same argument
- mqtt: return error for too long topic
- netrc: compare user name case sensitively
- netrc: replace fgets with Curl_get_line
- netrc: use the URL-decoded user
- ngtcp2: fix build errors due to changes in ngtcp2 library
- noproxy: support proxies specified using cidr notation
- openssl: make certinfo available for QUIC
- resolve: make forced IPv4 resolve only use A queries
- schannel: ban server ALPN change during recv renegotiation
- schannel: don't reset recv/send function pointers on renegotiation
- schannel: when importing PFX, disable key persistence
- setopt: use the handler table for protocol name to number conversions
- setopt: when POST is set, reset the 'upload' field
- single_transfer: use the libcurl URL parser when appending query parts
- smb: replace CURL_WIN32 with WIN32
- tool: avoid generating ambiguous escaped characters in --libcurl
- tool_main: exit at once if out of file descriptors
- tool_operate: more transfer cleanup after parallel transfer fail
- tool_operate: prevent over-queuing in parallel mode
- tool_paramhelp: asserts verify maximum sizes for string loading
- tool_xattr: save the original URL, not the final redirected one
- url: a zero-length userinfo part in the URL is still a (blank) user
- url: allow non-HTTPS HSTS-matching for debug builds
- url: rename function due to name-clash in Watt-32
- url: use IDN decoded names for HSTS checks
- urlapi: detect scheme better when not guessing
- urlapi: fix parsing URL without slash with CURLU_URLENCODE
- urlapi: reject more bad characters from the host name field
* Remove patch upstream:
- connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Update connection info when using UNIX socket as endpoint
connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Change the deprecated configure option --enable-hidden-symbols
to the new --enable-symbol-hiding.
- Update to 7.85.0:
* Security fixes: [bsc#1202593, CVE-2022-35252]
- control code in cookie denial of service
* Changes:
- quic: add support via wolfSSL
- schannel: Add TLS 1.3 support
- setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
* Bugfixes:
- asyn-thread: fix socket leak on OOM
- asyn-thread: make getaddrinfo_complete return CURLcode
- base64: base64url encoding has no padding
- configure: fix broken m4 syntax in TLS options
- configure: if asked to use TLS, fail if no TLS lib was detected
- connect: add quic connection information
- connect: set socktype/protocol correctly
- cookie: reject cookies with "/control bytes"/
- cookie: treat a blank domain in Set-Cookie: as non-existing
- curl: output warning when a cookie is dropped due to size
- Curl_close: call Curl_resolver_cancel to avoid memory-leak
- digest: fix memory leak, fix not quoted 'opaque'
- digest: fix missing increment of 'nc' value for auth-int
- digest: pass over leading spaces in qop values
- digest: reject broken header with session protocol but without qop
- doh: use https protocol by default
- easy_lock.h: include sched.h if available to fix build
- easy_lock.h: use __asm__ instead of asm to fix build
- easy_lock: switch to using atomic_int instead of bool
- ftp: use a correct expire ID for timer expiry
- h2h3: fix overriding the 'TE: Trailers' header
- hostip: resolve *.localhost to 127.0.0.1/::1
- HTTP3.md: update to msh3 v0.4.0
- hyper: use wakers for curl pause/resume
- lib3026: reduce the number of threads to 100
- libssh2: make atime/mtime date overflow return error
- libssh2: provide symlink name in SFTP dir listing
- multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
- multi: use larger dns hash table for multi interface
- multi_wait: fix skipping to populate revents for extra_fds
- netrc: Use the password from lines without login
- ngtcp2: Fix build error due to change in nghttp3 prototypes
- ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
- ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
- openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
- openssl: add cert path in error message
- openssl: add details to "/unable to set client certificate"/ error
- openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
- select: do not return fatal error on EINTR from poll()
- sendf: fix paused header writes since after the header API
- sendf: skip storing HTTP headers if HTTP disabled
- url: really use the user provided in the url when netrc entry exists
- url: reject URLs with hostnames longer than 65535 bytes
- url: treat missing usernames in netrc as empty
- urldata: reduce size of several struct fields
- vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
* Remove tests-for-32bit.patch fixed in the update
* Rebase libcurl-ocloexec.patch
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
* Security fixes:
- (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
- (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
- (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
- (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
* Changes:
- curl: add --rate to set max request rate per time unit
- curl: deprecate --random-file and --egd-file
- curl_version_info: add CURL_VERSION_THREADSAFE
- CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
- lib: make curl_global_init() threadsafe when possible
- libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
- opts: deprecate RANDOM_FILE and EGDSOCKET
- socks: support unix sockets for socks proxy
* Bugfixes:
- aws-sigv4: fix potentional NULL pointer arithmetic
- bindlocal: don't use a random port if port number would wrap
- c-hyper: mark status line as status for Curl_client_write()
- ci: avoid `cmake -Hpath`
- CI: bump FreeBSD 13.0 to 13.1
- ci: update github actions
- cmake: add libpsl support
- cmake: do not add libcurl.rc to the static libcurl library
- cmake: enable curl.rc for all Windows targets
- cmake: fix detecting libidn2
- cmake: support adding a suffix to the OS value
- configure: skip libidn2 detection when winidn is used
- configure: use the SED value to invoke sed
- configure: warn about rustls being experimental
- content_encoding: return error on too many compression steps
- cookie: address secure domain overlay
- cookie: apply limits
- copyright.pl: parse and use .reuse/dep5 for skips
- copyright: make repository REUSE compliant
- curl.1: add a few see also --tls-max
- curl.1: mention exit code zero too
- curl: re-enable --no-remote-name
- curl_easy_pause.3: remove explanation of progress function
- curl_getdate.3: document that some illegal dates pass through
- Curl_parsenetrc: don't access local pwbuf outside of scope
- curl_url_set.3: clarify by default using known schemes only
- CURLOPT_ALTSVC.3: document the file format
- CURLOPT_FILETIME.3: fix the protocols this works with
- CURLOPT_HTTPHEADER.3: improve comment in example
- CURLOPT_NETRC.3: document the .netrc file format
- CURLOPT_PORT.3: We discourage using this option
- CURLOPT_RANGE.3: remove ranged upload advice
- digest: added detection of more syntax error in server headers
- digest: tolerate missing "/realm"/
- digest: unquote realm and nonce before processing
- DISABLED: disable 1021 for hyper again
- docs/cmdline-opts: add copyright and license identifier to each file
- docs/CONTRIBUTE.md: document the 'needs-votes' concept
- docs: clarify data replacement policy for MIME API
- doh: remove UNITTEST macro definition
- examples/crawler.c: use the curl license
- examples: remove fopen.c and rtsp.c
- FAQ: Clarify Windows double quote usage
- fopen: add Curl_fopen() for better overwriting of files
- ftp: restore protocol state after http proxy CONNECT
- ftp: when failing to do a secure GSSAPI login, fail hard
- GHA/hyper: enable debug in the build
- gssapi: improve handling of errors from gss_display_status
- gssapi: initialize gss_buffer_desc strings
- headers api: remove EXPERIMENTAL tag
- http2: always debug print stream id in decimal with %u
- http2: reject overly many push-promise headers
- http: restore header folding behavior
- hyper: use 'alt-used'
- krb5: return error properly on decode errors
- lib: make more protocol specific struct fields #ifdefed
- libcurl-security.3: add "/Secrets in memory"/
- libcurl-security.3: document CRLF header injection
- libssh: skip the fake-close when libssh does the right thing
- links: update dead links to the curl-wiki
- log2changes: do not indent empty lines [ci skip]
- macos9: remove partial support
- Makefile.am: fix portability issues
- Makefile.m32: delete obsolete options, improve -On [ci skip]
- Makefile.m32: delete two obsolete OpenSSL options [ci skip]
- Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
- max-time.d: clarify max-time sets max transfer time
- mprintf: ignore clang non-literal format string
- netrc: check %USERPROFILE% as well on Windows
- netrc: support quoted strings
- ngtcp2: allow curl to send larger UDP datagrams
- ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
- ngtcp2: enable Linux GSO
- ngtcp2: extend QUIC transport parameters buffer
- ngtcp2: fix alert_read_func return value
- ngtcp2: fix typo in preprocessor condition
- ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
- ngtcp2: send appropriate connection close error code
- ngtcp2: support boringssl crypto backend
- ngtcp2: use helper funcs to simplify TLS handshake integration
- ntlm: provide a fixed fake host name
- projects: fix third-party SSL library build paths for Visual Studio
- quic: add Curl_quic_idle
- quiche: support ca-fallback
- rand: stop detecting /dev/urandom in cross-builds
- remote-name.d: mention --output-dir
- runtests.pl: add the --repeat parameter to the --help output
- runtests: fix skipping tests not done event-based
- runtests: skip starting the ssh server if user name is lacking
- scripts/copyright.pl: fix the exclusion to not ignore man pages
- sectransp: check for a function defined when __BLOCKS__ is undefined
- select: return error from "/lethal"/ poll/select errors
- server/sws: support spaces in the HTTP request path
- speed-limit/time.d: mention these affect transfers in either direction
- strcase: some optimisations
- test 2081: add a valid reply for the second request
- test 675: add missing CR so the test passes when run through Privoxy
- test414: add the '--resolve' keyword
- test681: verify --no-remote-name
- tests 266, 116 and 1540: add a small write delay
- tests/data/test1501: kill ftp server after slow LIST response
- tests/getpart: fix getpartattr to work with "/data"/ and "/data2"/
- tests/server/sws.c: change the HTTP writedelay unit to milliseconds
- test{440,441,493,977}: add "/HTTP proxy"/ keywords
- tool_getparam: fix --parallel-max maximum value constraint
- tool_operate: make sure --fail-with-body works with --retry
- transfer: fix potential NULL pointer dereference
- transfer: maintain --path-as-is after redirects
- transfer: upload performance; avoid tiny send
- url: free old conn better on reuse
- url: remove redundant #ifdefs in allocate_conn()
- url: URL encode the path when extracted, if spaces were set
- urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
- urlapi: support CURLU_URLENCODE for curl_url_get()
- urldata: reduce size of a few struct fields
- urldata: remove three unused booleans from struct UserDefined
- urldata: store tcp_keepidle and tcp_keepintvl as ints
- version: allow stricmp() for sorting the feature list
- vtls: make curl_global_sslset thread-safe
- wolfssh.h: removed
- wolfssl: correct the failf() message when a handle can't be made
- wolfSSL: explicitly use compatibility layer
- x509asn1: mark msnprintf return as unchecked
- Update to 7.83.1:
* Security fixes:
- (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
- (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
- (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
- (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
- (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
- (bsc#1199220, CVE-2022-27778) removes wrong file on error
* Bugfixes:
- altsvc: fix host name matching for trailing dots
- cirrus: Update to FreeBSD 12.3
- cirrus: Use pip for Python packages on FreeBSD
- conn: fix typo 'connnection' -> 'connection' in two function names
- cookies: make bad_domain() not consider a trailing dot fine
- curl: free resource in error path
- curl: guard against size_t wraparound in no-clobber code
- CURLOPT_DOH_URL.3: mention the known bug
- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
- CURLOPT_SSH_AUTH_TYPES.3: fix the default
- data/test376: set a proper name
- GHA/mbedtls: enabled nghttp2 in the build
- gha: build msh3
- gskit: fixed bogus setsockopt calls
- gskit: remove unused function set_callback
- hsts: ignore trailing dots when comparing hosts names
- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
- http: move Curl_allow_auth_to_host()
- http_proxy/hyper: handle closed connections
- hyper: fix test 357
- Makefile: fix "/make ca-firefox"/
- mbedtls: bail out if rng init fails
- mbedtls: fix compile when h2-enabled
- mbedtls: fix some error messages
- misc: use "/autoreconf -fi"/ instead buildconf
- msh3: get msh3 version from MsH3Version
- msh3: print boolean value as text representation
- msh3: psss remote_port to MsH3ConnectionOpen
- ngtcp2: add ca-fallback support for OpenSSL backend
- nss: return error if seemingly stuck in a cert loop
- openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
- post_per_transfer: remove the updated file name
- sectransp: bail out if SSLSetPeerDomainName fails
- tests/server: declare variable 'reqlogfile' static
- tests: fix markdown formatting in README
- test{898,974,976}: add 'HTTP proxy' keywords
- tls: check more TLS details for connection reuse
- url: check SSH config match on connection reuse
- urlapi: address (harmless) UndefinedBehavior sanitizer warning
- urlapi: reject percent-decoding host name into separator bytes
- x509asn1: make do_pubkey handle EC public keys
- Patches rework:
* Refreshed all patches as -p1.
* Use autopatch macro.
* Renamed:
- dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
* Removed (already upstream):
- curl-fix-verifyhost.patch
- Update to 7.83.0:
* Security fixes:
- (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
- (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
- (bsc#1198608, CVE-2022-27774) Credential leak on redirect
- (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
* Changes:
- curl: add %header{name} experimental support in -w handling
- curl: add %{header_json} experimental support in -w handling
- curl: add --no-clobber
- curl: add --remove-on-error
- header api: add curl_easy_header and curl_easy_nextheader
- msh3: add support for QUIC and HTTP/3 using msh3
* Bugfixes:
- appveyor: add Cygwin build
- appveyor: only add MSYS2 to PATH where required
- BearSSL: add CURLOPT_SSL_CIPHER_LIST support
- BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
- BINDINGS.md: add Hollywood binding
- CI: Do not use buildconf. Instead, just use: autoreconf -fi
- CI: install Python package impacket to run SMB test 1451
- configure.ac: move -pthread CFLAGS setting back where it used to be
- configure: bump the copyright year range int the generated output
- conncache: include the zone id in the "/bundle"/ hashkey
- connecache: remove duplicate connc->closure_handle check
- connect: make Curl_getconnectinfo work with conn cache from share handle
- connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
- cookie.d: clarify when cookies are sent
- cookies: improve errorhandling for reading cookiefile
- curl/system.h: update ifdef condition for MCST-LCC compiler
- curl: error out if -T and -d are used for the same URL
- curl: error out when options need features not present in libcurl
- curl: escape '?' in generated --libcurl code
- curl: fix segmentation fault for empty output file names.
- curl_easy_header: fix typos in documentation
- CURLINFO_PRIMARY_PORT.3: clarify which port this is
- CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
- CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
- CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
- CURLOPT_PROGRESSFUNCTION.3: fix typo in example
- CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
- CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
- docs/HYPER.md: updated to reflect current hyper build needs
- docs/opts: Mention Schannel client cert type is P12
- docs: Fix missing semicolon in example code
- docs: lots of minor language polish
- English: use American spelling consistently
- fail.d: tweak the description
- firefox-db2pem.sh: make the shell script safer
- ftp: fix error message for partial file upload
- gen.pl: change wording for mutexed options
- GHA: add openssl3 jobs moved over from zuul
- GHA: build hyper with nightly rustc
- GHA: move bearssl jobs over from zuul
- gha: move the event-based test over from Zuul
- gtls: fix build for disabled TLS-SRP
- http2: handle DONE called for the paused stream
- http2: RST the stream if we stop it on our own will
- http: avoid auth/cookie on redirects same host diff port
- http: close the stream (not connection) on time condition abort
- http: reject header contents with nul bytes
- http: return error on colon-less HTTP headers
- http: streamclose "/already downloaded"/
- hyper: fix status_line() return code
- hyper: fix tests 580 and 581 for hyper
- hyper: no h2c support
- infof: consistent capitalization of warning messages
- ipv4/6.d: clarify that they are about using IP addresses
- json.d: fix typo (overriden -> overridden)
- keepalive-time.d: It takes many probes to detect brokenness
- lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
- lib670: avoid double check result
- lib: #ifdef on USE_HTTP2 better
- lib: fix some misuse of curlx_convert_wchar_to_UTF8
- lib: remove exclamation marks
- libssh2: compare sha256 strings case sensitively
- libssh2: make the md5 comparison fail if wrong length
- libssh: fix build with old libssh versions
- libssh: fix double close
- libssh: Improve fix for missing SSH_S_ stat macros
- libssh: unstick SFTP transfers when done event-based
- macos: set .plist version in autoconf
- mbedtls: remove 'protocols' array from backend when ALPN is not used
- mbedtls: remove server_fd from backend
- mk-ca-bundle.pl: Use stricter logic to process the certificates
- mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
- mlc_config.json: add file to ignore known troublesome URLs
- mqtt: better handling of TCP disconnect mid-message
- ngtcp2: add client certificate authentication for OpenSSL
- ngtcp2: avoid busy loop in low CWND situation
- ngtcp2: deal with sub-millisecond timeout
- ngtcp2: disconnect the QUIC connection proper
- ngtcp2: enlarge H3_SEND_SIZE
- ngtcp2: fix HTTP/3 upload stall and avoid busy loop
- ngtcp2: fix memory leak
- ngtcp2: fix QUIC_IDLE_TIMEOUT
- ngtcp2: make curl 1ms faster
- ngtcp2: remove remote_addr which is not used in a meaningful way
- ngtcp2: update to work after recent ngtcp2 updates
- ngtcp2: use token when detecting :status header field
- nonblock: restore setsockopt method to curlx_nonblock
- openssl: check SSL_get_peer_cert_chain return value
- openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
- openssl: fix CN check error code
- options: remove mistaken space before paren in prototype
- perl: removed a double semicolon at end of line
- pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
- projects/README: converted to markdown
- projects: Update VC version names for VS2017, VS2022
- rtsp: don't let CSeq error override earlier errors
- runtests: add 'bearssl' as testable feature
- runtests: make 'oldlibssh' be before 0.9.4
- schannel: remove dead code that will never run
- scripts/copyright.pl: ignore the new mlc_config.json file
- scripts: move three scripts from lib/ to scripts/
- test1135: sync with recent API updates
- test1459: disable for oldlibssh
- test375: fix line endings on Windows
- test386: Fix an incorrect test markup tag
- test718: edited slightly to return better HTTP
- tests/server/util.h: align WIN32 condition with util.c
- tests: refactor server/socksd.c to support --unix-socket
- timediff.[ch]: add curlx helper functions for timeval conversions
- tls: make mbedtls and NSS check for h2, not nghttp2
- tool and tests: force flush of all buffers at end of program
- tool_cb_hdr: Turn the Location: into a terminal hyperlink
- tool_getparam: error out on missing -K file
- tool_listhelp.c: uppercase URL
- tool_operate: fix a scan-build warning
- tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
- transfer: redirects to other protocols or ports clear auth
- unit1620: call global_init before calling Curl_open
- url: check sasl additional parameters for connection reuse.
- vtls: provide a unified APLN-disagree string for all backends
- vtls: use a backend standard message for "/ALPN: offers %s"/
- vtls: use a generic "/ALPN, server accepted"/ message
- winbuild/README.md: fixup dead link
- winbuild: Add a Visual Studio example to the README
- wolfssl: fix compiler error without IPv6
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "/redirects"/ smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
- update to 7.81.0:
* mime: use percent-escaping for multipart form field and file names
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
* azure: make the "/w/o HTTP/SMTP/IMAP"/ build disable SSL proper
* BINDINGS: add cURL client for PostgreSQL
* BINDINGS: add one from Everything curl and update a link
* checksrc: detect more kinds of NULL comparisons we avoid
* CI: build examples for additional code verification
* CI: bump job to use mbedtls 3.1.0
* cmake: don't set _USRDLL on a static Windows build
* cmake: prevent dev warning due to mismatched arg
* cmake: private identifiers use CURL_ instead of CMAKE_ prefix
* config.d: update documentation to match the path search
* configure: add -lm to configure for rustls build.
* configure: better diagnostics if hyper is built wrong
* configure: don't enable TLS when --without-* flags are used
* configure: fix runtime-lib detection on macOS
* curl.1: require "/see also"/ for every documented option
* curl: improve error message for --head with -J
* curl_easy_cleanup.3: remove from multi handle first
* curl_easy_escape.3: call curl_easy_cleanup in example
* curl_easy_unescape.3: call curl_easy_cleanup in example
* curl_multi_init.3: fix EXAMPLE formatting
* curl_multi_perform/socket_action.3: clarify what errors mean
* curl_share_setopt.3: split out options into their own manpages
* CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
* digest: compute user:realm:pass digest w/o userhash
* docs/checksrc: Add documentation for STRERROR
* docs/cmdline-opts: do not say "/protocols: all"/
* docs/examples: workaround broken -Wno-pedantic-ms-format
* docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
* docs/INSTALL.md: typo fix : added missing "/get"/ verb
* docs/URL-SYNTAX.md: space is not fine in a given URL
* docs: add known bugs list to HTTP3.md
* docs: address proselint nits
* docs: consistent manpage SYNOPSIS
* docs: fix dead links, remove ECH.md
* docs: fix typo in OpenSSL 3 build instructions
* docs: Update the Reducing Size section
* example/progressfunc: remove code for old libcurls
* examples/multi-single.c: remove WAITMS()
* FAQ: typo fix : "/yout"/ ➤ "/your"/
* ftp: disable warning 4706 in MSVC
* gen.pl: improve example output format
* github workflow: add wolfssl (removed from zuul)
* github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
* gtls: check return code for gnutls_alpn_set_protocols
* hash: lazy-alloc the table in Curl_hash_add()
* http2:set_transfer_url() return early on OOM
* HTTP3: update quiche build instructions
* http: enable haproxy support for hyper backend
* http: Fix CURLOPT_HTTP200ALIASES
* http_proxy: don't close the socket (too early)
* insecure.d: detail its use for SFTP and SCP as well
* insecure.d: expand and clarify
* libcurl-multi.3: "/SOCKS proxy handshakes"/ are not blocking
* libcurl-security.3: mention address and URL mitigations
* libssh2: fix error message for sha256 mismatch
* libtest: avoid "/assignment within conditional expression"/
* lift: ignore is a deprecated config option, use ignoreRules
* linkcheck.yml: add CI job that checks markdown links
* m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
* Makefile.m32: rename -winssl option to -schannel and tidy up
* mbedTLS: add support for CURLOPT_CAINFO_BLOB
* mbedtls: fix CURLOPT_SSLCERT_BLOB
* mbedtls: fix private member designations for v3.1.0
* misc: remove unused doh flags when CURL_DISABLE_DOH is defined
* misc: s/e-mail/email
* multi: cleanup the socket hash when destroying it
* multi: handle errors returned from socket/timer callbacks
* multi: shut down CONNECT in Curl_detach_connnection
* netrc.d: edit the .netrc example to look nicer
* ngtcp2: verify the server cert on connect (quictls)
* ngtcp2: verify the server certificate for the gnutls case
* nss:set_cipher don't clobber the cipher list
* openldap: implement STARTTLS
* openldap: process search query response messages one by one
* openldap: several minor improvements
* openldap: simplify ldif generation code
* openssl: check the return value of BIO_new()
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
* openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
* openssl: remove usage of deprecated `SSL_get_peer_certificate`
* openssl: use non-deprecated API to read key parameters
* page-footer: add a mention of how to report bugs to the man page
* page-footer: document more environment variables
* request.d: refer to 'method' rather than 'command'
* retry-all-errors.d: make the example complete
* runtests: make the SSH library a testable feature
* rustls: read of zero bytes might be okay
* rustls: remove comment about checking handshaking
* rustls: remove incorrect EOF check
* sha256/md5: return errors when init fails
* socks5: use appropriate ATYP for numerical IP address host names
* test1156: enable for hyper
* test1156: fixup the stdout check for Windows
* test1525: tweaked for hyper
* test1526: enable for hyper
* test1527: enable for hyper
* test1528: enable for hyper
* test1554: adjust for hyper
* test1556: adjust for hyper
* test302[12]: run only with the libssh2 backend
* test661: enable for hyper
* tests/CI.md: add more information on CI environments
* tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
* tftp: mark protocol as not possible to do over CONNECT
* tool_findfile: updated search for a file in the homedir
* tool_operate: only set SSH related libcurl options for SSH URLs
* tool_operate: warn if too many output arguments were found
* url.c: fix the SIGPIPE comment for Curl_close
* url: check ssl_config when re-use proxy connection
* url: reduce ssl backend count for CURL_DISABLE_PROXY builds
* urlapi: accept port number zero
* urlapi: if possible, shorten given numerical IPv6 addresses
* urlapi: provide more detailed return codes
* urlapi: reject short file URLs
* version_win32: Check build number and platform id
* vtls/rustls: adapt to the updated rustls_version proto
* writeout: fix %{http_version} for HTTP/3
* x509asn1: return early on errors
* zuul.d: update rustls-ffi to version 0.8.2
* zuul: fix quiche build pointing to wrong Cargo
- Update to 7.80.0:
* Changes:
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
- CURLOPT_PREREQFUNCTION: add new callback
- libssh2: add SHA256 fingerprint support
- urlapi: add curl_url_strerror()
* Bugfixes:
- aws-sigv4: make signature work when post data is binary
- c-hyper: don't abort CONNECT responses early when auth-in-progress
- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
- cmake: add CURL_ENABLE_SSL option
- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
- configure.ac: replace krb5-config with pkg-config
- configure: when hyper is selected, deselect nghttp2
- curl-confopts.m4: remove --enable/disable-hidden-symbols
- curl-openssl.m4: modify library order for openssl linking
- curl_ntlm_core: use OpenSSL only if DES is available
- Curl_updateconninfo: store addresses for QUIC connections too
- ftp: make the MKD retry to retry once per directory
- http: fix Basic auth with empty name field in URL
- http: reject HTTP response codes < 100
- http: remove assert that breaks hyper
- http: set content length earlier
- imap: display quota information
- libssh2: Get the version at runtime if possible
- md5: fix compilation with OpenSSL 3.0 API
- ngtcp2: advertise h3 as well as h3-29
- ngtcp2: compile with the latest nghttp3
- ngtcp2: use latest QUIC TLS RFC9001
- NTLM: use DES_set_key_unchecked with OpenSSL
- openssl: if verifypeer is not requested, skip the CA loading
- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
- schannel: fix memory leak due to failed SSL connection
- sendf: accept zero-length data in Curl_client_write()
- sha256: use high-level EVP interface for OpenSSL
- sws: fix memory leak on exit
- tool_operate: a failed etag save now only fails that transfer
- url: check the return value of curl_url()
- url: set "/k->size"/ -1 at start of request
- urlapi: skip a strlen(), pass in zero
- urlapi: URL decode percent-encoded host names
- vtls: Fix a memory leak if an SSL session cannot be added to the cache
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
* Use --with-openssl configure option, --with-ssl is now deprecated
- dbus-1
-
- Sometimes unprivileged users were able to crash dbus-daemon
(CVE-2023-34969, bsc#1212126)
* fix-upstream-CVE-2023-34969.patch
- dmidecode
-
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
which would prevent root from using the --from-dump option since
the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
Clean up function dmi_table so that it does only one thing
(bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
- -dump-bin is used, write the whole dump file at once, instead of
opening and closing the file separately for the table and then
for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
Make sure that the file passed to option --dump-bin does not
already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
check on the type of the mem device file we are asked to read
from, if we are root (bsc#1210418).
3 recommended fixes from upstream:
- dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a
user-visible string.
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
the SMBIOS entry point is long enough to include all the fields
we need.
- dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode
the last field of HPE OEM record type 237.
- docker
-
- Update to Docker 23.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
(the uapi headers in SLE-12 are too old).
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
- Update to Docker 23.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 23.0.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
built without internet access in OBS.
+ cli-0001-docs-include-required-tools-in-source-tree.patch
- dracut
-
- Update to version 055+suse.344.g3d5cd8fb:
* fix(dracut-install): continue parsing if ldd prints "/cannot execute binary file"/ (bsc#1212662)
- Update to version 055+suse.342.g2e6dce8e:
fips=1 and separate /boot break s390x (bsc#1204478):
* fix(fips): move fips-boot script to pre-pivot
* fix(fips): only unmount /boot if it was mounted by the fips module
* feat(fips): add progress messages
* fix(fips): do not blindly remove /boot
* fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
- gcc12
-
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
* remove gcc12-fifo-jobserver-support.patch which is now
included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
gcc12-riscv-pthread.patch: handle subword size inline atomics
(needed by several openSUSE packages)
- glib2
-
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
Backported from upstream to fix regression on s390x.
(bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
from upstream to fix normal form handling in GVariant.
(CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
glgo#GNOME/glib!3125)
- glibc
-
- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
(bsc#1211828, BZ #30527)
- ulp-prologue-into-asm-functions.patch: Add support for livepatches
in ASM written functions (bsc#1211726)
- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bnc#1208721)
- grub2
-
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
* 0001-ieee1275-implement-vec5-for-cas-negotiation.patch
* 0002-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
* 0003-kern-ieee1275-init-Extended-support-in-Vec5.patch
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
(bsc#1209234)
* 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810) (bsc#1209667) (bsc#1209372)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
btrfs filesystem. (bsc#1209165)
* grub2-btrfs-05-grub2-mkconfig.patch
- Make grub more robust against storage race condition causing system boot
failures (bsc#1189036)
* 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
- kbd
-
- Add 'ara' vc keymap (bsc#1210702)
'ara' is slightly better than 'arabic' as it matches the name of its x11
layout counterpart. Keep 'arabic' for backward compatibility sake.
- kernel-default
-
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335
CVE-2023-1829).
- commit 28b65ec
- extcon: usbc-tusb320: Unregister typec port on driver removal
(git-fixes).
- commit b2eac46
- usb: dwc3: gadget: Propagate core init errors to UDC during
pullup (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in
dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
(git-fixes).
- usb: dwc3: qcom: Release the correct resources in
dwc3_qcom_remove() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event
(git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions
(git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
(git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend
(git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- serial: atmel: don't enable IRQs prematurely (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system
suspend (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
s3c24xx_serial_getclk() when iterating clk (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
s3c24xx_serial_getclk() in case of error (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq()
(git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq()
(git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register
(git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid
warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings
(git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count
(git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in
svc_create_memory_pool() (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory
allocation (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for
FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type
(git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection
(git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access
(git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled
(git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource
(git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
(git-fixes).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case
of error (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ
pending (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a
port is registered (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- commit 5d09f51
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603
ltc#202604).
- commit 9cf4e75
- Move upstreamed x86, scsi and arm patches into sorted section
- commit 68279fe
- x86/xen: fix secondary processor fpu initialization
(bsc#1212869).
- commit 8ea47f4
- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- commit 4610493
- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- commit 3193b97
- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- commit 4a80233
- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- commit c5a9ac4
- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- commit 030725c
- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- commit 9e18a28
- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- commit 5d11670
- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- commit 465a1cc
- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- commit a16408a
- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- commit 5b86f20
- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- commit 5fd5166
- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- commit 4d45831
- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- commit 0f82e06
- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- commit fa23528
- hwrng: st - keep clock enabled while hwrng is registered
(git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check
(git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled
(git-fixes).
- commit f87750a
- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c
- PCI: endpoint: Add missing documentation about the MSI/MSI-X
range (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test
(git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device
(git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots
(git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode
(git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers
(git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe
endpoint core (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to
be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe
(git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register
(git-fixes).
- PCI: qcom: Disable write access to read only registers for IP
v2.3.3 (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present
(git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid
use-after-free (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull
mode (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf()
(git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf()
(git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform
profiles (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling
(git-fixes).
- platform/x86: think-lmi: Correct System password interface
(git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI
calls (git-fixes).
- commit 22e7ca3
- Get module prefix from kmod (bsc#1212835).
- commit f6691b0
- blacklist.conf: gcc 12 issue
- commit 81cb1b7
- s390/gmap: voluntarily schedule during key setting (git-fixes
bsc#1212892).
- commit 4ccd632
- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
(git-fixes).
- commit 913f7b5
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable
(git-fixes).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use
(git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain
(git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables
(git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support
(git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not
available (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed
rate (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command
parser (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging
freesync video mode (git-fixes).
- drm/amd/display: drop redundant memset() in
get_available_dsc_slices() (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated
memory (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info
change (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting
(git-fixes).
- drm/panel: simple: fix active size for Ampire
AM-480272H3TMQW-T01H (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in
`sun4i_tcon_init_clocks` (git-fixes).
- drm/vram-helper: fix function names in vram helper doc
(git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation
(git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh
(git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf()
(git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs
(git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume
control (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
boost on EliteBook (git-fixes).
- Input: adxl34x - do not hardcode interrupt trigger type
(git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651
(git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in
mipid_spi_probe() (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf()
(git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf()
(git-fixes).
- clk: si5341: return error if one synth clock registration fails
(git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register()
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in
imx8mp_clocks_probe() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
(git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free
(git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver
(git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- commit 7ae139a
- io_uring: hold uring mutex around poll removal (bsc#1212838
CVE-2023-3389).
- commit e7c3e0b
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 9e8659c
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 3c403c0
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
(git-fixes).
- commit b453224
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
With the module path adjustment applied as source patch only
ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
non-usrmerged.
- commit dd9a820
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
CVE-2023-3090).
- commit 7062cce
- signal/s390: Use force_sigsegv in default_trap_handler
(git-fixes bsc#1212861).
- commit 65a5c57
- blacklist.conf: cleanup commit
- commit 2bf2715
- tracing/timer: Add missing hrtimer modes to
decode_hrtimer_mode() (git-fixes).
- commit ed0442b
- writeback: fix dereferencing NULL mapping->host on
writeback_page_template (git-fixes).
- commit 9837e76
- x86/kprobes: Fix arch_check_optimized_kprobe check within
optimized_kprobe range (git-fixes).
- commit 085878a
- blacklist.conf: gcc warnings for the newer version of the compiler
- commit 1dd8f7f
- btrfs: unset reloc control if transaction commit fails in
prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 8d54367
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- commit cbfecbe
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on
(git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds
(git-fixes).
- commit 52de066
- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- commit 00af074
- IB/isert: Fix incorrect release of isert connection (git-fixes)
- commit e38bdbc
- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- commit 6bacb44
- IB/isert: Fix dead lock in ib_isert (git-fixes)
- commit ffd174a
- RDMA/mlx5: Fix affinity assignment (git-fixes)
- commit 29d122c
- RDMA/mlx5: Don't set tx affinity when lag is in hash mode (git-fixes)
- commit 2b5aac8
- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- commit 8f45747
- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- commit fe78e01
- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- commit 361e585
- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- commit e6d3548
- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- commit 1b7d9cb
- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- commit 7284531
- RDMA/rxe: Fix packet length checks (git-fixes)
- commit ca5d9e2
- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- commit bdd8fdf
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
(git-fixes).
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
(git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
(git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements
(git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in
iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled
(git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not
enabled (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe()
(git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
(git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
(git-fixes).
- wifi: ath9k: avoid referencing uninit memory in
ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset
calculation (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in
mwifiex_ret_802_11_scan() (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase
(git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling
(git-fixes).
- Revert "/mtd: rawnand: arasan: Prevent an unsupported
configuration"/ (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
(git-fixes).
- regulator: helper: Document ramp_delay parameter of
regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: core: Fix more error checking for
debugfs_create_dir() (git-fixes).
- pstore/ram: Add check for kstrdup (git-fixes).
- integrity: Fix possible multiple allocation in
integrity_inode_get() (git-fixes).
- Revert "/net: phy: dp83867: perform soft reset and retain
established link"/ (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
(git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads
(git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360
(git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk
handling (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- media: cec: core: don't set last_initiator if tx in progress
(git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register()
(git-fixes).
- commit b21df60
- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- commit d45f7dc
- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- commit e3cca5c
- RDMA/rxe: Remove the unused variable obj (git-fixes)
- commit 0081865
- can: isotp: isotp_sendmsg(): fix return error fix on TX path
(git-fixes).
- can: kvaser_pciefd: Remove handler for unused
KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register
(git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: make header self contained (git-fixes).
- elf: correct note name comment (git-fixes).
- drm/amd/display: fix the system hang while disable PSR
(git-fixes).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error
(git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
(git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/radeon: fix race condition UAF in
radeon_gem_set_domain_ioctl (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update
(git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: Add minimal pipe split transition state
(git-fixes).
- commit f746d09
- blacklist.conf: add git-fixes for nvme
- commit e4a757c
- x86/build: Avoid relocation information in final vmlinux
(bsc#1187829).
- commit b248c02
- gfs2: Don't deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- commit 2228e4a
- ice: Fix XDP memory leak when NIC is brought up and down
(git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix invalid check for empty list in
ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom()
(git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe()
(git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active
(git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not
sufficient (git-fixes).
- ice: Don't double unplug aux on peer initiated reset
(git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context
(git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB
(git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice, xsk: Diversify return values from xsk_wakeup call paths
(git-fixes).
- commit 6a47979
- thermal/drivers/sun8i: Fix some error handling paths in
sun8i_ths_probe() (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state()
(git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in
ttc_timer_probe (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
(git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function
(git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- commit bc06af3
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6
- Update references in the patch
patches.suse/HID-intel_ish-hid-Add-check-for-ishtp_dma_tx_map.patch
(git-fixes bsc#1212606 CVE-2023-3358).
- commit f3ebbc7
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- commit 26e74c2
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- commit e8ab3ef
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- commit d73721e
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- commit 958e41f
- powerpc/set_memory: Avoid spinlock recursion in
change_page_attr() (bsc#1194869).
- commit c747d4c
- i2c: imx-lpi2c: fix type char overflow issue when calculating
the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe()
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add "/Intel Reference board"/ and "/NUC 13"/
SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
(git-fixes).
- commit 607c980
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
(bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
(bsc#1194869 bsc#1212701).
- commit 98497f8
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from
irq context (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- commit a8d1547
- HID: amd_sfh: Add missing check for dma_alloc_coherent
(bsc#1212605 CVE-2023-3357).
- commit 1aef403
- net/mlx5: fix missing mutex_unlock in
mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- commit f9de2c8
- Refresh
patches.suse/mm-vmalloc-do-not-output-a-spurious-warning-when-huge-vmalloc-fails.patch.
Update mainline status and sort the patch.
- commit 9716927
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- commit 859dd00
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- commit 3f14de3
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
(git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers
(git-fixes).
- nilfs2: fix incomplete buffer cleanup in
nilfs_btnode_abort_change_key() (git-fixes).
- test_firmware: prevent race conditions by a correct
implementation of locking (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
(git-fixes).
- power: supply: Fix logic checking if system is running from
battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race
(git-fixes).
- power: supply: ab8500: Fix external_power_changed race
(git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
(git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
0xC0 (git-fixes).
- regulator: Fix error checking for debugfs_create_dir
(git-fixes).
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool()
(git-fixes).
- commit 571f9b4
- blacklist.conf: added drbd git-fix
drbd in kernel no supported/used
- commit d232113
- s390/dasd: Use correct lock while counting channel queue length
(git-fixes bsc#1212592).
- commit 3416e6e
- blacklist.conf: ("/arm64: dts: colibri-imx8x: delete adc1 and dsp"/)
- commit eb24176
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- commit 9aba35e
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- commit ae23b2f
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- commit 5cee83a
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- commit bfb5d9b
- cgroup: Use cgroup_attach_{lock,unlock}() from
cgroup_attach_task_all() (bsc#1212563).
- commit f39cb40
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- commit 148b744
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- commit 1e10d7b
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- commit ae2a42d
- bpf: Fix UAF in task local storage (bsc#1212564).
- commit 26b737d
- cgroup: fix missing cpus_read_{lock,unlock}() in
cgroup_transfer_tasks() (bsc#1212563).
- commit 2b82ccd
- mm/vmalloc: do not output a spurious warning when huge vmalloc()
fails (bsc#1211410).
- commit ae4e43c
- cgroup: always put cset in cgroup_css_set_put_fork
(bsc#1212561).
- commit ae170c0
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal
(bsc#1211410).
- commit 0352c7c
- Update References tag
patches.suse/usb-gadget-udc-renesas_usb3-Fix-use-after-free-bug-i.patch
(git-fixes bsc#1212513 CVE-2023-35828).
- commit 058d07e
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
(git-fixes).
- commit 7ecdfc8
- x86/mm: Initialize text poking earlier (bsc#1212448).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- Refresh patches.suse/init-remove-check_bugs-leftovers.patch.
- commit fe545d9
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- commit b8943a6
- Refresh patches.suse/init-invoke-arch_cpu_finalize_init-earlier.patch.
Move arch_cpu_finalize_init() to the correct place.
- commit 87f94ba
- binfmt_elf: Take the mmap lock when walking the VMA list
(bsc#1209039 CVE-2023-1249).
- commit bc9a5c4
- ceph: fix use-after-free bug for inodes when flushing capsnaps
(bsc#1212540).
- commit c22ab50
- x86/microcode: Print previous version of microcode after reload
(git-fixes).
- blacklist.conf: remove it
- Refresh
patches.suse/x86-microcode-add-a-parameter-to-microcode_check-to-store-cpu-capabilities.patch.
- Refresh
patches.suse/x86-microcode-adjust-late-loading-result-reporting-message.patch.
Take the blacklisted commit instead of merging it into the second patch.
Refresh the third one to the upstream version.
- commit b0493cf
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
(git-fixes).
- blacklist.conf: remove it
- Refresh
patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
Take the blacklisted commit instead of merging it into the latter patch.
This solves a bug in the latter patch backport as the patch now applies
cleanly and no manual changes are needed.
- commit 7d65f32
- Update References tag
patches.suse/media-rkvdec-fix-use-after-free-bug-in-rkvdec_remove.patch
(git-fixes bsc#1212495 CVE-2023-35829).
- commit 85c0f24
- Move upstreamed thunderbolt patch into sorted section
- commit 375578f
- Update
patches.suse/net-sched-flower-fix-possible-OOB-write-in-fl_set_ge.patch
(CVE-2023-35788 bsc#1212504).
Added CVE reference.
- commit 48e3971
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- commit 9d2272d
- Update References tag
patches.suse/media-saa7134-fix-use-after-free-bug-in-saa7134_fini.patch
(git-fixes bsc#1212494 CVE-2023-35823).
- commit 6056471
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
(git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not
accessible (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
(git-fixes).
- bnxt_en: Don't issue AP reset during ethtool's reset operation
(git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
(git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
(git-fixes).
- tools: bpftool: Remove invalid ' json escape (git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit
platforms (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- net/sched: fix initialization order when updating chain 0 head
(git-fixes).
- commit 357e3aa
- staging: octeon: delete my name from TODO contact (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request
(git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when
creating paths (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- commit 07ac6ad
- ALSA: usb-audio: Add quirk flag for HEM devices to enable
native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state
(git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- commit f8fff8d
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode
(git-fixes).
- drm/nouveau: don't detect DSM for non-NVIDIA device (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- commit a872fd6
- Drop a buggy dvb-core fix patch (bsc#1205758)
Also the kabi workaround is dropped, too
- commit 655bd4b
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- commit 072fd20
- x86/fpu: Mark init functions __init (bsc#1212448).
- commit e8f4a8e
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- commit 73b8e7c
- x86/init: Initialize signal frame size late (bsc#1212448).
- commit 95c2ee8
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- commit a0f0e12
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- commit 0ae852a
- init: Remove check_bugs() leftovers (bsc#1212448).
- commit 4db22bb
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit fb20d0a
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit 1d74981
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- commit 54c49f5
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- commit 07346cf
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- commit 98e0ea3
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- commit a8ca534
- blacklist.conf: ("/mm: defer kmemleak object creation of module_alloc()"/)
- commit 98eb467
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- commit cab9765
- blacklist.conf: ("/arm64/bpf: Remove 128MB limit for BPF JIT programs"/)
- commit a3de279
- kernel-docs: Add buildrequires on python3-base when using python3
The python3 binary is provided by python3-base.
- commit c5df526
- blacklist.conf: kABI breakage, removed exported symbol
- commit 470424a
- qed/qede: Fix scheduling while atomic (git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout
(git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix output information incomplete for dumping tx
queue info with debugfs (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync
packet (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
(git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
(git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind
(git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update
(git-fixes).
- net: ena: Set default value for RX interrupt moderation
(git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection
(git-fixes).
- net: ena: Account for the number of processed bytes in XDP
(git-fixes).
- net: ena: Don't register memory info on XDP exchange
(git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR
(git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect
after driver initialization (git-fixes).
- nfp: only report pause frame configuration for physical device
(git-fixes).
- commit 099bed1
- drm/i915/selftests: Add some missing error propagation
(git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
(git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol
(git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge
length (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch
(git-fixes).
- commit 120ec14
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch
failed (git-fixes).
- commit 2be82b5
- blacklist.conf: ("/KVM: arm64: nvhe: Fix build with profile optimization"/)
- commit f894646
- KVM: arm64: Don't hypercall before EL2 init (git-fixes)
- commit d26dd54
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- commit 6837f01
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- commit d156653
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- commit 7097157
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- commit d5dcfa2
- blacklist.conf: build dependency fix
- commit b9cb9eb
- blacklist.conf: specific to Clang
- commit dbb2d18
- blacklist.conf: kABI
- commit c8b8dbc
- blacklist.conf: irrelevant in our kernel configs
- commit 147680e
- blacklist.conf: for compiler we don't use
- commit 5a08370
- tracing: Have event format check not flag %p* on
__get_dynamic_array() (git-fixes, bsc#1212350).
- blacklist.conf: Remove the commit
- commit e1130da
- tracing: Update print fmt check to handle new __get_sockaddr()
macro (git-fixes, bsc#1212350).
- commit 0b13d9e
- blacklist.conf: Drop already backported entry
- commit 21b7697
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema
restriction (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize
ioctl (git-fixes).
- commit 9dcda7c
- vhost_vdpa: support PACKED when setting-getting vring_base
(jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared
(jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
(jsc#SLE-19253).
- net/mlx5e: Don't attach netdev profile while handling internal
error (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device
(jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
(jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context
(jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device
memory (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability
independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE)
CPUs (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget
is 0 (jsc#SLE-19253).
- net/mlx5: E-switch, Don't destroy indirect table in split rule
(jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink
encap mode (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code
(jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query
(jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency
(jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward
to ovs internal port (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code
(jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it
(jsc#SLE-19253).
- vdpa/mlx5: Don't clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure
(jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove
(jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the
tracer (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs
buffers (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error
(jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries
(jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
(jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit
(jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even
more (jsc#SLE-19253).
- net/mlx5e: Don't support encap rules with gbp option
(jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range
(jsc#SLE-19253).
- net/mlx5: check attr pointer validity before dereferencing it
(jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
(jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del
(jsc#SLE-19253).
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on
by default (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once()
error path (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on
VST (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table
(jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write()
(jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not
issued to FW (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase
(jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance
(jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single
CPU systems (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge
(jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface
(jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ
(jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before
pci_restore_state (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state
(jsc#SLE-19253).
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting
profile (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
(jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state
(jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding
lock_class_key (jsc#SLE-19253).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb
(jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
(jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters
(jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX
(jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX
(jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event
(jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
(jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: Don't use already freed action pointer
(jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers
(jsc#SLE-19253).
- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
device (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe
(jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating
multi-destination FW table (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
(jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
(jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
(jsc#SLE-19253).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk
dev (jsc#SLE-19253).
- commit 5fae4a0
- blacklist.conf: add git-fix that breaks kabi
- commit 2df77d4
- blacklist.conf: cleanup, dead reference won't break anything
- commit ea07443
- blacklist.conf: cleanup, dead reference won't break anything
- commit ba4ce58
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998
git-fixes).
- commit 7e152d5
- blacklist.conf: Add more powerpc unsupported platform paths
- commit c3b3c8e
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- commit 9bba037
- blacklist.conf: cleanup, not a fix
- commit ae23f77
- blacklist.conf: cleanup, not a fix
- commit 0b74b98
- blacklist.conf: build only
- commit 2de0332
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection
at iMX8QM (git-fixes).
- commit c52eada
- blacklist.conf: feature, not a fix
- commit 44f5d9b
- blacklist.conf: optimization, not a fix
- commit 02f5051
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- commit ddb86f8
- tracing/probe: trace_probe_primary_from_call(): checked
list_first_entry (git-fixes).
- commit 150f29b
- tracing/histograms: Allow variables to have some modifiers
(git-fixes).
- commit 70e4f92
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
(git-fixes).
- commit 192a450
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
(git-fixes).
- commit c98a23e
- kprobes: Fix to handle forcibly unoptimized kprobes on
freeing_list (git-fixes).
- commit 86488b1
- kprobes: Fix check for probe enabled in kill_kprobe()
(git-fixes).
- commit 296ebb2
- kprobes: Skip clearing aggrprobe's post_handler in
kprobe-on-ftrace case (git-fixes).
- commit 998483a
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- commit 5a80a04
- kprobes: Prohibit probes in gate area (git-fixes).
- commit b68c831
- kprobes: don't call disarm_kprobe() for disabled kprobes
(git-fixes).
- commit 8dd6622
- kprobes: Forbid probing on trampoline and BPF code areas
(git-fixes).
- commit 3b3e3e9
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- commit a8e7886
- tracing: Introduce helpers to safely handle dynamic-sized
sockaddrs (git-fixes).
- commit eabd7b4
- eeprom: at24: also select REGMAP (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path
(git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
(git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
(git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP
signals (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor
(git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified
sc7180-lite boards (git-fixes).
- commit 031042b
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
error handling (git-fixes).
- commit 5599965
- revert "/squashfs: harden sanity check in
squashfs_read_xattr_id_table"/ (git-fixes).
- commit fd69a9c
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using
CS35L41 (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
(git-fixes).
- commit 74a4806
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor
IDs (git-fixes).
- Refresh
patches.suse/ALSA-hda-Add-NVIDIA-codec-IDs-a3-through-a7-to-patch.patch.
- commit 588740e
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP
platform (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag
(git-fixes).
- test_firmware: fix the memory leak of the allocated firmware
buffer (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
(git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
(git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
(git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- mailbox: mailbox-test: fix a locking issue in
mbox_test_message_write() (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- dmaengine: pl330: rename _start to prevent build error
(git-fixes).
- dmaengine: at_xdmac: fix potential Oops in
at_xdmac_prep_interleaved() (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device
is unplugged (git-fixes).
- drm/msm: Be more shouty if per-process pgtables aren't working
(git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions
(git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect
RCR value (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr
from ID table (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end
of probe (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in
su3000_read_mac_address (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
(git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in
rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in
ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
(git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in
az6027_i2c_xfer() (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter
(git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path
(git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
(git-fixes bsc#1211387).
- drm/ast: Fix ARM compatibility (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
(git-fixes).
- mailbox: mailbox-test: Fix potential double-free in
mbox_test_message_write() (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading
the driver (git-fixes).
- drm/amdgpu: release gpu full access after
"/amdgpu_device_ip_late_init"/ (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the
desc list (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting
(git-fixes).
- commit 0cb0fbe
- Update patch reference for fbcon fix (CVE-2023-3161 bsc#1212154)
- commit dd50606
- Move setting %%build_html to config.sh
- commit dd39da3
- Update patches.suse/arm64-efi-Execute-runtime-services-from-a-dedicated-.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit 15cbf6b
- Update patches.suse/efi-rt-wrapper-Add-missing-include.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit d2f0708
- Update patch reference for memstick fix (CVE-2023-3141 bsc#1212129 bsc#1211449)
- commit 089d7db
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5
- Refresh
patches.suse/0042-block-mq-deadline-Fix-dd_finish_request-for-zoned-devices.patch.
Remove also per_prio from dd_finish_request(). There are no more users
in 5.4. Silences the compiler warning:
block/mq-deadline.c:830:22: error: unused variable ‘per_prio’
- commit ed6b28b
- drm/msm: Set max segment size earlier (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context()
fails (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work
(git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID
(git-fixes).
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect
(git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
(git-fixes).
- can: j1939: avoid possible use-after-free when
j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue
handling in J1939 Socket (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
(git-fixes).
- Input: fix open count when closing inhibited device (git-fixes).
- commit 0d88720
- Move setting %%split_optional to config.sh
- commit 77f3750
- Move setting %%supported_modules_check to config.sh
- commit 5ada69b
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax
loops (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367
ltc#195662).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367
ltc#195662).
- commit 6862b4a
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- commit 5ad6888
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- commit da8b9db
- Also include kernel-docs build requirements for ALP
- commit 114d088
- Move the kernel-binary conflicts out of the spec file.
Thie list of conflicting packages varies per release.
To reduce merge conflicts move the list out of the spec file.
- commit 4d81125
- Avoid unsuported tar parameter on SLE12
- commit f11765a
- Move obsolete KMP list into a separate file.
The list of obsoleted KMPs varies per release, move it out of the spec
file.
- commit 016bc55
- ext4: unconditionally enable the i_version counter
(bsc#1211299).
- commit 9850f2e
- Trim obsolete KMP list.
SLE11 is out of support, we do not need to handle upgrading from SLE11
SP1.
- commit 08819bb
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit 4df8ec9
- Generalize kernel-doc build requirements.
- commit 23b058f
- spi: qup: Request DMA before enabling clocks (git-fixes).
- platform/surface: aggregator: Allow completion work-items to
be executed in parallel (git-fixes).
- commit 9916d6b
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit f5b50ae
- RDMA/rxe: Fix the error "/trying to register non-static key in rxe_cleanup_task"/ (git-fixes)
- commit a9533db
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit 01fdb10
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- commit edb8dfd
- blacklist: add RTRS rename patches
First patch makes codes less confusing but is only used by
the 2 following ones which break kABI
- commit 9fca67c
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- commit 8cb567c
- Refresh patches.suse/add-suse-supported-flag.patch.
Fix table alignment.
- commit ed5f850
- blacklist.conf: add ntfs3
ntfs3 was introduced in v5.15-rc1, and as such we don't carry it on
SLE15-SP4.
- commit 9ff2c7c
- kernel-binary: Add back kernel-default-base guarded by option
Add configsh option for splitting off kernel-default-base, and for
not signing the kernel on non-efi
- commit 28c22af
- blacklist.conf: Append 'fbdev: Disable sysfb device registration when removing conflicting FBs'
- commit 3f0f464
- blacklist.conf: Append 'fbdev: da8xx-fb: add missing regulator_disable() in fb_probe'
- commit e00fe84
- blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB'
- commit 418d50c
- blacklist.conf: Append 'Revert "/fbcon: don't lose the console font across generic->chip driver switch"/'
- commit addaa82
- blacklist.conf: Append 'Revert "/fbdev: Make fb_release() return -ENODEV if fbdev was unregistered"/'
- commit 66c01be
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- commit eb830fc
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472)
Backporting changes:
* replace refcount_read() with atomic_read()
- commit 23a912f
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- commit 3f25e44
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02
- Update "/drm/i915/gem: add missing boundary check in vm_access"/ (bsc#1211263 CVE-2023-28410)
Add bug and CVE number to the References tag.
- commit f799efb
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22
- kabi/severities: ignore kABI in bq27xxx_battery module
Those are local symbols that are used only by child drivers
- commit 8d7e23d
- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b
- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
(git-fixes).
- commit d03fbdf
- power: supply: bq27xxx: expose battery data when CI=1
(git-fixes).
- Refresh
patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c
- KEYS: asymmetric: Copy sig and digest in
public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
(git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
not set (git-fixes).
- commit 31ed077
- ASoC: rt5682: Disable jack detection interrupt during suspend
(git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d
- misc: fastrpc: reject new invocations during device removal
(git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
(git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
(git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "/shorted"/ channels to differential
(git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
(git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "/snps,hsphy_interface"/ type
(git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
(git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
(git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
(git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
(git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
(git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
(git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
(git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
(git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
(git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
(git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
(git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
(git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
(git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
(git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
(git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
(git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
(git-fixes).
- net: mdio: mvusb: Fix an error handling path in
mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
(git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc
- net: rpl: fix rpl header size calculation (CVE-2023-2156
bsc#1211131).
- commit c308d83
- thunderbolt: Mask ring interrupt on Intel hardware as well
(bsc#1210165).
- commit 4a76dd6
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
pressure (bsc#1211564).
- commit 8e0fc37
- blacklist: add nvme bogus nsid check
We don't not need these quirks as we don't ship the check.
- commit bbebeaf
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb
- Update patch-mainline metadata for a lockdown patch
- commit ff4a857
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd
- nvme-tcp: fix a possible UAF when failing to allocate an io
queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
(git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
(git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
(git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
(git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
(git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
(git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
(git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
Refresh:
- patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
(git-fixes).
Refresh:
- patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
- patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
(git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
(git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
(git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
Refresh:
- patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
(git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
SSDs (git-fixes).
- commit c657707
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit e3a141d
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba
- blacklist.conf: Exclude an irrelevant patch for us.
We don't have the fp_init.size et al variables so this patch doesn't
apply to our kernel.
- commit 30f92bf
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit a68b414
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a
- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
(git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
(git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
VM (git-fixes).
- commit 85569e3
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- commit bf87aed
- scsi: qla2xxx: Replace all non-returning strlcpy() with
strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
(bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
(bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
(bsc#1211960).
- commit 4c4bf74
- lpfc: update metadata
- Refresh
patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e
- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28
- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd
- Fix usrmerge error (boo#1211796)
- commit da84579
- Update CVE reference to
patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
(git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a
- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- commit d8cfc9c
- blacklist.conf: prerequisites way too intrusive
- commit b6394eb
- blacklist.conf: prerequisites too intrusive
- commit 7aaa267
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
(bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
(bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
(bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
hbalock for abort paths (bsc#1211847).
- commit b6545fd
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
SES devices (bsc#1211847).
- commit 31cb016
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605
- lpfc: Enhance congestion statistics collection
(bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling
(bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead
of TRACE_EVENT (bsc#1211852).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based
on nlp_state (bsc#1211852).
- commit 04bc1f2
- lpfc: Account for fabric domain ctlr device loss recovery
(bsc#1211346, bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery
(bsc#1211852).
- lpfc: Fix use-after-free rport memory access in
lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- commit ffe8e83
- usb: dwc3: gadget: Execute gadget stop after halting the
controller (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b
- usb: typec: tcpm: fix multiple times discover svids error
(git-fixes).
- commit a381d7f
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
(git-fixes).
- commit 6b5ad0e
- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962
- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4
- smb3: display debug information better for encryption
(bsc#1193629).
- commit 7f16b38
- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62
- SMB3: drop reference to cfile before sending oplock break
(bsc#1193629).
- commit 714d17f
- SMB3: Close all deferred handles of inode in case of handle
lease break (bsc#1193629).
- commit 31916b9
- cifs: release leases for deferred close handles when freezing
(bsc#1193629).
- commit fba9221
- smb3: fix problem remounting a share after shutdown
(bsc#1193629).
- commit 8678043
- SMB3: force unmount was failing to close deferred close files
(bsc#1193629).
- commit b75c848
- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949
- do not reuse connection if share marked as isolated
(bsc#1193629).
- commit 50ed2cc
- SMB3: Close deferred file handles in case of handle lease break
(bsc#1193629).
- commit 79b4858
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7
- cifs: fix pcchunk length type in smb2_copychunk_range
(bsc#1193629).
- commit 278a0ed
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402
- cifs: update internal module version number for cifs.ko
(bsc#1193629).
- commit 2c9169a
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f
- dm ioctl: fix nested locking in table_clear() to remove deadlock
concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
(bsc#1211807).
- commit cfbffb5
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4
- cgroup: Reorganize css_set_lock and kernfs path processing
(bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
(bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
(bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
duplicated codes (bsc#1203906).
- commit 45f8307
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
(bsc#1211804).
- commit a688822
- blacklist.conf: 03cab65a07e0 ("/selftests/futex: fix build for clang"/)
- commit 19afb99
- locking/rwsem: Add __always_inline annotation to
__down_read_common() and inlined callers (git-fixes).
- commit e0ba102
- rtmutex: Ensure that the top waiter is always woken up
(git-fixes).
- commit 0184302
- futex: Resend potentially swallowed owner death notification
(git-fixes).
- commit c8b2fc6
- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee
- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8
- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39
- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e
- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4
- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7
- blacklist.conf: LLVM test case fix
- commit 8a6e662
- s390/vdso: remove -nostdlib compiler flag (git-fixes
bsc#1211714).
- commit 3aedab5
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444
- Update
patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
(bsc#1208604 CVE-2023-1079).
Added bugzilla and CVE
- commit 1bf4240
- Update
patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
(bsc#1208604 CVE-2023-1079).
Added bugzilla and CVE
- commit a4b9147
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
(git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
(git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
(git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
(git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
(git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
(git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
(git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
(git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
(git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
(git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
(git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
(git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
(git-fixes).
- regmap: cache: Return error in cache sync operations for
REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e
- Input: xpad - add constants for GIP interface numbers
(git-fixes).
- commit ae95fb0
- mmc: sdhci-esdhc-imx: make "/no-mmc-hs400"/ works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
(git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
(git-fixes).
- Bluetooth: L2CAP: fix "/bad unlock balance"/ in
l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
(git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
(bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
(git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
(git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
(git-fixes).
- HID: wacom: Force pen out of prox if no events have been
received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
(git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
bsc#1211686).
- commit dcbf1cc
- dmaengine: idxd: Only call idxd_enable_system_pasid() if
succeeded in enabling SVA feature (git-fixes).
- commit bdaf824
- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024
- wifi: mt76: mt7921e: improve reliability of dma reset
(git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
(git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
(git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
is read (git-fixes).
- commit 5f45933
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf
- configfs: fix possible memory leak in configfs_create_dir()
(git-fixes).
- debugfs: fix error when writing negative value to atomic_t
debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
(git-fixes).
- commit 1a0085a
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
(git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
Rename {leaf,usbcan}_cmd_error_event to
{leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
(git-fixes).
- commit 686ab31
- can: kvaser_usb_leaf: Fix overread with an invalid command
(git-fixes).
- commit 9e9ebea
- drivers: base: dd: fix memory leak with using debugfs_lookup()
(git-fixes).
- drivers: base: component: fix memory leak with using
debugfs_lookup() (git-fixes).
- commit 537af53
- virtio_net: suppress cpu stall when free_unused_bufs
(git-fixes).
- commit da7bbcd
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c
- virtio_net: bugfix overflow inside xdp_linearize_page()
(git-fixes).
- commit 7b42c19
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
(git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
(git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
dwc3_gadget_resume() (git-fixes).
- commit b5c53da
- virtio-net: Keep stop() to follow mirror sequence of open()
(git-fixes).
- commit 0d2ec00
- virtio-net: execute xdp_do_flush() before napi_complete_done()
(git-fixes).
- commit 1fe332b
- tools/virtio: fix the vringh test for virtio ring changes
(git-fixes).
- commit 7846dae
- vhost/net: Clear the pending messages when the backend is
removed (git-fixes).
- commit ed68aca
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8
- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7
- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
(git-fixes).
- commit 97aa26c
- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa
- blacklist.conf: add 838d6d3461db ("/virtio: unexport virtio_finalize_features"/)
- commit daac2ad
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10
- blacklist.conf: black list non applicable fix
- commit 0b43409
- power: supply: bq24190_charger: using pm_runtime_resume_and_get
instead of pm_runtime_get_sync (git-fixes).
- Refresh
patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8
- net: skip virtio_net_hdr_set_proto if protocol already set
(git-fixes).
- commit 04b2165
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
(bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202
- net: virtio_net_hdr_to_skb: count transport header in UFO
(git-fixes).
- commit 435a431
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5
- usb: dwc3: Fix ep0 handling when getting reset while doing
control transfer (git-fixes).
- commit acaaa13
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
(git-fixes).
- commit 7e9b934
- usb: dwc3: remove a possible unnecessary 'out of memory'
message (git-fixes).
- commit 59239b9
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748
- usb: dwc3: drd: use helper to get role-switch-default-mode
(git-fixes).
- commit ee299c9
- tracing: Fix permissions for the buffer_percent file
(git-fixes).
- commit 0318a81
- ring-buffer: Sync IRQ works before buffer destruction
(git-fixes).
- commit a78e19a
- ring-buffer: Ensure proper resetting of atomic variables in
ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346
- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc
- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b
- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc
- ipv6: sr: fix out-of-bounds read when setting HMAC data
(bsc#1211592).
- commit 5a240f0
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993
- power: supply: bq24190: Fix use after free bug in bq24190_remove
due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
Self-IPI (git-fixes).
- commit 742c6c3
- KVM: x86/vmx: Do not skip segment attributes if unusable bit
is set (git-fixes).
- commit 9eaecda
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
(git-fixes).
- commit 30d94a9
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
support global_ctrl (git-fixes).
- commit aa84341
- KVM: x86: Protect the unused bits in MSR exiting flags
(git-fixes).
- commit 28b2cff
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
(git-fixes).
- commit 4df9796
- KVM: x86: do not set st->preempted when going back to user space
(git-fixes).
- commit 757f49a
- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
failure (git-fixes).
- commit f034027
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
(git-fixes).
- commit 71266ce
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
(bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
(bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "/droping"/ -> "/dropping"/ (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
bugs (git-fixes).
- commit 0592eea
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
is advertised (git-fixes).
- commit b3bd831
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
catchup mode (git-fixes).
- commit 61c19ae
- KVM: x86: Report deprecated x87 features in supported CPUID
(git-fixes).
- commit f103d79
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
(git-fixes).
- commit 28c6c36
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
eVMCS (git-fixes).
- commit aa258cd
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
shadow (git-fixes).
- commit 10c2c56
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
(git-fixes).
- commit 7736978
- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309
- blacklist.conf: add 9dba4d24cbb55 ("/86/kvm: remove unused ack_notifier
callbacks"/
- commit 7c642cd
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
(git-fixes).
- commit 28c590c
- s390/extmem: return correct segment type in __segment_load()
(bsc#1210450 git-fixes).
- commit 0040ffc
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
(bsc#1209856 git-fixes).
- commit 66fb793
- xen/netback: use same error messages for same errors
(git-fixes).
- commit a7eb923
- powerpc/iommu: DMA address offset is incorrectly calculated
with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
(git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
(git-fixes).
- commit b351847
- vc_screen: reload load of struct vc_data pointer in vcs_write()
to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
(git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
(git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
(git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
(git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
(git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
(git-fixes).
- commit 8584d07
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
(git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
(git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
(git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd
- drm/msm/dpu: Remove duplicate register defines from INTF
(git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
(git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
(git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
(git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
(git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
(git-fixes).
- commit 473b547
- Move upstreamed media patches into sorted section
- commit 201322a
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
bsc#1205758).
- commit 93a2fd7
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
(CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9
- can: kvaser_pciefd: Disable interrupts in probe error path
(git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
(git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
(git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
(git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
(git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
(git-fixes).
- selftests/sgx: Add "/test_encl.elf"/ to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
(git-fixes).
- commit 41844ce
- Update References
patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
(git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3
- net: sched: sch_qfq: prevent slab-out-of-bounds in
qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
(git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
(git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068
- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a
- cifs: avoid potential races when handling multiple dfs tcons
(bsc#1208758).
- commit 63e23c3
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
(bsc#1208758).
- commit afe04d7
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5
- cifs: fix potential use-after-free bugs in
TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06
- cifs: protect session status check in smb2_reconnect()
(bsc#1208758).
- commit a5777d5
- smb3: move some common open context structs to smbfs_common
(bsc#1193629).
- commit 584d68d
- smb3: make query_on_disk_id open context consistent and move
to common code (bsc#1193629).
- commit c9e01f8
- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882
- SMB3: Add missing locks to protect deferred close file list
(git-fixes).
- commit de29309
- cifs: avoid dup prefix path in dfs_get_automount_devname()
(git-fixes).
- commit ed1670a
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290
- Refresh
patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c
- Refresh
patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
Fix backport.
- commit 6887ae9
- HID: microsoft: Add rumble support to latest xbox controllers
(bsc#1211280).
- commit a92cf6c
- affs: initialize fsdata in affs_truncate() (git-fixes).
- commit 556d7fa
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- commit caf7724
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- commit e87f79f
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
(git-fixes).
- commit 563e8d3
- hfsplus: fix bug causing custom uid and gid being unable to
be assigned with mount (git-fixes).
- commit 610a8fb
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- commit 8b5744b
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- commit feebcc9
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- commit 8740f85
- fs: jfs: fix possible NULL pointer dereference in dbFree()
(git-fixes).
- commit dd91206
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- commit a58e29a
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- commit c7328c2
- jfs: Fix fortify moan in symlink (git-fixes).
- commit 11b192f
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- commit 79e06af
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e
- net: mana: Check if netdev/napi_alloc_frag returns single page
(bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
(bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
(bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
troubleshooting (bsc#1209982).
- commit ac98332
- reiserfs: Add security prefix to xattr name in
reiserfs_security_write() (git-fixes).
- commit 20d1751
- reiserfs: Add missing calls to reiserfs_security_free()
(git-fixes).
- commit 680dc2c
- Squashfs: fix handling and sanity checking of xattr_ids count
(git-fixes).
- commit 3c564fc
- squashfs: harden sanity check in squashfs_read_xattr_id_table
(git-fixes).
- commit 982f949
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
(git-fixes).
- commit 5814c62
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
(git-fixes)
- commit ef4b42f
- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
(v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
(git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
(git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
(git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
(git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
(git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
(git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
(git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
(git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
(git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
(git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
(git-fixes).
- serial: stm32: re-introduce an irq flag condition in
usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
(git-fixes).
- commit d64e14c
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
handler (git-fixes).
- commit 56061d9
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
(git-fixes).
- commit a6ab5bb
- KVM: SVM: Fix benign "/bool vs. int"/ comparison in svm_set_cr0()
(git-fixes).
- commit f475ade
- KVM: SVM: hyper-v: placate modpost section mismatch error
(git-fixes).
- commit 816e1bf
- KVM: SVM: Fix potential overflow in SEV's
send|receive_update_data() (git-fixes).
- commit 16c4f84
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
(git-fixes).
- commit aed233d
- platform/x86: thinkpad_acpi: Fix platform profiles on T490
(git-fixes).
- commit 1c69e0b
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
(git-fixes).
- commit 81f590f
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
(git-fixes).
- commit 77c8954
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
is deliberate (git-fixes).
- commit b84688a
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
reconfigure race (git-fixes).
- commit 5d05f90
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544
- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873
- KVM: nVMX: Inject #GP, not #UD, if "/generic"/ VMXON CR0/CR4
check fails (git-fixes).
- commit 8d3f5e6
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a
- x86/bugs: Add "/unknown"/ reporting for MMIO Stale Data (git-fixes).
- commit c9d308d
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
(git-fixes).
- commit 341c774
- ECO for QAT driver update was approved (PED-3955).
Allow kABI changes below drivers/crypto/qat and remove
the corresponding kABI padding patch.
- commit d46b3f1
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb
- x86/bugs: Warn when "/ibrs"/ mitigation is selected on Enhanced IBRS parts (git-fixes).
- commit 309477d
- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
(git-fixes).
- commit b95c292
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
(git-fixes).
- commit 028e88b
- blacklist.conf: Blacklist already integrated patch
- commit f08adc0
- blacklist.conf: Remove alread-integrated patch
- commit 6038830
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
(git-fixes).
- commit 4d26615
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
(git-fixes).
- commit 1c41646
- KVM: x86: Mask off unsupported and unknown bits of
IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
(git-fixes).
- commit 31729ed
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1
- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
(bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
(bsc#1195655 ltc#195733).
- commit 75b352e
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
(git-fixes).
- commit 8e78e7b
- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf
- powerpc/rtas: use memmove for potentially overlapping buffer
copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
(bsc#1065729).
- commit a0f9fd4
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1
- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6
- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650
- Revert "/KVM: set owner of cpu and vm file operations"/ (git-fixes)
- commit 641eec4
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0
- KVM: Disallow user memslot with size that exceeds "/unsigned long"/ (git-fixes)
- commit 3d5e854
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
Enable workaround and fix kABI breakage.
- commit 65ad1d7
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
(bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7
- net: mana: Move header files to a common location (bsc#1210741
jsc#PED-4022).
- Refresh
patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
(bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
jsc#PED-4022).
- commit 34e74c1
- net: mana: Define data structures for protection domain and
memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
(bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
(bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
jsc#PED-4022).
- commit f92c525
- KVM: nVMX: add missing consistency checks for CR0 and CR4
(bsc#1210294 CVE-2023-30456).
- commit ef9d3af
- blacklist.conf: cleanup of a comment
- commit 84e5a2f
- blacklist.conf: dependencies cannot be met
- commit e3d82fb
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
(bsc#1207553).
- commit f66a3d1
- apparmor: add a kernel label to use on kernel objects
(bsc#1211113).
- commit 51d9c3d
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1
- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c
- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be
- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7
- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0
- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852
- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d
- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713
- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697
- sfc: fix TX channel offset when using legacy interrupts
(git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f
- workqueue: Print backtraces from CPUs with hung CPU bound
workqueues (bsc#1211044).
- commit edb7f74
- workqueue: Warn when a rescuer could not be created
(bsc#1211044).
- commit bbf3c79
- workqueue: Interrupted create_worker() is not a repeated event
(bsc#1211044).
- commit 86794c5
- workqueue: Warn when a new worker could not be created
(bsc#1211044).
- commit eb3a726
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- Refresh patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
(jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
(git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
(git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
(jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
(git-fixes).
- sfc: include vport_id in filter spec hash and equal()
(git-fixes).
- sfc: Change VF mac via PF as first preference if available
(git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
(git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
(jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
(git-fixes).
- sfc: fix considering that all channels have TX queues
(git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
(jsc#SLE-18383).
- commit b8a7c09
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- act_mirred: use the backlog for nested calls to mirred ingress
(CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf
- netfilter: nf_tables: deactivate anonymous set from preparation
phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
(jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
(jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
(jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
(jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
(jsc#SLE-18378).
- i40e: fix flow director packet filter programming
(jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
(jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
(jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
(jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
(jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
(jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
(jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
(jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
(jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
(jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
(jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
(jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
(jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
(jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
(jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
(jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
(jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
(jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
(jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
(jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
(jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
(jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
(jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
(jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
(jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
(jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
(jsc#SLE-18375).
- commit 80d0092
- ACPI: processor: Fix evaluating _PDC method when running as
Xen dom0 (git-fixes).
- commit 9762d65
- xen/netback: don't do grant copy across page boundary
(git-fixes).
- commit f4517dd
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
(git-fixes).
- commit 46b1fec
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
(bsc#1210775).
- commit 2b91689
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
(git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
(git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8
- Update references to patch
patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
(git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551
- Remove obsolete rpm spec constructs
defattr does not need to be specified anymore
buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
obsoletes correctly (boo#1172073 bsc#1191731).
rpm only supports full length release, no provides
- commit c9b5bc4
- bnxt_en: Do not initialize PTP on older P3/P4 chips
(jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
(jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
(jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
(jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
(jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
(jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
(jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
(jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
(jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
(jsc#SLE-18978).
- commit aee4a77
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce
- watchdog: dw_wdt: Fix the error handling path of
dw_wdt_drv_probe() (git-fixes).
- commit 01087d8
- Update tags in
patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
(bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- commit aa4ba49
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- commit a7e591b
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- commit 24950dd
- Update
patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
(bsc#1211037 CVE-2023-2483).
- commit b748693
- Refresh
patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080
- PM: hibernate: Turn snapshot_test into global variable
(git-fixes).
- Refresh
patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292
- PM: hibernate: Do not get block device exclusively in
test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
(git-fixes).
- commit 5109b71
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
(git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
(git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
(git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0
- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
wmm_idx (git-fixes).
- commit 06c84d1
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
(git-fixes).
- commit 2260701
- blacklist.conf: add nvme git-fixes
- commit e6d21df
- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
(git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
(git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
(git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
(git-fixes).
Refresh:
- patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
- patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
This is a preparation for the next patch
- commit bde7887
- blacklist.conf: Disable already integrated patch
Despite not having it as a separate commit we already have
x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac
- x86: drop bogus "/cc"/ clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e
- blacklist.conf: Blacklist i386 speculation fix
We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434
- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5
- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- commit 2520bfd
- blacklist.conf: add one char git-fixes
- commit 442298b
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
(git-fixes).
- leds: tca6507: Fix error handling of using
fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
(git-fixes).
- commit d6008ec
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- commit 84b434f
- xfs: verify buffer contents when we skip log replay (bsc#1210498
CVE-2023-2124).
- commit c6f30c5
- mm: take a page reference when removing device exclusive entries
(bsc#1211025).
- commit fd0cc4f
- usb: mtu3: fix kernel panic at qmu transfer done irq handler
(git-fixes).
- commit 7fcf832
- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1
- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402
- usb: chipidea: core: fix possible concurrent when switch role
(git-fixes).
- commit d07905a
- Update
patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
(git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7
- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36
- locking/rwbase: Mitigate indefinite writer starvation.
Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
(git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
(git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
prototype (git-fixes).
- commit 4f6ef5f
- power: supply: generic-adc-battery: fix unit scaling
(git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
to reparent (git-fixes).
- clk: add missing of_node_put() in "/assigned-clocks"/ property
parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
(git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
(git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
(git-fixes).
- selftests/kselftest/runner/run_one(): allow running
non-executable files (git-fixes).
- commit fc18250
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
(git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
(git-fixes).
- commit aa8b700
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
CVE-2022-2196).
- commit 2cab1a4
- nvme: send Identify with CNS 06h only to I/O controllers
(bsc#1209693).
- commit fe51de7
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
(bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
(bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
(bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
(bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766
- ACPI: CPPC: Disable FIE if registers in PCC regions
(bsc#1210953).
- cpufreq: CPPC: Fix build error without
CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f
- keys: Fix linking a duplicate key to a keyring's assoc_array
(bsc#1207088).
- commit 52b6749
- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
(git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
(git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
(git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
(git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
_rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
(git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
(git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
(git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
(git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
(git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
(git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
(git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
(git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
(git-fixes).
- commit 30ae662
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
The target code is only for testing and there are no external users.
- commit a8c10fa
- blacklist.conf: add nvme git-fixes
- commit be17720
- Update
patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
(jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
Added CVE reference.
- commit 53f1f7b
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e
- ext4: use ext4_journal_start/stop for fast commit transactions
(bsc#1210793).
Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11
- nvme-fcloop: fix "/inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
usage"/ (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
(git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
(git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
(bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
(bsc#1210816).
- commit 1d55fab
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
(git-fixes).
- Revert "/Bluetooth: btsdio: fix use after free bug in
btsdio_remove due to unfinished work"/ (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
(git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
(git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
(git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
(git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
(git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
(git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
(git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
(git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
(git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
(git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
(git-fixes).
- commit ce41906
- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
(bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
(bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
and lock (git-fixes).
- commit 94a71e8
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
for HP Laptops (git-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
(git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
Refresh:
- patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
(git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
(git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
(git-fixes).
- nvmet: add helpers to set the result field for connect commands
(git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
(git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
(git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
(git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
(git-fixes).
- nvme: use command_id instead of req->tag in
trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
(git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
unsupposed features (git-fixes).
- nvmet: revert "/nvmet: make discovery NQN configurable"/
(git-fixes).
Refresh:
- patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
(git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
(git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
(git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
(git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
(git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
(git-fixes).
- regulator: core: Consistently set mutex_owner when using
ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
(git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
(git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
(git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
(git-fixes).
- commit 28cddd0
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
(git-fixes).
- commit 0730fed
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
(git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
(git-fixes).
- commit f201efd
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
(git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
(git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
(git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
(git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
(git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
(git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
table (git-fixes).
- commit 94ce2fb
- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae
- Update References
patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
(git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
cpuset_cancel_attach() (bsc#1210827).
- commit cd76825
- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7
- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
changed (bsc#1210816).
- commit f20434b
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
(git-fixes).
- selinux: ensure av_permissions.h is built when needed
(git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e
- powerpc/papr_scm: Update the NUMA distance table for the
target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8
- Update tags
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit 4e476eb
- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b
- writeback, cgroup: fix null-ptr-deref write in
bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd
- mm/filemap: fix page end in filemap_get_read_batch
(bsc#1210768).
- commit 48f3bbb
- ext4: fix another off-by-one fsmap error on 1k block filesystems
(bsc#1210767).
- commit 9bc20af
- ext4: fix RENAME_WHITEOUT handling for inline directories
(bsc#1210766).
- commit 1ad1269
- ext4: fix cgroup writeback accounting with fs-layer encryption
(bsc#1210765).
- commit 480dd33
- ext4: fix incorrect options show of original mount_opt and
extend mount_opt2 (bsc#1210764).
- commit ec7e31c
- ext4: fix possible double unlock when moving a directory
(bsc#1210763).
- commit 88434ef
- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa
- ext4: Fix possible corruption when moving a directory
(bsc#1210763).
- commit 5d35ccf
- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9
- ext4: fix corruption when online resizing a 1K bigalloc fs
(bsc#1206891).
- commit aebc870
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa
- Drivers: vmbus: Check for channel allocation before looking
up relids (git-fixes).
- commit ab07682
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(git-fixes).
- commit 34b9f7a
- iio: light: tsl2772: fix reading proximity-diodes from device
tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
(git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a
- Update
patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
(git-fixes bsc#1210725).
- commit aab0dd8
- e1000e: Disable TSO on i219-LM card to increase speed
(git-fixes).
- clk: sprd: set max_register according to mapping range
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
(git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
(git-fixes).
- power: supply: cros_usbpd: reclassify "/default case!"/ as debug
(git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
(git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
(git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
(git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
(git-fixes).
- commit ba21d6e
- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
initialized (bsc#1155798 (CPU scheduler functional and
performance backports)).
- sched/fair: Move calculate of avg_load to a better location
(bsc#1155798 (CPU scheduler functional and performance
backports)).
- commit 1c631df
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
(git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
(git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154
- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba
- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
(git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
(git-fixes).
- x86/entry: Switch the stack after error_entry() returns
(git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
(git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
(git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
(git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705
- blacklist.conf: add some x86 git-fixes
- commit 67b8a58
- memstick: fix memory leak if card device is never registered
(git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
(git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
(git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
(git-fixes).
- commit e50472a
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
bsc#1209615).
- commit c351e67
- supported.conf: support u_ether and libcomposite
(jsc-PED#3750)
This is necessary for g_ncm
(for maintainance see jsc-PED#3759)
- commit 93dcc25
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955
- supported.conf: declaring usb_f_ncm supported as
requested in (jsc#PED-3750)
Support for the legacy functionality g_ncm is still
under discussion
(see jsc-PED#3200)
For maintainance see (jsc#PED-3759)
- commit 2970881
- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4
- blacklist.conf: fix for a feature which was not backported
- commit 40356f9
- blacklist.conf: needed just for a cleanup
- commit 2ad4085
- x86/speculation: Allow enabling STIBP with legacy IBRS
(bsc#1210506 CVE-2023-1998).
- commit 43f265f
- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463
- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db
- perf/core: Fix the same task check in perf_event_set_output
(git fixes).
- perf: Fix check before add_event_to_groups() in
perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
(git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
(git-fixes).
- commit c25cc8c
- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856
- sched/fair: Sanitize vruntime of entity being migrated
(bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
(bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
(bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f
- mm: page_alloc: skip regions with hugetlbfs pages when
allocating 1G pages (bsc#1210034).
- commit 421448a
- i2c: ocores: generate stop condition after timeout in polling
mode (git-fixes).
- commit 95ee80d
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
(git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
(git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
(git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
(git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
(git-fixes).
- commit 4a758e5
- scsi: iscsi_tcp: Check that sock is valid before
iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
(git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
(git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
(git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
(git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
(git-fixes).
- scsi: core: Fix a procfs host directory removal regression
(git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
(git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
(git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
(git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
(git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
(git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
(git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
(git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
(git-fixes).
- scsi: libsas: Remove useless dev_list delete in
sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
ipaddress (git-fixes).
- commit fce4b5b
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
shost ipaddress (git-fixes).
- Refresh
patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- Update
patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
(kabi bsc#1210206).
Fix kabi breakage.
- commit cf0ac3f
- Update CVE reference to
patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
(git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11
- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
(git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
overflow (git-fixes).
- Revert "/pinctrl: amd: Disable and mask interrupts on resume"/
(git-fixes).
- drm/armada: Fix a potential double free in an error handling
path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
(git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
(git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
(git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
(git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
cards (git-fixes).
- commit f9cf523
- scsi: hisi_sas: Set a port invalid only if there are no devices
attached when refreshing port id (git-fixes).
- commit 5cdcc2b
- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8
- Update
patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
(git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
bsc#1203039) (renamed now that it's upstgream)
- Refresh
patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
(bsc#1210158).
- commit 5691022
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
(bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
(bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
enough (bsc#1209927).
- commit b35c5f2
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449
- Update CVE reference to
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
This new form was added in commit e89c2e815e76 ("/riscv: Handle
zicsr/zifencei issues between clang and binutils"/).
- commit 234baea
- commit 84d7ba8
- commit d292a81
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- commit 8592674
- libcap
-
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
(bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
- libfido2
-
- Use openssl 1.1 still on SLES 15 SP4 to avoid pulling unnecessary
openssl-3 dependency. jsc#PED-4521
- Version 1.13.0 (2023-02-20)
* Support for linking against OpenSSL on Windows; gh#668.
* New API calls:
+ fido_assert_empty_allow_list;
+ fido_cred_empty_exclude_list.
* fido2-token: fix issue when listing large blobs.
* Improved support for different fuzzing engines.
- Version 1.12.0 (2022-09-22)
* Support for COSE_ES384.
* Support for hidraw(4) on FreeBSD; gh#597.
* Improved support for FIDO 2.1 authenticators.
* New API calls:
+ es384_pk_free;
+ es384_pk_from_EC_KEY;
+ es384_pk_from_EVP_PKEY;
+ es384_pk_from_ptr;
+ es384_pk_new;
+ es384_pk_to_EVP_PKEY;
+ fido_cbor_info_certs_len;
+ fido_cbor_info_certs_name_ptr;
+ fido_cbor_info_certs_value_ptr;
+ fido_cbor_info_maxrpid_minpinlen;
+ fido_cbor_info_minpinlen;
+ fido_cbor_info_new_pin_required;
+ fido_cbor_info_rk_remaining;
+ fido_cbor_info_uv_attempts;
+ fido_cbor_info_uv_modality.
* Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
* Experimental PCSC support; enable with -DUSE_PCSC.
* Improved OpenSSL 3.0 compatibility.
* Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
* winhello: advertise "/uv"/ instead of "/clientPin"/.
* winhello: support hmac-secret in fido_dev_get_assert().
* New API calls:
+ fido_cbor_info_maxlargeblob.
* Documentation and reliability fixes.
* Separate build and regress targets.
- Version 1.10.0 (2022-01-17)
* hid_osx: handle devices with paths > 511 bytes; gh#462.
* bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
* winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
* winhello: fallback to hid_win.c if webauthn.dll isn’t available.
* New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
* Cygwin and NetBSD build fixes.
* Documentation and reliability fixes.
* Support for TPM 2.0 attestation of COSE_ES256 credentials.
- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x
is now supported.
- Version 1.9.0 (2021-10-27)
* Enabled NFC support on Linux.
* Added OpenSSL 3.0 compatibility.
* Removed OpenSSL 1.0 compatibility.
* Support for FIDO 2.1 "/minPinLength"/ extension.
* Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
* Support for TPM 2.0 attestation.
* Support for device timeouts; see fido_dev_set_timeout().
* New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
* Reliability and portability fixes.
* Better handling of HID devices without identification strings; gh#381.
* Fixed detection of Windows’s native webauthn API; gh#382.
- Removed fix-cmake-linking.patch because no longer needed
- Update to version 1.8.0:
* Dropped 'Requires.private' entry from pkg-config file.
* Better support for FIDO 2.1 authenticators.
* Support for Windows's native webauthn API.
* Support for attestation format 'none'.
* New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
* fido2-token: new -Sc option to update a resident credential.
* Documentation and reliability fixes.
* HID access serialisation on Linux.
- disable fix-cmake-linking.patch, not needed currently
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 "/credBlobs"/ and "/largeBlobs"/ extensions.
* New API calls
* New fido_init flag to disable fido_dev_open’s U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
* Added fix-cmake-linking.patch to fix linking
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
- libsigc++2
-
- Add libsigc++2-remove-unnecessary-executable-flag-from-file.patch:
cancel executable permission for file
/usr/share/doc/packages/libsigc-2_0-0/NEWS(bsc#1209094,bsc#1209140).
- libsolv
-
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
[bsc#1195633]
- bump version to 0.7.24
- libxml2
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- Remove unneeded dependency (bsc#1209918).
- Build also for modern python version (jsc#PED-68)
- libzypp
-
- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- version 17.31.14 (22)
- curl: Trim user agent string (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. Violation
results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
(bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
- MediaCurl: Fix endless loop if wrong credentials are stored in
credentials.cat (bsc#1210870)
Since libzypp-17.31.7 wrong credentials stored in credentials.cat
may lead to an endless loop. Rather than asking for the right
credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
(bsc#1208329)
Maximum time in seconds that you allow the connection phase to
the server to take. This only limits the connection phase, it has
no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
(boo#1127591)
Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
[#439])
Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
- microos-tools
-
- Update to version 2.18:
- Add TMPDIR to tukit binddirs for Salt
[bsc#1211356] [bsc#1205011]
- 98selinux-microos: Add chroot as dependency
- Fix spelling error in warning
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- openldap2
-
- bsc#1212260 - crash in libldap when non-ldap data responds
* 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
* 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
- openssh
-
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
This caused invalid and irrelevant environment assignments (bsc#1207014).
- openssl-1_1
-
- Check OCSP RESPONSE in s_client and terminate connection if a
revoked certificate is found. Add OCSP_RESPONSE_check_status()
function to do that check. [bsc#1212623]
* Add openssl-s_client-check-ocsp-status.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Add openssl-CVE-2022-4304.patch
* Removed patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
* Refreshed patches:
- openssl-CVE-2023-0464.patch
- openssl-CVE-2023-0465.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
- perl
-
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
new patch: perl-cpan_verify_cert.diff
- procps
-
- Add patch bsc1209122-a6c0795d.patch
* Fix for bsc#1209122 to allow `-´ as leading character to ignore
possible errors on systctl entries
- python-packaging
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
+ fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
* Add a pp3-none-any tag (gh#pypa/packaging#311)
* Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
(gh#pypa/packaging#481), (gh#pypa/packaging#486)
* Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
* Update documentation entry for 21.1.
* Update pin to pyparsing to exclude 3.0.0.
* PEP 656: musllinux support
* Drop support for Python 2.7, Python 3.4 and Python 3.5.
* Replace distutils usage with sysconfig
* Add support for zip files in ``parse_sdist_filename``
* Use cached ``_hash`` attribute to short-circuit tag equality comparisons
* Specify the default value for the ``specifier`` argument to ``SpecifierSet``
* Proper keyword-only "/warn"/ argument in packaging.tags
* Correctly remove prerelease suffixes from ~= check
* Fix type hints for ``Version.post`` and ``Version.dev``
* Use typing alias ``UnparsedVersion``
* Improve type inference for ``packaging.specifiers.filter()``
* Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
* Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
* Do not insert an underscore in wheel tags when the interpreter version number
is more than 2 digits (:issue:`372`)
* Fix flit configuration, to include LICENSE files (:issue:`357`)
* Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
* Add some missing type hints to `packaging.requirements` (issue:`350`)
* Officially support Python 3.9 (:issue:`343`)
* Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
* Handle ``OSError`` on non-dynamic executables when attempting to resolve
the glibc version string.
- update to 20.4:
* Canonicalize version before comparing specifiers. (:issue:`282`)
* Change type hint for ``canonicalize_name`` to return
``packaging.utils.NormalizedName``.
This enables the use of static typing tools (like mypy) to detect mixing of
normalized and un-normalized names.
- python-requests
-
- Add CVE-2023-32681.patch to fix unintended leak of
Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
Upstream commit: gh#psf/requests@74ea7cf7a6a2
- python3
-
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
- runc
-
- Update to runc v1.1.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
- Update to runc v1.1.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
- Update to runc v1.1.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
Includes fixes for the following CVEs:
- CVE-2023-25809 bsc#1209884
- CVE-2023-27561 bsc#1208962
- CVE-2023-28642 bsc#1209888
* Fix the inability to use `/dev/null` when inside a container. bsc#1168481
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1). bsc#1207004
* Fix rare runc exec/enter unshare error on older kernels.
* nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
- salt
-
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Added:
* make-master_tops-compatible-with-salt-3000-and-older.patch
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Added:
* define-__virtualname__-for-transactional_update-modu.patch
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
* avoid-conflicts-with-dependencies-versions-bsc-12116.patch
- Update to Salt release version 3006.0 (jsc#PED-4360)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for "/importlib-metadata>=5.0.0"/ (bsc#1207071)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Added:
* 3005.1-implement-zypper-removeptf-573.patch
* control-the-collection-of-lvm-grains-via-config.patch
* fix-version-detection-and-avoid-building-and-testing.patch
* make-sure-the-file-client-is-destroyed-upon-used.patch
* skip-package-names-without-colon-bsc-1208691-578.patch
* use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
- Modified:
* activate-all-beacons-sources-config-pillar-grains.patch
* add-custom-suse-capabilities-as-grains.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* add-migrated-state-and-gpg-key-management-functions-.patch
* add-publish_batch-to-clearfuncs-exposed-methods.patch
* add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
* add-sleep-on-exception-handling-on-minion-connection.patch
* add-standalone-configuration-file-for-enabling-packa.patch
* add-support-for-gpgautoimport-539.patch
* allow-vendor-change-option-with-zypper.patch
* async-batch-implementation.patch
* avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
* bsc-1176024-fix-file-directory-user-and-group-owners.patch
* change-the-delimeters-to-prevent-possible-tracebacks.patch
* debian-info_installed-compatibility-50453.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* don-t-use-shell-sbin-nologin-in-requisites.patch
* drop-serial-from-event.unpack-in-cli.batch_async.patch
* early-feature-support-config.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* fix-bsc-1065792.patch
* fix-for-suse-expanded-support-detection.patch
* fix-issue-2068-test.patch
* fix-missing-minion-returns-in-batch-mode-360.patch
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* fix-the-regression-for-yumnotify-plugin-456.patch
* fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* fixes-for-python-3.10-502.patch
* include-aliases-in-the-fqdns-grains.patch
* info_installed-works-without-status-attr-now.patch
* let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
* make-aptpkg.list_repos-compatible-on-enabled-disable.patch
* make-setup.py-script-to-not-require-setuptools-9.1.patch
* pass-the-context-to-pillar-ext-modules.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
* prevent-shell-injection-via-pre_flight_script_args-4.patch
* read-repo-info-without-using-interpolation-bsc-11356.patch
* restore-default-behaviour-of-pkg-list-return.patch
* return-the-expected-powerpc-os-arch-bsc-1117995.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
* run-salt-api-as-user-salt-bsc-1064520.patch
* run-salt-master-as-dedicated-salt-user.patch
* save-log-to-logfile-with-docker.build.patch
* switch-firewalld-state-to-use-change_interface.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* use-salt-bundle-in-dockermod.patch
* x509-fixes-111.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
* 3003.3-postgresql-json-support-in-pillar-423.patch
* add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
* add-missing-ansible-module-functions-to-whitelist-in.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
* adds-explicit-type-cast-for-port.patch
* align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
* backport-syndic-auth-fixes.patch
* batch.py-avoid-exception-when-minion-does-not-respon.patch
* check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
* clarify-pkg.installed-pkg_verify-documentation.patch
* detect-module.run-syntax.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* enhance-logging-when-inotify-beacon-is-missing-pyino.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* fix-crash-when-calling-manage.not_alive-runners.patch
* fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* fix-for-cve-2022-22967-bsc-1200566.patch
* fix-inspector-module-export-function-bsc-1097531-481.patch
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* fix-multiple-security-issues-bsc-1197417.patch
* fix-salt-call-event.send-call-with-grains-and-pillar.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* fix-state.apply-in-test-mode-with-file-state-module-.patch
* fix-test_ipc-unit-tests.patch
* fix-the-regression-in-schedule-module-releasded-in-3.patch
* fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
* fixes-56144-to-enable-hotadd-profile-support.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* ignore-extend-declarations-from-excluded-sls-files.patch
* ignore-non-utf8-characters-while-reading-files-with-.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* implementation-of-suse_ip-execution-module-bsc-10999.patch
* improvements-on-ansiblegate-module-354.patch
* include-stdout-in-error-message-for-zypperpkg-559.patch
* make-pass-renderer-configurable-other-fixes-532.patch
* make-sure-saltcacheloader-use-correct-fileclient-519.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* normalize-package-names-once-with-pkg.installed-remo.patch
* notify-beacon-for-debian-ubuntu-systems-347.patch
* refactor-and-improvements-for-transactional-updates-.patch
* retry-if-rpm-lock-is-temporarily-unavailable-547.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
* state.orchestrate_single-does-not-pass-pillar-none-4.patch
* support-transactional-systems-microos.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
- selinux-policy
-
- Update to version 20230511+git3.b78f5aff:
* fix entropy daemon (bsc#1211045)
- Packaging rework. Move policy to git repository
Please use `osc service manualrun` to update this OBS package to the
newest git version.
* Added README.Update describing how to update this package
* Added _service file that pulls from selinux-policy and tar it
* Updated selinux-policy.spec to build selinux-policy with
container-selinux
* Updated update.sh
* Removed suse specific modules as they are now covered by git commits
* packagekit.te packagekit.if packagekit.fc
* rebootmgr.te rebootmgr.if rebootmgr.fc
* rtorrent.te rtorrent.if rtorrent.fc
* wicked.te wicked.if wicked.fc
* Removed *.patch as they are now covered by git commits:
* distro_suse_to_distro_redhat.patch
* dontaudit_interface_kmod_tmpfs.patch
* fix_accountsd.patch
* fix_alsa.patch
* fix_apache.patch
* fix_auditd.patch
* fix_authlogin.patch
* fix_automount.patch
* fix_bitlbee.patch
* fix_chronyd.patch
* fix_cloudform.patch
* fix_colord.patch
* fix_corecommand.patch
* fix_cron.patch
* fix_dbus.patch
* fix_djbdns.patch
* fix_dnsmasq.patch
* fix_dovecot.patch
* fix_firewalld.patch
* fix_filesystem.patch
* fix_fwupd.patch
* fix_geoclue.patch
* fix_hypervkvp.patch
* fix_init.patch
* fix_iptables.patch
* fix_irqbalance.patch
* fix_java.patch
* fix_kernel_sysctl.patch
* fix_libraries.patch
* fix_locallogin.patch
* fix_logging.patch
* fix_logrotate.patch
* fix_mcelog.patch
* fix_miscfiles.patch
* fix_nagios.patch
* fix_networkmanager.patch
* fix_nis.patch
* fix_nscd.patch
* fix_ntp.patch
* fix_openvpn.patch
* fix_postfix.patch
* fix_rpm.patch
* fix_screen.patch
* fix_selinuxutil.patch
* fix_smartmon.patch
* fix_snapper.patch
* fix_sslh.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_userdomain.patch
* fix_usermanage.patch
* fix_wine.patch
* fix_xserver.patch
* sedoctool.patch
* systemd_domain_dyntrans_type.patch
* fedora-policy-20221019.tar.bz2
- Added fix_filesystem.patch to prevent labeling of overlayfs
mountpoint
- shim
-
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
The 86b73d1 patch added the logic that using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
86b73d1 Fix that bootx64.efi is not updated on Leap
f2e8143 Use the long name to specify the grub2 key protector
7283012 cryptodisk: support TPM authorized policies
49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
a5c5734 Introduce --no-grub-install option
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
- snapper
-
- improved responsiveness of snapperd when a btrfs quota rescan
is running (see bsc#1211459)
* added pr821.patch
- avoid stale btrfs qgroups on transactional systems (bsc#1210151)
* added pr805.patch
- wait for existing btrfs quota rescans to finish (bsc#1210150)
* added pr790.patch
- supportutils
-
- Changes to supportconfig version 3.1.11-46.3
+ Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
+ Added check to _sanitize_file
+ Using variable for replement text in _sanitize_file
- suseconnect-ng
-
- Update to version 1.1.0~git2.f42b4b2a060e:
* Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
- Update to version 1.1.0~git0.e3c41e60892e:
* Bump to v1.1.0
- Update to version 1.0.0~git23.406b219ccc9e:
* Added MemTotal detection for HwInfo
* move 'ExcludeArch' out of the if block
- Update to version 1.0.0~git19.b225bc3:
* Make keepalive on SUMA systems exit without error (bsc#1207876)
* Update README.md
* Add deactivate API to ruby bindings (bsc#1202705)
- Update to version 1.0.0~git14.17a7901:
* Don't write system_token to service credentials files
* Allow non-root users to use --version
* Add: ExcludeArch: %ix86 s390 ppc64 to the .spec file, so we skip builds for unsupported architectures.
* Update Dockerfile.yast
* Use openssl go for SLE and Leap 15.5+ builds
* Fix keepalive feature notice during installation
* Fix requires for all rhel clone distributions like alma, rocky...
- systemd
-
- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
Optimize when hundred workers claim the same symlink with the same priority.
- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
/dev/dvdrw could have no longer been created. Futhermore the rule added by
this patch dealing with /dev/cdrom was redundant with the upstream one
- Import commit dad0071f15341be2b24c2c9d073e62617e0b4673 (merge of v249.16)
- systemd-rpm-macros
-
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
a chroot (bsc#1211272)
- util-linux
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- util-linux-systemd
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- vim
-
- Updated to version 9.0 with patch level 1572, fixes the following security problems
* Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
* Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
* Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
* Revert the creation standalone xxd packages
- Updated to version 9.0 with patch level 1443, fixes the following security problems
* Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
* Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
* Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- xen
-
- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
- Update to Xen 4.16.4 bug fix release (bsc#1027519)
xen-4.16.4-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
- Upstream bug fixes (bsc#1027519)
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "/proper"/ upstream backports:
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch
- zlib
-
- Fix deflateBound() before deflateInit(), bsc#1210593
bsc1210593.patch
- Add DFLTCC support for using inflate() with a small window,
fixes bsc#1206513
* bsc1206513.patch
- zypper
-
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60