- avahi
-
- Update avahi-daemon-check-dns-suse.patch to drop privileges when
invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
- bind
-
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack
[bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
- csync2
-
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
Adapt suggested changes in %post section.
Do not hide output on standard error during generating the keys.
- file
-
- Add patch 0446fadf.patch to fix bsc#1182138
* Bug in "/echo 8000 | file -"/ gzip
- grub2
-
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
* 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
* 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
* 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
* 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
* 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
* 0033-util-mkimage-Improve-data_size-value-calculation.patch
* 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
* 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
* 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
* 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
* 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
* 0022-kern-parser-Fix-a-memory-leak.patch
* 0023-kern-parser-Introduce-process_char-helper.patch
* 0024-kern-parser-Introduce-terminate_arg-helper.patch
* 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
* 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
* 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
* 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
* 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
* 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
* 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
* 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
* 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
* 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
* 0005-efi-Add-secure-boot-detection.patch
* 0006-kern-Add-lockdown-support.patch
* 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
* 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
* 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
* 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
* 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
* 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
* 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
* 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
* 0015-gdb-Restrict-GDB-access-when-locked-down.patch
* 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
* 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
* 0038-squash-grub2-efi-chainload-harder.patch
* 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
* 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
* 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
* grub2.spec
- hawk2
-
- Update to version 2.6.0:
* Use fullpath of binary (bsc#1181436)
* remove %x (bsc#1182163)
- jasper
-
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
Add jasper-CVE-2020-27828.patch
- bsc#1181483 CVE-2021-3272: Fix heap overflow by ensuring number
of channels matches image components
Add jasper-CVE-2021-3272.patch
- java-1_7_1-ibm
-
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
- kernel-default
-
- futex: Fix incorrect should_fail_futex() handling (bsc#969755).
- futex: Avoid freeing an active timer (bsc#969755).
- commit cce36b8
- futex: Handle faults correctly for PI futexes (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Simplify fixup_pi_state_owner() (bsc#969755 bsc#1181349
CVE-2021-3347).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Provide and use pi_state_update_owner() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Replace pointless printk in fixup_owner() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Ensure the correct return value from futex_lock_pi()
(bsc#969755 bsc#1181349 CVE-2021-3347).
- futex: Don't enable IRQs unconditionally in put_pi_state()
(bsc#969755).
- futex: Handle transient "/ownerless"/ rtmutex state correctly
(bsc#969755).
- locking/futex: Allow low-level atomic operations to return
- EAGAIN (bsc#969755).
- futex: Handle early deadlock return correctly (bsc#969755).
- futex: Fix OWNER_DEAD fixup (bsc#969755).
- futex: Avoid violating the 10th rule of futex (bsc#969755).
- futex: Fix more put_pi_state() vs. exit_pi_state_list() races
(bsc#969755).
- futex: Fix pi_state->owner serialization (bsc#969755).
- futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755).
- futex: Fix small (and harmless looking) inconsistencies
(bsc#969755).
- futex: Drop hb->lock before enqueueing on the rtmutex
(bsc#969755).
- futex: Futex_unlock_pi() determinism (bsc#969755).
- futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
(bsc#969755).
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
(bsc#969755).
- futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755).
- futex: Pull rt_mutex_futex_unlock() out from under hb->lock
(bsc#969755).
- futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755).
- futex: Change locking rules (bsc#969755).
- futex,rt_mutex: Provide futex specific rt_mutex API
(bsc#969755).
- commit 3ea3e69
- cifs: do not revalidate mountpoint dentries (bsc#1177440).
- cifs: ignore revalidate failures in case of process gets
signaled (bsc#1177440).
- commit 92b5fe6
- Use r3 instead of r13 for l1d fallback flush in do_uaccess_fush
(bsc#1181096 ltc#190883).
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch.
Touching r13 in do_uaccess_flush causes bad memory access in kernel and
either kernel or running userspace proccess crash. do_uaccess_fush is a
function so it can use volatile GPRs such as r3 freely. Use it to load
the PACA_AUX pointer instead of r13.
- commit b0522ed
- netfilter: ctnetlink: add a range check for l3/l4 protonum
(CVE-2020-25211 bsc#1176395).
- commit e22722d
- Update
patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Update
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
(CVE-2020-27675 XSA-331 bsc#1177410).
- Update
patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 0258ab9
- mm/userfaultfd: do not access vma->vm_mm after calling
handle_userfault() (bsc#1179204).
- commit 7318dbe
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
CVE-2020-27835).
- IB/hfi1: Move structure definitions from user_exp_rcv.c to
user_exp_rcv.h (bsc#1179878).
- IB/hfi1: Fix the bail out code in pin_vector_pages() function
(bsc#1179878).
- IB/hfi1: Clean up pin_vector_pages() function (bsc#1179878).
- IB/hfi1: Clean up hfi1_user_exp_rcv_setup function
(bsc#1179878).
- IB/hfi1: Use filedata rather than filepointer (bsc#1179878).
- IB/hfi1: Name function prototype parameters (bsc#1179878).
- commit 96dfbdb
- scsi: iscsi: Fix a potential deadlock in the timeout handler
(bsc#1178272).
- commit 0435a8c
- Refresh patches.suse/powerpc-Implement-user_access_begin-and-friends.patch.
Drop unused definition.
- commit 6652b07
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch (bsc#1180815).
Fixup the PACA_AUX handling in entry an uaccess flush.
- commit 3b153a1
- xen: support having only one event pending per watch
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 8958f53
- xen: revert Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit bbbf26c
- xen: revert Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 91d64f5
- xen: revert Support will_handle watch callback (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 9715572
- xen: revert Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 047dcd1
- xen: revert Disallow pending watch messages (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 3296374
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(bsc#1179509 XSA-350 CVE-2020-29569).
- commit acb25f4
- xenbus/xenbus_backend: Disallow pending watch messages
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit dd5910a
- xen/xenbus: Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 8136b44
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 4582297
- xen/xenbus: Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit d272247
- xen/xenbus: Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0d1044d
- fix regression in "/epoll: Keep a reference on files added to
the check list"/ (bsc#1180031, git-fixes).
- do_epoll_ctl(): clean the failure exits up a bit
(bsc#1180031,CVE-2020-0466).
- epoll: Keep a reference on files added to the check list
(bsc#1180031).
- commit f620437
- Move upstreamed vgacon patch into sorted section
- commit 39c8e9f
- audit: fix error handling in audit_data_to_entry()
(CVE-2020-0444 bsc#1180027).
- commit 20e9b9f
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158 bsc#1180559).
- commit 6e082c0
- Refresh patches.suse/powerpc-rtas-fix-typo-of-ibm-open-errinjct-in-rtas-f.patch
Refresh to upstream version.
- commit bc91473
- tracing: Fix race in trace_open and buffer resize call
(CVE-2020-27825 bsc#1179960).
- commit e2d61a2
- ring-buffer: speed up buffer resets by avoiding synchronize_rcu
for each CPU (CVE-2020-27825 bsc#1179960).
- commit 26416a1
- ring-buffer: Make resize disable per cpu buffer instead of
total buffer (CVE-2020-27825 bsc#1179960).
- commit 324f602
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
(CVE-2020-27068 bsc#1180086).
- commit 4f3308e
- HID: Fix slab-out-of-bounds read in hid_field_extract
(bsc#1180052).
- commit 4d89452
- HID: core: Sanitize event code and type when mapping input
(CVE-2020-0465 bsc#1180029).
- commit 396f396
- tty: Fix ->session locking (bsc#1179745 CVE-2020-29660).
- tty: Fix ->pgrp locking in tiocspgrp() (bsc#1179745
CVE-2020-29661).
- commit 1cc3fb3
- powerpc/rtas: fix typo of ibm,open-errinjct in rtas filter
(CVE-2020-27777 bsc#1179107 bsc#1179887 ltc#190092).
- commit d1f9480
- media: xirlink_cit: add missing descriptor sanity checks
(bsc#1168952 CVE-2020-11668).
- commit 3e66aa1
- Update
patches.fixes/sched-fair-Don-t-free-p-numa_faults-with-concurrent-.patch
(bsc#1144920, bsc#1179663, CVE-2019-20934).
- commit d9fcab2
- powerpc: Stop exporting __clear_user which is now inlined
(CVE-2020-4788 bsc#1177666).
- commit 8ac43e7
- ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902
bsc#1105322).
- commit 2190948
- kABI workaround for snd_rawmidi buffer_ref field addition
(CVE-2020-27786 bsc#1179601).
- commit 5bed91c
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
(CVE-2020-27786 bsc#1179601).
- commit 1c1d0c3
- cifs: fix potential use-after-free in cifs_echo_request()
(bsc#1139944).
- commit 3f7fb1a
- powerpc/64s: flush L1D after user accesses (CVE-2020-4788
bsc#1177666).
- Refresh patches.suse/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch.
- Refresh patches.arch/kvm-x86-mmu-Apply-global-mitigations-knob-to-ITLB_MULTIHIT.patch.
- Refresh patches.kabi/kABI-powerpc-avoid-including-pgtable.h-in-kup.h.patch.
- powerpc/uaccess: Evaluate macro arguments once, before user
access is allowed (CVE-2020-4788 bsc#1177666).
- powerpc: Fix __clear_user() with KUAP enabled (CVE-2020-4788
bsc#1177666).
- powerpc: Implement user_access_begin and friends (CVE-2020-4788
bsc#1177666).
- powerpc: Add a framework for user access tracking (CVE-2020-4788
bsc#1177666).
- powerpc/64s: flush L1D on kernel entry (CVE-2020-4788
bsc#1177666).
- Refresh patches.suse/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch.
- Refresh patches.arch/kvm-x86-mmu-Apply-global-mitigations-knob-to-ITLB_MULTIHIT.patch.
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch.
- powerpc/64s: move some exception handlers out of line
(CVE-2020-4788 bsc#1177666).
- powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
(CVE-2020-4788 bsc#1177666).
- commit 5decbce
- block: Fix use-after-free in blkdev_get() (bsc#1173834
bsc#1179141 CVE-2020-15436).
- commit 14ac1a6
- kABI: powerpc: Add back __clear_user (CVE-2020-4788
bsc#1177666).
- commit 5d98532
- kABI: powerpc: avoid including pgtable.h in kup.h (CVE-2020-4788
bsc#1177666).
- commit 3c556af
- serial: 8250: fix null-ptr-deref in serial8250_start_tx()
(CVE-2020-15437 bsc#1179140).
- commit 3fe67b6
- powerpc/rtas: Restrict RTAS requests from userspace
(CVE-2020-27777 bsc#1179107).
- Update config files.
- commit 0dba49d
- vt: Disable KD_FONT_OP_COPY (CVE-2020-28974 bsc#1178589).
- commit c6f98d1
- Fonts: Replace discarded const qualifier (CVE-2020-28915
bsc#1178886).
- fbcon: Fix global-out-of-bounds read in fbcon_get_font()
(CVE-2020-28915 bsc#1178886).
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
(CVE-2020-28915 bsc#1178886).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into
linux/font.h (CVE-2020-28915 bsc#1178886).
- commit 0af4cee
- video: hyperv_fb: include vmalloc.h (bsc#1175306).
Refresh patches.suse/suse-hv-VERSION_WIN10_V5.patch.
no code changes
- commit 4e8b360
- Refresh
patches.arch/0002-x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch.
- commit b65cf87
- Input: sunkbd - avoid use-after-free in teardown paths
(CVE-2020-25669 bsc#1178182).
- commit d1ac9b9
- mm/hugetlb: fix a race between hugetlb sysctl handlers
(bsc#1176485, CVE-2020-25285).
- commit 17cb8e9
- libyui-qt
-
- python
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-base
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-cryptography
-
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
* Using the Fernet class to symmetrically encrypt multi gigabyte values
could result in an integer overflow and buffer overflow.
- screen
-
- Fix double width combining char handling that could lead
to a segfault [bnc#1182092] [CVE-2021-26937]
new patch: combchar.diff