- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
SCC will be stored inside of the credentials file for later use on API calls.
This way we add system clone detection for systems using this version of SUSE
Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
information in SCC and proxies more accurate. (bsc#1196076)
- apparmor
-
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
- audit-secondary
-
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
- augeas
-
- add augeas-sysctl_parsing.patch (bsc#1197443)
* backport original patch and rebase.
- autofs
-
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
Fix off-by-one error in recursive map handling. (bsc#1209653)
- autofs-5.1.3-only-take-master-map-mutex-for-master-m.patch
Take master map mutex for master map updates only. (bsc#1191625)
- avahi
-
- Add avahi-CVE-2023-1981.patch: emit error if requested service
is not found (boo#1210328 CVE-2023-1981).
- bind
-
- Security Fix:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit.
[bsc#1212544, CVE-2023-2828, bind-CVE-2023-2828.patch]
- Security Fixes:
* Previously, there was no limit to the number of database lookups
performed while processing large delegations, which could be abused
to severely impact the performance of named running as a recursive
resolver. This has been fixed.
[bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
* A memory leak was fixed that could be externally triggered in the
DNSSEC verification code for the ECDSA algorithm.
[bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
* Memory leaks were fixed that could be externally triggered in the
DNSSEC verification code for the EdDSA algorithm.
[bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
Adds binutils-add-efi-aarch64-1.diff,
binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
in crash not accepting some of our .ko.debug files.
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
- Add binutils-revert-rela.diff to revert back to old behaviour
of not ignoring the in-section content of to be relocated
fields on x86-64, even though that's a RELA architecture.
Compatibility with buggy object files generated by old tools.
[bsc#1198422]
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
Removed:
- Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CA:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
- cifs-utils
-
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
(bsc#1198976, CVE-2022-29869)
* add cifs-utils-CVE-2022-29869.patch
- CVE-2022-27239: mount.cifs: fix length check for ip option
parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
* add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- cloud-netconfig
-
- Update to version 1.7:
+ Overhaul policy routing setup (issue #19)
+ Support alias IPv4 ranges (issue #14)
+ Add support for NetworkManager (bsc#1204549)
+ Remove dependency on netconfig
+ Install into libexec directory
+ Clear stale ifcfg files for accelerated NICs (bsc#1199853)
+ More debug messages
+ Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
Tumbleweed, update path (poo#116221)
- cloud-regionsrv-client
-
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
- Removes a warning about system_token entry present in the credentials
file.
- Adds logrotate configuration for log rotation.
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- Follow up fix to 10.0.4 (bsc#1202706)
- While the source code was updated to support SLE Micro the spec file
was not updated for the new locations of the cache and the certs.
Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
- Handle exception when trying to deregister a system form the server
- Update to version 10.0.4 (bsc#1199668)
- Store the update server certs in the /etc path instead of /usr to
accomodate read only setup of SLE-Micro
- crash
-
- Fix lookup of symbol "/linux_banner"/, as in newer kernels the symbol is
placed in the .init section ('D') as opposed to the read-only section ('R').
Also make this specific to kernels >= 2.6.11. This fix is a combination of
upstream commit fce91bec and a chunk from upstream commit 9fab193e.
(bsc#1195911)
Added:
crash-Fix-the-failure-of-reporting-vmcore-and-vmlinux-do-n.patch
- ------------------------------------------------------------------
- cronie
-
- Let systemd finish jobs executed by cron after it gets killed, bsc#1211066
* cron.service
- Allow to define the logger info and warning priority, fixes
jsc#SLE-24577
* run-crons
* sysconfig.cron
- cups
-
- cups-1.7.5-CVE-2023-32324.patch fixes CVE-2023-32324
"/Heap buffer overflow in cupsd"/
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
- curl
-
- Security fixes:
* [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
fingerprint check.
- Add curl-CVE-2023-28319.patch
* [bsc#1211231, CVE-2023-28320] siglongjmp race condition
- Add curl-CVE-2023-28320.patch
* [bsc#1211232, CVE-2023-28321] IDN wildcard matching
- Add curl-CVE-2023-28321.patch
* [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
- Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
* Remove the curl-mini package and associated files:
- curl-mini.changes curl-mini.spec pre_checkin.sh
* Rebase curl-use_DEFAULT_SUSE_cipher.patch
* Remove patches fixed in the update:
- curl-check-content-type.patch
- curl-fix-O_APPEND.patch
- curl-libssh-socket.patch
- curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- curl-CVE-2018-0500.patch curl-CVE-2018-14618.patch
- curl-CVE-2018-16839.patch curl-CVE-2018-16840.patch
- curl-CVE-2018-16842.patch curl-CVE-2018-16890.patch
- curl-CVE-2019-3822.patch curl-CVE-2019-3823.patch
- curl-CVE-2019-5436.patch curl-CVE-2019-5481.patch
- curl-CVE-2019-5482.patch curl-CVE-2020-8177.patch
- curl-CVE-2020-8231.patch curl-CVE-2020-8284.patch
- curl-CVE-2020-8285.patch curl-CVE-2020-8286.patch
- curl-CVE-2021-22876.patch curl-CVE-2021-22876-URL-API.patch
- curl-CVE-2021-22898.patch curl-CVE-2021-22924.patch
- curl-CVE-2021-22925.patch curl-CVE-2021-22946.patch
- curl-CVE-2021-22947.patch curl-CVE-2023-27534-dynbuf.patch
- curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
- curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
- curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
- curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
- curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
- curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
- curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
- curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
* Bugfixes:
- fix crash in curl_easy_cleanup
- Update to 8.0.0:
* Security fixes:
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
- HSTS double-free [bsc#1209213, CVE-2023-27537]
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
* Changes:
- build: remove support for curl_off_t < 8 bytes
* Bugfixes:
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
- BINDINGS: add Fortran binding
- cf-socket: use port 80 when resolving name for local bind
- cookie: don't load cookies again when flushing
- curl_path: create the new path with dynbuf
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
- ftp: active mode with SSL, add the filter
- hostip: avoid sscanf and extra buffer copies
- http2: fix for http2-prior-knowledge when reusing connections
- http2: fix handling of RST and GOAWAY to recognize partial transfers
- http: don't send 100-continue for short PUT requests
- http: fix unix domain socket use in https connects
- libssh: use dynbuf instead of realloc
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
- sectransp: make read_cert() use a dynbuf when loading
- telnet: only accept option arguments in ascii
- telnet: parse telnet options without sscanf
- url: fix the SSH connection reuse check
- url: only reuse connections with same GSS delegation
- urlapi: '%' is illegal in host names
- ws: keep the socket non-blocking
* Rebase libcurl-ocloexec.patch
- Security fixes:
* [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
* [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
* [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
Add curl-CVE-2023-27535.patch
* [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
Add curl-CVE-2023-27536.patch
* [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
Add curl-CVE-2023-27538.patch
- Update to 7.88.1:
* Bugfix release
- Drop upstreamed patch:
* curl-fix-uninitialized-value-in-tests.patch
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
[bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
* Security fixes:
- CVE-2023-23914: HSTS ignored on multiple requests
- CVE-2023-23915: HSTS amnesia with --parallel
- CVE-2023-23916: HTTP multi-header compression denial of service
* Changes:
- curl.h: add CURL_HTTP_VERSION_3ONLY
- share: add sharing of HSTS cache among handles
- src: add --http3-only
- tool_operate: share HSTS between handles
- urlapi: add CURLU_PUNYCODE
- writeout: add %{certs} and %{num_certs}
* Bugfixes:
- cf-socket: keep sockaddr local in the socket filters
- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
- curl.h: allow up to 10M buffer size
- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
- curl/websockets.h: extend the websocket frame struct
- curl: output warning at --verbose output for debug-enabled version
- curl_free.3: fix return type of `curl_free`
- curl_log: for failf/infof and debug logging implementations
- dict: URL decode the entire path always
- docs/DEPRECATE.md: deprecate gskit
- easyoptions: fix header printing in generation script
- haxproxy: send before TLS handhshake
- hsts.d: explain hsts more
- hsts: handle adding the same host name again
- HTTP/[23]: continue upload when state.drain is set
- http: decode transfer encoding first
- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
- http_proxy: do not assign data->req.p.http use local copy
- lib: connect/h2/h3 refactor
- libssh2: try sha2 algos for hostkey methods
- md4: fix build with GnuTLS + OpenSSL v1
- ngtcp2: replace removed define and stop using removed function
- noproxy: support for space-separated names is deprecated
- nss: implement data_pending method
- openldap: fix missing sasl symbols at build in specific configs
- openssl: adapt to boringssl's error code type
- openssl: don't ignore CA paths when using Windows CA store (redux)
- openssl: don't log raw record headers
- openssl: make the BIO_METHOD a local variable in the connection filter
- openssl: only use CA_BLOB if verifying peer
- openssl: remove attached easy handles from SSL instances
- openssl: store the CA after first send (ClientHello)
- setopt: use >, not >=, when checking if uarg is larger than uint-max
- smb: return error on upload without size
- socketpair: allow localhost MITM sniffers
- strdup: name it Curl_strdup
- tool_getparam: fix hiding of command line secrets
- tool_operate: fix error codes on bad URL & OOM
- tool_operate: repair --rate
- transfer: break the read loop when RECV is cleared
- typecheck: accept expressions for option/info parameters
- urlapi: avoid Curl_dyn_addf() for hex outputs
- urlapi: skip path checks if path is just "//"/
- urlapi: skip the extra dedotdot alloc if no dot in path
- urldata: cease storing TLS auth type
- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
- urldata: make set.http200aliases conditional on HTTP being present
- urldata: move the cookefilelist to the 'set' struct
- urldata: remove unused struct fields, made more conditional
- vquic: stabilization and improvements
- vtls: fix hostname handling in filters
- vtls: manage current easy handle in nested cfilter calls
- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
* Rebase libcurl-ocloexec.patch
* Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
- runtests: fix "/uninitialized value $port"/
- Add curl-fix-uninitialized-value-in-tests.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
* HTTP multi-header compression denial of service
* Add curl-CVE-2023-23916.patch
- Update to 7.87.0:
* Security fixes:
- CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
- CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
* Changes
- curl: add --url-query
- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
- openssl: reduce CA certificate bundle reparsing by caching
- version: add a feature names array to curl_version_info_data
* Bugfixes
- altsvc: fix rejection of negative port numbers
- aws_sigv4: consult x-%s-content-sha256 for payload hash
- aws_sigv4: fix typos in aws_sigv4.c
- base64: better alloc size
- base64: encode without using snprintf
- base64: faster base64 decoding
- build: assume assert.h is always available
- build: assume errno.h is always available
- c-hyper: CONNECT respones are not server responses
- c-hyper: fix multi-request mechanism
- CI: Change FreeBSD image from 12.3 to 12.4
- CI: LGTM.com will be shut down in December 2022
- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
- cmake: check for cross-compile, not for toolchain
- CMake: fix build with `CURL_USE_GSSAPI`
- cmake: really enable warnings with clang
- cmake: set the soname on the shared library
- cmdline-opts/gen.pl: fix the linkifier
- cmdline-opts/page-footer: remove long option nroff formatting
- config-mac: define HAVE_SYS_IOCTL_H
- config-mac: fix typo: size_T -> size_t
- config-mac: remove HAVE_SYS_SELECT_H
- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
- configure: require fork for NTLM-WB
- contributors.sh: actually use $CURLWWW instead of just setting it
- cookie: compare cookie prefixes case insensitively
- cookie: expire cookies at once when max-age is negative
- cookie: open cookie jar as a binary file
- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
- curl-rustls.m4: on macOS, rustls also needs the Security framework
- curl.h: include <sys/select.h> on SerenityOS
- curl.h: name all public function parameters
- curl.h: reword comment to not use deprecated option
- curl: override the numeric locale and set "/C"/ by force
- curl: timeout in the read callback
- curl_endian: remove Curl_write64_le from header
- curl_get_line: allow last line without newline char
- curl_path: do not add '/' if homedir ends with one
- curl_url_get.3: remove spurious backtick
- curl_url_set.3: document CURLU_DISALLOW_USER
- curl_url_set.3: fix typo
- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
- CURLOPT_COOKIEFILE.3: advice => advise
- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "/raw"/
- CURLOPT_POST.3: Explain setting to 0 changes request type
- docs/curl_ws_send: Fixed typo in websocket docs
- docs/EARLY-RELEASE.md: how to determine an early release
- docs/examples: spell correction ('Retrieve')
- docs/INSTALL.md: expand on static builds
- docs/WEBSOCKET.md: explain the URL use
- docs: add missing parameters for --retry flag
- docs: add more "/SEE ALSO"/ links to CA related pages
- docs: explain the noproxy CIDR notation support
- docs: extend the dump-header documentation
- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
- examples/10-at-a-time: fix possible skipped final transfers
- examples: update descriptions
- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
- GHA: clarify workflows permissions, set least possible privilege
- GHA: NSS use clang instead of clang-9
- gnutls: use common gnutls init and verify code for ngtcp2
- headers: add endif comments
- HTTP-COOKIES.md: mention that http://localhost is a secure context
- HTTP-COOKIES.md: update the 6265bis link to draft-11
- http: do not send PROXY more than once
- http: fix the ::1 comparison for IPv6 localhost for cookies
- http: set 'this_is_a_follow' in the Location: logic
- http: use the IDN decoded name in HSTS checks
- hyper: classify headers as CONNECT and 1XX
- hyper: fix handling of hyper_task's when reusing the same address
- idn: remove Curl_win32_ascii_to_idn
- INSTALL: update operating systems and CPU archs
- KNOWN_BUGS: remove eight entries
- lib1560: add some basic IDN host name tests
- lib: connection filters (cfilter) addition to curl:
- lib: feature deprecation warnings in gcc >= 4.3
- lib: fix some type mismatches and remove unneeded typecasts
- lib: parse numbers with fixed known base 10
- lib: remove bad set.opt_no_body assignments
- lib: rewind BEFORE request instead of AFTER previous
- lib: sync guard for Curl_getaddrinfo_ex() definition and use
- lib: use size_t or int etc instead of longs
- libcurl-errors.3: remove duplicate word
- libssh2: return error when ssh_hostkeyfunc returns error
- limit-rate.d: see also --rate
- log2changes.pl: wrap long lines at 80 columns
- Makefile.mk: address minor issues
- Makefile.mk: improve a GNU Make hack
- Makefile.mk: portable Makefile.m32
- maketgz: set the right version in lib/libcurl.plist
- mime: relax easy/mime structures binding
- misc: Fix incorrect spelling
- misc: remove duplicated include files
- misc: typo and grammar fixes
- negtelnetserver.py: have it call its close() method
- netrc.d: provide mutext info
- netware: remove leftover traces
- noproxy: also match with adjacent comma
- noproxy: guard against empty hostnames in noproxy check
- noproxy: tailmatch like in 7.85.0 and earlier
- nroff-scan.pl: detect double highlights
- ntlm: improve comment for encrypt_des
- ntlm: silence ubsan warning about copying from null target_info pointer
- openssl/mbedtls: use %d for outputing port with failf (int)
- openssl: prefix errors with '[lib]/[version]: '
- os400: use platform socklen_t in Curl_getnameinfo_a
- page-header: grammar improvement (display transfer rate)
- proxy: refactor haproxy protocol handling as connection filter
- README.md: remove badges and xmas-tree garnish
- rtsp: fix RTSP auth
- runtests: --no-debuginfod now disables DEBUGINFOD_URLS
- runtests: do CRLF replacements per section only
- scripts/checksrc.pl: detect duplicated include files
- sendf: change Curl_read_plain to wrap Curl_recv_plain
- sendf: remove unnecessary if condition
- setup: do not require __MRC__ defined for Mac OS 9 builds
- smb/telnet: do not free the protocol struct in *_done()
- socks: fix username max size is 255 (0xFF)
- spellcheck.words: remove 'github' as an accepted word
- ssl-reqd.d: clarify that this is for upgrading connections only
- strcase: use curl_str(n)equal for case insensitive matches
- styled-output.d: this option does not work on Windows
- system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
- system.h: support 64-bit curl_off_t for NonStop 32-bit
- test1421: fix typo
- test3026: reduce runtime in legacy mingw builds
- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
- tests: add authorityInfoAccess to generated certs
- tests: add HTTP/3 test case, custom location for proper nghttpx
- tls: backends use connection filters for IO, enabling HTTPS-proxy
- tool: determine the correct fopen option for -D
- tool_cfgable: free the ssl_ec_curves on exit
- tool_cfgable: make socks5_gssapi_nec a boolean
- tool_formparse: avoid clobbering on function params
- tool_getparam: make --no-get work as the opposite of --get
- tool_operate: provide better errmsg for -G with bad URL
- tool_operate: when aborting, make sure there is a non-NULL error buffer
- tool_paramhlp: free the proto strings on exit
- url: move back the IDN conversion of proxy names
- urlapi: reject more bad letters from the host name: &+()
- urldata: change port num storage to int and unsigned short
- vms: remove SIZEOF_SHORT
- vtls: fix build without proxy support
- vtls: localization of state data in filters
- WEBSOCKET.md: fix broken link
- Websocket: fixes for partial frames and buffer updates
- websockets: fix handling of partial frames
- windows: fail early with a missing windres in autotools
- windows: fix linking .rc to shared curl with autotools
- winidn: drop WANT_IDN_PROTOTYPES
- ws: if no connection is around, return error
- ws: return CURLE_NOT_BUILT_IN when websockets not built in
- x509asn1: avoid freeing unallocated pointers
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
a bandaid. Curl's 7.86.0 release introduces the use of
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
introduced by nghttp2 1.50.0 release, without introducing a check
for the function/right version in their build scripts. This will
make Zypper/cURL unusable in some corner cases where users
installing something that requires libcurl4 before doing full
system upgrade, thus updating the cURL stack, but not
libnghttp2's. Background: boo#1204983, Factory mailing list
threadd:
"/? broken dependency in curl and/or *zyp* ?"/, and forums thread:
Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
- Update to 7.86.0:
* Security fixes:
- POST following PUT confusion [bsc#1204383, CVE-2022-32221]
- .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
- HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
- HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
* Changes:
- NPN: remove support for and use of
- Websockets: initial support
* Bugfixes:
- altsvc: reject bad port numbers
- autotools: reduce brute-force when detecting recv/send arg list
- aws_sigv4: fix header computation
- cli tool: do not use disabled protocols
- connect: change verbose IPv6 address:port to [address]:port
- connect: fix builds without AF_INET6
- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
- connect: fix the wrong error message on connect failures
- content_encoding: use writer struct subclasses for different encodings
- content_encoding: use writer struct subclasses for different encodings
- cookie: reject cookie names or content with TAB characters
- curl/add_file_name_to_url: use the libcurl URL parser
- curl/get_url_file_name: use libcurl URL parser
- curl: warn for --ssl use, considered insecure
- docs/libcurl/symbols-in-versions: add several missing symbols
- ftp: ignore a 550 response to MDTM
- functypes: provide the recv and send arg and return types
- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
- header: define public API functions as extern c
- headers: reset the requests counter at transfer start
- hostip: guard PF_INET6 use
- hostip: lazily wait to figure out if IPv6 works until needed
- http, vauth: always provide Curl_allow_auth_to_host() functionality
- http2: make nghttp2 less picky about field whitespace
- http: try parsing Retry-After: as a number first
- http_proxy: restore the protocol pointer on error
- lib: add missing limits.h includes
- lib: prepare the incoming of additional protocols
- lib: sanitize conditional exclusion around MIME
- libssh: if sftp_init fails, don't get the sftp error code
- mprintf: reject two kinds of precision for the same argument
- mqtt: return error for too long topic
- netrc: compare user name case sensitively
- netrc: replace fgets with Curl_get_line
- netrc: use the URL-decoded user
- ngtcp2: fix build errors due to changes in ngtcp2 library
- noproxy: support proxies specified using cidr notation
- openssl: make certinfo available for QUIC
- resolve: make forced IPv4 resolve only use A queries
- schannel: ban server ALPN change during recv renegotiation
- schannel: don't reset recv/send function pointers on renegotiation
- schannel: when importing PFX, disable key persistence
- setopt: use the handler table for protocol name to number conversions
- setopt: when POST is set, reset the 'upload' field
- single_transfer: use the libcurl URL parser when appending query parts
- smb: replace CURL_WIN32 with WIN32
- tool: avoid generating ambiguous escaped characters in --libcurl
- tool_main: exit at once if out of file descriptors
- tool_operate: more transfer cleanup after parallel transfer fail
- tool_operate: prevent over-queuing in parallel mode
- tool_paramhelp: asserts verify maximum sizes for string loading
- tool_xattr: save the original URL, not the final redirected one
- url: a zero-length userinfo part in the URL is still a (blank) user
- url: allow non-HTTPS HSTS-matching for debug builds
- url: rename function due to name-clash in Watt-32
- url: use IDN decoded names for HSTS checks
- urlapi: detect scheme better when not guessing
- urlapi: fix parsing URL without slash with CURLU_URLENCODE
- urlapi: reject more bad characters from the host name field
* Remove patch upstream:
- connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- Update connection info when using UNIX socket as endpoint
connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Change the deprecated configure option --enable-hidden-symbols
to the new --enable-symbol-hiding.
- Update to 7.85.0:
* Security fixes: [bsc#1202593, CVE-2022-35252]
- control code in cookie denial of service
* Changes:
- quic: add support via wolfSSL
- schannel: Add TLS 1.3 support
- setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
* Bugfixes:
- asyn-thread: fix socket leak on OOM
- asyn-thread: make getaddrinfo_complete return CURLcode
- base64: base64url encoding has no padding
- configure: fix broken m4 syntax in TLS options
- configure: if asked to use TLS, fail if no TLS lib was detected
- connect: add quic connection information
- connect: set socktype/protocol correctly
- cookie: reject cookies with "/control bytes"/
- cookie: treat a blank domain in Set-Cookie: as non-existing
- curl: output warning when a cookie is dropped due to size
- Curl_close: call Curl_resolver_cancel to avoid memory-leak
- digest: fix memory leak, fix not quoted 'opaque'
- digest: fix missing increment of 'nc' value for auth-int
- digest: pass over leading spaces in qop values
- digest: reject broken header with session protocol but without qop
- doh: use https protocol by default
- easy_lock.h: include sched.h if available to fix build
- easy_lock.h: use __asm__ instead of asm to fix build
- easy_lock: switch to using atomic_int instead of bool
- ftp: use a correct expire ID for timer expiry
- h2h3: fix overriding the 'TE: Trailers' header
- hostip: resolve *.localhost to 127.0.0.1/::1
- HTTP3.md: update to msh3 v0.4.0
- hyper: use wakers for curl pause/resume
- lib3026: reduce the number of threads to 100
- libssh2: make atime/mtime date overflow return error
- libssh2: provide symlink name in SFTP dir listing
- multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
- multi: use larger dns hash table for multi interface
- multi_wait: fix skipping to populate revents for extra_fds
- netrc: Use the password from lines without login
- ngtcp2: Fix build error due to change in nghttp3 prototypes
- ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
- ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
- openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
- openssl: add cert path in error message
- openssl: add details to "/unable to set client certificate"/ error
- openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
- select: do not return fatal error on EINTR from poll()
- sendf: fix paused header writes since after the header API
- sendf: skip storing HTTP headers if HTTP disabled
- url: really use the user provided in the url when netrc entry exists
- url: reject URLs with hostnames longer than 65535 bytes
- url: treat missing usernames in netrc as empty
- urldata: reduce size of several struct fields
- vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
* Remove tests-for-32bit.patch fixed in the update
* Rebase libcurl-ocloexec.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
* Control codes in cookie denial of service
* Add curl-CVE-2022-35252.patch
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Security fix: [bsc#1200735, CVE-2022-32206]
* HTTP compression denial of service
* Add curl-CVE-2022-32206.patch
- Security fix: [bsc#1200737, CVE-2022-32208]
* FTP-KRB bad message verification
* Add curl-CVE-2022-32208.patch
- Update to 7.84.0:
* Security fixes:
- (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
- (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
- (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
- (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
* Changes:
- curl: add --rate to set max request rate per time unit
- curl: deprecate --random-file and --egd-file
- curl_version_info: add CURL_VERSION_THREADSAFE
- CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
- lib: make curl_global_init() threadsafe when possible
- libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
- opts: deprecate RANDOM_FILE and EGDSOCKET
- socks: support unix sockets for socks proxy
* Bugfixes:
- aws-sigv4: fix potentional NULL pointer arithmetic
- bindlocal: don't use a random port if port number would wrap
- c-hyper: mark status line as status for Curl_client_write()
- ci: avoid `cmake -Hpath`
- CI: bump FreeBSD 13.0 to 13.1
- ci: update github actions
- cmake: add libpsl support
- cmake: do not add libcurl.rc to the static libcurl library
- cmake: enable curl.rc for all Windows targets
- cmake: fix detecting libidn2
- cmake: support adding a suffix to the OS value
- configure: skip libidn2 detection when winidn is used
- configure: use the SED value to invoke sed
- configure: warn about rustls being experimental
- content_encoding: return error on too many compression steps
- cookie: address secure domain overlay
- cookie: apply limits
- copyright.pl: parse and use .reuse/dep5 for skips
- copyright: make repository REUSE compliant
- curl.1: add a few see also --tls-max
- curl.1: mention exit code zero too
- curl: re-enable --no-remote-name
- curl_easy_pause.3: remove explanation of progress function
- curl_getdate.3: document that some illegal dates pass through
- Curl_parsenetrc: don't access local pwbuf outside of scope
- curl_url_set.3: clarify by default using known schemes only
- CURLOPT_ALTSVC.3: document the file format
- CURLOPT_FILETIME.3: fix the protocols this works with
- CURLOPT_HTTPHEADER.3: improve comment in example
- CURLOPT_NETRC.3: document the .netrc file format
- CURLOPT_PORT.3: We discourage using this option
- CURLOPT_RANGE.3: remove ranged upload advice
- digest: added detection of more syntax error in server headers
- digest: tolerate missing "/realm"/
- digest: unquote realm and nonce before processing
- DISABLED: disable 1021 for hyper again
- docs/cmdline-opts: add copyright and license identifier to each file
- docs/CONTRIBUTE.md: document the 'needs-votes' concept
- docs: clarify data replacement policy for MIME API
- doh: remove UNITTEST macro definition
- examples/crawler.c: use the curl license
- examples: remove fopen.c and rtsp.c
- FAQ: Clarify Windows double quote usage
- fopen: add Curl_fopen() for better overwriting of files
- ftp: restore protocol state after http proxy CONNECT
- ftp: when failing to do a secure GSSAPI login, fail hard
- GHA/hyper: enable debug in the build
- gssapi: improve handling of errors from gss_display_status
- gssapi: initialize gss_buffer_desc strings
- headers api: remove EXPERIMENTAL tag
- http2: always debug print stream id in decimal with %u
- http2: reject overly many push-promise headers
- http: restore header folding behavior
- hyper: use 'alt-used'
- krb5: return error properly on decode errors
- lib: make more protocol specific struct fields #ifdefed
- libcurl-security.3: add "/Secrets in memory"/
- libcurl-security.3: document CRLF header injection
- libssh: skip the fake-close when libssh does the right thing
- links: update dead links to the curl-wiki
- log2changes: do not indent empty lines [ci skip]
- macos9: remove partial support
- Makefile.am: fix portability issues
- Makefile.m32: delete obsolete options, improve -On [ci skip]
- Makefile.m32: delete two obsolete OpenSSL options [ci skip]
- Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
- max-time.d: clarify max-time sets max transfer time
- mprintf: ignore clang non-literal format string
- netrc: check %USERPROFILE% as well on Windows
- netrc: support quoted strings
- ngtcp2: allow curl to send larger UDP datagrams
- ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
- ngtcp2: enable Linux GSO
- ngtcp2: extend QUIC transport parameters buffer
- ngtcp2: fix alert_read_func return value
- ngtcp2: fix typo in preprocessor condition
- ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
- ngtcp2: send appropriate connection close error code
- ngtcp2: support boringssl crypto backend
- ngtcp2: use helper funcs to simplify TLS handshake integration
- ntlm: provide a fixed fake host name
- projects: fix third-party SSL library build paths for Visual Studio
- quic: add Curl_quic_idle
- quiche: support ca-fallback
- rand: stop detecting /dev/urandom in cross-builds
- remote-name.d: mention --output-dir
- runtests.pl: add the --repeat parameter to the --help output
- runtests: fix skipping tests not done event-based
- runtests: skip starting the ssh server if user name is lacking
- scripts/copyright.pl: fix the exclusion to not ignore man pages
- sectransp: check for a function defined when __BLOCKS__ is undefined
- select: return error from "/lethal"/ poll/select errors
- server/sws: support spaces in the HTTP request path
- speed-limit/time.d: mention these affect transfers in either direction
- strcase: some optimisations
- test 2081: add a valid reply for the second request
- test 675: add missing CR so the test passes when run through Privoxy
- test414: add the '--resolve' keyword
- test681: verify --no-remote-name
- tests 266, 116 and 1540: add a small write delay
- tests/data/test1501: kill ftp server after slow LIST response
- tests/getpart: fix getpartattr to work with "/data"/ and "/data2"/
- tests/server/sws.c: change the HTTP writedelay unit to milliseconds
- test{440,441,493,977}: add "/HTTP proxy"/ keywords
- tool_getparam: fix --parallel-max maximum value constraint
- tool_operate: make sure --fail-with-body works with --retry
- transfer: fix potential NULL pointer dereference
- transfer: maintain --path-as-is after redirects
- transfer: upload performance; avoid tiny send
- url: free old conn better on reuse
- url: remove redundant #ifdefs in allocate_conn()
- url: URL encode the path when extracted, if spaces were set
- urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
- urlapi: support CURLU_URLENCODE for curl_url_get()
- urldata: reduce size of a few struct fields
- urldata: remove three unused booleans from struct UserDefined
- urldata: store tcp_keepidle and tcp_keepintvl as ints
- version: allow stricmp() for sorting the feature list
- vtls: make curl_global_sslset thread-safe
- wolfssh.h: removed
- wolfssl: correct the failf() message when a handle can't be made
- wolfSSL: explicitly use compatibility layer
- x509asn1: mark msnprintf return as unchecked
- Update to 7.83.1:
* Security fixes:
- (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
- (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
- (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
- (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
- (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
- (bsc#1199220, CVE-2022-27778) removes wrong file on error
* Bugfixes:
- altsvc: fix host name matching for trailing dots
- cirrus: Update to FreeBSD 12.3
- cirrus: Use pip for Python packages on FreeBSD
- conn: fix typo 'connnection' -> 'connection' in two function names
- cookies: make bad_domain() not consider a trailing dot fine
- curl: free resource in error path
- curl: guard against size_t wraparound in no-clobber code
- CURLOPT_DOH_URL.3: mention the known bug
- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
- CURLOPT_SSH_AUTH_TYPES.3: fix the default
- data/test376: set a proper name
- GHA/mbedtls: enabled nghttp2 in the build
- gha: build msh3
- gskit: fixed bogus setsockopt calls
- gskit: remove unused function set_callback
- hsts: ignore trailing dots when comparing hosts names
- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
- http: move Curl_allow_auth_to_host()
- http_proxy/hyper: handle closed connections
- hyper: fix test 357
- Makefile: fix "/make ca-firefox"/
- mbedtls: bail out if rng init fails
- mbedtls: fix compile when h2-enabled
- mbedtls: fix some error messages
- misc: use "/autoreconf -fi"/ instead buildconf
- msh3: get msh3 version from MsH3Version
- msh3: print boolean value as text representation
- msh3: psss remote_port to MsH3ConnectionOpen
- ngtcp2: add ca-fallback support for OpenSSL backend
- nss: return error if seemingly stuck in a cert loop
- openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
- post_per_transfer: remove the updated file name
- sectransp: bail out if SSLSetPeerDomainName fails
- tests/server: declare variable 'reqlogfile' static
- tests: fix markdown formatting in README
- test{898,974,976}: add 'HTTP proxy' keywords
- tls: check more TLS details for connection reuse
- url: check SSH config match on connection reuse
- urlapi: address (harmless) UndefinedBehavior sanitizer warning
- urlapi: reject percent-decoding host name into separator bytes
- x509asn1: make do_pubkey handle EC public keys
- Securiy fix: [bsc#1199223, CVE-2022-27781]
* CERTINFO never-ending busy-loop
* Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
* TLS and SSH connection too eager reuse
* Add curl-CVE-2022-27782.patch
- Patches rework:
* Refreshed all patches as -p1.
* Use autopatch macro.
* Renamed:
- dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
* Removed (already upstream):
- curl-fix-verifyhost.patch
- Update to 7.83.0:
* Security fixes:
- (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
- (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
- (bsc#1198608, CVE-2022-27774) Credential leak on redirect
- (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
* Changes:
- curl: add %header{name} experimental support in -w handling
- curl: add %{header_json} experimental support in -w handling
- curl: add --no-clobber
- curl: add --remove-on-error
- header api: add curl_easy_header and curl_easy_nextheader
- msh3: add support for QUIC and HTTP/3 using msh3
* Bugfixes:
- appveyor: add Cygwin build
- appveyor: only add MSYS2 to PATH where required
- BearSSL: add CURLOPT_SSL_CIPHER_LIST support
- BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
- BINDINGS.md: add Hollywood binding
- CI: Do not use buildconf. Instead, just use: autoreconf -fi
- CI: install Python package impacket to run SMB test 1451
- configure.ac: move -pthread CFLAGS setting back where it used to be
- configure: bump the copyright year range int the generated output
- conncache: include the zone id in the "/bundle"/ hashkey
- connecache: remove duplicate connc->closure_handle check
- connect: make Curl_getconnectinfo work with conn cache from share handle
- connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
- cookie.d: clarify when cookies are sent
- cookies: improve errorhandling for reading cookiefile
- curl/system.h: update ifdef condition for MCST-LCC compiler
- curl: error out if -T and -d are used for the same URL
- curl: error out when options need features not present in libcurl
- curl: escape '?' in generated --libcurl code
- curl: fix segmentation fault for empty output file names.
- curl_easy_header: fix typos in documentation
- CURLINFO_PRIMARY_PORT.3: clarify which port this is
- CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
- CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
- CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
- CURLOPT_PROGRESSFUNCTION.3: fix typo in example
- CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
- CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
- docs/HYPER.md: updated to reflect current hyper build needs
- docs/opts: Mention Schannel client cert type is P12
- docs: Fix missing semicolon in example code
- docs: lots of minor language polish
- English: use American spelling consistently
- fail.d: tweak the description
- firefox-db2pem.sh: make the shell script safer
- ftp: fix error message for partial file upload
- gen.pl: change wording for mutexed options
- GHA: add openssl3 jobs moved over from zuul
- GHA: build hyper with nightly rustc
- GHA: move bearssl jobs over from zuul
- gha: move the event-based test over from Zuul
- gtls: fix build for disabled TLS-SRP
- http2: handle DONE called for the paused stream
- http2: RST the stream if we stop it on our own will
- http: avoid auth/cookie on redirects same host diff port
- http: close the stream (not connection) on time condition abort
- http: reject header contents with nul bytes
- http: return error on colon-less HTTP headers
- http: streamclose "/already downloaded"/
- hyper: fix status_line() return code
- hyper: fix tests 580 and 581 for hyper
- hyper: no h2c support
- infof: consistent capitalization of warning messages
- ipv4/6.d: clarify that they are about using IP addresses
- json.d: fix typo (overriden -> overridden)
- keepalive-time.d: It takes many probes to detect brokenness
- lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
- lib670: avoid double check result
- lib: #ifdef on USE_HTTP2 better
- lib: fix some misuse of curlx_convert_wchar_to_UTF8
- lib: remove exclamation marks
- libssh2: compare sha256 strings case sensitively
- libssh2: make the md5 comparison fail if wrong length
- libssh: fix build with old libssh versions
- libssh: fix double close
- libssh: Improve fix for missing SSH_S_ stat macros
- libssh: unstick SFTP transfers when done event-based
- macos: set .plist version in autoconf
- mbedtls: remove 'protocols' array from backend when ALPN is not used
- mbedtls: remove server_fd from backend
- mk-ca-bundle.pl: Use stricter logic to process the certificates
- mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
- mlc_config.json: add file to ignore known troublesome URLs
- mqtt: better handling of TCP disconnect mid-message
- ngtcp2: add client certificate authentication for OpenSSL
- ngtcp2: avoid busy loop in low CWND situation
- ngtcp2: deal with sub-millisecond timeout
- ngtcp2: disconnect the QUIC connection proper
- ngtcp2: enlarge H3_SEND_SIZE
- ngtcp2: fix HTTP/3 upload stall and avoid busy loop
- ngtcp2: fix memory leak
- ngtcp2: fix QUIC_IDLE_TIMEOUT
- ngtcp2: make curl 1ms faster
- ngtcp2: remove remote_addr which is not used in a meaningful way
- ngtcp2: update to work after recent ngtcp2 updates
- ngtcp2: use token when detecting :status header field
- nonblock: restore setsockopt method to curlx_nonblock
- openssl: check SSL_get_peer_cert_chain return value
- openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
- openssl: fix CN check error code
- options: remove mistaken space before paren in prototype
- perl: removed a double semicolon at end of line
- pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
- projects/README: converted to markdown
- projects: Update VC version names for VS2017, VS2022
- rtsp: don't let CSeq error override earlier errors
- runtests: add 'bearssl' as testable feature
- runtests: make 'oldlibssh' be before 0.9.4
- schannel: remove dead code that will never run
- scripts/copyright.pl: ignore the new mlc_config.json file
- scripts: move three scripts from lib/ to scripts/
- test1135: sync with recent API updates
- test1459: disable for oldlibssh
- test375: fix line endings on Windows
- test386: Fix an incorrect test markup tag
- test718: edited slightly to return better HTTP
- tests/server/util.h: align WIN32 condition with util.c
- tests: refactor server/socksd.c to support --unix-socket
- timediff.[ch]: add curlx helper functions for timeval conversions
- tls: make mbedtls and NSS check for h2, not nghttp2
- tool and tests: force flush of all buffers at end of program
- tool_cb_hdr: Turn the Location: into a terminal hyperlink
- tool_getparam: error out on missing -K file
- tool_listhelp.c: uppercase URL
- tool_operate: fix a scan-build warning
- tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
- transfer: redirects to other protocols or ports clear auth
- unit1620: call global_init before calling Curl_open
- url: check sasl additional parameters for connection reuse.
- vtls: provide a unified APLN-disagree string for all backends
- vtls: use a backend standard message for "/ALPN: offers %s"/
- vtls: use a generic "/ALPN, server accepted"/ message
- winbuild/README.md: fixup dead link
- winbuild: Add a Visual Studio example to the README
- wolfssl: fix compiler error without IPv6
- Security fix: [bsc#1198766, CVE-2022-27776]
* Auth/cookie leak on redirect
* Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
* OAUTH2 bearer bypass in connection re-use
* Add curl-CVE-2022-22576.patch
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "/redirects"/ smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
- update to 7.81.0:
* mime: use percent-escaping for multipart form field and file names
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
* azure: make the "/w/o HTTP/SMTP/IMAP"/ build disable SSL proper
* BINDINGS: add cURL client for PostgreSQL
* BINDINGS: add one from Everything curl and update a link
* checksrc: detect more kinds of NULL comparisons we avoid
* CI: build examples for additional code verification
* CI: bump job to use mbedtls 3.1.0
* cmake: don't set _USRDLL on a static Windows build
* cmake: prevent dev warning due to mismatched arg
* cmake: private identifiers use CURL_ instead of CMAKE_ prefix
* config.d: update documentation to match the path search
* configure: add -lm to configure for rustls build.
* configure: better diagnostics if hyper is built wrong
* configure: don't enable TLS when --without-* flags are used
* configure: fix runtime-lib detection on macOS
* curl.1: require "/see also"/ for every documented option
* curl: improve error message for --head with -J
* curl_easy_cleanup.3: remove from multi handle first
* curl_easy_escape.3: call curl_easy_cleanup in example
* curl_easy_unescape.3: call curl_easy_cleanup in example
* curl_multi_init.3: fix EXAMPLE formatting
* curl_multi_perform/socket_action.3: clarify what errors mean
* curl_share_setopt.3: split out options into their own manpages
* CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
* digest: compute user:realm:pass digest w/o userhash
* docs/checksrc: Add documentation for STRERROR
* docs/cmdline-opts: do not say "/protocols: all"/
* docs/examples: workaround broken -Wno-pedantic-ms-format
* docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
* docs/INSTALL.md: typo fix : added missing "/get"/ verb
* docs/URL-SYNTAX.md: space is not fine in a given URL
* docs: add known bugs list to HTTP3.md
* docs: address proselint nits
* docs: consistent manpage SYNOPSIS
* docs: fix dead links, remove ECH.md
* docs: fix typo in OpenSSL 3 build instructions
* docs: Update the Reducing Size section
* example/progressfunc: remove code for old libcurls
* examples/multi-single.c: remove WAITMS()
* FAQ: typo fix : "/yout"/ ➤ "/your"/
* ftp: disable warning 4706 in MSVC
* gen.pl: improve example output format
* github workflow: add wolfssl (removed from zuul)
* github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
* gtls: check return code for gnutls_alpn_set_protocols
* hash: lazy-alloc the table in Curl_hash_add()
* http2:set_transfer_url() return early on OOM
* HTTP3: update quiche build instructions
* http: enable haproxy support for hyper backend
* http: Fix CURLOPT_HTTP200ALIASES
* http_proxy: don't close the socket (too early)
* insecure.d: detail its use for SFTP and SCP as well
* insecure.d: expand and clarify
* libcurl-multi.3: "/SOCKS proxy handshakes"/ are not blocking
* libcurl-security.3: mention address and URL mitigations
* libssh2: fix error message for sha256 mismatch
* libtest: avoid "/assignment within conditional expression"/
* lift: ignore is a deprecated config option, use ignoreRules
* linkcheck.yml: add CI job that checks markdown links
* m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
* Makefile.m32: rename -winssl option to -schannel and tidy up
* mbedTLS: add support for CURLOPT_CAINFO_BLOB
* mbedtls: fix CURLOPT_SSLCERT_BLOB
* mbedtls: fix private member designations for v3.1.0
* misc: remove unused doh flags when CURL_DISABLE_DOH is defined
* misc: s/e-mail/email
* multi: cleanup the socket hash when destroying it
* multi: handle errors returned from socket/timer callbacks
* multi: shut down CONNECT in Curl_detach_connnection
* netrc.d: edit the .netrc example to look nicer
* ngtcp2: verify the server cert on connect (quictls)
* ngtcp2: verify the server certificate for the gnutls case
* nss:set_cipher don't clobber the cipher list
* openldap: implement STARTTLS
* openldap: process search query response messages one by one
* openldap: several minor improvements
* openldap: simplify ldif generation code
* openssl: check the return value of BIO_new()
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
* openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
* openssl: remove usage of deprecated `SSL_get_peer_certificate`
* openssl: use non-deprecated API to read key parameters
* page-footer: add a mention of how to report bugs to the man page
* page-footer: document more environment variables
* request.d: refer to 'method' rather than 'command'
* retry-all-errors.d: make the example complete
* runtests: make the SSH library a testable feature
* rustls: read of zero bytes might be okay
* rustls: remove comment about checking handshaking
* rustls: remove incorrect EOF check
* sha256/md5: return errors when init fails
* socks5: use appropriate ATYP for numerical IP address host names
* test1156: enable for hyper
* test1156: fixup the stdout check for Windows
* test1525: tweaked for hyper
* test1526: enable for hyper
* test1527: enable for hyper
* test1528: enable for hyper
* test1554: adjust for hyper
* test1556: adjust for hyper
* test302[12]: run only with the libssh2 backend
* test661: enable for hyper
* tests/CI.md: add more information on CI environments
* tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
* tftp: mark protocol as not possible to do over CONNECT
* tool_findfile: updated search for a file in the homedir
* tool_operate: only set SSH related libcurl options for SSH URLs
* tool_operate: warn if too many output arguments were found
* url.c: fix the SIGPIPE comment for Curl_close
* url: check ssl_config when re-use proxy connection
* url: reduce ssl backend count for CURL_DISABLE_PROXY builds
* urlapi: accept port number zero
* urlapi: if possible, shorten given numerical IPv6 addresses
* urlapi: provide more detailed return codes
* urlapi: reject short file URLs
* version_win32: Check build number and platform id
* vtls/rustls: adapt to the updated rustls_version proto
* writeout: fix %{http_version} for HTTP/3
* x509asn1: return early on errors
* zuul.d: update rustls-ffi to version 0.8.2
* zuul: fix quiche build pointing to wrong Cargo
- Update to 7.80.0:
* Changes:
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
- CURLOPT_PREREQFUNCTION: add new callback
- libssh2: add SHA256 fingerprint support
- urlapi: add curl_url_strerror()
* Bugfixes:
- aws-sigv4: make signature work when post data is binary
- c-hyper: don't abort CONNECT responses early when auth-in-progress
- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
- cmake: add CURL_ENABLE_SSL option
- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
- configure.ac: replace krb5-config with pkg-config
- configure: when hyper is selected, deselect nghttp2
- curl-confopts.m4: remove --enable/disable-hidden-symbols
- curl-openssl.m4: modify library order for openssl linking
- curl_ntlm_core: use OpenSSL only if DES is available
- Curl_updateconninfo: store addresses for QUIC connections too
- ftp: make the MKD retry to retry once per directory
- http: fix Basic auth with empty name field in URL
- http: reject HTTP response codes < 100
- http: remove assert that breaks hyper
- http: set content length earlier
- imap: display quota information
- libssh2: Get the version at runtime if possible
- md5: fix compilation with OpenSSL 3.0 API
- ngtcp2: advertise h3 as well as h3-29
- ngtcp2: compile with the latest nghttp3
- ngtcp2: use latest QUIC TLS RFC9001
- NTLM: use DES_set_key_unchecked with OpenSSL
- openssl: if verifypeer is not requested, skip the CA loading
- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
- schannel: fix memory leak due to failed SSL connection
- sendf: accept zero-length data in Curl_client_write()
- sha256: use high-level EVP interface for OpenSSL
- sws: fix memory leak on exit
- tool_operate: a failed etag save now only fails that transfer
- url: check the return value of curl_url()
- url: set "/k->size"/ -1 at start of request
- urlapi: skip a strlen(), pass in zero
- urlapi: URL decode percent-encoded host names
- vtls: Fix a memory leak if an SSL session cannot be added to the cache
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
* Use --with-openssl configure option, --with-ssl is now deprecated
- Update to 7.79.1:
* Bugfixes:
- Curl_http2_setup: don't change connection data on repeat invokes
- curl_multi_fdset: make FD_SET() not operate on sockets out of range
- dist: provide lib/.checksrc in the tarball
- FAQ: add GOPHERS + curl works on data, not files
- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
- hsts: handle unlimited expiry
- http: fix the broken >3 digit response code detection
- strerror: use sys_errlist instead of strerror on Windows
- test1184: disable: https://github.com/curl/curl/issues/7725
- tests/sshserver.pl: make it work with openssh-8.7p1
- Temporarily disable flaky test 1184
* See https://github.com/curl/curl/issues/7725
- Update to 7.79.0: [bsc#1190213, CVE-2021-22945]
[bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947]
* Changes:
- bearssl: support CURLOPT_CAINFO_BLOB
- http: consider cookies over localhost to be secure
- secure transport: support CURLINFO_CERTINFO
* Bugfixes:
- CVE-2021-22945: clear the leftovers pointer when sending succeeds
- CVE-2021-22946: do not ignore --ssl-reqd
- CVE-2021-22947: reject STARTTLS server response pipelining
- auth: do not append zero-terminator to authorisation id in kerberos
- auth: properly handle byte order in kerberos security message
- auth: use sasl authzid option in kerberos
- auth: we do not support a security layer after kerberos authentication
- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
- c-hyper: initial step for 100-continue support
- c-hyper: initial support for "/dumping"/ 1xx HTTP responses
- curl-openssl.m4: show correct output for OpenSSL v3
- docs/MQTT: update state of username/password support
- docs: the security list is reached at security at curl.se now
- getparameter: fix the --local-port number parser
- hostip: Make Curl_ipv6works function independent of getaddrinfo
- http_proxy: fix the User-Agent inclusion in CONNECT
- http_proxy: fix user-agent and custom headers for CONNECT with hyper
- http_proxy: only wait for writable socket while sending request
- mailing lists: move from cool.haxx.se to lists.haxx.se
- mbedtls: avoid using a large buffer on the stack
- mbedTLS: initial 3.0.0 support
- ngtcp2: remove the acked_crypto_offset struct field init
- ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
- ngtcp2: reset the oustanding send buffer again when drained
- ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
- ngtcp2: stop buffering crypto data
- ngtcp2: utilize crypto API functions to simplify
- openssl: when creating a new context, there cannot be an old one
- scripts: invoke interpreters through /usr/bin/env
- tests/runtests.pl: cleanup copy&paste mistakes and unused code
- tests: be explicit about using 'python3' instead of 'python'
- tool/tests: fix potential year 2038 issues
- tool_operate: Fix --fail-early with parallel transfers
- x509asn1: fix heap over-read when parsing x509 certificates
* Rebase libcurl-ocloexec.patch
- Update to 7.78.0:
[bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
[bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925]
* Changes:
- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
- hostip: make 'localhost' return fixed values
- mbedtls: add support for cert and key blob options
- metalink: remove all support for it
- mqtt: add support for username and password
* Bugfixes:
- ares: always store IPv6 addresses first
- c-hyper: abort CONNECT response reading early on non 2xx responses
- c-hyper: add support for transfer-encoding in the request
- c-hyper: bail on too long response headers
- c-hyper: clear NTLM auth buffer when request is issued
- c-hyper: fix NTLM on closed connection tested with test159
- conncache: lowercase the hash key for better match
- curl_multibyte: Remove local encoding fallbacks
- Curl_ntlm_core_mk_nt_hash: fix OOM in error path
- Curl_ssl_getsessionid: fail if no session cache exists
- easy: during upkeep, attach Curl_easy to connections in the cache
- gnutls: set the preferred TLS versions in correct order
- hsts: ignore numberical IP address hosts
- HSTS: not experimental anymore
- http2: init recvbuf struct for pushed streams
- http: fix crash in rate-limited upload
- http: make the haproxy support work with unix domain sockets
- http_proxy: deal with non-200 CONNECT response with Hyper
- lib: don't compare fd to FD_SETSIZE when using poll
- lib: fix compiler warnings with CURL_DISABLE_NETRC
- lib: fix type of len passed to *printf's %*s
- lib: more %u for port and int for %*s fixes
- lib: use %u instead of %ld for port number printf
- libssh2: limit time a disconnect can take to 1 second
- mqtt: detect illegal and too large file size
- msnprintf: return number of printed characters excluding null byte
- multi: add scan-build-6 work-around in curl_multi_fdset
- multi: alter transfer timeout ordering
- multi: do not switch off connect_only flag when closing
- multi: fix crash in curl_multi_wait / curl_multi_poll
- ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
- openssl: avoid static variable for seed flag
- openssl: don't remove session id entry in disassociate
- socketpair: fix potential hangs
- socks4: scan for the IPv4 address in resolve results
- ssl: read pending close notify alert before closing the connection
- telnet: fix option parser to not send uninitialized contents
- TLS: prevent shutdown loops to get stuck
- vtls: exit addsessionid if no cache is inited
- vtls: fix connection reuse checks for issuer cert and case sensitivity
- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
[bsc#1186115, bsc#1185579, CVE-2021-22901]
* Security fixes:
- CVE-2021-22297: schannel cipher selection surprise
- CVE-2021-22298: TELNET stack contents disclosure
- CVE-2021-22901: TLS session caching disaster
* Changes:
- configure: make the TLS library choice(s) explicit
- curl: ignore options asking for SSLv2 or SSLv3
- hsts: enable by default
- SSL: support in-memory CA certs for some backends
- vtls: refuse setting any SSL version
* Bugfixes:
- configure: provide --with-openssl, deprecate --with-ssl
- cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
- curl: include libmetalink version in --version output
- data_pending: check only SECONDARY socket for FTP(S) transfers
- gnutls: don't allow TLS 1.3 for versions that don't support it
- gnutls: make setting only the MAX TLS allowed version work
- http2: fix resource leaks in set_transfer_url() and push_promise()
- http: limit the initial send amount to used upload buffer size
- rustls: only return CURLE_AGAIN when TLS session is fully drained
- rustls: use ALPN
- schannel: Disable auto credentials; add an option to enable it
- schannel: Support strong crypto option
- sectransp: allow cipher name to be specified
- sockfilt: avoid getting stuck waiting for writable socket
- update to 7.76.1:
- ngtcp2: Use ALPN h3-29 for now
- TODO: remove 18.22 --fail-with-body
- Update to 7.76.0
* Security fixes:
- [bsc#1183933, CVE-2021-22876]: strip credentials from the
auto-referer header field
- [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to
Curl_ssl_get/addsessionid()
* Changes:
- cookies: Support multiple -b parameters
- curl: add --fail-with-body
- doh: add options to disable ssl verification
- http: add support to read and store the referrer header
- sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
- vtls: initial implementation of rustls backend
* Bugfixes:
- CVE-2021-22876: strip credentials from the auto-referer header field
- CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
- c-hyper: support automatic content-encoding
- configure: only add OpenSSL paths if they are defined
- configure: provide Largefile feature for curl-config
- curl: set CURLOPT_NEW_FILE_PERMS if requested
- doh: Fix sharing user's resolve list with DOH handles
- doh: Inherit CURLOPT_STDERR from user's easy handle
- dynbuf: bump the max HTTP request to 1MB
- ftp: add 'list_only' to the transfer state struct
- ftp: add 'prefer_ascii' to the transfer state struct
- ftp: allow SIZE to fail when doing (resumed) upload
- ftp: avoid SIZE when asking for a TYPE A file
- ftp: fix memory leak in ftp_done
- ftp: never set data->set.ftp_append outside setopt
- gnutls: assume nettle crypto support
- http2: don't set KEEP_SEND when there's no more data to be sent
- http2: fail if connection terminated without END_STREAM
- http: do not add a referrer header with empty value
- http: strip default port from URL sent to proxy
- http: use credentials from transfer, not connection
- lib: remove 'conn->data' completely
- multi: close the connection when h2=>h1 downgrading
- multi: do once-per-transfer inits in before_perform in DID state
- multi: rename the multi transfer states
- multi: update pending list when removing handle
- ngtcp2: adapt to the new recv_datagram callback
- ngtcp2: clarify calculation precedence
- ngtcp2: sync with recent API updates
- openssl: adapt to v3's new const for a few API calls
- openssl: ensure to check SSL_CTX_set_alpn_protos return values
- openssl: remove get_ssl_version_txt in favor of SSL_get_version
- parse_proxy: fix a memory leak in the OOM path
- url: fix memory leak if OOM in the HSTS handling
- url: fix possible use-after-free in default protocol
- urldata: don't touch data->set.httpversion at run-time
- urldata: merge "/struct DynamicStatic"/ into "/struct UrlState"/
- urldata: remove the 'rtspversion' field
- urldata: remove the _ORIG suffix from string names
- wolfssl: don't store a NULL sessionid
- Harden build, enable full RELRO
- Never allow undefined symbols anywhere.
- Update to 7.75.0
* Changes:
- curl: add --create-file-mode [mode]
- curl: add new variables to --write-out
- dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
- gopher: implement secure gopher protocol
- http: add Hyper as new optional HTTP backend
- http: introduce AWS HTTP v4 Signature support
* Bugfixes:
- cmake: Add an option to disable libidn2
- cmake: enable gophers correctly in curl-config
- cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
- digest_sspi: Show InitializeSecurityContext errors in verbose mode
- getinfo: build with disabled HTTP support
- http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
- http_proxy: Fix CONNECT chunked encoding race condition
- httpauth: make multi-request auth work with custom port
- lib: pass in 'struct Curl_easy *' to most functions
- lib: remove Curl_ prefix from many static functions
- lib: save a bit of space with some structure packing
- libssh: avoid plain free() of libssh-memory
- mime: make sure setting MIMEPOST to NULL resets properly
- multi_runsingle: bail out early on data->conn == NULL
- ngtcp2: Fix http3 upload stall
- ngtcp2: Fix stack buffer overflow
- openssl: lowercase the hostname before using it for SNI
- socks: use the download buffer instead
- speedcheck: exclude paused transfers
- tooĺ_writeout: fix the -w time output units
- url: if IDNA conversion fails, fallback to Transitional
- Refresh libcurl-ocloexec.patch
- Enable zstd and brotli support
- Update to 7.74.0
* Changes:
hsts: add experimental support for Strict-Transport-Security
* Bugfixes:
- Inferior OCSP verification [bsc#1179593, CVE-2020-8286]
- FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285]
- trusting FTP PASV responses [bsc#1179398, CVE-2020-8284]
- Revert "/multi: implement wait using winsock events"/
- openssl: free mem_buf in error path
- ntlm: avoid malloc(0) on zero length user and domain
- ngtcp2: use the minimal version of QUIC supported by ngtcp2
- ngtcp2: advertise h3 ALPN unconditionally
- file: avoid duplicated code sequence
- openssl: guard against OOM on context creation
- docs: document the 8MB input string limit for curl_easy_escape
and curl_easy_setopt()
- hsts: add read/write callbacks
- hsts: add support for Strict-Transport-Security
- alt-svc: enable by default
- checksrc: warn on empty line before open brace
- connect: repair build without ipv6 availability
- curl.se: new home
- ftp: retry getpeername for FTP with TCP_FASTOPEN
- gnutls: fix memory leaks (certfields memory wasn't released)
- http: pass correct header size to debug callback for chunked post
- libssh2: fix transport over HTTPS proxy
- openssl: guard against OOM on context creation
- openssl: use OPENSSL_init_ssl() with >= 1.1.0
- Revert "/multi: implement wait using winsock events"/
- socks: check for DNS entries with the right port number
- tool_operate: --retry for HTTP 408 responses too
- tool_operate: bail out proper on errors during parallel transfers
- urlapi: don't accept blank port number field without scheme
- urlapi: URL encode a '+' in the query part
- vquic/ngtcp2.h: define local_addr as sockaddr_storage
- Update check section:
* runtests now supports dynamically base64 encoded sections in tests
* Replace env interpreter for perl and python3
- Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization
has been updated to use OPENSSL_init_ssl() with >= 1.1.0
- Update patches to fix compiling warnings:
* curl-disabled-redirect-protocol-message.patch
* libcurl-ocloexec.patch
- Enable test 1165
- Update to 7.73.0
* Changes:
- curl: add --output-dir
- curl: support XDG_CONFIG_HOME to find .curlrc
- curl: update --help with categories
- curl_easy_option_*: new API for meta-data about easy options
- CURLE_PROXY: new error code
- mqtt: enable by default
- sftp: add new quote commands 'atime' and 'mtime'
- ssh: add the option CURLKHSTAT_FINE_REPLACE
- tls: add CURLOPT_SSL_EC_CURVES and --curves
* Bugfixes:
- base64: also build for smtp, pop3 and imap
- cleanups: avoid curl_ on local variables
- configure: let --enable-debug set -Wenum-conversion with gcc >= 10
- conn: check for connection being dead before reuse
- curl: in retry output don't call all problems "/transient"/
- curl: make checkpasswd, file2memory, file2string and
glob_match_url use dynbuf
- curl: retry delays in parallel mode no longer sleeps blocking
- curl: use curlx_dynbuf for realloc when loading config files
- curl:parallel_transfers: make sure retry readds the transfer
- curl_get_line: build only if cookies or alt-svc are enabled
- Curl_pgrsTime - return new time to avoid timeout integer overflow
- Curl_send: return error when pre_receive_plain can't malloc
- dynbuf: make sure Curl_dyn_tail() zero terminates
- etag: save and use the full received contents
- ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
- ftp: avoid risk of reading uninitialized integers
- ftp: get rid of the PPSENDF macro
- ftp: make a 552 response return CURLE_REMOTE_DISK_FULL
- ftp: separate FTPS from FTP over "/HTTPS proxy"/
- HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29
- http: consolidate nghttp2_session_mem_recv() call paths
- http_proxy: do not count proxy headers in the header bytecount
- http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set
- imap: make imap_send use dynbuf for the send buffer management
- imap: set cselect_bits to CURL_CSELECT_IN initially
- lib1560: verify "/redirect"/ to double-slash leading URL
- lib: make Curl_gethostname accept a const pointer
- libssh2: handle the SSH protocols done over HTTPS proxy
- libssh2: pass on the error from ssh_force_knownhost_key_type
- memdebug: remove 9 year old unused debug function
- multi: expand pre-check for socket readiness
- ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define
- ngtcp2: adapt to the new pkt_info arguments
- openssl: avoid error conditions when importing native CA
- openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
- parsedate: tune the date to epoch conversion
- pause: only trigger a reread if the unpause sticks
- pingpong: use a dynbuf for the *_pp_sendf() function
- runtests: allow creating files without newlines
- runtests: allow generating a binary sequence from hex
- runtests: clear pid variables when failing to start a server
- schannel: fix memory leak when using get_cert_location
- schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
- sectransp: make it build with --disable-proxy
- select.h: make socket validation macros test for INVALID_SOCKET
- select: align poll emulation to return all relevant events
- select: fix poll-based check not detecting connect failure
- select: simplify return code handling for poll and select
- setopt: if the buffer exists, refuse the new BUFFERSIZE
- setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument
- socketpair: allow CURL_DISABLE_SOCKETPAIR
- sockfilt: handle FD_CLOSE winsock event on write socket
- symbian: drop support
- tests: remove pipelining tests
- tls: fix SRP detection by using the proper #ifdefs
- tls: provide the CApath verbose log on its own line
- tool_setopt: escape binary data to hex, not octal
- url: use blank credentials when using proxy w/o username and password
- urlapi: use more Curl_safefree
- vtls: deduplicate client certificates in ssl_config_data
- Update to 7.72.0 [bsc#1175109, CVE-2020-8231]
* Changes:
- content_encoding: add zstd decoding support
- CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
- CURLINFO_EFFECTIVE_METHOD: added
* Bugfixes:
- CVE-2020-8231: libcurl: wrong connect-only connection
- curl-config: ignore REQUIRE_LIB_DEPS in --libs output
- curl: improve the existing file check with -J
- curl_multi_setopt: fix compiler warning "/result is always false"/
- curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
- docs: Add video link to docs/CONTRIBUTE.md
- docs: clarify MAX_SEND/RECV_SPEED functionality
- ftp: don't do ssl_shutdown instead of ssl_close
- ftpserver: don't verify SMTP MAIL FROM names
- getinfo: reset retry-after value in initinfo
- gnutls: repair the build with 'CURL_DISABLE_PROXY'
- gtls: survive not being able to get name/issuer
- h2: repair trailer handling
- http2: close the http2 connection when no more requests may be sent
- http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
- libssh2: s/ssherr/sftperr/
- mprintf: Fix dollar string handling
- mprintf: Fix stack overflows
- multi_remove_handle: close unused connect-only connections
- ngtcp2: adapt to error code rename
- ngtcp2: adjust to recent sockaddr updates
- ngtcp2: update to modified qlog callback prototype
- ntlm: free target_info before (re-)malloc
- page-header: provide protocol details in the curl.1 man page
- quiche: handle calling disconnect twice
- setopt: unset NOBODY switches to GET if still HEAD
- smtp_parse_address: handle blank input string properly
- socks: use size_t for size variable
- tls-max.d: this option is only for TLS-using connections
- tlsv1.3.d. only for TLS-using connections
- tool_getparam: make --krb option work again
- transfer: fix data_pending for builds with both h2 and h3 enabled
- transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
- transfer: move retrycount from connect struct to easy handle
- url: fix CURLU and location following
- Update to 7.71.1
* Bugfixes:
- Curl_inet_ntop: always check the return code
- CURLOPT_READFUNCTION.3: provide the upload data size up front
- escape: make the URL decode able to reject only %00-bytes
- escape: zero length input should return a zero length output
- examples/multithread.c: call curl_global_cleanup()
- http2: set the correct URL in pushed transfers
- http: fix proxy auth with blank password
- mbedtls: fix build with disabled proxy support
- ngtcp2: sync with current master
- Revert "/multi: implement wait using winsock events"/
- sendf: improve the message on client write errors
- terminology: call them null-terminated strings
- tool_cb_hdr: Fix etag warning output and return code
- url: allow user + password to contain "/control codes"/ for HTTP(S)
- vtls: compare cert blob when finding a connection to reuse
- Update to 7.71.0 [bsc#1173026, CVE-2020-8169][bsc#1173027, CVE-2020-8177]
* Changes:
- CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl)
- setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
- setopt: support certificate options in memory with struct curl_blob
- tool: Add option --retry-all-errors to retry on any error
* Bugfixes:
- *_sspi: fix bad uses of CURLE_NOT_BUILT_IN
- altsvc: bump to h3-29
- altsvc: fix 'dsthost' may be used uninitialized in this function
- altsvc: fix parser for lines ending with CRLF
- altsvc: remove the num field from the altsvc struct
- asyn-*: remove support for never-used NULL entry pointers
- azure: use matrix strategy to avoid configuration redundancy
- build: disable more code/data when built without proxy support
- buildconf: remove -print from the find command that removes files
- checksrc: enhance the ASTERISKSPACE and update code accordingly
- cirrus: disable SFTP and SCP tests
- CMake: add ENABLE_ALT_SVC option
- CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
- CMake: add libssh build support
- configure: fix pthread check with static boringssl
- configure: for wolfSSL, check for the DES func needed for NTLM
- configure: only strip first -L from LDFLAGS
- configure: repair the check if argv can be written to
- configure: the wolfssh backend does not provide SCP
- connect: improve happy eyeballs handling
- connect: make happy eyeballs work for QUIC (again)
- curl: remove -J "/informational"/ written on stdout
- Curl_addrinfo: use one malloc instead of three
- dynbuf: introduce internal generic dynamic buffer functions
- easy: fix dangling pointer on easy_perform fail
- examples/ephiperfifo: turn off interval when setting timerfd
- examples/http2-down/upload: add error checks
- FILEFORMAT: add more features that tests can depend on
- FILEFORMAT: describe verify/stderr
- ftp: make domore_getsock() return the secondary socket properly
- ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
- ftp: shut down the secondary connection properly when SSL is used
- GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
- hostip: make Curl_printable_address not return anything
- http2: keep trying to send pending frames after req.upload_done
- http2: simplify and clean up trailer handling
- http: move header storage to Curl_easy from connectdata
- libssh2: improved error output for wrong quote syntax
- libssh2: keep sftp errors as 'unsigned long'
- libssh2: set the expected total size in SCP upload init
- multi: add defensive check on data->multi->num_alive
- multi: implement wait using winsock events
- ngtcp2: cleanup memory when failing to connect
- ngtcp2: fix build with current ngtcp2 master implementing draft 28
- ngtcp2: fix happy eyeballs quic connect crash
- ngtcp2: introduce qlog support
- ngtcp2: never call fprintf() in lib code in release version
- ngtcp2: update with recent API changes
- ntlm: enable NTLM support with wolfSSL
- OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
- openssl: set FLAG_TRUSTED_FIRST unconditionally
- projects: Add crypt32.lib to dependencies for all OpenSSL configs
- quiche: clean up memory properly when failing to connect
- quiche: enable qlog output
- quiche: update SSLKEYLOGFILE support
- Revert "/ssh: ignore timeouts during disconnect"/
- select: fix overflow protection in Curl_socket_check
- sendf: make failf() use the mvsnprintf() return code
- server/sws: fix asan warning on use of uninitialized variable
- server/util: fix logmsg format using curl_off_t argument
- sha256: fixed potentially uninitialized variable
- share: don not set the share flag it something fails
- sockfilt: make select_ws stop waiting on exit signal event
- socks: detect connection close during handshake
- socks: fix expected length of SOCKS5 reply
- socks: remove unreachable breaks in socks.c and mime.c
- source cleanup: remove all custom typedef structs
- timeouts: change millisecond timeouts to timediff_t from time_t
- timeouts: move ms timeouts to timediff_t from int and long
- tool_cfgable: free login_options at exit
- tool_getparam: -i is not OK if -J is used
- tool_getparam: fix memory leak in parse_args
- tool_operate: fixed potentially uninitialized variables
- tool_paramhlp: fixed potentially uninitialized strtol() variable
- transfer: close connection after excess data has been read
- typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
- unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
- url: accept "/any length"/ credentials for proxy auth
- url: alloc the download buffer at transfer start
- url: make the updated credentials URL-encoded in the URL
- url: reject too long input when parsing credentials
- url: sort the protocol schemes in rough popularity order
- urlapi: accept :: as a valid IPv6 address
- urldata: leave the HTTP method untouched in the set.* struct
- urlglob: treat literal IPv6 addresses with zone IDs as a host name
- user-agent.d: spell out what happens given a blank argument
- vauth/cleartext: fix theoretical integer overflow
- version.d: expanded and alpha-sorted
- vtls: Extract and simplify key log file handling from OpenSSL
- wolfssl: add SSLKEYLOGFILE support
- wording: avoid blacklist/whitelist stereotypes
- write-out.d: added "/response_code"/
- Change with-gssapi configure parameter: krb5 is changing location
in the future: ask krb5-config about the correct prefix values.
- Update to 7.70.0
* Changes:
- curl: add --ssl-revoke-best-effort to allow a "/best effort"/ revocation check
- mqtt: add new experimental protocol
- schannel: add "/best effort"/ revocation check option: CURLSSLOPT_REVOKE_BEST_EFFORT
- writeout: support to generate JSON output with '%{json}'
* Bugfixes:
- gnutls: Don't skip really long certificate fields
- gnutls: ensure TLS 1.3 when SRP isn't requested
- lib: never define CURL_CA_BUNDLE with a getenv
- libcurl-multi.3: added missing full stop
- libssh: avoid options override by configuration files
- libssh: Use new ECDSA key types to check known hosts
- tons of other fixes
- Update to 7.69.1
* Bugfixes:
- ares: store dns parameters for duphandle
- cirrus-ci: disable the FreeBSD 13 builds
- curl_share_setopt.3: Note sharing cookies doesn't enable the engine
- lib1564: reduce number of mid-wait wakeup calls
- libssh: Fix matching user-specified MD5 hex key
- MANUAL: update a dict-using command line
- mime: do not perform more than one read in a row
- mime: fix the binary encoder to handle large data properly
- mime: latch last read callback status
- multi: skip EINTR check on wakeup socket if it was closed
- pause: bail out on bad input
- pause: force a connection recheck after unpausing (take 2)
- pause: return early for calls that don't change pause state
- runtests.1: rephrase how to specify what tests to run
- runtests: fix missing use of exe_ext helper function
- seek: fix fall back for missing ftruncate on Windows
- sftp: fix segfault regression introduced by #4747 in 7.69.0
- sha256: Added SecureTransport implementation
- sha256: Added WinCrypt implementation
- socks4: fix host resolve regression
- socks5: host name resolv regression fix
- tests/server: fix missing use of exe_ext helper function
- tests: fix static ip:port instead of dynamic values being used
- tests: make sleeping portable by avoiding select
- unit1612: fix the inclusion and compilation of the HMAC unit test
- urldata: remove the 'stream_was_rewound' connectdata struct member
- version: make curl_version* thread-safe without using global context
- ignore_runtests_failure.patch: remove, no longer needed
- Update to 7.69.0
* Changes:
- polarssl: removed
- smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails
- wolfSSH: new SSH backend
* Bugfixes:
- altsvc: improved header parser
- altsvc: keep a copy of the file name to survive handle reset
- altsvc: make saving the cache an atomic operation
- altsvc: use h3-27
- azure: disable brotli on the macos debug-builds
- build: remove all HAVE_OPENSSL_ENGINE_H defines
- cleanup: fix several comment typos
- cleanup: fix typos and wording in docs and comments
- cmake: add support for CMAKE_LTO option
- cmake: clean up and improve build procedures
- cmake: Show HTTPS-proxy in the features output
- cmake: use check_symbol_exists also for inet_pton
- configure.ac: fix comments about --with-quiche
- configure: disable metalink if mbedTLS is specified
- configure: disable metalink support for incompatible SSL/TLS
- conn: do not reuse connection if SOCKS proxy credentials differ
- conncache: removed unused Curl_conncache_bundle_size()
- connect: remove some spurious infof() calls
- connection reuse: respect the max_concurrent_streams limits
- cookie: check __Secure- and __Host- case sensitively
- cookies: make saving atomic with a rename
- create-dirs.d: mention the mode
- curl: avoid using strlen for testing if a string is empty
- curl: error on --alt-svc use w/o support
- curl: let -D merge headers in one file again
- curl: make #0 not output the full URL
- curl: make the -# spaceship bar not wrap the line
- curl: remove 'config' field from OutStruct
- curl:progressbarinit: ignore column width from terminals < 20
- curl_escape.3: add a link to curl_free
- curl_getenv.3: fix the memory handling description
- curl_global_init: assume the EINTR bit by default
- curl_global_init: move the IPv6 works status bool to multi handle
- CURLINFO_COOKIELIST.3: Fix example
- CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording
- CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3
- CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section
- data.d: remove "/Multiple files can also be specified"/
- digest: do not quote algorithm in HTTP authorisation
- docs/HTTP3: add --enable-alt-svc to curl's configure
- docs/HTTP3: update the OpenSSL branch to use for ngtcp2
- docs: fix typo on CURLINFO_RETRY_AFTER
- easy: remove dead code
- form.d: fix two minor typos
- ftp: convert 'sock_accepted' to a plain boolean
- ftp: remove superfluous checking for crlf in user or pwd
- ftp: shrink temp buffers used for PORT
- github: Instructions to post "/uname -a"/ on Unix systems in issues
- GnuTLS: always send client cert
- gtls: fixed compilation when using GnuTLS < 3.5.0
- hostip: move code to resolve IP address literals to 'Curl_resolv'
- HTTP-COOKIES: describe the cookie file format
- HTTP-COOKIES: mention that a trailing newline is required
- http2: make pausing/unpausing set/clear local stream window
- http2: now requires nghttp2 >= 1.12.0
- http: added 417 response treatment
- http: increase EXPECT_100_THRESHOLD to 1Mb
- http: mark POSTs with no body as "/upload done"/ from the start
- http: move "/oauth_bearer"/ from connectdata to Curl_easy
- include: remove non-curl prefixed defines
- KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header
- libssh2: add support for forcing a hostkey type
- libssh2: fix variable type
- libssh: improve known hosts handling
- llist: removed unused Curl_llist_move()
- location.d: the method change is from POST to GET only
- md4: fixed compilation issues when using GNU TLS gcrypt
- md4: use init/update/final functions in Secure Transport
- md5: added implementation for mbedTLS
- mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER
- multi: change curl_multi_wait/poll to error on negative timeout
- multi: fix outdated comment
- multi: if Curl_readwrite sets 'comeback' use expire, not loop
- multi_done: if multiplexed, make conn->data point to another transfer
- multi_wait: stop loop when sread() returns zero
- ngtcp2: add error code for QUIC connection errors
- ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6
- ngtcp2: update to git master and its draft-25 support
- ntlm: removed the dependency on the TLS libaries when using MD5
- ntlm_wb: use Curl_socketpair() for greater portability
- oauth2-bearer.d: works for HTTP too
- openssl: make CURLINFO_CERTINFO not truncate x509v3 fields
- openssl: remove redundant assignment
- os400: fixed the build
- pause: force-drain the transfer on unpause
- quiche: update to draft-25
- README: mention that the docs is in docs/
- runtests: make random seed fixed for a month
- runtests: restore the command log
- schannel_verify: Fix alt names manual verify for UNICODE builds
- sha256: use crypto implementations when available
- singleuse.pl: support new API functions, fix curl_dbg_ handling
- smtp: support the SMTPUTF8 extension
- smtp: support UTF-8 based host names in MAIL FROM
- SOCKS: make the connect phase non-blocking
- strcase: turn Curl_raw_tolower into static
- strerror: increase STRERROR_LEN 128 -> 256
- test1323: added missing 'unit test' feature requirement
- tests: add a unit test for MD4 digest generation
- tests: add a unit test for SHA256 digest generation
- tests: add a unit test for the HMAC hash generation
- tests: deduce the tool name from the test case for unit tests
- tests: fix Python 3 compatibility of smbserver.py
- tool_dirhie: allow directory traversal during creation
- tool_homedir: change GetEnv() to use libcurl's curl_getenv()
- url: include the failure reason when curl_win32_idn_to_ascii() fails
- urlapi: guess scheme properly with credentials given
- urldata: do string enums without #ifdefs for build scripts
- vtls: refactor Curl_multissl_version to make the code clearer
- Refresh patches:
* curl-secure-getenv.patch
* libcurl-ocloexec.patch
- Eliminate curl-mini: The reason for this to exist was that cmake
pulled in curl into too many places, causing build cycles. A new
cmake-mini was generated, eliminating that need.
- Update to 7.68.0
* Changes:
- TLS: add BearSSL vtls implementation
- XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE
- curl: add --etag-compare and --etag-save
- curl: add --parallel-immediate
- multi: add curl_multi_wakeup()
- openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains
* Bugfixes:
- CVE-2019-15601: file: on Windows, refuse paths that start with /
- Azure Pipelines: add several builds
- CMake: add support for building with the NSS vtls backend
- CURL-DISABLE: initial docs for the CURL_DISABLE_* defines
- CURLOPT_HEADERFUNCTION.3: Document that size is always 1
- CURLOPT_QUOTE.3: fix typos
- CURLOPT_READFUNCTION.3: fix the example
- CURLOPT_URL.3: "/curl supports SMB version 1 (only)"/
- CURLOPT_VERBOSE.3: see also ERRORBUFFER
- HISTORY: added cmake, HTTP/3 and parallel downloads with curl
- HISTORY: the SMB(S) support landed in 2014
- INSTALL.md: provide Android build instructions
- KNOWN_BUGS: Connection information when using TCP Fast Open
- KNOWN_BUGS: LDAP on Windows doesn't work correctly
- KNOWN_BUGS: TLS session cache doesn't work with TFO
- OPENSOCKETFUNCTION.3: correct the purpose description
- TrackMemory tests: always remove CR before LF
- altsvc: bump to h3-24
- altsvc: make the save function ignore NULL filenames
- build: Disable Visual Studio warning "/conditional expression is constant"/
- build: fix for CURL_DISABLE_DOH
- checksrc.bat: Add a check for vquic and vssh directories
- checksrc: repair the copyrightyear check
- cirrus-ci: enable clang sanitizers on freebsd 13
- cirrus: Drop the FreeBSD 10.4 build
- config-win32: cpu-machine-OS for Windows on ARM
- configure: avoid unportable `==' test(1) operator
- configure: enable IPv6 support without `getaddrinfo`
- configure: fix typo in help text
- conncache: CONNECT_ONLY connections assumed always in-use
- conncache: fix multi-thread use of shared connection cache
- copyrights: fix copyright year range
- create_conn: prefer multiplexing to using new connections
- curl -w: handle a blank input file correctly
- curl.h: add two missing defines for "/pre ISO C"/ compilers
- curl/parseconfig: fix mem-leak
- curl/parseconfig: use curl_free() to free memory allocated by libcurl
- curl: cleanup multi handle on failure
- curl: fix --upload-file . hangs if delay in STDIN
- curl: fix -T globbing
- curl: improved cleanup in upload error path
- curl: make a few char pointers point to const char instead
- curl: properly free mimepost data
- curl: show better error message when no homedir is found
- curl: show error for --http3 if libcurl lacks support
- curl_setup_once: consistently use WHILE_FALSE in macros
- define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore
- docs: Change 'experiemental' to 'experimental'
- docs: TLS SRP doesn't work with TLS 1.3
- docs: fix several typos
- docs: mention CURL_MAX_INPUT_LENGTH restrictions
- doh: improved both encoding and decoding
- doh: make it behave when built without proxy support
- examples/postinmemory.c: Call curl_global_cleanup always
- examples/url2file.c: corrected erroneous comment
- examples: add multi-poll.c
- global_init: undo the "/intialized"/ bump in case of failure
- hostip: suppress compiler warning
- http_ntlm: Remove duplicate NSS initialisation
- lib: Move lib/ssh.h -> lib/vssh/ssh.h
- lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`
- lib: fix warnings found when porting to NuttX
- lib: remove ASSIGNWITHINCONDITION exceptions, use our code style
- lib: remove erroneous +x file permission on some c files
- libssh2: add support for ECDSA and ed25519 knownhost keys
- multi.h: remove INITIAL_MAX_CONCURRENT_STREAMS from public header
- multi: free sockhash on OOM
- multi_poll: avoid busy-loop when called without easy handles attached
- ngtcp2: Support the latest update key callback type
- ngtcp2: fix thread-safety bug in error-handling
- ngtcp2: free used resources on disconnect
- ngtcp2: handle key updates as ngtcp2 master branch tells us
- ngtcp2: increase QUIC window size when data is consumed
- ngtcp2: use overflow buffer for extra HTTP/3 data
- ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set
- ntlm_wb: fix double-free in OOM
- openssl: Revert to less sensitivity for SYSCALL errors
- openssl: improve error message for SYSCALL during connect
- openssl: prevent recursive function calls from ctx callbacks
- openssl: retrieve reported LibreSSL version at runtime
- openssl: set X509_V_FLAG_PARTIAL_CHAIN by default
- parsedate: offer a getdate_capped() alternative
- pause: avoid updating socket if done was already called
- projects: Fix Visual Studio projects SSH builds
- projects: Fix Visual Studio wolfSSL configurations
- quiche: reject HTTP/3 headers in the wrong order
- remove_handle: clear expire timers after multi_done()
- runtests: --repeat=[num] to repeat tests
- runtests: introduce --shallow to reduce huge torture tests
- schannel: fix --tls-max for when min is --tlsv1 or default
- setopt: Fix ALPN / NPN user option when built without HTTP2
- strerror: Add Curl_winapi_strerror for Win API specific errors
- strerror: Fix an error looking up some Windows error strings
- strerror: Fix compiler warning "/empty expression"/
- system.h: fix for MCST lcc compiler
- test/sws: search for "/Testno:"/ header unconditionally if no testno
- test1175: verify symbols-in-versions and libcurl-errors.3 in sync
- test1270: a basic -w redirect_url test
- test1456: remove the use of a fixed local port number
- test1558: use double slash after file:
- test1560: require IPv6 for IPv6 aware URL parsing
- tests/lib1557: fix mem-leak in OOM
- tests/lib1559: fix mem-leak in OOM
- tests/lib1591: free memory properly on OOM, in the trailers callback
- tests/unit1607: fix mem-leak in OOM
- tests/unit1609: fix mem-leak in OOM
- tests/unit1620: fix bad free in OOM
- tests: Change NTLM tests to require SSL
- tests: Fix bounce requests with truncated writes
- tests: fix build with `CURL_DISABLE_DOH`
- tests: fix permissions of ssh keys in WSL
- tests: make it possible to set executable extensions
- tests: make sure checksrc runs on header files too
- tests: set LC_ALL=en_US.UTF-8 instead of blank in several tests
- tests: use DoH feature for DoH tests
- tests: use rn for log messages in WSL
- tool_operate: fix mem leak when failed config parse
- travis: Fix error detection
- travis: abandon coveralls, it is not reliable
- travis: build ngtcp2 with --enable-lib-only
- travis: export the CC/CXX variables when set
- vtls: make BearSSL possible to set with CURL_SSL_BACKEND
- winbuild: Define CARES_STATICLIB when WITH_CARES=static
- winbuild: Document CURL_STATICLIB requirement for static libcurl
- Remove curl-expire-clear.patch
- Fix segfault in zypper ref: [bsc#1156481]
* remove_handle: clear expire timers after multi_done()
* Add patch curl-expire-clear.patch
- Update spec file with spec-cleaner
- Update to 7.67.0
* Changes:
- curl: added --no-progress-meter
- setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new
- urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
* Bugfixes:
- BINDINGS: five new bindings addded
- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
- CURLOPT_TIMEOUT.3: remove the mention of "/minutes"/
- ESNI: initial build/setup support
- FTP: FTPFILE_NOCWD: avoid redundant CWDs
- FTP: allow "/rubbish"/ prepended to the SIZE response
- FTP: remove trailing slash from path for LIST/MLSD
- FTP: skip CWD to entry dir when target is absolute
- FTP: url-decode path before evaluation
- HTTP3.md: move -p for mkdir, remove -j for make
- HTTP3: fix invalid use of sendto for connected UDP socket
- HTTP3: fix prefix parameter for ngtcp2 build
- HTTP3: show an --alt-svc using example too
- INSTALL: add missing space for configure commands
- INSTALL: add vcpkg installation instructions
- altsvc: accept quoted ma and persist values
- altsvc: both backends run h3-23 now
- appveyor: Add MSVC ARM64 build
- appveyor: Use two parallel compilation on appveyor with CMake
- appveyor: add --disable-proxy autotools build
- appveyor: publish artifacts on appveyor
- appveyor: upgrade VS2017 to VS2019
- asyn-thread: make use of Curl_socketpair() where available
- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
- build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
- checksrc: fix uninitialized variable warning
- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
- cirrus: switch off blackhole status on the freebsd CI machines
- cleanups: 21 various PVS-Studio warnings
- configure: only say ipv6 enabled when the variable is set
- configure: remove all cyassl references
- conn-reuse: requests wanting NTLM can reuse non-NTLM connections
- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
- connect: silence sign-compare warning
- cookie: avoid harmless use after free
- cookie: pass in the correct cookie amount to qsort()
- cookies: change argument type for Curl_flush_cookies
- cookies: using a share with cookies shouldn't enable the cookie engine
- copyrights: update copyright notices to 2019
- curl: create easy handles on-demand and not ahead of time
- curl: ensure HTTP 429 triggers --retry
- curl: exit the create_transfers loop on errors
- curl: fix memory leaked by parse_metalink()
- curl: load large files with -d @ much faster
- docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
- docs: added multi-event.c example
- docs: disambiguate CURLUPART_HOST is for host name (ie no port)
- docs: note on failed handles not being counted by curl_multi_perform
- doh: allow only http and https in debug mode
- doh: avoid truncating DNS QTYPE to lower octet
- doh: clean up dangling DOH memory on easy close
- doh: fix (harmless) buffer overrun
- doh: fix undefined behaviour and open up for gcc and clang optimization
- doh: return early if there is no time left
- examples/sslbackend: fix -Wchar-subscripts warning
- gnutls: make gnutls_bye() not wait for response on shutdown
- http2: expire a timeout at end of stream
- http2: prevent dup'ed handles to send dummy PRIORITY frames
- http2: relax verification of :authority in push promise requests
- http2_recv: a closed stream trumps pause state
- http: lowercase headernames for HTTP/2 and HTTP/3
- ldap: Stop using wide char version of ldapp_err2string
- ldap: fix OOM error on missing query string
- mbedtls: add error message for cert validity starting in the future
- mime: when disabled, avoid C99 macro
- ngtcp2: adapt to API change
- ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
- ngtcp2: remove fprintf() calls
- openssl: close_notify on the FTP data connection doesn't mean closure
- openssl: use strerror on SSL_ERROR_SYSCALL
- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
- parsedate: fix date parsing disabled builds
- quiche: don't close connection at end of stream
- quiche: persist connection details (fixes -I with --http3)
- quiche: set 'drain' when returning without having drained the queues
- quiche: update HTTP/3 config creation to new API
- redirect: handle redirects to absolute URLs containing spaces
- runtests: get textaware info from curl instead of perl
- schannel: reverse the order of certinfo insertions
- schannel_verify: Fix concurrent openings of CA file
- security: silence conversion warning
- setopt: handle ALTSVC set to NULL
- setopt: make it easier to add new enum values
- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
- smb: check for full size message before reading message details
- smbserver: fix Python 3 compatibility
- socks: Fix destination host shown on SOCKS5 error
- test1162: disable MSYS2's POSIX path conversion
- test1591: fix spelling of http feature
- tests: add 'connect to non-listen' keywords
- tests: fix narrowing conversion warnings
- tests: fix the test 3001 cert failures
- tests: makes tests succeed when using --disable-proxy
- tests: use %FILE_PWD for file:// URLs
- tests: use port 2 instead of 60000 for a safer non-listening port
- tool_operate: Fix retry sleep time shown to user when Retry-After
- url: Curl_free_request_state() should also free doh handles
- url: don't set appconnect time for non-ssl/non-ssh connections
- url: fix the NULL hostname compiler warning
- url: normalize CURLINFO_EFFECTIVE_URL
- url: only reuse TLS connections with matching pinning
- urlapi: avoid index underflow for short ipv6 hostnames
- urlapi: fix URL encoding when setting a full URL
- urlapi: question mark within fragment is still fragment
- urldata: use 'bool' for the bit type on MSVC compilers
- vtls: fix narrowing conversion warnings
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
* Changes:
- CURLINFO_RETRY_AFTER: parse the Retry-After header value
- HTTP3: initial (experimental still not working) support
- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
- curl: support parallel transfers with -Z
- curl_multi_poll: a sister to curl_multi_wait() that waits more
- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
* Bugfixes:
- CVE-2019-5481: FTP-KRB double-free
- CVE-2019-5482: TFTP small blocksize heap buffer overflow
- CMake: remove needless newlines at end of gss variables
- CMake: use platform dependent name for dlopen() library
- CURLINFO docs: mention that in redirects times are added
- CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
- CURLOPT_HEADERFUNCTION.3: clarify
- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
- CURLOPT_READFUNCTION.3: provide inline example
- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
- Curl_addr2string: take an addrlen argument too
- Curl_fillreadbuffer: avoid double-free trailer buf on error
- HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
- alt-svc: add protocol version selection masking
- alt-svc: fix removal of expired cache entry
- alt-svc: make it use h3-22 with ngtcp2 as well
- alt-svc: more liberal ALPN name parsing
- alt-svc: send Alt-Used: in redirected requests
- alt-svc: with quiche, use the quiche h3 alpn string
- asyn-thread: create a socketpair to wait on
- cleanup: move functions out of url.c and make them static
- cleanup: remove the 'numsocks' argument used in many places
- configure: avoid undefined check_for_ca_bundle
- curl.h: add CURL_HTTP_VERSION_3 to the version enum
- curl: cap the maximum allowed values for retry time arguments
- curl: handle a libcurl build without netrc support
- curl: make use of CURLINFO_RETRY_AFTER when retrying
- curl: use CURLINFO_PROTOCOL to check for HTTP(s)
- curl_global_init_mem.3: mention it was added in 7.12.0
- curl_version: bump string buffer size to 250
- curl_version_info.3: mentioned ALTSVC and HTTP3
- curl_version_info: offer quic (and h3) library info
- curl_version_info: provide nghttp2 details
- defines: avoid underscore-prefixed defines
- docs/ALTSVC: remove what works and the experimental explanation
- docs/EXPERIMENTAL: explain what it means and what's experimental now
- docs/MANUAL.md: converted to markdown from plain text
- docs/examples/curlx: fix errors
- docs: s/curl_debug/curl_dbg_debug in comments and docs
- easy: resize receive buffer on easy handle reset
- examples: Avoid reserved names in hiperfifo examples
- examples: add http3.c, altsvc.c and http3-present.c
- http09: disable HTTP/0.9 by default in both tool and library
- http2: when marked for closure and wanted to close == OK
- http2_recv: trigger another read when the last data is returned
- http: fix use of credentials from URL when using HTTP proxy
- http_negotiate: improve handling of gss_init_sec_context() failures
- md4: Use our own MD4 when no crypto libraries are available
- multi: call detach_connection before Curl_disconnect
- nss: use TLSv1.3 as default if supported
- openssl: build warning free with boringssl
- openssl: use SSL_CTX_set__proto_version() when available
- plan9: add support for running on Plan 9
- progress: reset download/uploaded counter between transfers
- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
- scp: fix directory name length used in memcpy
- smb: init *msg to NULL in smb_send_and_recv()
- smtp: check for and bail out on too short EHLO response
- source: remove names from source comments
- spnego_sspi: add typecast to fix build warning
- src/makefile: fix uncompressed hugehelp.c generation
- ssh-libssh: do not specify O_APPEND when not in append mode
- ssh: move code into vssh for SSH backends
- sspi: fix memory leaks
- tests: Replace outdated test case numbering documentation
- tftp: return error when packet is too small for options
- timediff: make it 64 bit (if possible) even with 32 bit time_t
- travis: reduce number of torture tests in 'coverage'
- url: make use of new HTTP version if alt-svc has one
- urlapi: verify the IPv6 numerical address
- urldata: avoid 'generic', use dedicated pointers
- vauth: Use CURLE_AUTH_ERROR for auth function errors
- Update to 7.65.3
* progress: make the progress meter appear again
- Update to 7.65.2
* Bugfixes:
- CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
- CMake: Fix finding Brotli on case-sensitive file systems
- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
- CURLOPT_SEEKDATA.3: fix variable name
- bindlocal: detect and avoid IP version mismatches in bind()
- build: fix Codacy warnings
- c-ares: honor port numbers in CURLOPT_DNS_SERVERS
- config-os400: add getpeername and getsockname defines
- configure: --disable-progress-meter
- configure: fix --disable-code-coverage
- configure: more --disable switches to toggle off individual features
- configure: remove CURL_DISABLE_TLS_SRP
- conn_maxage: move the check to prune_dead_connections()
- curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
- docs: Explain behavior change in --tlsv1. options since 7.54
- docs: Fix links to OpenSSL docs
- docs: fix string suggesting HTTP/2 is not the default
- headers: Remove no longer exported functions
- http2: call done_sending on end of upload
- http2: don't call stream-close on already closed streams
- http2: remove CURL_DISABLE_TYPECHECK define
- http: allow overriding timecond with custom header
- http: clarify header buffer size calculation
- krb5: fix compiler warning
- lib: Use UTF-8 encoding in comments
- libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
- multi: enable multiplexing by default (again)
- multi: fix the transfer hashes in the socket hash entries
- multi: make sure 'data' can present in several sockhash entries
- netrc: Return the correct error code when out of memory
- nss: don't set unused parameter
- nss: inspect returnvalue of token check
- nss: only cache valid CRL entries
- openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
- openssl: fix pubkey/signature algorithm detection in certinfo
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
- quote.d: asterisk prefix works for SFTP as well
- runtests: keep logfiles around by default
- runtests: report single test time + total duration
- test1165: verify that CURL_DISABLE_ symbols are in sync
- test1521: adapt to SLISTPOINT
- test1523: test CURLOPT_LOW_SPEED_LIMIT
- test153: fix content-length to avoid occasional hang
- test188/189: fix Content-Length
- tests: have runtests figure out disabled features
- tests: support non-localhost HOSTIP for dict/smb servers
- tests: update fixed IP for hostip/clientip split
- tool_cb_prg: Fix integer overflow in progress bar
- typecheck: CURLOPT_CONNECT_TO takes an slist too
- typecheck: add 3 missing strings and a callback data pointer
- unit1654: cleanup on memory failure
- unpause: trigger a timeout for event-based transfers
- url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
* Bugfixes:
- CURLOPT_LOW_SPEED_* repaired
- NTLM: reset proxy "/multipass"/ state when CONNECT request is done
- PolarSSL: deprecate support step 1. Removed from configure
- cmake: check for if_nametoindex()
- cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
- conncache: Remove the DEBUGASSERT on length check
- conncache: make "/bundles"/ per host name when doing proxy tunnels
- curl_share_setopt.3: improve wording
- dump-header.d: spell out that no headers == empty file
- example/http2-download: fix format specifier
- examples: cleanups and compiler warning fixes
- http2: Stop drain from being permanently set
- http: don't parse body-related headers in bodyless responses
- md4: build correctly with openssl without MD4
- md4: include the mbedtls config.h to get the MD4 info
- multi: track users of a socket better
- nss: allow to specify TLS 1.3 ciphers if supported by NSS
- parse_proxy: make sure portptr is initialized
- parse_proxy: use the IPv6 zone id if given
- sectransp: handle errSSLPeerAuthCompleted from SSLRead()
- singlesocket: use separate variable for inner loop
- ssl: Update outdated "/openssl-only"/ comments for supported backends
- tests: add HAProxy keywords
- tests: make test 1420 and 1406 work with rtsp-disabled libcurl
- tls13-docs: mention it is only for OpenSSL >= 1.1.1
- tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
- url: fix bad feature-disable #ifdef
- url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
* Changes:
- CURLOPT_DNS_USE_GLOBAL_CACHE: removed
- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
- pipelining: removed
* Bugfixes:
- CVE-2019-5435: Integer overflows in curl_url_set
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
- --config: clarify that initial : and = might need quoting
- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
- CURLOPT_ADDRESS_SCOPE: fix range check and more
- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
- Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
- OS400/ccsidcurl: replace use of Curl_vsetopt
- OpenSSL: Report -fips in version if OpenSSL is built with FIPS
- WRITEFUNCTION: add missing set_in_callback around callback
- altsvc: Fix building with cookies disabled
- auth: Rename the various authentication clean up functions
- base64: build conditionally if there are users
- cmake: avoid linking executable for some tests with cmake 3.6+
- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
- cmake: set SSL_BACKENDS
- configure: avoid unportable '==' test(1) operator
- configure: error out if OpenSSL wasn't detected when asked for
- configure: fix default location for fish completions
- cookie: Guard against possible NULL ptr deref
- curl: make code work with protocol-disabled libcurl
- curl: report error for "/--no-"/ on non-boolean options
- curlver.h: use parenthesis in CURL_VERSION_BITS macro
- docs/INSTALL: fix broken link
- doh: acknowledge CURL_DISABLE_DOH
- doh: disable DOH for the cases it doesn't work
- examples: remove unused variables
- ftplistparser: fix LGTM alert "/Empty block without comment"/
- hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
- http: acknowledge CURL_DISABLE_HTTP_AUTH
- http: mark bundle as not for multiuse on < HTTP/2 response
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
- http_ntlm: Corrected the name of the include guard
- http_ntlm_wb: Handle auth for only a single request
- http_ntlm_wb: Return the correct error on receiving an empty auth message
- lib509: add missing include for strdup
- lib557: initialize variables
- mbedtls: enable use of EC keys
- mime: acknowledge CURL_DISABLE_MIME
- multi: improved HTTP_1_1_REQUIRED handling
- netrc: acknowledge CURL_DISABLE_NETRC
- nss: allow fifos and character devices for certificates
- nss: provide more specific error messages on failed init
- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- openssl: mark connection for close on TLS close_notify
- openvms: Remove pre-processor for SecureTransport
- parse_proxy: use the URL parser API
- parsedate: disabled on CURL_DISABLE_PARSEDATE
- pingpong: disable more when no pingpong protocols are enabled
- polarssl_threadlock: remove conditionally unused code
- progress: acknowledge CURL_DISABLE_PROGRESS_METER
- proxy: acknowledge DISABLE_PROXY more
- resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
- revert "/multi: support verbose conncache closure handle"/
- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- sasl: only enable if there's a protocol enabled using it
- singleipconnect: show port in the verbose "/Trying ..."/ message
- socks5: user name and passwords must be shorter than 256
- socks: fix error message
- socksd: new SOCKS 4+5 server for tests
- spnego_gssapi: fix return code on gss_init_sec_context() failure
- ssh-libssh: remove unused variable
- ssh: define USE_SSH if SSH is enabled (any backend)
- ssh: move variable declaration to where it's used
- test1002: correct the name
- test2100: Fix typos in test description
- tests: Run global cleanup at end of tests
- tests: make Impacket (SMB server) Python 3 compatible
- tool_cb_wrt: fix bad-function-cast warning
- tool_formparse: remove redundant assignment
- tool_help: Warn if curl and libcurl versions do not match
- tool_help: include for strcasecmp
- url: always clone the CUROPT_CURLU handle
- url: convert the zone id from a IPv6 URL to correct scope id
- urlapi: add CURLUPART_ZONEID to set and get
- urlapi: increase supported scheme length to 40 bytes
- urlapi: require a non-zero host name length when parsing URL
- urlapi: stricter CURLUPART_PORT parsing
- urlapi: strip off zone id from numerical IPv6 addresses
- urlapi: urlencode characters above 0x7f correctly
- vauth/cleartext: update the PLAIN login to match RFC 4616
- vauth/oauth2: Fix OAUTHBEARER token generation
- vauth: Fix incorrect function description for Curl_auth_user_contains_domain
- vtls: fix potential ssl_buffer stack overflow
- wildcard: disable from build when FTP isn't present
- xattr: skip unittest on unsupported platforms
- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
* Changes:
- alt-svc: experiemental support added
- configure: add --with-amissl
* Bugfixes:
- AppVeyor: switch VS 2015 builds to VS 2017 image
- CURLU: fix NULL dereference when used over proxy
- Curl_easy: remove req.maxfd - never used!
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
- DoH: inherit some SSL options from user's easy handle
- Secure Transport: no more "/darwinssl"/
- Secure Transport: tvOS 11 is required for ALPN support
- cirrus: Added FreeBSD builds using Cirrus CI
- cleanup: make local functions static
- cli tool: do not use mime.h private structures
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
- configure: add additional libraries to check for LDAP support
- configure: remove the unused fdopen macro
- configure: show features as well in the final summary
- conncache: use conn->data to know if a transfer owns it
- connection: never reuse CONNECT_ONLY connections
- connection_check: restore original conn->data after the check
- connection_check: set ->data to the transfer doing the check
- cookie: Add support for cookie prefixes
- cookies: dotless names can set cookies again
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
- curl.1: --user and --proxy-user are hidden from ps output
- curl.1: mark the argument to --cookie as
- curl.h: use __has_declspec_attribute for shared builds
- curl: display --version features sorted alphabetically
- curl: fix FreeBSD compiler warning in the --xattr code
- curl: remove MANUAL from -M output
- curl_easy_duphandle.3: clarify that a duped handle has no shares
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
- curl_url.3: this API is not experimental anymore
- dns: release sharelock as soon as possible
- docs: update max-redirs.d phrasing
- examples/10-at-a-time.c: improve readability and simplify
- examples/cacertinmem.c: use multiple certificates for loading CA-chain
- examples/crawler: Fix the Accept-Encoding setting
- examples/ephiperfifo.c: various fixes
- examples/externalsocket: add missing close socket calls
- examples/http2-download: cleaned up
- examples/http2-serverpush: add some sensible error checks
- examples/http2-upload: cleaned up
- examples/httpcustomheader: Value stored to 'res' is never read
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
- examples/sftpuploadresume: Value stored to 'result' is never read
- examples: only include
- examples: remove recursive calls to curl_multi_socket_action
- examples: remove superfluous null-pointer checks
- file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
- fnmatch: disable if FTP is disabled
- gnutls: remove call to deprecated gnutls_compression_get_name
- gopher: remove check for path == NULL
- gssapi: fix deprecated header warnings
- hostip: make create_hostcache_id avoid alloc + free
- http2: multi_connchanged() moved from multi.c, only used for h2
- http2: verify :athority in push promise requests
- http: make adding a blank header thread-safe
- http: send payload when (proxy) authentication is done
- http: set state.infilesize when sending multipart formposts
- makefile: make checksrc and hugefile commands "/silent"/
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
- mbedtls: release sessionid resources on error
- memdebug: log pointer before freeing its data
- memdebug: make debug-specific functions use curl_dbg_ prefix
- mime: put the boundary buffer into the curl_mime struct
- multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
- multi: remove verbose "/Expire in"/ ... messages
- multi: removed unused code for request retries
- multi: support verbose conncache closure handle
- negotiate: fix for HTTP POST with Negotiate
- openssl: add support for TLS ASYNC state
- openssl: if cert type is ENG and no key specified, key is ENG too
- pretransfer: don't strlen() POSTFIELDS set for GET requests
- rand: Fix a mismatch between comments in source and header
- runtests: detect "/schannel"/ as an alias for "/winssl"/
- schannel: be quiet - remove verbose output
- schannel: close TLS before removing conn from cache
- schannel: support CALG_ECDH_EPHEM algorithm
- scripts/completion.pl: also generate fish completion file
- singlesocket: fix the 'sincebefore' placement
- source: fix two 'nread' may be used uninitialized warnings
- ssh: fix Condition '!status' is always true
- ssh: loop the state machine if not done and not blocking
- strerror: make the strerror function use local buffers
- test578: make it read data from the correct test
- tests: Fixed XML validation errors in some test files
- tests: add stderr comparison to the test suite
- tests: fix multiple may be used uninitialized warnings
- threaded-resolver: shutdown the resolver thread without error message
- tool_cb_wrt: fix writing to Windows null device NUL
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
- tool_operate: build on AmigaOS
- tool_operate: fix typecheck warning
- transfer.c: do not compute length of undefined hex buffer
- travis: add build using gnutls
- travis: add scan-build
- travis: bump the used wolfSSL version to 4.0.0
- travis: enable valgrind for the iconv tests
- travis: use updated compiler versions: clang 7 and gcc 8
- unit1307: require FTP support
- unit1651: survive curl_easy_init() fails
- url/idnconvert: remove scan for <= 32 ascii values
- url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
- urlapi: reduce variable scope, remove unreachable 'break'
- urldata: convert bools to bitfields and move to end
- urldata: simplify bytecounters
- urlglob: Argument with 'nonnull' attribute passed null
- version.c: silent scan-build even when librtmp is not enabled
- vtls: rename some of the SSL functions
- wolfssl: stop custom-adding curves
- x509asn1: "/Dereference of null pointer"/
- x509asn1: cleanup and unify code layout
- zsh.pl: escape ':' character
- zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
* curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
missing to notify sockets. [bsc#1129083, bsc#1129470]
* Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
due to cmake pulling libcurl4
- update to version 7.64.0
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
[bcs#1123378, CVE-2019-3823]
* Changes:
- cookies: leave secure cookies alone
- hostip: support wildcard hosts
- http: Implement trailing headers for chunked transfers
- http: added options for allowing HTTP/0.9 responses
- timeval: Use high resolution timestamps on Windows
* Bugfixes:
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
- FAQ: remove mention of sourceforge for github
- OS400: handle memory error in list conversion
- OS400: upgrade ILE/RPG binding.
- README: add codacy code quality badge
- Revert http_negotiate: do not close connection
- THANKS: added several missing names from year <= 2000
- build: make 'tidy' target work for metalink builds
- cmake: added checks for variadic macros
- cmake: updated check for HAVE_POLL_FINE to match autotools
- cmake: use lowercase for function name like the rest of the code
- configure: detect xlclang separately from clang
- configure: fix recv/send/select detection on Android
- configure: rewrite --enable-code-coverage
- conncache_unlock: avoid indirection by changing input argument type
- cookie: fix comment typo
- cookies: allow secure override when done over HTTPS
- cookies: extend domain checks to non psl builds
- cookies: skip custom cookies when redirecting cross-site
- curl --xattr: strip credentials from any URL that is stored
- curl -J: refuse to append to the destination file
- curl/urlapi.h: include "/curl.h"/ first
- curl_multi_remove_handle() don't block terminating c-ares requests
- darwinssl: accept setting max-tls with default min-tls
- disconnect: separate connections and easy handles better
- disconnect: set conn->data for protocol disconnect
- docs/version.d: mention MultiSSL
- docs: fix the --tls-max description
- docs: use $(INSTALL_DATA) to install man page
- docs: use meaningless port number in CURLOPT_LOCALPORT example
- gopher: always include the entire gopher-path in request
- http2: clear pause stream id if it gets closed
- if2ip: remove unused function Curl_if_is_interface_name
- libssh: do not let libssh create socket
- libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
- libssh: free sftp_canonicalize_path() data correctly
- libtest/stub_gssapi: use "/real"/ snprintf
- mbedtls: use VERIFYHOST
- multi: multiplexing improvements
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
- ntlm: fix NTMLv2 compliance
- ntlm_sspi: add support for channel binding
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
- openvms: fix OpenSSL discovery on VAX
- openvms: fix typos in documentation
- os400: add a missing closing bracket
- os400: fix extra parameter syntax error
- pingpong: change default response timeout to 120 seconds
- pingpong: ignore regular timeout in disconnect phase
- printf: fix format specifiers
- runtests.pl: Fix perl call to include srcdir
- schannel: fix compiler warning
- schannel: preserve original certificate path parameter
- schannel: stop calling it "/winssl"/
- sigpipe: if mbedTLS is used, ignore SIGPIPE
- smb: fix incorrect path in request if connection reused
- ssh: log the libssh2 error message when ssh session startup fails
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
- test1561: improve test name
- test1653: make it survive torture tests
- tests: allow tests to pass by 2037-02-12
- tests: move objnames-* from lib into tests
- timediff: fix math for unsigned time_t
- timeval: Disable MSVC Analyzer GetTickCount warning
- tool_cb_prg: avoid integer overflow
- travis: added cmake build for osx
- urlapi: Fix port parsing of eol colon
- urlapi: distinguish possibly empty query
- urlapi: fix parsing ipv6 with zone index
- urldata: rename easy_conn to just conn
- winbuild: conditionally use /DZLIB_WINAPI
- wolfssl: fix memory-leak in threaded use
- spnego_sspi: add support for channel binding
- Fix wrong summary, curl is at version 7, not 4.
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
Changes:
* curl: add %{stderr} and %{stdout} for --write-out
* curl: add undocumented option --dump-module-paths for w32
* setopt: add CURLOPT_CURLU
Bugfixes:
* (lib)curl.rc: fixup for minor bugs
* CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
* CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
* CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
* Curl_follow: accept non-supported schemes for "/fake"/ redirects
* KNOWN_BUGS: add --proxy-any connection issue
* NTLM: Remove redundant ifdef USE_OPENSSL
* NTLM: force the connection to HTTP/1.1
* OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
* SECURITY-PROCESS: bountygraph shuts down again
* TODO: Have the URL API offer IDN decoding
* ares: remove fd from multi fd set when ares is about to close the fd
* axtls: removed
* checksrc: add COPYRIGHTYEAR check
* cmake: fix MIT/Heimdal Kerberos detection
* configure: include all libraries in ssl-libs fetch
* configure: show CFLAGS, LDFLAGS etc in summary
* connect: fix building for recent versions of Minix
* cookies: create the cookiejar even if no cookies to save
* cookies: expire "/Max-Age=0"/ immediately
* curl: --local-port range was not "/including"/
* curl: fix --local-port integer overflow
* curl: fix memory leak reading --writeout from file
* curl: fixed UTF-8 in current console code page (Win)
* curl_easy_perform: fix timeout handling
* curl_global_sslset(): id == -1 is not necessarily an error
* curl_multibyte: fix a malloc overcalculation
* curle: move deprecated error code to ifndef block
* docs: curl_formadd field and file names are now escaped
* docs: escape "/n"/ codes
* doh: fix memory leak in OOM situation
* doh: make it work for h2-disabled builds too
* examples/ephiperfifo: report error when epoll_ctl fails
* ftp: avoid unsigned int overflows in FTP listing parser
* host names: allow trailing dot in name resolve, then strip it
* http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
* http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
* http: fix HTTP DIgest auth to include query in URI
* http_negotiate: do not close connection until negotiation is completed
* impacket: add LICENSE
* infof: clearly indicate truncation
* ldap: fix LDAP URL parsing regressions
* libcurl: stop reading from paused transfers
* mprintf: avoid unsigned integer overflow warning
* netrc: don't ignore the login name specified with "/--user"/
* nss: Fall back to latest supported SSL version
* nss: Fix compatibility with nss versions 3.14 to 3.15
* nss: fix fallthrough comment to fix picky compiler warning
* nss: remove version selecting dead code
* nss: set default max-tls to 1.3/1.2
* openssl: Remove SSLEAY leftovers
* openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
* openssl: do not use file BIOs if not requested
* openssl: fix unused variable compiler warning with old openssl
* openssl: support session resume with TLS 1.3
* openvms: fix example name
* os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
* os400: add CURLOPT_CURLU to ILE/RPG binding
* os400: fix return type of curl_easy_pause() in ILE/RPG binding
* packages: remove old leftover files and dirs
* pop3: only do APOP with a valid timestamp
* runtests: use the local curl for verifying
* schannel: be consistent in Schannel capitalization
* schannel: better CURLOPT_CERTINFO support
* schannel: use Curl_prefix for global private symbols
* snprintf: renamed and now we only use msnprintf()
* ssl: fix compilation with OpenSSL 0.9.7
* ssl: replace all internal uses of CURLE_SSL_CACERT
* symbols-in-versions: add missing CURLU_symbols
* test328: verify Content-Encoding: none
* tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
* tests: drop http_pipe.py script no longer used
* tests: drop http_pipe.py script no longer used
* tool_cb_wrt: Silence function cast compiler warning
* tool_doswin: Fix uninitialized field warning
* travis: build with clang sanitizers
* travis: remove curl before a normal build
* url: a short host name + port is not a scheme
* url: fix IPv6 numeral address parser
* urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
Changes:
* multiplex: enable by default
* url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
* setopt: add CURLOPT_DOH_URL
* curl: --doh-url added
* setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
* imap: change from "/FETCH"/ to "/UID FETCH"/
* configure: add option to disable automatic OpenSSL config loading
* upkeep: add a connection upkeep API: curl_easy_upkeep()
* URL-API: added five new functions
* vtls: MesaLink is a new TLS backend
Bugfixes:
* CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
* CVE-2018-16840: use-after-free in handle close [bsc#1113029]
* CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
* CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
* Curl_dedotdotify(): always nul terminate returned string
* Curl_follow: Always free the passed new URL
* Curl_http2_done: fix memleak in error path
* Curl_retry_request: fix memory leak
* Curl_saferealloc: Fixed typo in docblock
* FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
* GnutTLS: TLS 1.3 support
* SECURITY-PROCESS: mention the bountygraph program
* VS projects: add USE_IPV6:
* certs: generate tests certs with sha256 digest algorithm
* checksrc: enable strict mode and warnings
* checksrc: handle zero scoped ignore commands
* cmake: Backport to work with CMake 3.0 again
* cmake: Improve config installation
* cmake: add support for transitive ZLIB target
* cmake: disable -Wpedantic-ms-format
* cmake: don't require OpenSSL if USE_OPENSSL=OFF
* cmake: fixed path used in generation of docs/tests
* cmake: remove unused *SOCKLEN_T variables
* cmake: suppress MSVC warning C4127 for libtest
* cmake: test and set missed defines during configuration
* config: Remove unused SIZEOF_VOIDP
* configure: force-use -lpthreads on HPUX
* configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
* cookies: Remove redundant expired check
* cookies: fix leak when writing cookies to file
* curl-config.in: remove dependency on bc
* curl.1: --ipv6 mutexes ipv4 (fixed typo)
* curl: update the documentation of --tlsv1.0
* curl_multi_wait: call getsock before figuring out timeout
* curl_ntlm_wb: check aprintf() return codes
* data-binary.d: clarify default content-type is x-www-form-urlencoded
* docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
* docs/CIPHERS: fix the TLS 1.3 cipher names
* docs/CIPHERS: mention the colon separation for OpenSSL
* docs/examples: URL updates
* docs: add "/see also"/ links for SSL options
* example/asiohiper: insert warning comment about its status
* example/htmltidy: fix include paths of tidy libraries
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
* examples/parseurl.c: show off the URL API
* examples: Fix memory leaks from realloc errors
* examples: do not wait when no transfers are running
* ftp: include command in Curl_ftpsend sendbuffer
* gskit: make sure to terminate version string
* gtls: Values stored to but never read
* hostip: fix check on Curl_shuffle_addr return value
* http2: fix memory leaks on error-path
* http: fix memleak in rewind error path
* krb5: fix memory leak in krb_auth
* memory: add missing curl_printf header
* memory: ensure to check allocation results
* multi: Fix error handling in the SENDPROTOCONNECT state
* multi: fix memory leak in content encoding related error path
* multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
* netrc: free temporary strings if memory allocation fails
* nss: try to connect even if libnssckbi.so fails to load
* ntlm_wb: Fix memory leaks in ntlm_wb_response
* ntlm_wb: bail out if the response gets overly large
* openssl: assume engine support in 0.9.8 or later
* openssl: enable TLS 1.3 post-handshake auth
* openssl: fix gcc8 warning
* openssl: load built-in engines too
* openssl: make 'done' a proper boolean
* openssl: output the correct cipher list on TLS 1.3 error
* openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
* openssl: show "/proper"/ version number for libressl builds
* pipelining: deprecated
* rand: add comment to skip a clang-tidy false positive
* rtmp: fix for compiling with lwIP
* runtests: ignore disabled even when ranges are given
* schannel: unified error code handling
* sendf: Fix whitespace in infof/failf concatenation
* ssh: free the session on init failures
* ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
* system.h: use proper setting with Sun C++ as well
* test1299: use single quotes around asterisk
* test1452: mark as flaky
* test1651: unit test Curl_extract_certinfo()
* test320: strip out more HTML when comparing
* tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
* tests: add unit tests for url.c
* tool_cb_hdr: handle failure of rename()
* travis: add a "/make tidy"/ build that runs clang-tidy
* travis: add build for "/configure --disable-verbose"/
* travis: bump the Secure Transport build to use xcode
* travis: make distcheck scan for BOM markers
* unit1300: fix stack-use-after-scope AddressSanitizer warning
* urldata: Fix "/connecting"/ comment
* urlglob: improve error message on bad globs
* vtls: fix ssl version "/or later"/ behavior change for many backends
* x509asn1: Fix SAN IP address verification
* x509asn1: always check return code from getASN1Element()
* x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
* x509asn1: suppress left shift on signed value
- Rebased patches after update:
* curl-disabled-redirect-protocol-message.patch
* curl-use_OPENSSL_config.patch
- Update to version 7.61.1
Bugfixes:
* CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
* CURLINFO_SIZE_UPLOAD: fix missing counter update
* CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
* CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
* Curl_getoff_all_pipelines: improved for multiplexed
* DEPRECATE: remove release date from 7.62.0
* HTTP: Don't attempt to needlessly decompress redirect body
* INTERNALS: require GnuTLS >= 2.11.3
* README.md: add LGTM.com code quality grade for C/C++
* SSLCERTS: improve the openssl command line
* Silence GCC 8 cast-function-type warnings
* ares: check for NULL in completed-callback
* asyn-thread: Remove unused macro
* auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
* auth: pick Bearer authentication whenever a token is available
* cmake: CMake config files are defining CURL_STATICLIB for static builds
* cmake: Respect BUILD_SHARED_LIBS
* cmake: Update scripts to use consistent style
* cmake: bumped minimum version to 3.4
* cmake: link curl to the OpenSSL targets instead of lib absolute paths
* configure: conditionally enable pedantic-errors
* configure: fix for -lpthread detection with OpenSSL and pkg-config
* conn: remove the boolean 'inuse' field
* content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
* cookie tests: treat files as text
* cookies: support creation-time attribute for cookies
* curl: Fix segfault when -H @headerfile is empty
* curl: add http code 408 to transient list for --retry
* curl: fix time-of-check, time-of-use race in dir creation
* curl: use Content-Disposition before the "/URL end"/ for -OJ
* curl: warn the user if a given file name looks like an option
* curl_threads: silence bad-function-cast warning
* darwinssl: add support for ALPN negotiation
* docs/CURLOPT_URL: fix indentation
* docs/CURLOPT_WRITEFUNCTION: size is always 1
* docs/SECURITY-PROCESS: mention bounty, drop pre-notify
* docs/examples: add hiperfifo example using linux epoll/timerfd
* docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
* docs: clarify NO_PROXY env variable functionality
* docs: improved the manual pages of some callbacks
* docs: mention NULL is fine input to several functions
* formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
* gopher: Do not translate `?' to `%09'
* header output: switch off all styles, not just unbold
* hostip: fix unused variable warning
* http2: Use correct format identifier for stream_id
* http2: abort the send_callback if not setup yet
* http2: avoid set_stream_user_data() before stream is assigned
* http2: check nghttp2_session_set_stream_user_data return code
* http2: clear the drain counter in Curl_http2_done
* http2: make sure to send after RST_STREAM
* http2: separate easy handle from connections better
* http: fix for tiny "/HTTP/0.9"/ response
* http_proxy: Remove unused macro SELECT_TIMEOUT
* lib/Makefile: only do symbol hiding if told to
* lib1502: fix memory leak in torture test
* lib1522: fix curl_easy_setopt argument type
* libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
* mime: check Curl_rand_hex's return code
* multi: always do the COMPLETED procedure/state
* openssl: assume engine support in 1.0.0 or later
* openssl: fix debug messages
* projects: Improve Windows perl detection in batch scripts
* retry: return error if rewind was necessary but didn't happen
* reuse_conn(): memory leak - free old_conn->options
* schannel: client certificate store opening fix
* schannel: enable CALG_TLS1PRF for w32api >= 5.1
* schannel: fix MinGW compile break
* sftp: don't send post-qoute sequence when retrying a connection
* smb: fix memory leak on early failure
* smb: fix memory-leak in URL parse error path
* smb_getsock: always wait for write socket too
* ssh-libssh: fix infinite connect loop on invalid private key
* ssh-libssh: reduce excessive verbose output about pubkey auth
* ssh-libssh: use FALLTHROUGH to silence gcc8
* ssl: set engine implicitly when a PKCS#11 URI is provided
* sws: handle EINTR when calling select()
* system_win32: fix version checking
* telnet: Remove unused macros TELOPTS and TELCMDS
* test1143: disable MSYS2's POSIX path conversion
* test1148: disable if decimal separator is not point
* test1307: (fnmatch testing) disabled
* test1422: add required file feature
* test1531: Add timeout
* test1540: Remove unused macro TEST_HANG_TIMEOUT
* test214: disable MSYS2's POSIX path conversion for URL
* test320: treat curl320.out file as binary
* tests/http_pipe.py: Use /usr/bin/env to find python
* tests: Don't use Windows path %PWD for SSH tests
* tests: fixes for Windows line endlings
* tool_operate: Fix setting proxy TLS 1.3 ciphers
* travis: build darwinssl on macos 10.12 to fix linker errors
* travis: execute "/set -eo pipefail"/ for coverage build
* travis: run a 'make checksrc' too
* travis: update to GCC-8
* travis: verify that man pages can be regenerated
* upload: allocate upload buffer on-demand
* upload: change default UPLOAD_BUFSIZE to 64KB
* urldata: remove unused pipe_broke struct field
* vtls: reinstantiate engine on duplicated handles
* windows: implement send buffer tuning
* wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
* curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
which might mess up the terminal (bsc#1105624)
- Update to version 7.61.0
[bsc#1099793, CVE-2018-0500]
Changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url
Bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "/version 1"/
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding #2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "/taking"/ a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- dbus-1
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- ------------------------------------------------------------------
- dbus-1-x11
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
- dmidecode
-
4 dependencies from upstream to be able to apply one more fix:
- util-dont-leak-a-file-descriptor-in-read_file.patch: If memory
allocation fails, we should close the file descriptor before
returning the error.
- util-let-callers-pass-an-offset-to-read_file.patch: Make the
read_file() function more versatile.
- dmidecode-fix-reading-from-smbios-3-dump-files.patch: Use the
sysfs code path when reading from a dump file, as the
requirements are similar.
- util-dont-close-the-same-file-descriptor-twice.patch: Close file
descriptor once and only once on error
Fix a potential regression:
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
which would prevent root from using the --from-dump option since
the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
Clean up function dmi_table so that it does only one thing
(bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
- -dump-bin is used, write the whole dump file at once, instead of
opening and closing the file separately for the table and then
for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
Make sure that the file passed to option --dump-bin does not
already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
check on the type of the mem device file we are asked to read
from, if we are root (bsc#1210418).
4 dependencies from upstream to be able to apply the above fixes:
- avoid-sigbus-on-mmap-failure.patch: Prevent a crash when reading
non-existent portion of memory device file.
- fix-error-paths-in-mem_chunk.patch: Prevent a memory and file
descriptor leak.
- dmidecode-add-support-for-3-digit-versions.patch: Support
3-digit SMBIOS specification version comparison.
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Don't
attempt to read from /dev/mem on non-x86 systems.
6 recommended fixes from upstream:
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
the SMBIOS entry point is long enough to include all the fields
we need.
- dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray
tabulation before the name of DMI record type 25.
- dmidecode-print-type-33-name-unconditionally.patch: Display the
name of DMI record type 33 even if we can't decode it.
- dmidecode-validate-structure-completeness-before-decoding.patch:
Ensure that the whole DMI structure fits in the announced table
length before performing any action on it.
- dmidecode-avoid-oob-read-on-invalid-entry-point-length.patch:
Don't let the entry point checksum verification run beyond the
end of the buffer holding it.
- dmioem-decode-hpe-uefi-type-219-misc-features.patch: Check the
correct bits to report UEFI support.
- dracut
-
- fix(dracut): do not read /proc/modules to get the host modules (bsc#1210910)
* add 0634-fix-dracut-do-not-read-proc-modules-to-get-the-host-.patch
- fix handling of omit_dracutmodules parameter (bsc#1208929)
* add 0633-fix-dracut.sh-omission-is-an-addition-to-other-omiss.patch
- fix kernel name parsing in purge-kernels script (bsc#1199453)
- e2fsprogs
-
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
- expat
-
- Security fix:
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
* (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
function in xmlparse.c
- Added patch expat-CVE-2022-40674.patch
- fonts-config
-
- get the homedir from getpwuid when no $ENV{"/HOME"/} set
- added patches
fix bsc#1210700
+ fonts-config-homedir-getpwuid.patch
- glib2
-
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
Backported from upstream to fix regression on s390x.
(bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
from upstream to fix normal form handling in GVariant.
(CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
glgo#GNOME/glib!3125)
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
- glibc
-
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- pthread-cond-wait-stack-align.patch: x86: fix stack alignment in
pthread_cond_[timed]wait (bsc#1196852)
- gnutls
-
- sysrng-linux: re-open /dev/urandom every time [bsc#1204763]
* Control the file descriptor closing method
* Backported from c95312c5831be5418dc02a86d72bcd1eafd4c145
* Add gnutls-re-open-dev_urandom-every-time.patch
- google-guest-agent
-
- Bump go API version to 1.18 (bsc#1208723)
+ Address CVE-2021-38297 and CVE-2022-23806
- Update to version 20230221.00
* Allow a comment part of a pub ssh key to have an arbitrary format (#198)
+ Split GetUserKey() into two functions: get and validate
+ Correct the name of ValidateUser func as it validates only users
+ Update tests
* Update OWNERS (#201)
- from version 20230207.00
* Update OWNERS file (#199)
- Update to version 20230112.00
* Updating logging module so cloud logs are flushed prior to exit (#196)
* Windows: retry adding MDS route (#194)
- Update to version 20221109.00
* Validate user key for whitespace chars (#188)
- from version 20221107.00
* Fix typo with wsfc agent (#189)
- from version 20221104.00
* Updates to gce-workload-cert-refresh (#186)
- from version 20221025.00
* Add workload cert refresh to preset (#185)
- Update to version 20221018.00
* Write workload cert status file (#184)
- from version 20221017.00
* Update workload_cert permissions (#180)
- Update to version 20220927.00
* Workload certificate refresh (#182)
- Update to version 20220824.00
* Workload certs (#177)
- from version 20220823.00
* add members to OWNERS (#178)
* Expired key tests (#176)
* correct expired key handling (#175)
- avoid bashism in post-install scripts (bsc#1195391)
- Update to version 20220713.00 (bsc#1202100, bsc#1202101)
* try restoring module mode (#172)
* update for golang 1.16 (#171)
- from version 20220614.00
* Remove log that can break startup scripts (#170)
- from version 20220603.00
* repeat fix for arm (#169)
* no authorized keys on debian (#168)
- from version 20220527.00
* Add authorized keys command to the Windows agent package. (#167)
* Support for Windows SSH (#164)
- from version 20220523.00
* restore double slash metadata url (#166)
- from version 20220520.00
* Support .exe as an option for scripts and refactor runScript (#165)
- Update to version 20220429.00
* Move some functionality to a utils module (#162)
- Update to version 20220412.00
* enable goproxy during build (#163)
- from version 20220321.00
* enable routes for ipv6 (#160)
- Update to version 20220204.00 (bsc#1195437, bsc#1195438)
* remove han from owners (#154)
* Remove extra slash from metadata URL. (#151)
- from version 20220104.00
* List IPv6 routes (#150)
- from version 20211228.00
* add add or remove route integration test, utils (#147)
- from version 20211214.00
* add malformed ssh key unit test (#142)
- google-guest-configs
-
- Add nvme-cli to Requires (bsc#1204068, bsc#1204091)
- Update to version 20220211.00 (bsc#1195437, bsc#1195438)
* Set NVMe-PD IO timeout to 4294967295. (#32)
- google-guest-oslogin
-
- Update to version 20220205.00 (bsc#1195437, bsc#1195438)
* Fix build for EL9. (#82)
- from version 20211213.00
* Reauth error (#81)
- Rename Source0 field to Source
- Update URL in Source field to point to upstream tarball
- google-osconfig-agent
-
- Bump go API version to 1.18 (bsc#1208723)
+ Address CVE-2021-38297 and CVE-2022-23806
- Update to version 20230222.00
* Remove Debian 9 from e2e tests image list (#460)
- from version 20230217.00
* Update OWNERS (#458)
- from version 20230208.00
* Fix the error in the `copy_file_from_bucket.yaml` example. (#456)
- from version 20230202.00
* Update owners file. (#455)
- from version 20230123.00
* Call FQDN (#454)
- Update to version 20221214.00
* Close clients that are not passed anywhere (#450)
- Update to version 20221013.01
* Don't print raw pointer data. (#446)
- from version 20221013.00
* Delete yum transaction files if created. (#445)
- Update to version 20220829.00
* Fix exclude packages field processing (#440)
- from version 20220824.00
* Check for exclusive patches. (#442)
- Use install command in %post section to create state file (bsc#1202826)
- Remove useless creation of state file directory in /var/lib
- avoid bashim in post install scripts (bsc#1195391)
- Update to version 20220801.00 (bsc#1202100, bsc#1202101)
* update OWNERS (#438)
* Close client when RegisterAgent fails. (#436)
- from version 20220714.00
* Add timeouts for pip/gem updates. (#433)
- from version 20220623.00
* upgrade to golang 1.16 and override deb build settings for compatibility (#432)
- from version 20220606.00
* new example policy to ensure sshd is running on windows VMs (#430)
- from version 20220531.00
* Add default timeout for pip and gem list commands (#429)
- Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)
- Update to version 20220314.01
* Support COS on arm64 (#426)
- from version 20220314.00
* Fix previous PR: exec.CommandContext cannot be reused (#425)
- from version 20220304.00
* Update the error message when an exec task is run on Windows
without an interpreter (#423)
* Fix string that apt-get returns when requiring downgrade (#422)
* e2e_tests: fix patch test rerun (#421)
* Add --allow-downgrades flag to apt-get calls when it
fails because of wanting to downgrade a package (#418)
* Create e2e test that runs apt-get in a state that makes
it downgrade a package (#420)
* e2e_tests: update OS targets, adjust retries (#419)
* Create change_group.yaml (#416)
- from version 20220215.00
* Add regex support to package exclusion in OS Patch (#415)
- Update to version 20220209.00 (bsc#1195437, bsc#1195438)
* Update licences, remove deprecated centos-8 tests (#414)
- Update to version 20220204.00
* Add DisableLocalLogging option (#413)
- from version 20220107.00
* OS assignment example: Copy file from bucket
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- grub2
-
- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
* 0001-Workaround-volatile-efi-boot-variable.patch
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
(bsc#1209234)
* 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810) (bsc#1209667) (bsc#1209372)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
btrfs filesystem. (bsc#1209165)
* grub2-btrfs-05-grub2-mkconfig.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Make linuxefi default command as linux (bsc#1176134) (bsc#1202838)
* 0001-Fix-symbols-appearing-in-several-modules-in-linux.patch
* 0002-linux-fixup.patch
* 0003-cmdline-Provide-cmdline-functions-as-module.patch
* 0004-efi-linux-provide-linux-command.patch
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520)
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- Remove zfs modules (bsc#1205554)
* grub-remove-zfs-modules.patch
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
* grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
* 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
* 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
* 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
* 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
* 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
* 0010-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0011-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0012-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0013-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0014-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0015-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0016-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0017-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0018-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0019-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0020-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0021-net-ip-Do-IP-fragment-maths-safely.patch
* 0022-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0023-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0024-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0025-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0026-net-tftp-Avoid-a-trivial-UAF.patch
* 0027-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0028-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0029-net-http-Error-out-on-headers-with-LF-without-CR.patch
* 0030-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
* 0031-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
* 0032-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
* 0033-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
the root LV is completely in the boot LUN (bsc#1197948)
* 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
- gzip
-
- Add hardening for zgrep (CVE-2022-1271, bsc#1198062)
* bsc1198062-2.patch
- icu
-
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
from upstream, use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- json-c
-
- Added CVE-2020-12762.patch (bsc#1171479, CVE-2020-12762)
- Added gcc7-fix.patch
- Update to upstream release 0.12.1
- Removed upstream fixed json-c-0.12-unused_variable_size.patch
- Added fix-set-but-not-used.patch
- json-c 0.12
Fixes for security issues contained in this release have been
previously patched into this package, but listed for completeness:
* Address security issues:
* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int
- Further changes:
* Avoid potential overflow in json_object_get_double
* Eliminate the mc_abort() function and MC_ABORT macro.
* Make the json_tokener_errors array local. It has been deprecated for
a while, and json_tokener_error_desc() should be used instead.
* change the floating point output format to %.17g so values with
more than 6 digits show up in the output.
* Remove the old libjson.so name compatibility support. The library is
only created as libjson-c.so now and headers are only installed
into the ${prefix}/json-c directory.
* When supported by the linker, add the -Bsymbolic-functions flag.
* Make strict mode more strict:
* number must not start with 0
* no single-quote strings
* no comments
* trailing char not allowed
* only allow lowercase literals
* Added a json_object_new_double_s() convenience function to allow
an exact string representation of a double to be specified when
creating the object and use it in json_tokener_parse_ex() so
a re-serialized object more exactly matches the input.
* Add support NaN and Infinity
- packaging changes:
* json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream
* Move from json-c-lfs.patch which removed warning errors and
autoconf call to json-c-0.12-unused_variable_size.patch from
upstream which fixes the warning
* except for SLE 11 where autoreconf call is required
* add licence file to main package
- kernel-default
-
- ceph: fix use-after-free bug for inodes when flushing capsnaps
(bsc#1212938).
- commit e731236
- blacklist.conf: gcc 12 issue
- commit 612c29c
- blacklist.conf: cosmetic fix to suppress a compiler warning
- commit f46848d
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock() (git-fixes).
- commit ea30d59
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc() (git-fixes).
- commit 4a538d4
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 28a9871
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 190f99a
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes).
- commit ac6dbde
- ocfs2: clear dinode links count in case of error (git-fixes).
- commit f1a97d4
- ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes).
- commit e11f180
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
(git-fixes).
- commit 70db5f3
- ocfs2: fix a NULL pointer dereference when call
ocfs2_update_inode_fsync_trans() (git-fixes).
- commit f3e26c1
- ocfs2: call journal flush to mark journal as empty after
journal recovery when mount (git-fixes).
- commit d5a28a3
- ocfs2: clear zero in unaligned direct IO (git-fixes).
- commit 4189b4d
- ocfs2: wait for recovering done after direct unlock request
(git-fixes).
- commit b3e22bb
- ocfs2: remove set but not used variable 'last_hash' (git-fixes).
- commit d403713
- ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes).
- commit b701b96
- ocfs2: don't clear bh uptodate for block read (git-fixes).
- commit 30ca2be
- ocfs2: clear journal dirty flag after shutdown journal
(git-fixes).
- commit ccfe523
- ocfs2: fix panic due to unrecovered local alloc (git-fixes).
- commit 007a17f
- ocfs2: fix potential use after free (git-fixes).
- commit 49406d3
- ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes).
- commit f258e7d
- ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes).
- commit 01bc1d8
- ocfs2: don't put and assigning null to bh allocated outside
(git-fixes).
- commit 760bd24
- fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
dlm_print_one_mle() (git-fixes).
- commit 01c2b72
- ocfs2: take inode cluster lock before moving reflinked inode
from orphan dir (git-fixes).
- commit 7e1768a
- ocfs2/dlm: don't handle migrate lockres if already in shutdown
(git-fixes).
- commit 04cf6d0
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
CVE-2023-3090).
- commit bd94484
- btrfs: unset reloc control if transaction commit fails in
prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 6726801
- kprobes: Fix to handle forcibly unoptimized kprobes on
freeing_list (git-fixes).
- commit 35c8c33
- kprobes: Fix check for probe enabled in kill_kprobe()
(git-fixes).
- commit a744c64
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes
bsc#1212606 CVE-2023-3358).
- commit 448bfe3
- igb: fix nvm.ops.read() error handling (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
(git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- ixgbe: Enable setting RSS table to default values (git-fixes).
- ixgbe: Allow flow hash to be set via ethtool (git-fixes).
- bnxt_en: Fix typo in PCI id to device description string mapping
(git-fixes).
- igbvf: Regard vf reset nack as success (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
(git-fixes).
- igb: Enable SR-IOV after reinit (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes).
- ixgbe: fix pci device refcount leak (git-fixes).
- igb: Initialize mailbox message for VF reset (git-fixes).
- igb: Allocate MSI-X vector when testing (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed
(git-fixes).
- bnxt_en: fix potentially incorrect return value for
ndo_rx_flow_steer (git-fixes).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
(git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on
57500 chips (git-fixes).
- igb: Add lock to avoid data race (git-fixes).
- ixgbe: Add locking to prevent panic when setting sriov_numvfs
to zero (git-fixes).
- bnxt_en: reclaim max resources if sriov enable fails
(git-fixes).
- igb: Make DMA faster when CPU is active on the PCIe link
(git-fixes).
- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
- ixgbe: fix bcast packets Rx on VF after promisc removal
(git-fixes).
- igb: skip phy status check where unavailable (git-fixes).
- dim: initialize all struct fields (bsc#1174852).
- ixgbe: ensure IPsec VF<->PF compatibility (git-fixes).
- igc: Fix BUG: scheduling while atomic (git-fixes).
- igc: Fix infinite loop in release_swfw_sync (git-fixes).
- ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx
to skb (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- commit 34bf378
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
(bsc#1212701).
- commit 207c27c
- blacklist.conf: Add 3f5f766d5f7f powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
- commit 1a3b374
- sched/core: Use smp_mb() in wake_woken_function() (git-fixes)
- commit 5df8049
- sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes)
- commit 828ccf7
- net: ks8851: Dequeue RX packets explicitly (git-fixes).
- commit fe5ef52
- net: dev: Use unsigned integer as an argument to left-shift
(git-fixes).
- commit 0bf77d3
- net: set static variable an initial value in atl2_probe()
(git-fixes).
- commit 08dc41f
- net: thunderx: make CFG_DONE message to run through generic
send-ack sequence (git-fixes).
- commit dbc5a3f
- net: marvell: mvneta: fix DMA debug warning (git-fixes).
- commit c48f8b1
- l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs
file (git-fixes).
- commit b182fac
- l2tp: hold reference on tunnels printed in pppol2tp proc file
(git-fixes).
- commit 1f7ac1f
- l2tp: hold reference on tunnels in netlink dumps (git-fixes).
- commit 9be2a0f
- ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
(git-fixes).
- Refresh
patches.suse/ipv4-Return-ENETUNREACH-if-we-can-t-create-route-but.patch.
- commit ea68726
- netlabel: If PF_INET6, check sk_buff ip header version
(git-fixes).
- commit 058c41d
- blacklist.conf: renaming device
- commit 9dfee21
- blacklist.conf: cleanup; another dead reference
- commit 735761f
- blacklist.conf: kABI breakage; does not fix any bug
- commit 1276dc0
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- commit 539dc8d
- put quirk_disable_autosuspend into a hole (git-fixes).
- commit d42a632
- USB: hub: Fix the broken detection of USB3 device in SMSC hub
(git-fixes).
- blacklist.conf: patch itself is useless, but needed as infrastructure
- commit f4a7f78
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- commit d8d554b
- netfilter: x_tables: add and use xt_check_proc_name (git-fixes).
- commit a579604
- blacklist.conf: update blacklist
- commit 1b6a52d
- s390/dasd: Use correct lock while counting channel queue length
(LTC#202775 bsc#1212443).
- commit c2ba548
- binfmt_elf: Take the mmap lock when walking the VMA list
(bsc#1209039 CVE-2023-1249).
- commit 6550df3
- relayfs: fix out-of-bounds access in relay_file_read
(bsc#1212502 CVE-2023-3268).
- kernel/relay.c: fix read_pos error when multiple readers
(bsc#1212502 CVE-2023-3268).
- commit f9dadc6
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
(bsc#1210533 CVE-2023-2002).
- commit cb9bcb2
- media: dm1105: Fix use after free bug in dm1105_remove due to
race condition (bsc#1212501 CVE-2023-35824).
- commit a511fea
- x86/kprobes: Fix arch_check_optimized_kprobe check within
optimized_kprobe range (git-fixes).
- commit 261c02b
- e1000e: Disable TSO on i219-LM card to increase speed
(git-fixes).
- e1000e: Fix TX dispatch condition (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net/mlx4_en: Fix wrong return value on ioctl EEPROM query
failure (git-fixes).
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- e1000e: Correct NVM checksum verification flow (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in
mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 084d4cc
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
(git-fixes).
- commit 9ede6f6
- kprobes: Fix to check probe enabled before
disarm_kprobe_ftrace() (git-fixes).
- commit 0f174b4
- blacklist.conf: Add not needed kprobes fixes
- commit 9c2f070
- kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation
logic (git-fixes).
- commit 36f829b
- coda: fix build using bare-metal toolchain (git-fixes).
- commit 2df3146
- coda: add error handling for fget (git-fixes).
- commit c092001
- uapi linux/coda_psdev.h: move upc_req definition from uapi to
kernel side headers (git-fixes).
- commit 074a075
- coda: pass the host file in vma->vm_file on mmap (git-fixes).
- commit 728d4d8
- revert "/squashfs: harden sanity check in
squashfs_read_xattr_id_table"/ (git-fixes).
- commit fc7c6f6
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
error handling (git-fixes).
- commit e8ee0dd
- affs: initialize fsdata in affs_truncate() (git-fixes).
- commit f9e83d6
- fs/affs: release old buffer head on error path (git-fixes).
- commit b0b572b
- fs/ufs: avoid potential u32 multiplication overflow (git-fixes).
- commit a84c265
- fs/adfs: super: fix use-after-free bug (git-fixes).
- commit 02200da
- Drop a buggy dvb-core fix patch (bsc#1205758)
Also the kabi workaround is dropped, too
- commit 34f0c8e
- README.BRANCH: Add Miroslav Franc as a co-maintainer
- commit e545474
- README.BRANCH: Update the maintainer list
- commit 65a6ad8
- blacklist.conf: removes exported symbol
- commit 39cf0dc
- blacklist.conf: add git-fix not needed
- commit 50851fb
- kprobes: Prohibit probes in gate area (git-fixes).
- commit 4a73d55
- kprobes: don't call disarm_kprobe() for disabled kprobes
(git-fixes).
- commit 5cbfb40
- kprobes: Forbid probing on trampoline and BPF code areas
(git-fixes).
- commit 667fe1b
- samples/kretprobes: Fix return value if register_kretprobe()
failed (git-fixes).
- commit 5b1b600
- kprobes: Do not use local variable when creating debugfs file
(git-fixes).
- commit 7286e91
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller.
- commit b40a0f8
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- commit ab28954
- kretprobe: Avoid re-registration of the same kretprobe earlier
(git-fixes).
- commit c2cc176
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(git-fixes).
- commit 3561afe
- blacklist.conf: relevant only for kernel development
- commit 99f403c
- blacklist.conf: relevant only for kernel development
- commit 9c92369
- blacklist.conf: build fix irrelevant for us
- commit b9a3ab1
- blacklist.conf: build fix irrelevant for us
- commit 2f6b7fd
- blacklist.conf: only for kernel development
- commit cf47010
- blacklist.conf: relevant only for kernel development
- commit 1370701
- blacklist.conf: relevant only for kernel development
- commit f1f85a4
- blacklist.conf: unneeded build fix
- commit c531cca
- blacklist.conf: relevant only for kbuild irrelevant in the build system
- commit 1faed4b
- kprobes: fix kill kprobe which has been marked as gone
(git-fixes).
- commit 77940f3
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
(git-fixes).
- commit f08285c
- kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
(git-fixes).
- commit 64b09f1
- kprobes: Set unoptimized flag after unoptimizing code
(git-fixes).
- commit e2d065d
- kprobes: Prohibit probing on BUG() and WARN() address
(git-fixes).
- commit 0a4ad8b
- kprobes: Fix error check when reusing optimized probes
(git-fixes).
- commit 11aecb3
- kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe()
(git-fixes).
- Refresh
patches.suse/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch.
- commit 1fb5f11
- kprobes: Don't call BUG_ON() if there is a kprobe in use on
free list (git-fixes).
- commit e0562e5
- kprobes: Use synchronize_rcu_tasks() for optprobe with
CONFIG_PREEMPT=y (git-fixes).
- commit 32c4978
- blacklist.conf: Add more powerpc unsupported platform paths
- commit 80240fd
- s390/dasd: fix no record found for raw_track_access (git-fixes
bsc#1212266).
- commit 9377e38
- blacklist.conf: just a cleanup, potential dead reference won't break anything
- commit ae3248a
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
(git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
(git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
(git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
(git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
mpt3sas_transport_port_add() (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
(git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
(git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
(git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
sas_ex_discover_end_dev() (git-fixes).
- commit 9bcdcf3
- s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244).
- commit e08fb9a
- CDC-NCM: avoid overflow in sanity checking (git-fixes).
- commit c5a973e
- net: fec: fix rare tx timeout (git-fixes).
- commit 8adec9a
- net: macb: Clean 64b dma addresses if they are not detected
(git-fixes).
- commit 889275f
- scsi: zfcp: assert that the ERP lock is held when tracing a
recovery trigger (git-fixes bsc#1212240).
- commit eb171ad
- openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS
(git-fixes).
- commit 444e066
- net: fix warning in af_unix (git-fixes).
- commit a389e79
- blacklist.conf: blacklist MDIO_BCM_UNIMAC
- commit 62fb3cf
- s390/smsgiucv: disable SMSG on module unload (git-fixes
bsc#1212236).
- commit 1cef259
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
(git-fixes).
- commit e119b8c
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
(git-fixes).
- commit cb1afd9
- xfrm: Refuse to insert 32 bit userspace socket policies on 64
bit systems (git-fixes).
- commit 413544a
- net: cdc_ncm: remove set but not used variable 'ctx'
(git-fixes).
- commit 0867b66
- blacklist.conf: update blacklist
- commit 7a1167e
- net/usb/drivers: Remove useless hrtimer_active check
(git-fixes).
- commit 5dc6e54
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- commit d94e079
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
bsc#1212185).
- commit 4d63d84
- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- commit 481687d
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
bsc#1212175).
- commit 8055c39
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
bsc#1212173).
- commit bb085e1
- Move setting %%build_html to config.sh
- commit 647b21a
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
post_handler (git-fixes bsc#1212170).
- commit 21760dd
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- commit 09f5a59
- Squashfs: fix handling and sanity checking of xattr_ids count
(git-fixes).
- commit 78ee867
- squashfs: harden sanity check in squashfs_read_xattr_id_table
(git-fixes).
- commit 006d643
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- commit 4693a49
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
(git-fixes).
- commit 6189e17
- hfsplus: fix bug causing custom uid and gid being unable to
be assigned with mount (git-fixes).
- commit 3226ad8
- s390/kprobes: fix current_kprobe never cleared after kprobes
reenter (git-fixes bsc#1212167).
- commit 94cf46f
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- commit 5986c8d
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- commit f70b4c6
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- commit 1caaab9
- hfs: add lock nesting notation to hfs_find_init (git-fixes).
- commit 37dff28
- hfs: fix high memory mapping in hfs_bnode_read (git-fixes).
- commit ae9031e
- hfs: add missing clean-up in hfs_fill_super (git-fixes).
- commit cc1fbe6
- hfsplus: fix crash and filesystem corruption when deleting files
(git-fixes).
- commit 3526c58
- fs/hfs/extent.c: fix array out of bounds read of array extent
(git-fixes).
- commit 5ff3c8a
- hfs: update timestamp on truncate() (git-fixes).
- commit f4e5f42
- hfsplus: update timestamps on truncate() (git-fixes).
- commit 5f7a4bc
- hfs: fix return value of hfs_get_block() (git-fixes).
- commit aa4ce83
- hfsplus: fix return value of hfsplus_get_block() (git-fixes).
- commit 1500cd0
- hfs: prevent btree data loss on ENOSPC (git-fixes).
- commit b6da074
- hfsplus: prevent btree data loss on ENOSPC (git-fixes).
- commit efe705c
- hfs: fix BUG on bnode parent update (git-fixes).
- commit e3129f2
- hfsplus: fix BUG on bnode parent update (git-fixes).
- commit ecc193f
- sysv: use BUILD_BUG_ON instead of runtime check (git-fixes).
- commit 33448c7
- reiserfs: Add security prefix to xattr name in
reiserfs_security_write() (git-fixes).
- commit 381baa2
- reiserfs: Add missing calls to reiserfs_security_free()
(git-fixes).
- commit 894cdec
- reiserfs: check directory items on read from disk (git-fixes).
- commit c73d26d
- reiserfs: add check for root_inode in reiserfs_fill_super
(git-fixes).
- commit 0112af8
- reiserfs: add check for invalid 1st journal block (git-fixes).
- commit 9fe53c4
- reiserfs: only call unlock_new_inode() if I_NEW (git-fixes).
- commit fdc0c7c
- reiserfs: Fix memory leak in reiserfs_parse_options()
(git-fixes).
- commit eda67ce
- reiserfs: prevent NULL pointer dereference in
reiserfs_insert_item() (git-fixes).
- commit 922f823
- reiserfs: propagate errors from fill_with_dentries() properly
(git-fixes).
- commit 529b15f
- reiserfs: change j_timestamp type to time64_t (git-fixes).
- commit 982e84f
- memstick: r592: Fix UAF bug in r592_remove due to race condition
(CVE-2023-3141 bsc#1212129 bsc#1211449).
- commit 77b88e9
- firewire: fix potential uaf in outbound_phy_packet_callback()
(CVE-2023-3159 bsc#1212128).
- commit f62d406
- s390/dasd: fix hanging blockdevice after request requeue
(git-fixes bsc#1212165).
- commit 2203987
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
bsc#1212164).
- commit e732a7c
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5
- Refresh
patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch.
fix the second instance of incorrect MPOL_MF_STRICT check.
- commit 47debde
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- commit dd4da3b
- Refresh
patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch.
Delete also the out: label. Upstream still has users for that label.
Unlike we.
Fixes:
drivers/char/ipmi/ipmi_msghandler.c:5366:1: error: label ‘out’ defined but not used
- commit 05b72bb
- wcn36xx: Fix max channels retrieval (gcc-warning-fixes).
Fixes:
drivers/net/wireless/ath/wcn36xx/smd.c: In function ‘wcn36xx_smd_update_channel_list’:
./include/linux/kernel.h:785:12: error: large integer implicitly truncated to unsigned type
- commit 6bbb096
- Refresh
patches.suse/btrfs-remove-nr_async_submits-and-async_submit_draining.patch.
Fix compiler warning:
fs/btrfs/disk-io.c:815:6: error: unused variable ‘limit’
The upstream patch removes 'limit' too, so follow that up.
- commit 45d33ba
- Refresh
patches.suse/0001-memcg-kmem-further-deprecate-kmem.limit_in_bytes.patch.
Drop memcg_update_kmem_limit() as it is unused now and the compiler
complains:
mm/memcontrol.c:2972:12: error: ‘memcg_update_kmem_limit’ defined but not used
This is done in the upstream patch too.
- commit 660e644
- Move setting %%split_optional to config.sh
- commit 8b0828d
- Refresh
patches.suse/0001-mm-mempolicy-make-mbind-return-EIO-when-MPOL_MF_STRI.patch.
Fix the MPOL_MF_STRICT condition (noticed by Jiri Slaby)
- commit b6b86f2
- Move setting %%supported_modules_check to config.sh
- commit 494d3df
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
(git-fixes).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
(git-fixes).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
- PCI/MSI: Destroy sysfs before freeing entries (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
(git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
(git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Do not clear status bits of masked interrupts
(git-fixes).
- commit fd8f739
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050
- PCI: aardvark: Replace custom macros by standard
linux/pci_regs.h macros (git-fixes).
- Refresh
patches.suse/PCI-aardvark-Fix-PCIe-Max-Payload-Size-setting.patch.
- blacklist.conf: remove it from there
While it's a cleanup, it's a prerequisite for the following patches.
- commit 4ef2916
- blacklist.conf: add some PCI git-fixes
- commit dcca97f
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d
- net: hisilicon: Fix "/Trying to free already-free IRQ"/
(git-fixes).
- commit 997c2f2
- qed: Add cleanup in qed_slowpath_start() (git-fixes).
- commit 912dd32
- net: myri10ge: fix memory leaks (git-fixes).
- commit 47340d2
- cxgb4: fix a memory leak bug (git-fixes).
- commit 3c000ae
- net: cxgb3_main: Fix a resource leak in a error path in
'init_one()' (git-fixes).
- commit e158810
- net/ethernet/qlogic/qed: force the string buffer NULL-terminated
(git-fixes).
- commit 4ba9e6b
- qed: RDMA - Fix the hw_ver returned in device attributes
(git-fixes).
- commit 410eb8e
- blacklist.conf: update blacklist
- commit 2c3f74d
- ixgbe: Check DDM existence in transceiver before access
(git-fixes).
- commit 510e134
- net: axienet: Fix race condition causing TX hang (git-fixes).
- commit e7cf2ee
- bnx2x: Check if transceiver implements DDM before access
(git-fixes).
- commit c586a4b
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit 6b28935
- Also include kernel-docs build requirements for ALP
- commit 114d088
- Move the kernel-binary conflicts out of the spec file.
Thie list of conflicting packages varies per release.
To reduce merge conflicts move the list out of the spec file.
- commit 4d81125
- Avoid unsuported tar parameter on SLE12
- commit 2b8c97b
- usb: xhci: rework grace period logic (git-fixes).
- commit 0d7b2a3
- xhci: Add grace period after xHC start to prevent premature
runtime suspend (git-fixes).
- commit 7c3b440
- Move obsolete KMP list into a separate file.
The list of obsoleted KMPs varies per release, move it out of the spec
file.
- commit 016bc55
- Trim obsolete KMP list.
SLE11 is out of support, we do not need to handle upgrading from SLE11
SP1.
- commit 08819bb
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit ad0e3ea
- Generalize kernel-doc build requirements.
- commit 23b058f
- kernel-binary: Add back kernel-default-base guarded by option
Add configsh option for splitting off kernel-default-base, and for
not signing the kernel on non-efi
- commit 8ad6a28
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
(bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
(bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
(bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "/droping"/ -> "/dropping"/ (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit cda49a1
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- commit e7f1d31
- net: stmmac: don't log oversized frames (git-fixes).
- commit 02a1ae5
- net: stmmac: fix dropping of multi-descriptor RX frames
(git-fixes).
- commit 0c5e8a5
- bonding: show full hw address in sysfs for slave entries
(git-fixes).
- commit 4640084
- net: ibm: fix possible object reference leak (git-fixes).
- commit 2cab0bb
- net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
(git-fixes).
- commit 1cfa1c0
- net: altera_tse: fix msgdma_tx_completion on non-zero fill_level
case (git-fixes).
- commit 82bd47b
- sfc: suppress duplicate nvmem partition types in
efx_ef10_mtd_probe (git-fixes).
- commit 17c6719
- net: altera_tse: fix connect_local_phy error path (git-fixes).
- commit da2fa27
- blacklist.conf: add FSL_UCC_HDLC
- commit cbbd4dd
- net/mlx4_core: Fix return codes of unsupported operations
(git-fixes).
- commit b2c5ba8
- vrf: mark skb for multicast or link-local as enslaved to VRF
(git-fixes).
- commit 9630bdb
- net: dsa: bcm_sf2: Turn on PHY to allow successful registration
(git-fixes).
- commit 00680d2
- net: netxen: fix a missing check and an uninitialized use
(git-fixes).
- commit 76249f8
- net: hisilicon: remove unexpected free_netdev (git-fixes).
- commit fc72200
- net: amd: add missing of_node_put() (git-fixes).
- commit 72cfaff
- blacklist.conf: add faraday network driver
- commit 8453351
- net: faraday: fix return type of ndo_start_xmit function
(git-fixes).
- commit 079382e
- net: smsc: fix return type of ndo_start_xmit function
(git-fixes).
- commit 56bd9aa
- net: micrel: fix return type of ndo_start_xmit function
(git-fixes).
- commit 96160a1
- net: sun: fix return type of ndo_start_xmit function
(git-fixes).
- commit 59f94b5
- net: broadcom: fix return type of ndo_start_xmit function
(git-fixes).
- commit 77fb78e
- net: xilinx: fix return type of ndo_start_xmit function
(git-fixes).
- commit 80ef560
- net: toshiba: fix return type of ndo_start_xmit function
(git-fixes).
- commit dbdb0d6
- net: hns3: fix return type of ndo_start_xmit function
(git-fixes).
- commit 5ba4bbc
- net: qla3xxx: Remove overflowing shift statement (git-fixes).
- commit 7055766
- blacklist.conf: update blacklist
- commit 804cac4
- blacklist.conf: Add 4ef0c5c6b5ba kernel/sched: Fix sched_fork() access an invalid sched_task_group
- commit 5d65c2b
- cifs: prevent infinite recursion in CIFSGetDFSRefer()
(bsc#1190317).
- commit 8982556
- netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes).
- commit 5f3d85f
- netfilter: ipt_CLUSTERIP: put config instead of freeing it
(git-fixes).
- commit 87f8afc
- netfilter: ipt_CLUSTERIP: put config struct if we can't
increment ct refcount (git-fixes).
- commit e675512
- net/tcp/illinois: replace broken algorithm reference link
(git-fixes).
- commit 1264c76
- sit: fix IFLA_MTU ignored on NEWLINK (git-fixes).
- commit 05e5b1a
- ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes).
- commit 678863c
- RDS: IB: Fix null pointer issue (git-fixes).
- commit 85f4095
- l2tp: remove l2specific_len dependency in l2tp_core (git-fixes).
- Refresh
patches.suse/l2tp-fix-reading-optional-fields-of-L2TPv3.patch.
- commit 80db1e0
- l2tp: remove configurable payload offset (git-fixes).
- Refresh
patches.suse/l2tp-reject-creation-of-non-PPP-sessions-on-L2TPv2-t.patch.
- commit e4e115d
- rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
(git-fixes).
- commit 2b478a1
- net: xfrm: allow clearing socket xfrm policies (git-fixes).
- commit cb50bb2
- sctp: avoid flushing unsent queue when doing asoc reset
(git-fixes).
- commit 271642c
- blacklist: add nvme fabrics git-fixes
The whole nvme fabrics part is missing fundamental changes which will
not be backported. Don't bother to port git-fixes for this part.
- commit f524f37
- blacklist.conf: update blacklist
- commit ec49bac
- blacklist.conf: add net/caif
- commit 7907ff7
- nvme-pci: fix a NULL pointer dereference in
nvme_alloc_admin_tags (git-fixes).
- nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs
(git-fixes).
- nvme: free sq/cq dbbuf pointers when dbbuf set fails
(git-fixes).
- nvme: refine the Qemu Identify CNS quirk (git-fixes).
- nvme: Fix u32 overflow in the number of namespace list
calculation (git-fixes).
- nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes).
- nvme-pci: unquiesce admin queue on shutdown (git-fixes).
- nvme-pci: use the same attributes when freeing
host_mem_desc_bufs (git-fixes).
- commit f8a43a3
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- scsi: storvsc: Parameterize number hardware queues
(bsc#1211622).
- commit f58838c
- scsi: qla2xxx: Replace all non-returning strlcpy() with
strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
(bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with
strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
(bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Declare SCSI host template const (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
(bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
(bsc#1211960).
- commit 875f923
- kcm: Check if sk_user_data already set in kcm_attach
(git-fixes).
- Refresh patches.suse/kcm-lock-lower-socket-in-kcm_attach.patch.
- commit 796ddfc
- ip6_tunnel: allow ip6gre dev mtu to be set below 1280
(git-fixes).
- Refresh
patches.suse/ip6_tunnel-remove-magic-mtu-value-0xFFF8.patch.
- commit 9359f96
- xfrm: Fix stack-out-of-bounds with misconfigured transport
mode policies (git-fixes).
- commit a397dd8
- sctp: fix the issue that a __u16 variable may overflow in
sctp_ulpq_renege (git-fixes).
- Refresh
patches.suse/sctp-implement-memory-accounting-on-rx-path.patch.
- commit dfdadd9
- fix kcm_clone() (git-fixes).
- Refresh
patches.suse/kcm-Fix-use-after-free-caused-by-clonned-sockets.patch.
- commit ff3266d
- blacklist.conf: update blacklist
- commit 6559dbc
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32
- Fix usrmerge error (boo#1211796)
- commit da84579
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
(LTC#202116 bsc#1209857 git-fixes).
- commit 466ebf1
- media: radio-shark: Add endpoint checks (git-fixes).
- commit 645a65c
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit 0086804
- USB: core: Add routines for endpoint checks in old drivers
(git-fixes).
- commit 9b3a4b6
- mac80211: drop multicast fragments (git-fixes).
- Refresh patches.kabi/cfg80211-kabi-workaround.patch.
- Refresh
patches.suse/mac80211-add-fragment-cache-to-sta_info.patch.
- commit dcf3ad7
- mac80211: choose first enabled channel for monitor (git-fixes).
- commit 9005ef1
- mac80211: pause TX while changing interface type (git-fixes).
- commit 2e9a9ca
- IB/mlx5: Fix initializing CQ fragments buffer (git-fixes)
- commit ab52722
- RDMA/core: Don't access cm_id after its destruction (git-fixes)
- commit 3e6a35e
- mac80211: fix fast-rx encryption check (git-fixes).
- commit 6dc3740
- blacklist.conf: breaks kABI in a pretty unfixable way
- commit f0b7d32
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit 4ec5513
- RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes)
- commit 45f80d9
- RDMA/hns: Bugfix for querying qkey (git-fixes)
- commit 916464c
- RDMA/mlx5: Block delay drop to unprivileged users (git-fixes)
- commit b67e136
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit aef401f
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 410f136
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes)
- commit 08b691c
- IB/hfi1: Assign npages earlier (git-fixes)
- commit 94a7a3d
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- commit 21e4838
- RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
- commit 69d046f
- RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes)
- commit ebc12ea
- RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes)
- commit 16a901d
- RDMA/rxe: Fix error type of mmap_offset (git-fixes)
- commit 78c6be8
- RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes)
- commit a8ed0c1
- RDMA/i40iw: Fix potential use after free (git-fixes)
- commit 078387e
- IB/iser: bound protection_sg size by data_sg size (git-fixes)
- commit c6057ed
- IB/mlx4: Fix memory leaks (git-fixes)
- commit 93dc3d9
- ipoib: correcly show a VF hardware address (git-fixes)
- commit b86fe95
- IB/mlx4: Increase the timeout for CM cache (git-fixes)
- commit bd695fb
- IB/usnic: Fix potential deadlock (git-fixes)
- commit 7517110
- RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git-fixes)
- commit ce8a13e
- mlx4: Use snprintf instead of complicated strcpy (git-fixes)
- commit 8357ea9
- rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes)
- commit 737703b
- RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes)
- commit 0f21ca2
- Update References
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
(bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 8e47860
- smb3: fix problem remounting a share after shutdown
(bsc#1190317).
- commit faae71e
- seccomp: Set PF_SUPERPRIV when checking capability (git-fixes
bsc#1211816).
- commit f8e3006
- dm ioctl: fix nested locking in table_clear() to remove deadlock
concern (bsc#1210806, CVE-2023-2269).
- commit e962c83
- tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405
CVE-2022-3566).
- commit 75b4182
- blacklist.conf: Add 9fc9e278a5c0 panic: Introduce warn_limit
- commit 43ad239
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 28b437a
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
(bsc#1211801).
- commit ebc5c5b
- cifs_atomic_open(): fix double-put on late allocation failure
(bsc#1190317).
- commit 9b4a498
- CIFS: Spelling s/EACCESS/EACCES/ (bsc#1190317).
- Refresh
patches.suse/cifs-remove-various-function-description-warnings.patch.
- commit 154e2e3
- smb3: fix temporary data corruption in collapse range
(bsc#1190317).
- commit 48c460b
- smb3: fix temporary data corruption in insert range
(bsc#1190317).
- commit 6225020
- blacklist.conf: Append 'Revert "/fbcon: don't lose the console font across generic->chip driver switch"/'
- commit 0b0664b
- fbcon: Check font dimension limits (bsc#1154048)
Changes:
* rename drivers/video/fbdev/core to drivers/video/console
- commit 2e6300a
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048)
- commit 7a7fe7f
- backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770)
- commit 65a9461
- blacklist.conf: Append 'fbdev: udlfb: Fix endpoint check'
- commit c71f23c
- blacklist.conf: Append 'fbdev: arcfb: Fix error handling in arcfb_probe()'
- commit 3b8befa
- blacklist.conf: Append 'fbdev: au1200fb: Fix potential divide by zero'
- commit 99bcf68
- blacklist.conf: Append 'fbdev: lxfb: Fix potential divide by zero'
- commit 29ac883
- blacklist.conf: Append 'fbdev: intelfb: Fix potential divide by zero'
- commit c54aef0
- blacklist.conf: Append 'fbdev: nvidia: Fix potential divide by zero'
- commit 0180fb8
- blacklist.conf: Append 'fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks'
- commit 7424f1a
- blacklist.conf: Append 'fbdev: tgafb: Fix potential divide by zero'
- commit 3dfd2f8
- blacklist.conf: Append 'fbdev: omapfb: cleanup inconsistent indentation'
- commit e6f26fa
- blacklist.conf: Append 'fbdev: vermilion: decrease reference count in error path'
- commit bfe058e
- blacklist.conf: Append 'fbdev: via: Fix error in via_core_init()'
- commit 47cb95a
- blacklist.conf: Append 'fbdev: pm2fb: fix missing pci_disable_device()'
- commit 5d257c9
- blacklist.conf: Append 'fbdev: ssd1307fb: Drop optional dependency'
- commit 6cbf42c
- blacklist.conf: Append 'fbdev: cyber2000fb: fix missing pci_disable_device()'
- commit 06f0770
- blacklist.conf: Append 'fbdev: smscufx: Fix several use-after-free bugs'
- commit 62a32ff
- blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB'
- commit 22da2c5
- blacklist.conf: Append 'fbdev: smscufx: Fix use-after-free in ufx_ops_open()'
- commit 02b683d
- blacklist.conf: Append 'fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()'
- commit 489652a
- blacklist.conf: Append 'video: fbdev: i740fb: Check the argument of i740_calc_vclk()'
- commit c7b03dd
- blacklist.conf: Append 'video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write'
- commit ccb235b
- blacklist.conf: Append 'video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()'
- commit 9dffdbd
- blacklist.conf: Append 'video: fbdev: sm712fb: Fix crash in smtcfb_write()'
- commit d1847f5
- blacklist.conf: Append 'video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()'
- commit ac6af46
- blacklist.conf: Append 'video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()'
- commit 5a2e2fe
- blacklist.conf: Append 'video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit'
- commit 9966c33
- blacklist.conf: Append 'video: fbdev: cirrusfb: check pixclock to avoid divide by zero'
- commit 9b4a739
- blacklist.conf: Append 'video: fbdev: w100fb: Reset global state'
- commit 8c331fe
- blacklist.conf: Append 'video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow'
- commit e521feb
- blacklist.conf: Append 'video: fbdev: riva: Error out if 'pixclock' equals zero'
- commit cd1778b
- blacklist.conf: Append 'video: fbdev: kyro: Error out if 'pixclock' equals zero'
- commit e680120
- blacklist.conf: Append 'video: fbdev: asiliantfb: Error out if 'pixclock' equals zero'
- commit 4eef362
- blacklist.conf: Append 'video: fbdev: kyro: fix a DoS bug by restricting user input'
- commit 4dfa6f9
- cifs: fix confusing debug message (bsc#1190317).
- commit 5e1a930
- cifs: Fix uninitialized memory read for smb311 posix symlink
create (bsc#1190317).
- Refresh
patches.suse/cifs-Fix-uninitialized-memory-reads-for-oparms-mode.patch.
- commit 853e32c
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
(bsc#1190317).
- commit 4ae057c
- cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317).
- commit 17664dd
- cifs: fix pcchunk length type in smb2_copychunk_range
(bsc#1190317).
- commit 2a739a8
- HID: asus: use spinlock to safely schedule workers (bsc#1208604
CVE-2023-1079).
- commit 95bf045
- HID: asus: use spinlock to protect concurrent accesses
(bsc#1208604 CVE-2023-1079).
- commit d755874
- blacklist.conf: changes behavior in user space
- commit 8e76d7a
- blacklist.conf: breaks existing user space
- commit 8a0f9f8
- git_sort: tests: add repositories with autorefresh
Without autorefresh containers are not rebuildable when cached
- commit 1dc067a
- KVM: x86: emulator: update the emulation mode after CR0 write
(git-fixes).
- commit 45c60e8
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode
(git-fixes).
- commit cd1c312
- KVM: x86: emulator: em_sysexit should update ctxt->mode
(git-fixes).
- commit e33b7a7
- KVM: x86: fix incorrect comparison in trace event (git-fixes).
- commit e7c7c64
- x86/kvm: Don't call kvm_spurious_fault() from .fixup
(git-fixes).
- commit 2994486
- x86: kvm: avoid constant-conversion warning (git-fixes).
- commit 785e3c9
- KVM: x86: avoid misreporting level-triggered irqs as
edge-triggered in tracing (git-fixes).
- commit 3a2f7bf
- ring-buffer: Sync IRQ works before buffer destruction
(git-fixes).
- commit 7f66fa1
- ring-buffer: Ensure proper resetting of atomic variables in
ring_buffer_reset_online_cpus (git-fixes).
- commit 05b01b4
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit c9aec28
- KVM: nSVM: clear events pending from svm_complete_interrupts()
when exiting to L1 (git-fixes).
- commit dea3e13
- KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
(git-fixes).
- commit e8ac19f
- x86/kvm/vmx: fix old-style function declaration (git-fixes).
- commit 60914fa
- KVM: x86: fix empty-body warnings (git-fixes).
- commit 1ff0909
- kvm: mmu: Don't read PDPTEs when paging is not enabled
(git-fixes).
- commit 0c9e6c3
- KVM: x86: Update the exit_qualification access bits while
walking an address (git-fixes).
- commit fb42639
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- ipv6: sr: fix out-of-bounds read when setting HMAC data
(bsc#1211592).
- commit b97c30d
- Move upstreamed media fixes into sorted section
- commit 488e428
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
bsc#1205758).
- commit df5f28a
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
(CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
dvb_frontend (CVE-2022-45885 bsc#1205758).
- media: dvbdev: fix error logic at dvb_register_device()
(CVE-2022-45884 bsc#1205756).
- media: dvbdev: Fix memleak in dvb_register_device
(CVE-2022-45884 bsc#1205756).
- media: media/dvb: Use kmemdup rather than duplicating its
implementation (CVE-2022-45884 bsc#1205756).
- commit f7cc9c8
- net: sched: sch_qfq: prevent slab-out-of-bounds in
qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit a507e94
- i2c: xgene-slimpro: Fix out-of-bounds bug in
xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194).
- commit 3e58c3b
- net/iucv: Fix size of interrupt data (bsc#1211466).
- commit f3fc622
- blacklist.conf: update blacklist
- commit 6d6d566
- net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes).
- commit 9681063
- stmmac: fix valid numbers of unicast filter entries (git-fixes).
- commit ef24a07
- net: qca_spi: Fix log level if probe fails (git-fixes).
- commit 3f5bdc7
- net: davinci_emac: match the mdio device against its compatible if possible (git-fixes).
- commit bd607b2
- net: dsa: qca8k: Add support for QCA8334 switch (git-fixes).
- commit 7151502
- net: ethernet: ti: cpsw-phy-sel: check bus_find_device()
ret value (git-fixes).
- commit faf163d
- blacklist.conf: update blacklist
- commit ee5c63d
- blacklist.conf: update blacklist
- commit cb25c3b
- net: dsa: b53: Add BCM5389 support (git-fixes).
- commit 97f949b
- net: mvneta: fix enable of all initialized RXQs (git-fixes).
- commit c3670b0
- net: dsa: mt7530: fix module autoloading for OF platform drivers
(git-fixes).
- commit 5aa0e3c
- sunvnet: does not support GSO for sctp (git-fixes).
- commit 2c2cd3a
- net: qcom/emac: Use proper free methods during TX (git-fixes).
- commit 9e71f84
- net: Extra '_get' in declaration of
arch_get_platform_mac_address (git-fixes).
- commit a07f7ac
- net: arc_emac: fix arc_emac_rx() error paths (git-fixes).
- commit 055ed24
- net: mediatek: setup proper state for disabled GMAC on the
default (git-fixes).
- commit d4884c0
- blacklist.conf: update blacklist
- commit 3d40ef3
- bugzilla-create: take bugzilla email from BUGZILLA_ACCOUNT_EMAIL env var
Some people have emails in bugzilla that are completely different than
emails they use in git and providing one with -e option is tedious.
Make bugzilla-create more flexible by providing the third options that
sits between command line option and git-config automation.
- commit 3ebbd64
- sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes).
- commit 1e6b878
- net: propagate dev_get_valid_name return code (git-fixes).
- commit 6c7e15c
- blacklist.conf: update blacklist
- commit 0b29eb6
- scripts: Update bugzilla-create self-docs
For new REST API.
- commit 375eae1
- bugzilla-create: always end email with @suse.com
- commit 795cb91
- s390/kasan: fix early pgm check handler execution (git-fixes
bsc#1211360).
- s390: ctcm: fix ctcm_new_device error return code (git-fixes
bsc#1211361).
- s390/pci: fix sleeping in atomic during hotplug (git-fixes
bsc#1211364).
- s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes
bsc#1211366).
- s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes
bsc#1211363).
- s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes
bsc#1211365).
- s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes
bsc#1211362).
- commit eaf6fde
- netrom: Fix use-after-free caused by accept on already
connected socket (bsc#1211186 CVE-2023-32269).
- commit 5091773
- net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
(bsc#1209366 CVE-2023-28466).
- commit 6a60b30
- ACPI: processor: Fix evaluating _PDC method when running as
Xen dom0 (git-fixes).
- commit dc522b8
- xen/netback: use same error messages for same errors
(git-fixes).
- commit 4db5f86
- xen/netback: don't do grant copy across page boundary
(git-fixes).
- commit 1db009c
- Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch.
Add note about required followups for the upstream version.
- commit 22f581b
- powerpc/rtas: use memmove for potentially overlapping buffer
copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
(bsc#1065729).
- powerpc: Squash lines for simple wrapper functions
(bsc#1065729).
- commit 5b5254d
- blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275)
- commit 75d9c4f
- ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
(git-fixes).
- commit 45358c3
- sctp: make use of pre-calculated len (git-fixes).
- commit 917a7de
- ipv6: icmp6: Allow icmp messages to be looped back (git-fixes).
- commit b8c6b46
- ipv4: ipv4_default_advmss() should use route mtu (git-fixes).
- commit b90f190
- net: ipv6: send NS for DAD when link operationally up
(git-fixes).
- commit 068ddeb
- blacklist.conf: update blacklist
- commit a62f4ec
- workqueue: Print backtraces from CPUs with hung CPU bound
workqueues (bsc#1211044).
- commit 9009e7b
- workqueue: Warn when a rescuer could not be created
(bsc#1211044).
- commit 729d6a5
- blacklist.conf: udapte blacklist
- commit 6f9c349
- blacklist.conf: update blacklist
- commit b77ff03
- workqueue: Interrupted create_worker() is not a repeated event
(bsc#1211044).
- commit 19f4343
- workqueue: Warn when a new worker could not be created
(bsc#1211044).
- commit 6849328
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 6603859
- blacklist.conf: dependencies cannot be met
- commit 719ca49
- wcn36xx: ensure pairing of init_scan/finish_scan and
start_scan/end_scan (git-fixes).
- commit 087dd65
- wcn36xx: Ensure finish scan is not requested before start scan
(git-fixes).
- commit caae985
- blacklist.conf: add one pci git-fixes
- commit 855c141
- wcn36xx: Specify ieee80211_rx_status.nss (git-fixes).
- commit 012d160
- wcn36xx: Fix warning due to bad rate_idx (git-fixes).
- commit a518de1
- wcn36xx: Disable bmps when encryption is disabled (git-fixes).
- commit ebc2371
- wcn36xx: Fix software-driven scan (git-fix).
- Refresh
patches.suse/wcn36xx-Channel-list-update-before-hardware-scan.patch.
- Refresh
patches.suse/wcn36xx-Move-hal_buf-allocation-to-devm_kmalloc-in-p.patch.
- commit 15a8b93
- wcn36xx: Use sequence number allocated by mac80211 (git-fixes).
- commit bb661ed
- wcn36xx: Fix TX data path (git-fixes).
- commit b77eb82
- wcn36xx: Increase number of TX retries (git-fixes).
- commit 97a8d22
- wcn36xx: Fix multiple AMPDU sessions support (git-fixes).
- commit 63b0807
- wcn36xx: Add ieee80211 rx status rate information (git-fixes).
- commit 4b6a254
- wcn36xx: fix spelling mistake "/to"/ -> "/too"/ (git-fixes).
- commit 7e6ee67
- wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes).
- commit 4d8f867
- wcn36xx: fix typo (git-fixes).
- commit b5b95ed
- wcn36xx: remove unecessary return (git-fixes).
- commit 0eb75a5
- wcn36xx: use dma_zalloc_coherent instead of allocator/memset
(git-fixes).
- commit bbbad4b
- wcn36xx: Use kmemdup instead of duplicating it in
wcn36xx_smd_process_ptt_msg_rsp (git-fixes).
- commit aa805c7
- wcn36xx: Channel list update before hardware scan (git-fixes).
- commit fcf8c32
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass
two's complement (git-fixes).
- commit 39c25cd
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- commit 9de04e1
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- commit 8910841
- Documentation: Document sysfs interfaces purr, spurr, idle_purr,
idle_spurr (PED-3947 bsc#1210544 ltc#202303).
- powerpc/sysfs: Show idle_purr and idle_spurr for every CPU
(PED-3947 bsc#1210544 ltc#202303).
- powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947
bsc#1210544 ltc#202303).
- powerpc/idle: Store PURR snapshot in a per-cpu global variable
(PED-3947 bsc#1210544 ltc#202303).
- powerpc: Move idle_loop_prolog()/epilog() functions to header
file (PED-3947 bsc#1210544 ltc#202303).
- cpuidle/powernv: avoid double irq enable coming out of idle
(PED-3947 bsc#1210544 ltc#202303).
- cpuidle: powerpc: no memory barrier after break from idle
(PED-3947 bsc#1210544 ltc#202303).
- cpuidle: powerpc: read mostly for common globals (PED-3947
bsc#1210544 ltc#202303).
- Refresh patches.suse/cpuidle-powernv-Fix-promotion-from-snooze-if-next-st.patch
- cpuidle: powerpc: cpuidle set polling before enabling irqs
(PED-3947 bsc#1210544 ltc#202303).
- Refresh patches.suse/cpuidle-powernv-Fix-promotion-from-snooze-if-next-st.patch
- commit 964f26b
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access
(git-fixes).
- commit ad8060e
- fotg210-udc: Add missing completion handler (git-fixes).
- commit 3c809e3
- blacklist.conf: kABI
- commit dcd54c2
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode
(git-fixes).
- commit 9ea489a
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
from run_smbios_call (git-fixes).
- commit bc58d39
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
(git-fixes).
- commit 96326a4
- platform/x86: alienware-wmi: fix kfree on potentially
uninitialized pointer (git-fixes).
- commit 52b26a2
- platform/x86: alienware-wmi: fix format string overflow warning
(git-fixes).
- commit 9e6baf6
- platform/x86: alienware-wmi: constify attribute_group structures
(git-fixes).
- commit 804cedf
- platform/x86: alienware-wmi: Adjust instance of
wmi_evaluate_method calls to 0 (git-fixes).
- commit 17d45d2
- platform/x86: dell-laptop: fix rfkill functionality.
- commit 04ebc44
- wifi: brcmfmac: slab-out-of-bounds read in
brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
- commit 07a41fa
- Remove obsolete rpm spec constructs
defattr does not need to be specified anymore
buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
obsoletes correctly (boo#1172073 bsc#1191731).
rpm only supports full length release, no provides
- commit c9b5bc4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit 40e694d
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878
bsc#1211105 CVE-2023-2513).
- commit a52726d
- git_sort: tests: Fix run_all.sh logic
- commit e9649f1
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- net: qcom/emac: Fix use after free bug in emac_remove due to
race condition (bsc#1211037 CVE-2023-2483).
- commit 6c7d167
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- commit 8371d59
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- commit 3c78b91
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- commit 07dd465
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317).
- Refresh
patches.suse/cifs-handle-cache-lookup-errors-different-than-ENOENT.patch.
- Refresh
patches.suse/cifs-split-out-ses-and-tcon-retrieval-from-mount_get_conns-.patch.
- commit f050536
- PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes).
- PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
(git-fixes).
- PCI: aardvark: Configure PCIe resources from 'ranges' DT
property (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
(git-fixes).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
(git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
(git-fixes).
- PCI: Call Max Payload Size-related fixup quirks early
(git-fixes).
- commit 4ba05a4
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- commit fd75dd9
- blacklist.conf: add one char git-fixes
- commit e967264
- wifi: ath5k: fix an off by one check in
ath5k_eeprom_read_freq_list() (git-fixes).
- commit e7e4a01
- xfs: verify buffer contents when we skip log replay (bsc#1210498
CVE-2023-2124).
- commit d228bcf
- kcm: Only allow TCP sockets to be attached to a KCM mux
(git-fixes).
- Refresh patches.suse/kcm-lock-lower-socket-in-kcm_attach.patch.
- commit 1c38f1b
- xhci: hide include of iommu.h (git-fixes).
- commit d4a90d2
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough
iommu (git-fixes).
- commit 25aa1f6
- struct ci_hdrc: hide new member at end (git-fixes).
- commit 10801c8
- usb: chipidea: core: fix possible concurrent when switch role
(git-fixes).
- commit b7e0f07
- x86/irq: Ensure PI wakeup handler is unregistered before module unload (git-fixes).
- commit 1ba0504
- x86/fpu: Prevent FPU state corruption (git-fixes).
- commit 7902778
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- commit 7747d1d
- x86/tools/relocs: Fix non-POSIX regexp (git-fixes).
- commit bf7956d
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- commit b2c2637
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- commit 01320b7
- x86/virt: Mark flags and memory as clobbered by VMXOFF (git-fixes).
- commit 128b31b
- x86/virt: Eat faults on VMXOFF in reboot flows (git-fixes).
- commit d5a2713
- x86/tools: Fix objdump version check again (git-fixes).
- commit 2fac6b7
- x86/kprobes: Restore BTF if the single-stepping is cancelled (git-fixes).
- commit 675ef6d
- x86/kprobes: Fix to check non boostable prefixes correctly (git-fixes).
- commit 7707216
- blacklist.conf: Add a patch for kconfig option we don't have
- commit 133510f
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit 08350f2
- blacklist.conf: add nvme git-fixes
- commit 763e434
- nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is
not RESETTING (git-fixes).
- commit 289f082
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (git-fixes).
- commit 765cf23
- keys: Fix linking a duplicate key to a keyring's assoc_array
(bsc#1207088).
- commit fd3a7e5
- keys: Hoist locking out of __key_link_begin() (bsc#1207088).
- commit 9d4b000
- keys: Change keyring_serialise_link_sem to a mutex (bsc#1207088).
- commit d0f80a2
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
(git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
(git-fixes).
- commit 9283be1
- kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777)
Exported symbols under drivers/nvme/host/ are only used by the
nvme subsystem itself, except for the nvme-fc symbols.
- commit c973bd8
- blacklist.conf: add nvme git-fixes
The nvme fabric part is not really supported in sle12 and touching this
code with proper a lot of testing has a high change of regressions.
The nvme core bits are also very dangerous to update without introducing
regression because sle12 is still using mixed single queue and
multiqueue block layers infrastructures. All this fixes are addressing
issues reported against multiqueue only setups
- commit 039b5e1
- blacklist.conf: irrelevant in all our configs
- commit 21e8e20
- blacklist.conf: irrelevant in all our configs
- commit 5d97024
- blacklist.conf: irrelevant in all our configs
- commit ed95b61
- blacklist.conf: cleanup
- commit 2328a0e
- blacklist.conf: kABI
- commit 5ede269
- blacklist.conf: irrelevant with the compiler options of SLE12
- commit 09fdb2d
- blacklist.conf: architecture not supported in SLE12
- commit 0f802d0
- blacklist.conf: alters behavior in a way that could cause regression
- commit 9198a95
- blacklist.conf: cosmetic
- commit 8c47024
- audit: improve audit queue handling when "/audit=1"/ on cmdline
(bsc#1209969).
- commit 05326be
- MyBS: exclude openSUSE:Factory i586
It's present, but not built. People are supposed to add:
OBS_PROJECT_LEGACYX86=openSUSE:Factory:LegacyX86
to rpm/config.sh now.
- commit 9c22fe0
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
(bsc#1209871 CVE-2023-1670).
- commit cab17d2
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: retain split access workaround for capability reads
(git-fixes).
- commit 664dfaa
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
cpuset_cancel_attach() (bsc#1210827).
- commit c9ac567
- xfrm: policy: use hlist rcu variants on insert (git-fixes).
- commit 8f58d09
- blacklist.conf: update blacklist
- commit 94895b2
- powerpc/papr_scm: Update the NUMA distance table for the
target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY
(bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775
git-fixes).
- powerpc/pseries: rename min_common_depth to primary_domain_index
(bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775
git-fixes).
- powerpc/numa: Consider the max NUMA node for migratable LPAR
(bsc#1209999 ltc#202140 bsc#1190544 ltc#194520 bsc#1142685 ltc#179509 FATE#327775
git-fixes).
- powerpc/numa: Detect support for coregroup (bsc#1209999
ltc#202140 bsc#1142685 ltc#179509 FATE#327775 git-fixes).
- powerpc/numa: Restrict possible nodes based on platform
(bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775
git-fixes).
- powerpc/numa: Limit possible nodes to within num_possible_nodes
(bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 FATE#327775
git-fixes).
- commit 2690e67
- cred: allow get_cred() and put_cred() to be given NULL
(bsc#1209887).
- commit b20510e
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
ipaddress (bsc#1210647 CVE-2023-2162).
- commit eba27cd
- drivers: net: lmc: fix case value for target abort error
(git-fixes).
- commit 9328eea
- net: axienet: Fix double deregister of mdio (git-fixes).
- commit ceccbaf
- net: prevent ISA drivers from building on PPC32 (git-fixes).
- commit 1665091
- blacklist.conf: update blacklist
- commit c7d12aa
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit 39d6889
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176)
- commit e746751
- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176)
- commit 8101e86
- RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176)
- commit b3ddeab
- blacklist.conf: add !CONFIG_SYSFS entry
- commit ea663e2
- l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels
(git-fixes).
- commit a6de55d
- l2tp: clean up stale tunnel or session in pppol2tp_connect's
error path (git-fixes).
- commit ac0c4ce
- l2tp: fix pseudo-wire type for sessions created by
pppol2tp_connect() (git-fixes).
- commit 3cea0f6
- netfilter: nft_set_rbtree: fix parameter of
__nft_rbtree_lookup() (git-fixes).
- commit d139e7b
- netfilter: x_tables: Add note about how to free percpu counters
(git-fixes).
- commit 370ae8e
- net: core: dst: Add kernel-doc for 'net' parameter (git-fixes).
- commit f4bb4ad
- net: core: dst_cache_set_ip6: Rename 'addr' parameter to
'saddr' for consistency (git-fixes).
- commit d4c9c59
- x86/boot/compressed: Disable relocation relaxation (git-fixes).
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- kretprobe: Prevent triggering kretprobe from within
kprobe_flush_task (git-fixes).
- x86/speculation/mds: Mark mds_user_clear_cpu_buffers()
__always_inline (git-fixes).
- x86_64: Fix jiffies ODR violation (git-fixes).
- x86/mm: Stop printing BRK addresses (git-fixes).
- bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX
BPF_B (git-fixes).
- x86: Don't let pgprot_modify() change the page encryption bit
(git-fixes).
- x86/pkeys: Add check for pkey "/overflow"/ (git-fixes).
- commit e67532f
- watchdog: pcwd_usb: Fix attempting to access uninitialized
memory (git-fixes).
- commit d040be6
- powercap: fix possible name leak in powercap_register_zone()
(git-fixes).
- commit 31ce59d
- usb: storage: Add check for kcalloc (git-fixes).
- commit 610895c
- usb: typec: Check for ops->exit instead of ops->enter in
altmode_exit (git-fixes).
- commit b4c0f7a
- blacklist.conf: add some x86 git-fixes
- commit decff2c
- blacklist.conf: cleanup
- commit b4c83c2
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- commit 7500ab7
- ath10k: Fix missing frame timestamp for beacon/probe-resp
(git-fixes).
- commit b6a1dea
- x86/speculation: Allow enabling STIBP with legacy IBRS
(bsc#1210506 CVE-2023-1998).
- commit 82dbdfe
- cifs: fix negotiate context parsing (bsc#1210301).
- commit e970e4b
- blacklist.conf: not needed; added also the commit introducing the regression
on the blacklist to stay on the safe side
- commit 39430c3
- blacklist.conf: not worth the risk
- commit 581559c
- blacklist.conf: printk: cosmetic problem; wrong value shown in log
- commit 68309f1
- printk: Give error on attempt to set log buffer length to over
2G (bsc#1210534).
- commit 416f599
- tuntap: fix dividing by zero in ebpf queue selection
(git-fixes).
- commit c7fc31c
- net: phy: realtek: Use the dummy stubs for MMD register access
for rtl8211b (git-fixes).
- commit 8197f03
- blacklist.conf: update blacklist
- commit 1eb047f
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- commit e2a6440
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
(git-fixes).
- commit a192018
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- commit 34a2104
- blacklist.conf: upstream error
- commit 82a830a
- iwlwifi: pcie: reschedule in long-running memory reads
(git-fixes).
- commit e6380b0
- blacklist.conf: cleanup for specific compiler
- commit 0396363
- iwlwifi: fw: make pos static in iwl_sar_get_ewrd_table() loop
(git-fixes).
- commit c845c94
- blacklist.conf: feature and optimization, not a fix
- commit 9a8bf0b
- blacklist.conf: kABI
- commit 7b6dc5b
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(git-fixes).
- commit a5c8a19
- ath10k: fix division by zero in send path (git-fixes).
- commit 995d86c
- ath10k: fix control-message timeout (git-fixes).
- commit 49a6469
- ath10k: add missing error return code in ath10k_pci_probe()
(git-fixes).
- commit 40313d2
- ath10k: Fix error handling in case of CE pipe init failure
(git-fixes).
- commit 29f18be
- struct wmi_svc_avail_ev_arg: new member to end (git-fixes).
- commit ace4238
- ath10k: Fix the parsing error in service available event
(git-fixes).
- commit 83c5772
- power: supply: da9150: Fix use after free bug in
da9150_charger_remove due to race condition (CVE-2023-30772
bsc#1210329).
- commit a67542a
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- git_sort: tests: Use correct SLE15 base container
- commit 698573d
- wq: handle VM suspension in stall detection (bsc#1210466).
- commit b6661b9
- git_sort: tests: Move docker files into one directory
Also accept build parameters like -q or --no-cache in run_all.sh
- commit 5b075af
- blacklist.conf: workqueue: Non-trivial reasoning why the change is correct.
Fixing a corner case.
- commit 5637e05
- workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
(bsc#1210460).
- commit 3c2ae43
- workqueue: Fix spurious sanity check failures in
destroy_workqueue() (bsc#1210460).
- blacklist.conf: Remove the commit from the blacklist.
- commit dcf3af1
- cachefiles: Drop superfluous readpages aops NULL check
(bsc#1210430).
- cachefiles: Handle readpage error correctly (bsc#1210430).
- cachefiles: Fix race between read_waiter and read_copier
involving op->to_do (bsc#1210430).
- fscache, cachefiles: remove redundant variable 'cache'
(bsc#1210430).
- cachefiles: Fix page leak in cachefiles_read_backing_file
while vmscan is active (bsc#1210430).
- commit 08d094b
- blacklist.conf: cachefiles fix not applicable to 12SP5
- commit 76c59ea
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
due to race condition (CVE-2023-1855 bsc#1210202).
- commit 8e7b0ea
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
due to unfinished work (CVE-2023-1989 bsc#1210336).
- commit 636a7de
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
condition (git-fixes bsc#1210337 CVE-2023-1990).
- commit 6ec02e1
- intel_pmc_ipc: restore ability to call functions with irq
enabled (git-fixes).
- commit 8b76237
- Refresh
patches.suse/platform-x86-intel_pmc_ipc-Use-spin_lock-to-protect-.patch.
Added additional commit ID
- commit 32b5de9
- platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR
updates (git-fixes).
- commit 6fd8245
- platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe
function (git-fixes).
- commit 66a8daf
- blacklist.conf: irrelevant in our configs
- commit 77369a1
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
(git-fixes).
- commit 1101ba6
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- commit cc9a7d7
- Refresh
patches.suse/net-usb-cdc_mbim-avoid-altsetting-toggling-for-Telit.patch.
Added additional ID
- commit ec0740e
- blacklist.conf: Add 6a2cbc58d6c9 seq_buf: Make trace_seq_putmem_hex() support data longer than 8
- commit 3b72881
- usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
- commit e2fbf46
- usb/ohci-platform: Fix a warning when hibernating (git-fixes).
- commit f004188
- blacklist.conf: not a fix
- commit 579db14
- blacklist.conf: hardware this is relevant for not supported in SLE12
- commit 9c1574c
- usb: host: ohci-pxa27x: Fix and & vs | typo (git-fixes).
- commit 8a04e90
- blacklist.conf: update blacklist
- commit 960fe5e
- sctp: return error if the asoc has been peeled off in
sctp_wait_for_sndbuf (git-fixes).
- Refresh
patches.suse/sctp-implement-memory-accounting-on-tx-path.patch.
- commit ec9bf28
- sctp: use the right sk after waking up from wait_buf sleep
(git-fixes).
- Refresh
patches.suse/sctp-implement-memory-accounting-on-tx-path.patch.
- commit 09b20fd
- sctp: do not free asoc when it is already dead in sctp_sendmsg
(git-fixes).
- Refresh
patches.suse/sctp-implement-memory-accounting-on-tx-path.patch.
- commit 064e118
- net/ncsi: Don't return error on normal response (git-fixes).
- commit 0448b7b
- blacklist.conf: update blacklist
- commit dd82a70
- scripts/tar-up.sh: Exclude directories and files left over from conflict
resolution when copyting rpm/
Directories are not used by obs, there is no point copying them.
Files resulting from conflict resolution needlessly add noise, they
should not be included in the package.
- commit 079558f
- run_oldconfig.sh: Set VANILLA_ONLY with vanilla source variant.
VANILLA_ONLY is no longer set in config.sh, instead variant is set ot
vanilla. Make run_oldconfig.sh reflect that.
- commit 0b52d46
- blacklist.conf: add an intrusive ftrace refinement
- commit 1b629dd
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- commit f82808a
- ring-buffer: Fix race while reader and writer are on the same
page (git-fixes).
- commit 68f2c8a
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
Fix a performance bug introduced by the backports bsc#1210124
- commit 98fde8e
- btrfs: fix race between quota disable and quota assign ioctls
(CVE-2023-1611 bsc#1209687).
- commit 5262625
- Define kernel-vanilla as source variant
The vanilla_only macro is overloaded. It is used for determining if
there should be two kernel sources built as well as for the purpose of
determmioning if vanilla kernel should be used for kernel-obs-build.
While the former can be determined at build time the latter needs to be
baked into the spec file template. Separate the two while also making
the latter more generic.
$build_dtbs is enabled on every single rt and azure branch since 15.3
when the setting was introduced, gate on the new $obs_build_variant
setting as well.
- commit 36ba909
- timekeeping: Prevent 32bit truncation in (git-fixes)
- commit b5eceb5
- ntp: Limit TAI-UTC offset (git-fixes)
- commit cb87f16
- x86/decoder: Add TEST opcode to Group3-2 (git-fixes).
- x86/sysfb: Fix check for bad VRAM size (git-fixes).
- x86/mm: Use the correct function type for native_set_fixmap()
(git-fixes).
- x86/ioapic: Prevent inconsistent state when moving an interrupt
(git-fixes).
- x86/mce: Lower throttling MCE messages' priority to warning
(git-fixes).
- x86/apic: Soft disable APIC before initializing it (git-fixes).
- x86/reboot: Always use NMI fallback when shutdown via reboot
vector IPI fails (git-fixes).
- uprobes/x86: Fix detection of 32-bit user mode (git-fixes).
- x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled
machines (git-fixes).
- x86/apic: Handle missing global clockevent gracefully (git-fixes
bsc#1142926).
- x86/lib/cpu: Address missing prototypes warning (git-fixes).
- x86, boot: Remove multiple copy of static function
sanitize_boot_params() (git-fixes).
- commit 439b087
- blacklist.conf: add some x86 git-fixes
- commit 048281c
- netlink: limit recursion depth in policy validation
(CVE-2020-36691 bsc#1209613).
- commit 519d73a
- scsi: qla2xxx: Synchronize the IOCB count to be in order
(bsc#1209292 bsc#1209684 bsc#1209556).
- commit 18dd273
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 58a7e43
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit 4061009
- net: usb: smsc75xx: Move packet length check to prevent kernel
panic in skb_pull (git-fixes).
- commit 904473f
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
[iivanov] Fix Patch-mainline to v6.3-rc5
- commit f23280a
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
This new form was added in commit e89c2e815e76 ("/riscv: Handle
zicsr/zifencei issues between clang and binutils"/).
- commit 234baea
- cifs: Fix smb2_set_path_size() (bsc#1190317).
- commit 298a4d8
- cifs: Move the in_send statistic to __smb_send_rqst()
(bsc#1190317).
- commit c1a3dcd
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317).
- commit 46ad6ef
- update internal module version number for cifs.ko (bsc#1190317).
- commit 0d92429
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
(bsc#1190317).
- commit 29571bf
- cifs: match even the scope id for ipv6 addresses (bsc#1190317).
- commit ffb4742
- cifs: Fix lost destroy smbd connection when MR allocate failed
(bsc#1190317).
- commit 8c42642
- cifs: get rid of dns resolve worker (bsc#1190317).
- commit 1597aa3
- cifs: Fix warning and UAF when destroy the MR list
(bsc#1190317).
- commit 57628d2
- cifs: Convert struct fealist away from 1-element array
(bsc#1190317).
- commit 450af82
- cifs: fix mount on old smb servers (bsc#1190317).
- commit b608d71
- cifs: Fix uninitialized memory reads for oparms.mode
(bsc#1190317).
- commit 4430e40
- cifs: remove unneeded 2bytes of padding from smb2 tree connect
(bsc#1190317).
- commit 3db0a6b
- cifs: Fix uninitialized memory read in smb3_qfs_tcon()
(bsc#1190317).
- commit 7fd60d0
- cifs: don't try to use rdma offload on encrypted connections
(bsc#1190317).
- commit b75ae7e
- cifs: split out smb3_use_rdma_offload() helper (bsc#1190317).
- commit 4ec903f
- cifs: introduce cifs_io_parms in smb2_async_writev()
(bsc#1190317).
- commit 9060955
- cifs: get rid of unneeded conditional in cifs_get_num_sgs()
(bsc#1190317).
- commit b970b4a
- cifs: prevent data race in smb2_reconnect() (bsc#1190317).
- commit e153e6f
- cifs: fix indentation in make menuconfig options (bsc#1190317).
- commit e3f6c21
- cifs: update Kconfig description (bsc#1190317).
- commit d50d5ca
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req()
(bsc#1190317).
- commit 46dc317
- cifs: print last update time for interface list (bsc#1190317).
- commit aaab89f
- cifs: Replace zero-length arrays with flexible-array members
(bsc#1190317).
- commit 86e6cd6
- cifs: Use kstrtobool() instead of strtobool() (bsc#1190317).
- commit 103e49e
- cifs: Fix use-after-free in rdata->read_into_pages()
(bsc#1190317).
- commit 0bb36b3
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect
(bsc#1190317).
- commit 7c17011
- cifs: do not include page data when checking signature
(bsc#1190317).
- commit 68b5c43
- cifs: fix return of uninitialized rc in
dfs_cache_update_tgthint() (bsc#1190317).
- commit aef9873
- cifs: handle cache lookup errors different than -ENOENT
(bsc#1190317).
- commit b259488
- cifs: remove duplicate code in __refresh_tcon() (bsc#1190317).
- commit 078424b
- cifs: don't take exclusive lock for updating target hints
(bsc#1190317).
- commit 0ba4f09
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317).
- commit db9d0ac
- cifs: fix potential deadlock in cache_refresh_path()
(bsc#1190317).
- commit 8b47c8a
- cifs: fix potential memory leaks in session setup (bsc#1190317).
- commit 9d070b1
- cifs: fix double free on failed kerberos auth (bsc#1190317).
- commit e2bec13
- cifs: remove redundant assignment to the variable match
(bsc#1190317).
- commit 77ccb0d
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
CVE-2023-28772).
- commit 6692c8c
- x86/apic: Add name to irq chip (bsc#1206010).
- commit 89bba1e
- ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
- commit e25c3f6
- blacklist.conf: update blacklist
- commit ae3ef0f
- blacklist.conf: update blacklist
- commit 3e5530d
- x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
- x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001
jsc#ECO-3191).
- Refresh
patches.kabi/kABI-Fix-kABI-for-extended-APIC-ID-support.patch.
- Refresh
patches.suse/x86-msi-Force-affinity-setup-before-startup.patch.
Update to upstream patches.
Two easy cleanups added for simpler backports.
- commit 2c2baeb
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
occasionally"/ (bsc#1207001).
- PCI: hv: Remove the useless hv_pcichild_state from struct
hv_pci_dev (bsc#1207001).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
cause panic (bsc#1207001).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
(bsc#1207001).
- commit e9cf69b
- x86/ioapic: Force affinity setup before startup (bsc#1193231).
- blacklist.conf: remove it from there as the prerequisities were
backported already
- commit 67a8716
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
(bsc#1190317).
- commit f930e6e
- cifs: fix race in assemble_neg_contexts() (bsc#1190317).
- commit ea7fbbe
- cifs: ignore ipc reconnect failures during dfs failover
(bsc#1190317).
- commit afdee33
- cifs: update internal module number (bsc#1190317).
- commit 7b8d7fd
- cifs: split out ses and tcon retrieval from mount_get_conns()
(bsc#1190317).
- commit 15a2a87
- cifs: set resolved ip in sockaddr (bsc#1190317).
- commit d330759
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 0e57c99
- kvm: initialize all of the kvm_debugregs structure before
sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 27afda9
- powerpc/xics: fix refcount leak in icp_opal_init()
(bsc#1065729).
- commit f9aeabf
- powerpc/powernv/ioda: Skip unallocated resources when mapping
to PE (bsc#1065729).
- commit 12e8c49
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
(bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
(bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
(bsc#1109158 ltc#169177 git-fixes).
- commit 4d6673f
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
(git-fixes).
- commit bd0fc95
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 32c7f24
- blacklist.conf: driver not in SLE12
- commit 3fbe4df
- blacklist.conf: driver not present in SLE12
- commit dad4545
- s390/vfio-ap: fix memory leak in vfio_ap device driver
(git-fixes).
- commit 0efdc1f
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
CVE-2023-28464).
- commit ee49c52
- cifs: set correct ipc status after initial tree connect
(bsc#1190317).
- commit 37864d2
- cifs: set correct tcon status after initial tree connect
(bsc#1190317).
- commit 1a028fa
- cifs: Remove duplicated include in cifsglob.h (bsc#1190317).
- commit a1d08d1
- cifs: fix oops during encryption (bsc#1190317).
- commit f574daf
- cifs: fix missing display of three mount options (bsc#1190317).
- commit 93d0b09
- cifs: fix various whitespace errors in headers (bsc#1190317).
- commit bea92d2
- cifs: minor cleanup of some headers (bsc#1190317).
- commit eb82a98
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 007f267
- cifs: skip alloc when request has no pages (bsc#1190317).
- commit 10815ee
- cifs: remove ->writepage (bsc#1190317).
- commit 2c2004f
- cifs: stop using generic_writepages (bsc#1190317).
- commit 000147c
- cifs: add check for returning value of SMB2_set_info_init
(bsc#1190317).
- commit cba1815
- cifs: Fix wrong return value checking when GETFLAGS
(bsc#1190317).
- commit 3e78b62
- cifs: add check for returning value of SMB2_close_init
(bsc#1190317).
- commit 46060ff
- cifs: Fix connections leak when tlink setup failed
(bsc#1190317).
- commit 8cec257
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
CVE-2023-1390).
- commit 91c876a
- bs-upload-kernel: Do not skip post-build-checks
- commit 5443633
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- commit 03cf48f
- timers: Clear timer_base::must_forward_clk with (bsc#1207890)
- commit 665e881
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d6d271d
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit a0c51f7
- net/sched: tcindex: update imperfect hash filters respecting
rcu (CVE-2023-1281 bsc#1209634).
- rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
(CVE-2023-1281 bsc#1209634).
- commit 79d6cb4
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit 3f3dfdc
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
- commit 11f2537
- arm64: Do not forget syscall when starting a new thread. (git-fixes)
- commit 27dfefa
- arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
- commit 551a661
- arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes)
- commit b2f00e4
- blacklist.conf: ("/arm64: alternatives: Move length validation in alternative_{insn,"/)
- commit 750c32b
- KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
- commit 2e3ed1c
- arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
- commit 66c3a8b
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit add4723
- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
- commit 65bd4cc
- arm64/alternatives: move length validation inside the subsection (git-fixes)
- commit d2aefa8
- arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
- commit 2354853
- arm64/alternatives: don't patch up internal branches (git-fixes)
- commit 259ff6d
- arm64/alternatives: use subsections for replacement sequences (git-fixes)
- commit 206be22
- arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register (git-fixes)
Refresh patches.suse/arm64-cpufeature-Allow-different-PMU-versions-in-ID_DFR0_EL1.patch
- commit a0b4d86
- blacklist.conf: ("/arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]"/)
- commit 99d129d
- blacklist.conf: ("/arm64: Delete the space separator in __emit_inst"/)
- commit e989773
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit eabb21e
- Revert "/arm64: dts: juno: add dma-ranges property"/ (git-fixes)
- commit 472652a
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
- commit 126253f
- blacklist.conf: ("/arm64: fix unreachable code issue with cmpxchg"/)
- commit 27e2384
- arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
- commit ed14da7
- arm64/mm: fix variable 'pud' set but not used (git-fixes)
- commit bb80a31
- arm64: unwind: Prohibit probing on return_address() (git-fixes)
- commit 84859a4
- blacklist.conf: ("/arm64/efi: Mark __efistub_stext_offset as an absolute symbol"/)
- commit 7448304
- arm64: Fix compiler warning from pte_unmap() with (git-fixes)
- commit f112362
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes)
- commit 80aa069
- arm64: kprobe: make page to RO mode when allocate it (git-fixes)
- commit 0375ba2
- cifs: fix use-after-free caused by invalid pointer `hostname`
(bsc#1190317).
- commit a20d808
- cifs: Fix pages leak when writedata alloc failed in
cifs_write_from_iter() (bsc#1190317).
- commit f847274
- cifs: Fix pages array leak when writedata alloc failed in
cifs_writedata_alloc() (bsc#1190317).
- commit d37ea58
- cifs: use stub posix acl handlers (bsc#1190317).
- commit ee8407b
- cifs: update internal module number (bsc#1190317).
- commit 7ab3edc
- cifs: Fix memory leak when build ntlmssp negotiate blob failed
(bsc#1190317).
- commit 98ff997
- cifs: fix memory leaks in session setup (bsc#1190317).
- commit c763ca5
- cifs: Fix xid leak in cifs_flock() (bsc#1190317).
- commit dacf024
- cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317).
- commit 3de8885
- cifs: Fix xid leak in cifs_create() (bsc#1190317).
- commit 705ac59
- smb3: improve SMB3 change notification support (bsc#1190317).
- commit fde51a0
- cifs: lease key is uninitialized in two additional functions
when smb1 (bsc#1190317).
- commit 2f04807
- cifs: lease key is uninitialized in smb1 paths (bsc#1190317).
- commit ff35bdf
- smb3: must initialize two ACL struct fields to zero
(bsc#1190317).
- commit 0955f83
- cifs: fix double-fault crash during ntlmssp (bsc#1190317).
- commit 9254cdc
- cifs: use ALIGN() and round_up() macros (bsc#1190317).
- Refresh patches.suse/cifs-fix-negotiate-context-parsing.patch.
- commit 53d873a
- cifs: prevent copying past input buffer boundaries
(bsc#1190317).
- commit 62868f6
- smb3: fix oops in calculating shash_setkey (bsc#1190317).
- commit 5afee83
- cifs: secmech: use shash_desc directly, remove sdesc
(bsc#1190317).
- commit 55bc867
- cifs: remove initialization value (bsc#1190317).
- commit 8fe3a94
- smb3: rename encryption/decryption TFMs (bsc#1190317).
- commit 87d5689
- usb: typec: altmodes/displayport: Fix probe pin assign check
(git-fixes).
- commit 5ce7845
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
DID_REQUEUE (bsc#1199837).
- commit 2f806c6
- USB: misc: iowarrior: fix up header size for
USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- commit 198956a
- Fix formatting of client smbdirect RDMA logging (bsc#1190317).
- commit 51fd618
- Handle variable number of SGEs in client smbdirect send
(bsc#1190317).
- commit 6d2118f
- Reduce client smbdirect max receive segment size (bsc#1190317).
- commit 92e56ee
- Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317).
- commit 7f2c69f
- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
(bsc#1190317).
- commit 29e7c59
- cifs: destage dirty pages before re-reading them for cache=none
(bsc#1190317).
- commit 70d82b6
- cifs: return correct error in ->calc_signature() (bsc#1190317).
- commit b8c45e4
- cifs: misc: fix spelling typo in comment (bsc#1190317).
- commit 4f07bbc
- cifs: avoid use of global locks for high contention data
(bsc#1190317).
- Refresh
patches.suse/cifs-add-missing-spinlock-around-tcon-refcount.patch.
- Refresh patches.suse/cifs-remove-useless-DeleteMidQEntry-.patch.
Context adjustment.
- commit be7ee22
- cifs: add missing spinlock around tcon refcount (bsc#1190317).
- commit 0886941
- cifs: always initialize struct msghdr smb_msg completely
(bsc#1190317).
- commit bc42256
- cifs: don't send down the destination address to sendmsg for
a SOCK_STREAM (bsc#1190317).
- commit 4cd0dc6
- cifs: revalidate mapping when doing direct writes (bsc#1190317).
- commit fdcc906
- cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317).
- commit eb1b54c
- cifs: Add helper function to check smb1+ server (bsc#1190317).
- commit 260556f
- cifs: Use help macro to get the mid header size (bsc#1190317).
- commit 11dd1d2
- cifs: skip extra NULL byte in filenames (bsc#1190317).
- commit d9c1046
- cifs: Use help macro to get the header preamble size
(bsc#1190317).
- commit 1c1c393
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
CVE-2017-5753).
- commit 179a403
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 9bc607c
- tracing/hwlat: Replace sched_setaffinity with
set_cpus_allowed_ptr (git-fixes).
- commit 10ecebb
- ring-buffer: remove obsolete comment for free_buffer_page()
(git-fixes).
- commit fb36562
- ftrace: Fix invalid address access in lookup_rec() when index
is 0 (git-fixes).
- commit 2107853
- blacklist.conf: add not-relevant tracing fixes
- commit 89e5ff0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 59b5ef4
- tracing: Add NULL checks for buffer in
ring_buffer_free_read_page() (git-fixes).
- commit 4ba90d9
- blacklist.conf: might break certifications
- commit bd7ab11
- blacklist.conf: kABI
- commit c99b186
- blacklist.conf: irrelevant in our configs
- commit e0f4fc3
- blacklist.conf: kABI
- commit 9748c72
- blacklist.conf: kABI
- commit abd6f40
- blacklist.conf: blacklist Documentation because we
will not updaten the documentation package in SLE12 anyway
- commit b4fe007
- Refresh
patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit 37fbfe8
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 739342e
- xen/netfront: stop tx queues during live migration (git-fixes).
- commit ac8b9c0
- xen-netfront: fix potential deadlock in xennet_remove()
(git-fixes).
- Refresh
patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch.
- commit 9294dd7
- xen/netfront: fix waiting for xenbus state change (git-fixes).
- commit fe29b44
- xen-netfront: wait xenbus state change when load module manually
(git-fixes).
- commit 0c71330
- xen-netfront: Update features after registering netdev
(git-fixes).
- commit c77bad3
- xen-netfront: Fix mismatched rtnl_unlock (git-fixes).
- commit db4108c
- xen-netfront: Fix race between device setup and open
(git-fixes).
- Refresh
patches.suse/xen-netfront-don-t-trust-the-backend-response-data-b.patch.
- commit a087822
- blacklist.conf: add 9e6246518592 ("/xen/netback: don't call kfree_skb() under spin_lock_irqsave()"/)
- commit cae7fc6
- blacklist.conf: add 7dfa764e0223 ("/xen/netback: fix build warning"/)
- commit 31b3ee5
- blacklist.conf: add 5834e72eda0b ("/xen/netback: do some code cleanup"/)
- commit 6487e56
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit 4ce0c85
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
(git-fixes).
- commit 36249b4
- xen/platform-pci: add missing free_irq() in error path
(git-fixes).
- commit dd25a55
- xen-netfront: enable device after manual module load
(git-fixes).
- commit 6ce0b56
- blacklist.conf: add ce6f7d087e2b ("/Input: xen-kbdfront - fix multi-touch XenStore node's locations"/)
- commit 9866d94
- blacklist.conf: added 02a0d9216d4da ("/Input: xen-kbdfront - do not advertise multi-touch pressure support"/)
- commit 4d70cca
- x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
- Refresh
patches.suse/x86-prepare-inline-asm-for-straight-line-speculation.patch.
- commit be50a99
- SUNRPC: Fix a server shutdown leak (git-fixes).
- commit b391b37
- Revert "/mei: me: enable asynchronous probing"/ (bsc#1208048,
bsc#1209126).
- commit 9a95c7f
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- commit 6fa5ff4
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
(bsc#1209291 CVE-2023-28328).
- commit 0a0d765
- rpm/group-source-files.pl: Fix output difference when / is in location
While previous attempt to fix group-source-files.pl in 6d651362c38
"/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
breaks the infinite loop, it does not properly address the issue. Having
prefixed and/or postfixed forward slash still result in different
output.
This commit changes the script to use the Perl core module File::Spec
for proper path manipulation to give consistent output.
- commit 4161bf9
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
(git-fixes).
- commit a77868e
- Bluetooth: btusb: don't call kfree_skb() under
spin_lock_irqsave() (git-fixes).
- commit 0b2e609
- blacklist.conf: false positive
- commit 7dfc594
- ima: Fix function name error in comment (git-fixes).
- commit 889bacc
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit efc9af2
- blacklist.conf: irrelevant in our configurations
- commit fcaf3c0
- blacklist.conf: kABI
- commit 5f50816
- blacklist.conf: changes exported defaults
- commit 6e19056
- PM: hibernate: flush swap writer after marking (git-fixes).
- commit d5d514d
- blacklist.conf: false positive
- commit bcee6d7
- blacklist.conf: kABI
- commit ee8665f
- blacklist.conf: false positive
- commit 38a7585
- kgdb: Drop malformed kernel doc comment (git-fixes).
- commit 16f0840
- blacklist.conf: kABI
- commit 836cdb8
- dt-bindings: reset: meson8b: fix duplicate reset IDs
(git-fixes).
- commit 758f2cb
- timers/sched_clock: Prevent generic sched_clock wrap caused
by tick_freeze() (git-fixes).
- commit c1996c6
- blacklist.conf: irrelevant documentation
- commit 14b48ad
- blacklist.conf: false positive
- commit 24553f6
- usb: dwc3: gadget: Stop processing more requests on IMI
(git-fixes).
- commit 1e1ba8c
- Update patches.suse/net_sched-add-__rcu-annotation-to-netdev-qdisc.patch.
- fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
- commit 005c9da
- Require suse-kernel-rpm-scriptlets at all times.
The kernel packages call scriptlets for each stage, add the dependency
to make it clear to libzypp that the scriptlets are required.
There is no special dependency for posttrans, these scriptlets run when
transactions are resolved. The plain dependency has to be used to
support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- prlimit: do_prlimit needs to have a speculation check
(bsc#1209256 CVE-2017-5753).
- commit fca254e
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- commit 1162027
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit c85689a
- blacklist.conf: duplicate
- commit 9a30402
- blacklist.conf: false positive
- commit 6886a4a
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
(git-fixes).
- commit 64d8c67
- Update
patches.suse/l2tp-fix-race-in-pppol2tp_release-with-session-objec.patch
(bsc#1076830 bsc#1208850 CVE-2022-20567).
- commit 47065bb
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
(CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
(CVE-2023-1095 bsc#1208777).
- commit c4928a4
- Delete
patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
This definition was used by kgraft codestreams (SLE12-SP3), but the
livepatch support for such codestreams has ended.
- commit 4fbaecf
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
(git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
(git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request
(git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler
(git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI/PM: Avoid using device_may_wakeup() for runtime PM
(git-fixes).
- Refresh
patches.suse/0002-PCI-PM-Use-the-NEVER_SKIP-driver-flag.patch.
- commit 7a5a840
- media: platform: ti: Add missing check for devm_regulator_get
(git-fixes).
- commit 38e97d5
- media: coda: Add check for kmalloc (git-fixes).
- commit 95a83e8
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit da6b661
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
When the source file location provided with -L is either prefixed or
postfixed with forward slash, the script get stuck in a infinite loop
inside calc_dirs() where $path is an empty string.
user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
...
path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
path = /usr/src/linux-5.14.21-150500.41/Documentation
path = /usr/src/linux-5.14.21-150500.41
path = /usr/src
path = /usr
path =
path =
path =
... # Stuck in an infinite loop
This workarounds the issue by breaking out the loop once path is an
empty string. For a proper fix we'd want something that
filesystem-aware, but this workaround should be enough for the rare
occation that this script is ran manually.
Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- vxlan: changelink: Fix handling of default remotes (git-fixes).
- commit 353bf78
- vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
- commit 4d54675
- net: aquantia: fix RSS table and key sizes (git-fixes).
- commit 3b040c8
- bonding: fix 802.3ad state sent to partner when unbinding slave
(git-fixes).
- commit 45191af
- vlan: Fix vlan insertion for packets without ethernet header
(git-fixes).
- commit 95ac5e1
- vlan: Fix out of order vlan headers with reorder header off
(git-fixes).
- commit 59cf369
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(CVE-2023-1118 bsc#1208837).
- commit e793953
- xfrm: Copy policy family in clone_policy (git-fixes).
- commit 9d47068
- netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
- commit 8eff166
- netfilter: xt_connlimit: don't store address in the conn nodes
(git-fixes).
- commit b335237
- icmp: don't fail on fragment reassembly time exceeded
(git-fixes).
- commit ba8013a
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 6206180
- PCI: Unify ACS quirk desired vs provided checking (git-fixes).
- PCI: Make ACS quirk implementations more uniform (git-fixes).
- commit 6452eb0
- KABI FIX FOR: NFS: Pass error information to the pgio error
cleanup routine (git-fixes).
- commit 00c859b
- KABI FIX FOR - SUNRPC: Fix priority queue fairness (git-fixes).
- commit 91b67c9
- README.BRANCH: Adding myself to the maintainer list
- commit 8fc11b2
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
which sets the variable for a simple command.
However, the script is no longer a simple command. Export the variable
instead.
- commit 152a069
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit c0b9b40
- kabi/severities: add l2tp local symbols
- commit 63a39ae
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit ef8f012
- l2tp: fix race in duplicate tunnel detection (bsc#1205711
CVE-2022-4129).
- commit 6a8247c
- l2tp: fix races in tunnel creation (bsc#1205711 CVE-2022-4129).
- commit 4e92c0b
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit d76f4ba
- nfsd: fix race to check ls_layouts (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
(git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
(git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
failure (git-fixes).
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
(git-fixes).
- NFS: Pass error information to the pgio error cleanup routine
(git-fixes).
- SUNRPC: Fix priority queue fairness (git-fixes).
- commit 24274be
- blacklist.conf: updates
- commit 79d0f01
- scripts/sequence-patch.sh: remove obsolete egrep
Avoids a warning and prepares for ultimate removal - boo#1203092
- commit 7a787f7
- PCI: aardvark: Don't touch PCIe registers if no card connected
(git-fixes).
- PCI: aardvark: Indicate error in 'val' when config read fails
(git-fixes).
- PCI: aardvark: Improve link training (git-fixes).
- PCI: aardvark: Don't blindly enable ASPM L0s and don't write
to read-only register (git-fixes).
- PCI: aardvark: Train link immediately after enabling training
(git-fixes).
- PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
(git-fixes).
- PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
- PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
- PCI: endpoint: Fix for concurrent memory allocation in OB
address region (git-fixes).
- kabi: PCI: endpoint: Fix for concurrent memory allocation in
OB address region (git-fixes).
- PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
- PCI: aardvark: Remove PCIe outbound window configuration
(git-fixes).
- PCI: aardvark: Introduce an advk_pcie_valid_device() helper
(git-fixes).
- commit 36c0f12
- PCI: aardvark: Don't rely on jiffies while holding spinlock
(git-fixes).
- PCI: aardvark: Wait for endpoint to be ready before training
link (git-fixes).
- PCI/PM: Always return devices to D0 when thawing (git-fixes).
- PCI: tegra: Fix OF node reference leak (git-fixes).
- commit d6e8f39
- applicom: Fix PCI device refcount leak in applicom_init()
(git-fixes).
- PCI: Add ACS quirk for iProc PAXB (git-fixes).
- Refresh
patches.suse/PCI-Add-ACS-quirk-for-Amazon-Annapurna-Labs-root-por.patch.
- Refresh
patches.suse/PCI-Add-ACS-quirk-for-Broadcom-BCM57414-NIC.patch.
- PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
(git-fixes).
- PCI: aardvark: Fix a leaked reference by adding missing
of_node_put() (git-fixes).
- commit 5dd1a12
- blacklist.conf: powerpc math emulation is not used
- commit 7904b57
- blacklist.conf: 8e1278444446 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
- commit 1292ac8
- powerpc/fscr: Enable interrupts earlier before calling
get_user() (bsc#1065729).
- Refresh patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch
- powerpc/powernv: Fix build error in opal-imc.c when NUMA=n
(bsc#1065729).
- commit 9101ec0
- powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
- powerpc/powernv: IMC fix out of bounds memory access at shutdown
(bsc#1065729).
- commit f7b6c1a
- blacklist.conf: Add oops_limit accretion disk
- commit 26414f9
- blacklist.conf: fda31c50292a signal: avoid double atomic counter increments for user accounting
- commit ad47077
- blacklist.conf: Add 11e31f608b49 watchdog/softlockup: Enforce that timestamp is valid on boot
- commit 312b206
- ipmi: fix initialization when workqueue allocation fails
(git-fixes).
- commit 62cff13
- ipmi: msghandler: Make symbol 'remove_work_wq' static
(git-fixes).
- commit f48a444
- blacklist.conf: Add 0e48f51cbbfb Revert "/libata, freezer: avoid block device removal while system is frozen"/
- commit 3b5d052
- net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
- commit 354903d
- net: bmac: Fix read of MAC address from ROM (git-fixes).
- commit f260cf5
- net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
- commit b08ffb4
- Refresh patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit e51ef45
- Revert "/af_unix: fix races in sk_peer_pid and sk_peer_cred accesses"/
This reverts commit e49e1b0f7e662d5b071015f05ead8185cb31f049
since it breaks the kernel.
- commit f1351a4
- Revert "/sock.h: hide new member (bsc#1194535 CVE-2021-4203)."/
This reverts commit 3cef23f4011eda051233a2e9572ae1d789313f41
since it breaks the kernel
- commit f66a3cf
- SUNRPC: make lockless test safe (bsc#1207201).
- commit 155aec2
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit 3cef23f
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit e49e1b0
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit ec6bedc
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit b12b939
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit b1becb2
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit d61392c
- blacklist.conf: add few PCI patches
- commit 52e540a
- ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git-fixes)
- commit 0e2e532
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- refresh patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch.
- commit 6cab2a4
- block: bio-integrity: Copy flags when bio_integrity_payload
is cloned (bsc#1208541).
- commit 1c1919f
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
(bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
(bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
(bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
(bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
(bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
(bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
(bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
(bsc#1208570).
- commit 649e0ec
- git_sort: tests: do not disable package repository GPG check
This adds the Kernel repository key and enables GPG check for package
installation inside containers.
- commit b2615b2
- git_sort: tests: Adjust to new net repository location
- commit de2dc43
- git_sort: tests: Fix tests failing on SLE15
Use the correct base image, pygit2 is not found by pythong otherwise.
- commit 1088359
- git_sort: tests: exit on error
- commit 767bb07
- blacklist.conf: feature not a fix
- commit 1443bd3
- blacklist.conf: feature not a fix
- commit ee1e977
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- commit d05158b
- blacklist.conf: cosmetic fix
- commit 4b9f79b
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- commit 2d46d95
- git_sort: tests: Use 15.4, 15.3 is EOL
- commit 3624818
- git_sort: tests: Kernel:tools does not have Leap repos, use SLE
- commit 46626b0
- scripts/renamepatches: Fix grep warning
grep: warning: stray before /
- commit 20e6e67
- scripts/renamepatches: Exclude search in irrelevant files
Especially large files in kabi/ can be simply avoided on slow devices
(or NFS).
- commit 9e1b932
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
- commit 4c304c0
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- commit 7662fa0
- net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans
(git-fixes).
- commit ae05a84
- blacklist.conf: add blacklist
- commit d1dd69b
- blacklist.conf: update blacklist
- commit 8b2622c
- blacklist.conf: update blacklist
- commit 50d7ebf
- blacklist.conf: update blacklist
- commit a32c2b4
- blacklist.conf: update blacklist
- commit 941a0ae
- blacklist.conf: update blacklist
- commit ac031d8
- x86/power: Fix 'nosmt' vs hibernation triple fault during resume
(git-fixes).
- Refresh
patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 3ddadd1
- x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
(git-fixes).
- x86/build: Add 'set -e' to mkcapflags.sh to delete broken
capflags.c (git-fixes).
- x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
- x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
vmalloc_fault() (git-fixes).
- x86/irq/64: Limit IST stack overflow check to #DB stack
(git-fixes).
- x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
- x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
- commit 4fdbd92
- blacklist.conf: add some x86 commits
- commit 89c0d93
- scripts/renamepatches: Optimize search
Use bash hashmap instead of grepping list file.
sample:
5.0s -> 2.5s
Composed result with previous commit on SLE15-SP4->SLE15-SP5:
original
Executed in 207.82 secs fish external
usr time 263.64 secs 459.00 micros 263.64 secs
sys time 60.61 secs 185.00 micros 60.61 secs
optimized
Executed in 65.73 secs fish external
usr time 49.16 secs 639.00 micros 49.16 secs
sys time 18.52 secs 0.00 micros 18.52 secs
- commit 68e276c
- scripts/renamepatches: Optimize forks
Use single awk instead of multiple utilites.
sample:
6.4s -> 5.0s
- commit c44b590
- blacklist.conf: kABI
- commit 6c2dd7a
- blacklist.conf: false positive from stable
- commit 4cb1a8d
- net: allwinner: Fix use correct return type for ndo_start_xmit()
(git-fixes).
- commit a06fb6c
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
- commit 8e95e4e
- net: systemport: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit 34c447d
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit e3d888b
- net/mlx5e: Set of completion request bit should not clear
other adjacent bits (git-fixes).
- commit 1fccfde
- net: stmmac: Fix sub-second increment (git-fixes).
- commit 7bcb4c9
- blacklist.conf: regression due to missing feature in boot loader
- commit d40e68d
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- commit 60f17f0
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- commit e9ada32
- USB: serial: ch341: fix disabled rx timer on older devices
(git-fixes).
- commit 1f1a3d6
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit f44e5ac
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(git-fixes).
- commit c8ee3cd
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(git-fixes).
- commit d5892e7
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 3dadb30
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- commit 9a54c12
- blacklist.conf: remove duplicated entry
- commit 09dbb7d
- Update SUSE Root certificate file
Pull the root certificate from a later bundle where it is correctly
marked as CA certificate. Without this the certificate won't be added
into CA bundle.
- commit b2e67d7
- prlimit: do_prlimit needs to have a speculation check
(git-fixes).
- signal handling: don't use BUG_ON() for debugging (git-fixes).
- panic: unset panic_on_warn inside panic() (git-fixes).
- ptrace: make ptrace() fail if the tracee changed its pid
unexpectedly (git-fixes).
- don't dump the threads that had been already exiting when zapped
(git-fixes).
- kernel/sys.c: avoid copying possible padding bytes in
copy_to_user (git-fixes).
- commit b9bfdd9
- kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
- Refresh patches.suse/supported-flag.
- commit d60d0fc
- blacklist.conf: add couple CORE patches
- commit 40318d8
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit 381f355
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- commit 4a8728c
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- commit 7a53afd
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(git-fixes).
- commit 4eade98
- net: usb: lan78xx: don't modify phy_device state concurrently
(git-fixes).
- commit 6ef7677
- blacklist.conf: add a cleanup to disable -Wmaybe-uninitialized
- commit 5840861
- blacklist.conf: duplicate
- commit 59bea49
- blacklist.conf: add a mips-only specific revert
- commit 2cf8eeb
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
(git-fixes).
- commit 4e09bf9
- blacklist.conf: add a not-strictly needed fw-loading fix
- commit 229946b
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- commit 4cc9e19
- net: usb: sr9700: Handle negative len (git-fixes).
- commit e4e2a28
- usb: rndis_host: Secure rndis_query check against int overflow
(CVE-2023-23559 bsc#1207051).
- commit e207be8
- xfs: Fix unreferenced object reported by kmemleak in
xfs_sysfs_init() (git-fixes).
- commit 8137300
- xfs: fix realtime bitmap/summary file truncation when growing
rt volume (git-fixes).
- commit e4116fa
- xfs: make sure the rt allocator doesn't run off the end
(git-fixes).
- commit 6e43199
- xfs: initialize the shortform attr header padding entry
(git-fixes).
- commit 362da99
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
- commit 80c6365
- xfs: fix partially uninitialized structure in
xfs_reflink_remap_extent (git-fixes).
- commit 9049b82
- xfs: fix mount failure crash on invalid iclog memory access
(git-fixes).
- commit 1d08499
- xfs: fix attr leaf header freemap.size underflow (git-fixes).
- commit 1653047
- xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
- commit ab6f871
- xfs: require both realtime inodes to mount (git-fixes).
- commit 2e5ec52
- xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
- commit fcdc154
- xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
- commit 2114c43
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit e1a86c1
- blacklist.conf: Blacklist the patch below
- Delete
patches.suse/ext4-don-t-BUG-if-someone-dirty-pages-without-asking.patch
to replace it with a better alternative we have in other branches
- commit d1f6219
- x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
- Refresh
patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch.
- commit 04b9b60
- cpu/hotplug: Fix "/SMT disabled by BIOS"/ detection for KVM
(git-fixes).
- kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
- Refresh
patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 450f659
- x86/hpet: Prevent potential NULL pointer dereference
(git-fixes).
- x86/mm: Don't leak kernel addresses (git-fixes).
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
(git-fixes).
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15
models (git-fixes).
- x86/kexec: Don't setup EFI info if EFI runtime is not enabled
(git-fixes).
- x86/fpu: Add might_fault() to user_insn() (git-fixes).
- commit 5915eb8
- x86/speculation: Remove SPECTRE_V2_IBRS in enum
spectre_v2_mitigation (bsc#1068032 CVE-2017-5754).
- Refresh
patches.suse/x86-retpoline-remove-minimal-retpoline-support.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
patches.suse/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch.
Make IBRS patches closer to upstream.
- commit 4cf6d38
- x86/speculation: Add support for STIBP always-on preferred mode
(git-fixes).
- x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch.
- Refresh
patches.suse/x86-speculation-avoid-force-disabling-ibpb-based-on-stibp-and-enhanced-ibrs.patch.
- Refresh
patches.suse/x86-speculation-merge-one-test-in-spectre_v2_user_select_mitigation.patch.
- Refresh
patches.suse/x86-speculation-pr_spec_force_disable-enforcement-for-indirect-branches.patch.
Update STIBP patches to be closer to upstream.
- commit 1ef4c9a
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit 9894e8b
- x86/earlyprintk: Add a force option for pciserial device
(git-fixes).
- x86/mce-inject: Reset injection struct after injection
(git-fixes).
- kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not
fault on bad stack (git-fixes).
- x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
- commit f94b2cc
- blk-mq: fix possible memleak when register 'hctx' failed
(git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
(git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- commit e68f2dc
- blacklist.conf: add non-backport git-fixes commit
- commit b53530a
- x86: boot: Fix EFI stub alignment (git-fixes).
- commit 35efa28
- x86/bugs: Move the l1tf function and define pr_fmt properly
(git-fixes).
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0007-x86-kvm-Allow-runtime-control-of-L1D-flush.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
- Refresh
patches.suse/x86-speculation-mds-add-mitigation-control-for-mds.patch.
- Refresh
patches.suse/x86-speculation-reorder-the-spec_v2-code.patch.
- Refresh
patches.suse/x86-speculation-support-mitigations-cmdline-option.patch.
- commit 1843a69
- Refresh patches.suse/x86-l1tf-06-add-sysfs-report.patch.
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
Update to upstream version (X86_FEATURE_L1TF_PTEINV).
- commit 89f9e4a
- blacklist.conf: Add 86989c41b5ea signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- commit bed9df8
- scripts/osc_wrapper: Assign spec with *.spec file when building
Commit 270fc6884c5b ("/scripts/osc_wrapper: Pass more options to osc"/),
decided that only the last argument of osc_wrapper can be the spec file.
But on commit 30f26fbbe86c ("/scripts/osc_wrapper: Accept --ibs | --obs
as the first parameter"/), it swaps the order of arguments, leaving
- -ibs/--obs as the last ones.
This creates a problem when running osc_wrapper with --ibs
kernel-default.spec, since it'll add the specfile in osc_args, and
letting spec variable empty. Later on, if spec if empty, the find_spec
function is called, setting the spec automatically. The end result is
messy:
$ ./scripts/osc_wrapper --ibs kernel-source/kernel-default.spec
osc -A https://api.suse.de build --no-service --local-package --alternative-project=Devel:Kernel:SLE15-SP4 + kernel-source/kernel-default.spec + <some other options here...> + - -define klp_symbols 1 standard kernel-source/kernel-default.spec
The osc command contains two spec definitions, which is wrong. The first
one is wrongly assumed to be an argument to be used for osc or
osc_wrapper.
The fix is to respect the argument of *.spec and assign it to spec
variable, and let other options to be handled by the code that is
currently present.
- commit 86d0aae
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit a63545b
- blacklist.conf: Add a4055888629b mm/memcg: warning on !memcg after readahead page charged
- commit df06b7b
- blacklist.conf: Add 9a137153fc87 mm/memcg: fix device private memcg accounting
- commit 633912b
- blacklist.conf: Add d477f8c202d1 cpuset: restore sanity to cpuset_cpus_allowed_fallback()
- commit 53f3608
- arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git-fixes)
- commit 5ab30ad
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit b36fcf8
- x86/asm: Add instruction suffixes to bitops (git-fixes).
- x86/entry/64: Add instruction suffix (git-fixes).
- kprobes, x86/alternatives: Use text_mutex to protect
smp_alt_modules (git-fixes).
- x86/asm: Remove unnecessary nt in front of CC_SET() from
asm templates (git-fixes).
- blacklist.conf: remove it from there
- commit 42cc16d
- blacklist.conf: add some x86 commits
- commit 9547ab1
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit 18b587b
- tracing: Make sure trace_printk() can output as soon as it
can be used (git-fixes).
- commit 15c6ed8
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
- commit 720bed5
- jbd2: use the correct print format (git-fixes).
- commit 022b5a0
- tracing: Avoid adding tracer option before update_tracer_options
(git-fixes).
- commit 3c24529
- tracing: Fix sleeping function called from invalid context on
RT kernel (git-fixes).
- commit f5a6b6f
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(git-fixes).
- commit d9419a4
- tracing: Ensure trace buffer is at least 4096 bytes large
(git-fixes).
- commit 73dee6a
- tracing: Fix tp_printk option related with
tp_printk_stop_on_boot (git-fixes).
- commit 9ae70c5
- tracing: Fix a kmemleak false positive in tracing_map
(git-fixes).
- commit 146abd5
- scsi: target: core: Add CONTROL field for trace events
(git-fixes).
- commit 5f4b9f3
- blacklist.conf: add not-relevant tracing fixes
- commit 6dbf1ea
- blacklist.conf: add qcom one thanks to present workaround
- commit 56b5e15
- Refresh
patches.suse/PCI-ACPI-Allow-D3-only-if-Root-Port-can-signal-and-w.patch.
Avoid compiler warning:
drivers/pci/pci-acpi.c: In function ‘acpi_pci_bridge_d3’:
drivers/pci/pci-acpi.c:549:5: warning: unused variable ‘val’ [-Wunused-variable]
u8 val;
^~~
- commit 94c9b34
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
(git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes).
- commit 1a1e3cb
- blacklist.conf: Add guards
- d6810d730022 ("/memcg, THP, swap: make mem_cgroup_swapout() support THP"/)
- 00f3ca2c2d66 ("/mm: memcontrol: per-lruvec stats infrastructure"/)
- 1f4aace60b0e ("/fs/seq_file.c: simplify seq_file iteration code and interface"/)
- commit fd302dd
- virtio_console: eliminate anonymous module_init & module_exit
(git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit 04f33be
- Update
patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
(bsc#1206664 CVE-2022-4662).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662).
- commit 3097f42
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
bsc#1207795).
- commit 880415e
- blacklist.conf: 8219d31effa7 powerpc/lib/sstep: Fix build errors with newer binutils
Always building for at least POWER8
- commit 224de10
- blacklist.conf: Add fb5bf31722d0 fork: fix some -Wmissing-prototypes warnings
- commit dcf40c8
- blacklist.conf: Add 22839869f21a signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
- commit 4599dd7
- blacklist.conf: Ad db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit 6b34bd8
- memcg: remove memcg_cgroup::id from IDR on
mem_cgroup_css_alloc() failure (bsc#1208108).
- commit f958549
- blacklist.conf: Remove spurious whitespace
- commit 79063d5
- blacklist.conf: Add d08afa149acf mm, memcg: fix mem_cgroup_swapout() for THPs
- commit 0c330fd
- blacklist.conf: Add 4eaf431f6f71 memcg: fix per_node_info cleanup
- commit fb05fe9
- blacklist.conf: Add more unsupported ppc architecture paths
- commit e6a4392
- blacklist.conf: PCI bus numbering fixes for unsupported architectures
- commit 507eeac
- Update patches.suse/lightnvm-remove-lightnvm-implemenation.patch
(bsc#1191881 bsc#1201420 CVE-2022-2991).
- commit 125ae88
- blacklist.conf: not a fix, but a cleanup
- commit 6c62aaf
- blacklist.conf: cosmetic
- commit 89c1ac7
- blacklist.conf: feature, not a fix
- commit 7abc364
- blacklist.conf: false positive
- commit 89c7fc0
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
(git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
(git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
(git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
(git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
and queue is idle"/ (git-fixes).
- drbd: dynamically allocate shash descriptor (git-fixes).
- drbd: Change drbd_request_detach_interruptible's return type
to int (git-fixes).
- drbd: fix print_st_err()'s prototype to match the definition
(git-fixes).
- drbd: do not block when adjusting "/disk-options"/ while IO is
frozen (git-fixes).
- drbd: reject attach of unsuitable uuids even if connected
(git-fixes).
- drbd: ignore "/all zero"/ peer volume sizes in handshake
(git-fixes).
- commit 0a624a5
- blacklist.conf: Add powerpc inapplicable fixes.
- commit 7e5ff14
- blacklist.conf: Add more unsupported architecture paths
- commit a9d28f3
- blacklist.conf: Giving up on memtrace on 4.12 kernel
It's hopelessly outdated. It may work for some uses but definitely
cannot be fixed to work reliably. It's only available on powernv, anyway.
- commit 52370b2
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 850359a
- blacklist.conf: remove git-fix commit
Added before but now the context appears present.
- commit ca7ebf0
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
Since it is not upstream.
- commit 71b544b
- scsi: smartpqi: use processor ID for hwqueue for non-mq case .
- commit f7c419d
- Revert "/scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)"/
This reverts commit 10f3936c627ef942dd3b1e94d001f74978249b48.
- commit 08dc3b9
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- commit 4f27069
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- commit 297ccbe
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
Heavily modified, as prerequisites for taking it as is would
utterly ruin kABI
- commit f6a5968
- iforce: restore old iforce_dump_packet (git-fixes).
- commit 4231d1c
- Input: iforce - reformat the packet dump output (git-fixes).
- commit dc68ca6
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
- commit 234f459
- blacklist.conf: designed to break kABI
- commit 8b4ffca
- parisc: Fix HP SDC hpa address output (git-fixes).
- commit 810aa94
- parisc: Fix serio address output (git-fixes).
- commit 0f57ebf
- Input: do not use WARN() in input_alloc_absinfo() (git-fixes).
- commit 84da185
- Input: replace hard coded string with __func__ in pr_err()
(git-fixes).
- commit cda312b
- Input: convert autorepeat timer to use timer_setup()
(git-fixes).
- commit cbdf2f3
- Input: switch to using sizeof(*type) when allocating memory
(git-fixes).
- commit 8f71a2f
- Input: use seq_puts() in input_devices_seq_show() (git-fixes).
- commit 1b69f50
- Input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
- commit f2b9cd4
- blacklist.conf: blacklist drivers/input/touchscreen/stmfts.c
Support for this driver has been added in v4.13 with
78bcac7b2ae1e4f6e96c68ff353c140669ea231c, which we have
not taken in SLE12. Silence the scripts.
- commit 86c295f
- struct dwc3: move new members to the end (git-fixes).
- commit 09b2302
- usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init
during suspend/resume (git-fixes).
- Refresh
patches.suse/usb-dwc3-Disable-phy-suspend-after-power-on-reset.patch.
- commit d6a4fb0
- usb: dwc3: core: Call dwc3_core_get_phy() before initializing
phys (git-fixes).
- commit f2e20db
- usb: dwc3: core: initialize ULPI before trying to get the PHY
(git-fixes).
- commit ca7dae7
- README: remove copy of config and update the text (bsc#1191924)
* the config is copied by sequence_patch.
* it makes no sense to copy a file called "/default"/ to the build tree
anyway.
* update the text, so that prerequisites are pre-installed.
- commit aef2a28
- scripts/python-bugzilla: Apply SUSE Bugzilla URL
- commit 4e69d74
- scripts: Reduce repetitions of Bugzilla URL
Just use the DEFAULT_BZ as vendored with python-bugzilla.
(rpm/config.sh usually specifies BUGZILLA_SERVER but it has been ignored
so far, don't deviate from that).
- commit eb1f26e
- scripts/python-bugzilla: Apply SUSE patches to python-bugzilla
- commit 029c1e9
- scripts: Update scripts/bugzilla
Raw copy from [1] a7c324041175a4157823bc2332a046cc2a54d105.
To access the REST API add
[apibugzilla.suse.com]
api_key = your_api_key
to ~/.bugzillarc
[1] https://github.com/python-bugzilla/python-bugzilla
- commit ccf7f1d
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit ba1784c
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
(git-fixes).
- commit 6fe5958
- tracing: Fix stack trace event size (git-fixes).
- commit 6ddfce9
- ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
- commit f3f9c2c
- tracing: Use address-of operator on section symbols (git-fixes).
- commit ff93892
- trigger_next should increase position index (git-fixes).
- commit 6f1b4bf
- ftrace: fpid_next() should increase position index (git-fixes).
- commit c8a082f
- tracing: Set kernel_stack's caller size properly (git-fixes).
- commit b0151c0
- tracing: Adding NULL checks for trace_array descriptor pointer
(git-fixes).
- commit 08a9d55
- ftrace: Enable trampoline when rec count returns back to one
(git-fixes).
- Refresh
patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch.
- Refresh
patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch.
- commit c714737
- ftrace: Fix NULL pointer dereference in
free_ftrace_func_mapper() (git-fixes).
- commit 5646431
- blacklist.conf: add not-relevant ftrace fixes
- commit 5961e96
- blacklist.conf: add a kdb fix which breaks kABI
- commit 7191d79
- blacklist.conf: add a kbuild compiler options cleanup
- commit 5e6755f
- blacklist.conf: add not-relevant fixes for the switch_sched event
- commit ebfa63d
- blacklist.conf: Add upstream config paths.
- commit 55c391f
- xen-netfront: Fix hang on device removal (bsc#1206698).
- commit 619f87d
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 0c3e451
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(git-fixes, bsc#1207186).
- commit 29e41ae
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit b716c1e
- git_sort: add usb-linus branch for gregkh/usb
- commit ea34985
- audit: ensure userspace is penalized the same as the kernel
when under pressure (bsc#1204514).
- commit 424bf73
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 55a788e
- audit: improve robustness of the audit queue handling
(bsc#1204514).
- commit 6afddf3
- blacklist.conf: Add memcg unusable fixes
- Add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
- Add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers
- Add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
- Add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
- commit 6350151
- dm thin: Use last transaction's pmd->root when commit failed
(git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
(git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
enabled (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm btree: add a defensive bounds check to insert_at()
(git-fixes).
- floppy: Add max size check for user space request (git-fixes).
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (git-fixes).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(git-fixes).
- cryptoloop: add a deprecation warning (git-fixes).
- virtio-blk: Fix memory leak among suspend/resume procedure
(git-fixes).
- dm space maps: don't reset space map allocation cursor when
committing (git-fixes).
- block: only update parent bi_status when bio fail (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- Revert "/dm cache: fix arm link errors with inline"/ (git-fixes).
- nbd: fix a block_device refcount leak in nbd_release
(git-fixes).
- blk-cgroup: Pre-allocate tree node on blkg_conf_prep
(git-fixes).
- blk-cgroup: Fix memleak on error path (git-fixes).
- nbd: make the config put is called before the notifying the
waiter (git-fixes).
- blk-mq: insert request not through ->queue_rq into sw/scheduler
queue (git-fixes).
- bcache: fix super block seq numbers comparision in
register_cache_set() (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- blktrace: break out of blktrace setup on concurrent calls
(git-fixes).
- blktrace: fix endianness for blk_log_remap() (git-fixes).
- blktrace: fix endianness in get_pdu_int() (git-fixes).
- blktrace: use errno instead of bi_status (git-fixes).
- block/bio-integrity: don't free 'buf' if
bio_integrity_add_page() failed (git-fixes).
- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to
find a zone (git-fixes).
- ps3disk: use the default segment boundary (git-fixes).
- null_blk: fix spurious IO errors after failed past-wp access
(git-fixes).
- Revert "/blkdev: check for valid request queue before issuing
flush"/ (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq
(git-fixes).
- null_blk: Handle null_add_dev() failures properly (git-fixes).
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (git-fixes).
- dm bio record: save/restore bi_end_io and bi_integrity
(git-fixes).
- brd: check and limit max_part par (git-fixes).
- nbd: add a flush_workqueue in nbd_start_device (git-fixes).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
(git-fixes).
- block: fix memleak when __blk_rq_map_user_iov() is failed
(git-fixes).
- nbd: fix shutdown and recv work deadlock v2 (git-fixes).
- nbd:fix memory leak in nbd_get_socket() (git-fixes).
- rsxx: add missed destroy_workqueue calls in remove (git-fixes).
- nbd: verify socket is supported during setup (git-fixes).
- nbd: handle racing with error'ed out commands (git-fixes).
- nbd: fix possible sysfs duplicate warning (git-fixes).
- commit 13f6ec9
- nbd: fix max number of supported devs (git-fixes).
- Refresh for the above change,
patches.suse/0006-nbd-don-t-update-block-size-after-device-is-started.patch.
- commit 0c94304
- nbd: add missing config put (git-fixes).
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
- block/bio-integrity: fix a memory leak bug (git-fixes).
- nbd: fix crash when the blksize is zero (git-fixes).
- dm verity: use message limit for data block corruption message
(git-fixes).
- blk-mq: move cancel of requeue_work into blk_mq_release
(git-fixes).
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
- block, bfq: increase idling for weight-raised queues
(git-fixes).
- dm thin: add sanity checks to thin-pool and external snapshot
creation (git-fixes).
- zram: fix double free backing device (git-fixes).
- dm flakey: Properly corrupt multi-page bios (git-fixes).
- dm crypt: use u64 instead of sector_t to store iv_offset
(git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
- sunvdc: Do not spin in an infinite loop when vio_ldc_send()
returns EAGAIN (git-fixes).
- dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
- amiflop: clean up on errors during setup (git-fixes).
- swim: fix cleanup on setup error (git-fixes).
- drivers/block/zram/zram_drv.c: fix bug storing backing_dev
(git-fixes).
- nbd: handle unexpected replies better (git-fixes).
- nbd: don't requeue the same request twice (git-fixes).
- nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag
(git-fixes).
- commit 687c872
- block: add a lower-level bio_add_page interface (git-fixes).
- Refresh for the above change,
patches.suse/block-remove-bvec_to_phys.patch.
- commit 1c0212c
- dm: Use kzalloc for all structs with embedded biosets/mempools
(git-fixes).
- block/swim: Select appropriate drive on device open (git-fixes).
- block/swim: Fix IO error at end of medium (git-fixes).
- block/swim: Check drive type (git-fixes).
- block/swim: Rename macros to avoid inconsistent inverted logic
(git-fixes).
- block/swim: Don't log an error message for an invalid ioctl
(git-fixes).
- m68k/mac: Don't remap SWIM MMIO region (git-fixes).
- commit 7216c12
- blacklist.conf: Add hung task detector optimizations
- Add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
- Add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
- Add 168e06f7937d kernel/hung_task.c: force console verbose before panic
- Add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
- commit 106657e
- blacklist.conf: Add de5b55c1d4e3 stop_machine: Use raw spinlocks
- commit 70e34be
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit a70de61
- blacklist.conf: remove the following commits which will be
backported as git-fixes,
- f01b411f41f91fc3196eae4317cf8b4d872830a6
- 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit f91ec99
- blacklist.conf: add git-fixes commits which won't be backported
- commit b06014b
- ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames (bsc#1207168).
- commit cec1a9b
- blacklist.conf: Blacklist 307af6c87937
- commit c4d1659
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit e12f310
- mbcache: don't reclaim used entries (bsc#1198971).
- commit f6dfab7
- Update tags
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b091c25
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1207195).
- commit b48b001
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit e326580
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit f3bb269
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit d5cf3c0
- blacklist.conf: Blacklist c915fb80eaa6
- commit 4862158
- blacklist.conf: Blacklist 7159a986b420
- commit 8b03a93
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit ef0b25b
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 903c6ab
- udf: Check LVID earlier (bsc#1207108).
- commit 015783c
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit a391f82
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit 1573f9a
- udf: Limit sparing table size (bsc#1206643).
- commit 458f745
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit ae4803c
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit a21c3d0
- udf: Fix BUG on corrupted inode (bsc#1207107).
- commit 142aae1
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit 1fd21c3
- blacklist.conf: Blacklist dd5532a4994b
- commit 1a95452
- blacklist.conf: Blacklist 10f04d40a9fa
- commit 9db6570
- blacklist.conf: Blacklist 6fcbcec9cfc7
- commit a38aa89
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF}
quotactls (bsc#1207104).
- commit 9272ca4
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 9135482
- blacklist.conf: Blacklist 28ce50f8d96e
- commit 4884298
- isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
- commit e46cdb2
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 6127981
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 8e6d6a5
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
(bsc#1207102).
- commit 7338cee
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).
- commit d71d0e3
- blacklist.conf: Blacklist 5c099c4fdc43
- commit 665ce36
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 7faea59
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 0eea07e
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 7a14dda
- blacklist.conf: Blacklist d1052d236edd
- commit 0c9fa3b
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit bc2f14a
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 9a43afd
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit b5cdb98
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 49d324e
- blacklist.conf: Blacklist 613c5a85898d
- commit 54c3380
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit b7ada6c
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit c7f8ba9
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1198971).
- commit cd983c4
- blacklist.conf: Blacklist 6bc0d63dad7f
- commit eaa9493
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 7e9aa45
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- commit 2f31cd1
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit 84de60f
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit 65f415c
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 3e25d04
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit cc87a22
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit ede473e
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4f9eee6
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit 22a4adc
- ext4: don't BUG if someone dirty pages without asking ext4 first
(bsc#1207097).
- blacklist.conf: Blacklist ea_inode related commits
- commit 9502092
- blacklist.conf: Blacklist 5dccdc5a1916
- commit 4f5adf1
- blacklist.conf: Blacklist b5776e7524af
- commit f1a0a1a
- ext4: Detect already used quota file early (bsc#1206873).
- commit 87720a2
- blacklist.conf: Blacklist 11215630aada
- commit eb3396e
- blacklist.conf: Blacklist 8418897f1bf8
- commit 16639ef
- blacklist.conf: Blacklist 907ea529fc4c
- commit 6a4fc32
- blacklist.conf: Blacklist a17a9d935dc4
- commit a76a169
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit aba337c
- blacklist.conf: Blacklist c96e2b8564ad
- commit 49f777f
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 1cd40a2
- blacklist.conf: Blacklist f629afe3369e
- commit 2a1b322
- blacklist.conf: Blacklist 64d4ce892383
- commit ab3ecba
- blacklist.conf: Blacklist 65db869c754e
- commit bd9d268
- blacklist.conf: Blacklist 8c380ab4b7b5
- commit 6d50017
- ext4: prohibit fstrim in norecovery mode (bsc#1207094).
- commit 968ac45
- blacklist.conf: Blacklist 6c7328400e04
- commit 192eee8
- blacklist.conf: Blacklist ddccb6dbe780
- commit b7b4229
- ext4: clear mmp sequence number when remounting read-only
(bsc#1207093).
- commit 7957fbf
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
- commit 9556f87
- blacklist.conf: Blacklist couple of commits
- commit d7f2f6c
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit fcfa387
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 9f135a3
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit d23f0d2
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit db5c7ff
- blacklist.conf: add f6d061d61712 ("/kernel/module: Fix memleak in
module_add_modinfo_attrs()"/)
- commit adb3140
- README.BRANCH: Remove Petr Tesařík from README.BRANCH
Petr is no longer with SUSE, and the address bounces.
- commit a114688
- blacklist.conf: ppc radix hugepage ioremap
Add commits related to this feature we don't have on 4.12
- commit 30daa9a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc/smp: Set numa node before updating mask (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit 1c66115
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
(bsc#1065729).
- powerpc/futex: Fix warning: 'oldval' may be used uninitialized
in this function (bsc#1065729).
- Refresh patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch
- commit 3acc489
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
(bsc#1065729).
- powerpc/pseries/hvconsole: Fix stack overread via udbg
(bsc#1065729).
- powerpc/boot: Fix missing check of lseek() return value
(bsc#1065729).
- powerpc/traps: Fix the message printed when stack overflows
(bsc#1065729).
- powerpc/pseries: add of_node_put() in dlpar_detach_node()
(bsc#1065729).
- powerpc/pseries: Fix node leak in
update_lmb_associativity_index() (bsc#1065729).
- powerpc/powernv/eeh/npu: Fix uninitialized variables in
opal_pci_eeh_freeze_status (bsc#1065729).
- powerpc/mm: Make NULL pointer deferences explicit on bad page
faults (bsc#1065729).
- powerpc/xmon: fix dump_segments() (bsc#1065729).
- powerpc/64/module: REL32 relocation range check (bsc#1065729).
- powerpc/time: Fix clockevent_decrementer initalisation for PR
KVM (bsc#1065729).
- powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
(bsc#1065729).
- powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
(bsc#1065729).
- powerpc/boot: Disable vector instructions (bsc#1065729).
- powerpc/time: Use clockevents_register_device(), fixing an
issue with large decrementer (bsc#1065729).
- powerpc/xive: Move a dereference below a NULL test
(bsc#1065729).
- powerpc/64s/hash: Fix stab_rr off by one initialization
(bsc#1065729).
- powerpc/iommu: Avoid derefence before pointer check
(bsc#1065729).
- powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
- powerpc/boot: Fix 64-bit boot wrapper build with non-biarch
compiler (bsc#1065729).
- Refresh patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch
- commit 5dcb3e2
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 3922d2a
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit 5804d85
- arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
- commit 714ef7f
- arm64: smp: Handle errors reported by the firmware (git-fixes)
- commit 9d794c2
- blacklist.conf: ("/arm64: mm: Prevent mismatched 52-bit VA support"/)
- commit f1a361c
- arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
- commit 6cee162
- arm64: ftrace: don't adjust the LR value (git-fixes)
- commit eb42f1a
- arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes)
- commit c7b004f
- arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes)
- commit b2c772e
- arm64: makefile fix build of .i file in external module case (git-fixes)
- commit 195399e
- blacklist.conf: ("/arm64: percpu: Initialize ret in the default case"/)
- commit 4e64a56
- blacklist.conf: ("/arm64: lib: use C string functions with KASAN enabled"/)
- commit dd95ca4
- arm64: jump_label.h: use asm_volatile_goto macro instead of "/asm (git-fixes)
- commit eb342d8
- arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
- commit 14aabd0
- arm64: alternative: Use true and false for boolean values (git-fixes)
- commit 301b65d
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes)
- commit a25e150
- arm64: make secondary_start_kernel() notrace (git-fixes)
- commit 4106666
- blacklist.conf: ("/arm64: defconfig: Enable Rockchip io-domain driver"/)
- commit ad93c99
- arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes)
- commit e15bbd4
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
- commit 62841b2
- arm64: ptrace: remove addr_limit manipulation (git-fixes)
- commit e003877
- blacklist.conf: Add ppc fixes only applicable to 4.14
- commit 131a7b8
- blacklist.conf: Add reverted ppc commit
- commit a8b8b81
- NFS Handle missing attributes in OPEN reply (bsc#1203740).
- commit 5c8477f
- blacklist.conf: cosmetic fix
- commit 4cdceea
- blacklist.conf: cosmetic fix
- commit 0413215
- blacklist.conf: adds a WARN only
- commit f484812
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
loaded (git-fixes).
- commit c42a78e
- blacklist.conf: changes API
- commit df9a032
- blacklist.conf: powerpc watchdog implemented in 4.13
- commit 7400877
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 3059da1
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- Refresh patches.suse/powerpc-disable_fixed_phb_option.patch
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit e9baafc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit 445debb
- blacklist.conf: fixes for bugs we don't have
git-fixes suggests patches from a later LTS which are fixes for patches
that we don't have. So blacklist them.
- commit 7eacd62
- Refresh patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
This has landed in mainline so update commit info
- commit 102542f
- Refresh
patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch.
gcc pointed out to me a porting error in this patch
- commit 00a42ee
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFS: swap-out must always use STABLE writes (git-fixes).
- NFS: swap IO handling is slightly different for O_DIRECT IO
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- NFS: Correct size calculation for create reply length
(git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- sunrpc: fix crash when cache_head become valid before update
(git-fixes).
- fs: nfs: Fix possible null-pointer dereferences in
encode_attrs() (git-fixes).
- NFSv2: Fix write regression (git-fixes).
- NFSv2: Fix eof handling (git-fixes).
- NFS: Fix initialisation of I/O result struct in
nfs_pgio_rpcsetup (git-fixes).
- NFSv4: Fix return value in nfs_finish_open() (git-fixes).
- NFSv4: Fix return values for nfs4_file_open() (git-fixes).
- svcrdma: Ignore source port when computing DRC hash (git-fixes).
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
(git-fixes).
- nfsd: allow fh_want_write to be called twice (git-fixes).
- sunrpc: don't mark uninitialised items as VALID (git-fixes).
- nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
- nfs: Fix NULL pointer dereference of dev_name (git-fixes).
- NFS: nfs_compare_mount_options always compare auth flavors
(git-fixes).
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
(git-fixes).
- sunrpc: fix cache_head leak due to queued request (git-fixes).
- nfsd: fix a warning in __cld_pipe_upcall() (git-fixes).
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
(git-fixes).
- lockd: fix decoding of TEST results (git-fixes).
- SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
- flexfiles: enforce per-mirror stateid only for v4 DSes
(git-fixes).
- flexfiles: use per-mirror specified stateid for IO (git-fixes).
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
(git-fixes).
- SUNRPC: drop pointless static qualifier in
xdr_get_next_encode_buffer() (git-fixes).
- sunrpc: Fix connect metrics (git-fixes).
- SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
- NFSv4.x: fix lock recovery during delegation recall (git-fixes).
- SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
(git-fixes).
- NFSv4: Fix open create exclusive when the server reboots
(git-fixes).
- commit 25159f5
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit d06e561
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 3cb5d2f
- move new members of struct usbnet to end (git-fixes).
- commit 727de32
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- commit 22cc214
- media: Don't let tvp5150_get_vbi() go out of vbi_ram_default
array (git-fixes).
- commit 09471ab
- media: i2c: tvp5150: remove useless variable assignment in
tvp5150_set_vbi() (git-fixes).
- commit 0f3eff0
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit d5fc0df
- Add Tegra repository to git_sort.
- commit a3bc12e
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6849123
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- commit b2fe9de
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bcc09f1
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 7632b5d
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit b040831
- net: kalmia: fix memory leaks (git-fixes).
- commit c76568f
- net/usb/kalmia: use ARRAY_SIZE for various array sizing
calculations (git-fixes).
- commit fefbe90
- net: kalmia: clean up bind error path (git-fixes).
- commit ba39d56
- net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
- commit a8619f3
- net: usb: asix: init MAC address buffers (git-fixes).
- commit b22ad3e
- net: usb: asix: ax88772_bind return error when hw_reset fail
(git-fixes).
- Refresh
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch.
- commit 65076ad
- blacklist.conf: duplicate
- commit 5f7f532
- net: usb: rtl8150: demote allmulti message to dev_dbg()
(git-fixes).
- commit 117cf2b
- kABI: mitigate new ufs_stats field (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
(git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
(git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(git-fixes).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
PT2PT topology (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: megaraid: Fix error check return value of
register_chrdev() (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
(git-fixes).
- scsi: libiscsi: Fix UAF in
iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
(git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
"/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
(git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sr: Return correct event when media event code is 3
(git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
(git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
state (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in failfast state
(git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
(git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is
runtime ACTIVE (git-fixes).
- scsi: libiscsi: Fix NOP race condition (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
(git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
(git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
(git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
ufs_qcom_testbus_config() (git-fixes).
- scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
(git-fixes).
- commit 8407432
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit ad34c09
- scsi: ufs: Clean up completed request without interrupt
notification (git-fixes).
- Refresh
patches.suse/scsi-ufs-properly-release-resources-if-a-task-is-aborted-successfully.
- commit 47def13
- scsi: ufs: Improve interrupt handling for shared interrupts
(git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
(git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
(git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
(git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
(git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
(git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
(git-fixes).
- scsi: mpt3sas: Fix double free warnings (git-fixes).
- scsi: qedi: Fix termination timeouts in session logout
(git-fixes).
- scsi: qedi: Do not flush offload work if ARP not resolved
(git-fixes).
- scsi: iscsi: Report unbind session event when the target has
been removed (git-fixes).
- scsi: aacraid: Disabling TM path and only processing IOP reset
(git-fixes).
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
(git-fixes).
- scsi: Revert "/target: iscsi: Wait for all commands to finish
before freeing a session"/ (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
connections (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
(git-fixes).
- scsi: ufs: Complete pending requests in host reset and restore
path (git-fixes).
- scsi: libcxgbi: fix NULL pointer dereference in
cxgbi_device_destroy() (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: target: iscsi: Wait for all commands to finish before
freeing a session (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: pm80xx: Fix for SATA device discovery (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
(git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
(git-fixes).
- scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
(git-fixes).
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
(git-fixes).
- scsi: sni_53c710: fix compilation error (git-fixes).
- scsi: scsi_dh_alua: handle RTPG sense code correctly during
state transitions (git-fixes).
- scsi: megaraid: disable device when probe failed after enabled
device (git-fixes).
- scsi: ufs: skip shutdown if hba is not powered (git-fixes).
- scsi: core: Reduce memory required for SCSI logging (git-fixes).
- scsi: hpsa: correct scsi command status issue after reset
(git-fixes).
- commit 01813b3
- scsi: scsi_dh_alua: always use a 2 second delay before retrying
RTPG (git-fixes).
- Refresh
patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch.
- commit 37a1f9a
- scsi: megaraid_sas: fix panic on loading firmware crashdump
(git-fixes).
- scsi: libcxgbi: add a check for NULL pointer in
cxgbi_check_route() (git-fixes).
- scsi: qedi: Abort ep termination if offload not scheduled
(git-fixes).
- scsi: ufs: Fix regulator load and icc-level configuration
(git-fixes).
- scsi: ufs: Avoid configuring regulator with undefined voltage
range (git-fixes).
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
(git-fixes).
- scsi: qla4xxx: fix a potential NULL pointer dereference
(git-fixes).
- scsi: iscsi: flush running unbind operations when removing a
session (git-fixes).
- scsi: megaraid_sas: reduce module load time (git-fixes).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
(git-fixes).
- scsi: libsas: Check SMP PHY control function result (git-fixes).
- scsi: 53c700: pass correct "/dev"/ to dma_alloc_attrs()
(git-fixes).
- scsi: ufs: Fix system suspend status (git-fixes).
- scsi: qla4xxx: check return code of
qla4xxx_copy_from_fwddb_param (git-fixes).
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
free_irq during unload (git-fixes).
- scsi: libiscsi: Fix NULL pointer dereference in
iscsi_eh_session_reset (git-fixes).
- scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
- scsi: dc395x: fix dma API usage in srb_done (git-fixes).
- scsi: iscsi_tcp: Explicitly cast param in
iscsi_sw_tcp_host_get_param (git-fixes).
- scsi: isci: Change sci_controller_start_task's return type to
sci_status (git-fixes).
- scsi: isci: Use proper enumerated type in
atapi_d2h_reg_frame_handler (git-fixes).
- scsi: ips: fix missing break in switch (git-fixes).
- scsi: NCR5380: Check for bus reset (git-fixes).
- scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
- scsi: NCR5380: Don't call dsprintk() following reselection
interrupt (git-fixes).
- scsi: NCR5380: Don't clear busy flag when abort fails
(git-fixes).
- scsi: NCR5380: Check for invalid reselection target (git-fixes).
- scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
(git-fixes).
- scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
(git-fixes).
- scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
- scsi: NCR5380: Clear all unissued commands on host reset
(git-fixes).
- scsi: pm80xx: Fixed system hang issue during kexec boot
(git-fixes).
- scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
- scsi: sd: don't crash the host on invalid commands (git-fixes).
- scsi: ibmvscsis: Ensure partition name is properly NUL
terminated (git-fixes).
- scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
- scsi: 3ware: fix return 0 on the error path of probe
(git-fixes).
- scsi: vmw_pvscsi: Return DID_RESET for status
SAM_STAT_COMMAND_TERMINATED (git-fixes).
- scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
- scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
(git-fixes).
- commit 629211b
- blacklist.conf: add git-fix commits to black list
- commit 77cd26b
- drm/amdkfd: Check for null pointer after calling kmemdup
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit d5c766f
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit 060c52f
- blacklist.conf: Risky, requires reworking of mempolicies
- commit f553475
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit d2abfa4
- blacklist.conf: fixes for old ftrace bugs, too intrusive
- commit 16e8a4b
- blacklist.conf: afs fixes which is not compiled
- commit e4c8294
- tracing: Fix code comments in trace.c (git-fixes).
- commit ec2222c
- blacklist.conf: code style cleanup for kernel/module
- commit 4ec89b1
- blacklist.conf: cosmetic fix
- commit 69fb632
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- commit d54a6b7
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit 2e65110
- blacklist.conf: removes an API
- commit e61353f
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- commit f421241
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- s390/qeth: fix deadlock during failing recovery (bsc#1206213
LTC#200742).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1206213
LTC#200742).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
(git-fixes).
- s390: appldata depends on PROC_SYSCTL (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static
build (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390/qeth: remove driver-wide workqueue (bsc#1206213
LTC#200742).
- s390/qeth: don't defer close_dev work during recovery
(bsc#1206213 LTC#200742).
- commit 1acccf5
- Delete and blacklist
patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch.
- commit 26d92fb
- blacklist.conf: add 6f390916c4fb KVM: s390: Ensure
kvm_arch_no_poll() is read once when blocking vCPU
- commit d8badd9
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 014ac33
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 4f96478
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- commit 0f3ab2f
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 707f425
- Delete
patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch
and add it to blacklist.conf instead, as the patch breaks shadow page
tables for KVM guests without any real other gain (bsc#1205234).
- commit afc147a
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
Fix up after merge from cve/4.12. The patch can be closer to upstream in
12sp5 as we have more than in the cve branch.
- commit c316a9f
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit 54d8403
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 0a9d163
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 1430849
- cuse: prevent clone (bsc#1206120).
- fuse: don't check refcount after stealing page (bsc#1206119).
- fuse: retrieve: cap requested size to negotiated max_write
(bsc#1206118).
- fuse: use READ_ONCE on congestion_threshold and max_background
(bsc#1206117).
- commit 04cffe1
- blacklist.conf: added 4a6f278d4827 ("/fuse: add file_modified() to fallocate"/)
- commit 02645f1
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit 1051f51
- blacklist.conf: add hamradio
- commit 099ae10
- net: hns3: fix kernel crash when unload VF while it is being
reset (git-fixes).
- commit ae4bc46
- net: smsc911x: Fix unload crash when link is up (git-fixes).
- commit 5d0ae5f
- i40e: Fix kernel crash during module removal (git-fixes).
- commit 5410efd
- i40e: Fix reset path while removing the driver (git-fixes).
- commit a60eb44
- net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
- commit 9864107
- net: aquantia: Fix actual speed capabilities reporting
(git-fixes).
- Refresh
patches.suse/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch.
- commit 4b16854
- gianfar: Disable EEE autoneg by default (git-fixes).
- commit e3da720
- net: ethernet: arc: fix error handling in emac_rockchip_probe
(git-fixes).
- commit a60d1e6
- sfp: fix RX_LOS signal handling (git-fixes).
- commit e49032c
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(git-fixes).
- commit 1a4980e
- xen-netfront: remove warning when unloading module (git-fixes).
- commit 8066ddd
- macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
- commit fdbdae5
- macsec: check return value of skb_to_sgvec always (git-fixes).
- commit 958f55b
- blacklist.conf: Add 51bee5abeab2 cgroup/pids: turn cgroup_subsys->free()
into cgroup_subsys->release() to fix the accounting
- commit 5bcd4d4
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 6514e10
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 9837fc7
- blacklist.conf: Add 45e1ba40837a cgroup: disable controllers at parse
time
- commit ccb9bf4
- blacklist.conf: Add threaded cgroups related patches
The come from stable-4.14, thus not relevant for us.
(One more cgroup patch added that's unneeded too.)
- commit dbc5a4e
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- Refresh
patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit e452934
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit cf52a0b
- add missing bug reference to a hv_netvsc patch file (bsc#1204850).
- commit e38a906
- blacklist.conf: add 72791ac854fea3
- commit f0edb3e
- blacklist.conf: add 5c13a4a0291b3019
- commit 2149313
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit 4bead56
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 3e8dd4e
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit 392a5ef
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit df41542
- blacklist.conf: add e8240addd0a3919e
- commit 5c7763d
- blacklist.conf: add 0f4558ae91870692c
- commit 480f3db
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit b478418
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit d9798f7
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit 05697f5
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit d643b77
- xen/blkback: fix memory leaks (git-fixes).
- commit 0f8219d
- blacklist.conf: add bce5963bcb4f
- commit 898778b
- Revert "/xen/balloon: Mark unallocated host memory as UNUSABLE"/
(git-fixes).
- blacklist.conf: remove added patch
- Refresh
patches.suse/0001-Revert-xen-balloon-Fix-crash-when-ballooning-on-x86-.patch.
- commit e16cca1
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL
usage (git-fixes).
- Refresh
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch.
- commit 51c6261
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- rename patch file and move it to the sorted section.
- commit a55d114
- xen/balloon: fix balloon initialization for PVH Dom0
(git-fixes).
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack-take-two.patch.
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack.patch.
- commit 5ba6e04
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit b8c3c6e
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit bfe3d11
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 7a7fe44
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 0d3422a
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit 0c5b296
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit 99af98d
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc567fb
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit c08cb70
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit 0cbe5b2
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit c25f15f
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit c306d38
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit a0adbc7
- xen-blkback: prevent premature module unload (git-fixes).
- commit cf8ca9e
- x86/xen: Return from panic notifier (git-fixes).
- commit 79e25ba
- xen/efi: Set nonblocking callbacks (git-fixes).
- commit c90ddf2
- xen/pciback: remove set but not used variable 'old_state'
(git-fixes).
- commit 9bb95c7
- always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
- commit 0e5993e
- xen/pciback: Check dev_data before using it (git-fixes).
- commit 1cda86e
- kprobes/x86/xen: blacklist non-attachable xen interrupt
functions (git-fixes).
- commit c21b175
- net: xen-netback: fix return type of ndo_start_xmit function
(git-fixes).
- commit 7ad3ae2
- xen/scsiback: add error handling for xenbus_printf (git-fixes).
- commit 7517554
- xen: add error handling for xenbus_printf (git-fixes).
- commit e858168
- xen: xenbus: use put_device() instead of kfree() (git-fixes).
- commit fe0b840
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205908).
- ceph: fix fscache invalidation (bsc#1205907).
- ceph: fix potential race in ceph_check_caps (bsc#1205906).
- ceph: don't skip updating wanted caps when cap is stale
(bsc#1205905).
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
(bsc#1205904).
- ceph: check availability of mds cluster on mount after wait
timeout (bsc#1205903).
- ceph: return -EINVAL if given fsc mount option on kernel w/o
support (bsc#1205902).
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
(bsc#1205901).
- commit 24952fe
- mm, swap, frontswap: fix THP swap if frontswap enabled
(git-fixes).
- commit 61f5d01
- blacklist.conf: added xen/pvcalls related patches, as driver not in 4.12
- commit f9877af
- xen/grant-table: Use put_page instead of free_page (git-fixes).
- Refresh
patches.suse/xen-gnttab-fix-gnttab_end_foreign_access-without-pag.patch.
- Refresh
patches.suse/xen-grant-table-add-gnttab_try_end_foreign_access.patch.
- commit 5a79925
- xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
- commit e0b8207
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/gntdev: Fix off-by-one error when unmapping with holes
(git-fixes).
- commit 309e553
- xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
- commit c11ca0a
- Refresh
patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
Update upstream status and move to sorted section.
- commit f034897
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit 3d8bb62
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 1a498e7
- usb: dwc3: gadget: only unmap requests from DMA if mapped
(git-fixes).
- Refresh
patches.suse/0001-usb-dwc3-gadget-Clear-req-needs_extra_trb-flag-on-cl.patch.
- Refresh
patches.suse/usb-dwc3-gadget-never-call-complete-from-ep_queue.patch.
- commit 5538962
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- commit 8363ff1
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit dd1508b
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit bc92371
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 20328af
- blacklist.conf: Do not backport an intrusive KVM/S390 fix.
- commit dc91df6
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- KVM: s390: fix memory slot handling for
KVM_SET_USER_MEMORY_REGION (git-fixes).
- commit 91dd7c2
- scripts/git_sort/git_sort.py: Add arm-soc for-next tree.
- commit e5f5f10
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit 2d196d4
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit 502b5e0
- blacklist.conf: not enabled
- commit 62afe05
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit e6e2ec1
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit ed9d761
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- Documentation: dm writecache: Render status list as list
(git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- PM: hibernate: fix sparse warnings (git-fixes).
- dm mpath: remove harmful bio-based optimization (git-fixes).
- blk-mq: add callback of .cleanup_rq (git-fixes).
- commit a1e0c0c
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit b1b4277
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit dc177c9
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 86c9eae
- media: mceusb: do not read data parameters unless required
(git-fixes).
- commit a5b2d37
- [media] mceusb: TX -EPIPE (urb status = -32) lockup fix
(git-fixes).
- commit 4fa96ff
- [media] mceusb: RX -EPIPE (urb status = -32) lockup failure fix
(git-fixes).
- commit 4ed839f
- [media] mceusb: fix inaccurate debug buffer dumps, and
misleading debug messages (git-fixes).
- Refresh
patches.suse/media-mceusb-fix-memory-leaks-in-error-path.patch.
- commit dec0bf7
- [media] mceusb: sporadic RX truncation corruption fix
(git-fixes).
- commit e1eba54
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 90f5154
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 9d86fe0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit c275921
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 92ed14c
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 18f5fc2
- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv,
send}msg() (bsc#1204414 CVE-2022-3567).
- commit ed98ad2
- ipv6: provide and use ipv6 specific version for {recv, send}msg
(bsc#1204414 CVE-2022-3567).
- commit f8fc818
- inet: factor out inet_send_prepare() (bsc#1204414
CVE-2022-3567).
- commit 2f26c25
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1065729).
- commit 4db02b2
- blacklist.conf: Add fixes for unsupported platforms
- commit 05248b6
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit 9676102
- blacklist.conf: Add bd31ecf44b8e KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
- commit ec74f0b
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (git-fixes).
- commit c7f58f1
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- Refresh patches.suse/do-not-default-to-ibrs-on-skl.patch.
- commit ca7c19a
- media: ite-cir: IR receiver stop working after receive overflow
(git-fixes).
- commit 0a8d27b
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(git-fixes).
- commit 069a7c2
- Update metadata references
- commit 61da8f0
- blacklist.conf: build fix
- commit 42d485b
- media: mceusb: sanity check for prescaler value (git-fixes).
- commit ba3bebc
- blacklist.conf: duplicate
- commit d529ebe
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
- EAGAIN for nowait (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- bfq: Update cgroup information before merging bio (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- nbd: don't update block size after device is started
(git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
(git-fixes).
- block: respect queue limit of max discard segment (git-fixes).
- null_blk: Fix the null_add_dev() error path (git-fixes).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
- block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
- commit a6dd16c
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
- commit 8b26e24
- blacklist.conf: add 2 pervasive git-fixes
- commit 0bf3c41
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 52db277
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 2ee27a4
- hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
- x86/hyperv: Set pv_info.name to "/Hyper-V"/ (git-fixes).
- hv_netvsc: Sync offloading features to VF NIC (git-fixes).
- commit 4a8a7a9
- net: ethernet: ti: ale: fix seeing unreg mcast packets with
promisc and allmulti disabled (git-fixes).
- commit 940ee30
- net/mlx5: E-Switch, Hold mutex when querying drop counter in
legacy mode (git-fixes).
- commit 2e07a05
- bnxt_en: Free context memory after disabling PCI in probe
error path (git-fixes).
- commit 720cc36
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
(git-fixes).
- commit 9d7339e
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- commit 20e8907
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
Refresh patches.suse/0018-KVM-arm64-Add-templates-for-BHB-mitigation-sequences.patch
Refresh patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
- commit 043a003
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(git-fixes).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
- s390/qeth: vnicc Fix init to default (git-fixes).
- s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
- s390/qeth: fix false reporting of VNIC CHAR config failure
(git-fixes).
- s390/qeth: Fix initialization of vnicc cmd masks during set
online (git-fixes).
- s390/qeth: Fix error handling during VNICC initialization
(git-fixes).
- commit 6e472df
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
(git-fixes).
- vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
- commit 76839b9
- Refresh
patches.suse/Fix-releasing-of-old-bundles-in-xfrm_bundle_lookup-b.patch.
- commit 374b5d5
- blacklist.conf: cleanup intended to break kABI
- commit c84e993
- usb: chipidea: udc: check request status before setting device
address (git-fixes).
- commit cb47b3a
- usb: musb: Fix suspend with devices connected for a64
(git-fixes).
- commit f48dc12
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
- commit b1650a6
- net: hns3: disable sriov before unload hclge layer (git-fixes).
- commit d345db6
- net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
- commit 48b09a8
- net: hns3: reset DWRR of unused tc to zero (git-fixes).
- commit 8875465
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- commit 0db1cd8
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- commit aefa3aa
- can: rcar_can: fix suspend/resume (git-fixes).
- commit 132b32d
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- commit a0a50ea
- i40e: fix endless loop under rtnl (git-fixes).
- commit 0544181
- phy: mdio: fix memory leak (git-fixes).
- commit a953b17
- Revert "/net: mdiobus: Fix memory leak in __mdiobus_register"/ (git-fixes).
- commit 8056426
- net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
- commit 97ee07d
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- commit 4f15909
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- commit cc79b14
- net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
- commit 09955f8
- net: hns3: check vlan id before using it (git-fixes).
- commit bfc3c2e
- net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
- commit c549aee
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 5162019
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 4db2648
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- commit d145d85
- ptp: dp83640: don't define PAGE0 (git-fixes).
- commit ba826c9
- natsemi: sonic: stop calling netdev_boot_setup_check
(git-fixes).
- commit 3ddf5c6
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- commit 590981e
- blacklist.conf: update blacklist
- commit e42313e
- blacklist.conf: update blacklist for git-fixes commits
- commit 3de45db
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit aefe870
- bnxt_en: Clean up completion ring page arrays completely
(git-fixes).
- commit 39641b0
- bnxt_en: Don't use static arrays for completion ring pages
(git-fixes).
- commit 7ae4ad6
- bnxt_en: Increase maximum RX ring size if jumbo ring is not used
(git-fixes).
- commit 8ab9e71
- net: natsemi: Fix missing pci_disable_device() in probe and
remove (git-fixes).
- commit b1e1228
- sis900: Fix missing pci_disable_device() in probe and remove
(git-fixes).
- commit 9b32829
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (git-fixes).
- commit 1916370
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- commit 91f7e82
- net/mlx5: Fix flow table chaining (git-fixes).
- commit 50c9e7c
- NIU: fix incorrect error return, missed in previous revert
(git-fixes).
- commit 697aa31
- ixgbe: Fix packet corruption due to missing DMA sync
(git-fixes).
- commit 523784f
- net: ti: fix UAF in tlan_remove_one (git-fixes).
- commit 0aebd34
- net: qcom/emac: fix UAF in emac_remove (git-fixes).
- commit 5b6315c
- net: moxa: fix UAF in moxart_mac_probe (git-fixes).
- commit cf3a72b
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
(git-fixes).
- commit 9d4ba6f
- igb: Fix position of assignment to *ring (git-fixes).
- commit 3c1202a
- igc: change default return of igc_read_phy_reg() (git-fixes).
- commit df2e2f4
- igc: Fix use-after-free error during reset (git-fixes).
- commit 251ef5a
- virtio_net: move tx vq operation under tx queue lock
(git-fixes).
- commit 90eec50
- vxlan: add missing rcu_read_lock() in neigh_reduce()
(git-fixes).
- commit 156a458
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 8b83e49
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 2da1970
- ice: Increase control queue timeout (git-fixes).
- commit 5d9b03d
- blacklist.conf: update blacklist
- commit e370582
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729).
- commit 3b44e8a
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- commit cdf529c
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit 7c13cdf
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit da95687
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 10722c0
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 924938c
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: define get_cycles macro for arch-override (git-fixes).
- commit f757324
- blacklist.conf: s390: No need to fix VSIE.
- commit 0194543
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
guests (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
- commit 63379a7
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 28012b2
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit 284cbb1
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit fa89806
- blacklist.conf: livepatch: 32-bit only
- commit 4273e1d
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit 2506784
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit 6135eb4
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit b8d4061
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 9169c2c
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit da87a2f
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 56e3837
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit f6b96f7
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 3e65661
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit d91da96
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit a0bbb4b
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit 2dbafe6
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit fda3a5b
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 2778e59
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 3e162e8
- i40e: improve locking of mac_filter_hash (git-fixes).
- commit 143807c
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- commit a0ef80c
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- commit 3f4f3ee
- ppp: Fix generating ppp unit id when ifname is not specified
(git-fixes).
- commit 8e47822
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
(git-fixes).
- commit 8d0bcb7
- net: dsa: mt7530: add the missing RxUnicast MIB counter
(git-fixes).
- commit 57a9699
- net: vxge: fix use-after-free in vxge_device_unregister
(git-fixes).
- commit 1d9b679
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit 13c92ff
- net: mvpp2: Put fwnode in error case during ->probe()
(git-fixes).
- commit ec00850
- net/mlx5e: Remove dependency in IPsec initialization flows
(git-fixes).
- commit e587509
- net/mlx4: Fix EEPROM dump support (git-fixes).
- commit ebb3264
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit 24bcdc7
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit 021da5e
- bnxt_en: Fix RX consumer index logic in the error path
(git-fixes).
- commit f39a791
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 4bee41d
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit e0d8a19
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit cc02dbe
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 8a11cdd
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- commit 5965441
- i40e: Fix overwriting flow control settings during driver
loading (git-fixes).
- commit a33b4c7
- i40e: Fix flow for IPv6 next header (extension header)
(git-fixes).
- commit b64f750
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- commit b2e387c
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 366a419
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit 50da091
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit b7ab28e
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 183da9c
- bnxt_en: reverse order of TX disable and carrier off
(git-fixes).
- commit d1661a3
- blacklist.conf: update blacklist
- commit 379051a
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 9910802
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- commit a1cf7e6
- Input: gscps2 - check return value of ioremap() in
gscps2_probe() (git-fixes).
- commit 2ec370b
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 0ac14cd
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- commit 3f2ce02
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 8a8ede5
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit 2edb1f4
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 0ea44f9
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit be1109d
- USB: serial: ch341: fix lockup of devices with limited prescaler
(git-fixes).
- Refresh
patches.suse/Revert-USB-serial-ch341-add-new-Product-ID-for-CH341.patch.
- Refresh
patches.suse/USB-serial-ch341-sort-device-id-entries.patch.
- commit 4dd7140
- USB: serial: ch341: fix receiver regression (git-fixes).
- commit c932590
- USB: serial: ch341: reimplement line-speed handling (git-fixes).
- commit b324632
- USB: serial: ch341: add basis for quirk detection (git-fixes).
- commit 113d16b
- blacklist.conf: duplicate of b4a64ed6e7b857317070fcb9d87ff5d4a73be3e8
- commit ff064ba
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit ee0dc75
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit ece443c
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- commit d234200
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit cf0c998
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit 16163cf
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit d20af40
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 5b67fc6
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit d14e803
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit 92746cd
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ffa0698
- Update metadata references
- commit 090bf0c
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit baac8bc
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit a6ab2c6
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- commit f308a7a
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- commit 1416c1e
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- Refresh patches.suse/USB-serial-option-add-Quectel-RM520N.patch.
- commit 891a8cf
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- commit a94c0a4
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- commit b4e5f08
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 0f4a423
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 07bccdc
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit ef2b928
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit a313609
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit baac9c4
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8a3b61b
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
(bsc#1200788 CVE-2022-2153).
- commit 661c2ce
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 3a9cc04
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit c6701d7
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 0d160b3
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit b4f4125
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit 95457fb
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203142 LTC#199883).
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (bsc#1203198 LTC#199898).
- commit 8606330
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit 73e670f
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 6bd6b60
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 729cf0b
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 95fbcd2
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit 61ed64b
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 469e1ea
- blacklist.conf: ignore unwanted nfs/md patches
- commit 968a253
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
(bnc#1203802).
- commit 51d1632
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit 9735897
- s390: fix double free of GS and RI CBs on fork() failure
(bsc#1203254 LTC#199911).
- s390/guarded storage: simplify task exit handling (bsc#1203254
LTC#199911).
- commit 33e512e
- arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
- commit cab7952
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit dd58489
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit e991b90
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
since it breaks the build
- commit 253e49e
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 0516b01
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(bsc#1203322 CVE-2022-40307).
- commit 8166d5e
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit b440061
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit d6070f7
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e024e1e
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 88f61a5
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
Backporting notes:
* context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
Backporting notes:
* context changes
* config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
Backporting notes:
* test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
(git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
'[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
(git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(git-fixes).
- commit 2a4a3b7
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 510678c
- xfs: enable big timestamps (bsc#1203387).
- commit f5ecebd
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- scripts/CKC: don't output from shopt
shopt outputs the status of the flag, so that git grep looks like:
git grep -qi 'nocasematch off
^References:.*bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches.*'
I don't know how it can work (it does -- maybe thanks to ^), but it's
not definitely OK.
So make shopt in term2regex() quiet.
- commit 9ca71fb
- scripts/CKC: store local branches with $USER prefix
So that on shared machines, it can be overwritten when expires.
- commit 1dae151
- scripts/CKC: speed up the git-grep
Search only in patches.*. I.e. skip especially all those large kabi
files.
The speedup is significant:
real 1m28,309s
to:
real 0m57,260s
- commit 2ea817a
- scripts/CKC: simplify print_branch
AFAIU, it's simply:
printf "/%-23s"/
- commit ec10bb9
- scripts/CKC: test accepts only =, not ==
And put $1 into "/"/ too.
- commit acae7f9
- scripts/CKC: Don't use empty branches file
Don't use it and don't write neither.
- commit 311b204
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit a71ecee
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit de56df3
- xfs: preserve default grace interval during quotacheck
(bsc#1203387).
- commit 32fdbbb
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit ea13b52
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit 31e0e71
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit 852ad51
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit 0ca10b2
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit fdfb081
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 480b158
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit 477c587
- xfs: account finobt blocks properly in perag reservation
(bsc#1203387).
- commit 2390201
- powerpc: Use device_type helpers to access the node type
(bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- Refresh for the above patch added in,
blacklist.conf: remove the above patch from blaclist.conf
patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit b644c0f
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still be possible
to do so that the mitigation can still be disabled on Intel who don't
use the return thunks but IBRS.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
(bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
(bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
(git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
again (git-fixes).
- Refresh
patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
with actual upstream version of this commit, which makes it apply
correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- scripts/python/suse_git/header.py: Catch the use of "/Not yet, submitted"/
Also add a test case for it.
For submitted patches, you should use "/Patch-mainline: Submitted"/
rather than "/Not yet, submitted"/. Enforce this in check-patchhdr so
that such mistakes are caught earlier.
- commit 475b64b
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
(git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
(git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
(git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
(git-fixes).
- commit 2cdb167
- scripts/CKC: Search also CVE and generic references
Sometimes it's useful to check that references exits, not the commit
itself.
- commit c34e0ed
- scripts/CKC: Make checker more specific
- commit 5cdb9a3
- scripts/CKC: Make checker script download branches.conf
Requires curl, downloads and caches the branches.conf file.
- commit e7c8885
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- scripts/CKC: Modify check-kernel-commit to parse branches.conf
Thus we can use the same source of truth.
- commit 0c2b4b3
- git_sort: Check if Patch-mainline tag exists
If Patch-mainline and Git-commit tags are missing in the patch, sort script
will fail with:
IndexError: list index out of range
This change ensures that Patch-mainline tag is present and if not, raise
an error to warn the user.
- commit 10d17a7
- scripts: Add helper script to search commit presence in kernel-source
The helper can have various uses. Checking for CVE patches is on of the
existing use cases.
This version of the script relies on file with branches to check.
It will be modified to be interoperable with branches.conf.
- commit 809939e
- Update
patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
(git-fixes, bsc#1203098).
- commit 3881fc3
- x86: link vdso and boot with -z noexecstack
- -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
(bsc#1203200).
- commit 7e1d602
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit 7253cd6
- git_sort: update netfilter repositories
The official URL of netfilter repositories (nf and nf-next) was changed by
mainline commit 1f6339e034d5 ("/MAINTAINERS: netfilter: update git links"/)
and the old repositories (with "/pablo"/) have not been updated since
May 2022.
- commit 33c6a43
- fuse: limit nsec (bsc#1203126).
- commit 4695dc9
- blacklist.conf: add 2fdbb8dd0155 to blacklist
- commit 374db7c
- objtool: Track original function across branches (bsc#1202396).
- Refresh
patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- Refresh
patches.suse/objtool-make-bp-scratch-register-warning-more-robust.patch.
- commit d5d2614
- objtool: Don't use ignore flag for fake jumps (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- commit 3c1c10e
- objtool: Add --backtrace support (bsc#1202396).
- Refresh
patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- commit 59346c1
- objtool: Set insn->func for alternatives (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- Refresh
patches.suse/objtool-add-relocation-check-for-alternative-sections.patch.
- commit 55a9c4c
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit 9b79372
- mm/rmap.c: don't reuse anon_vma if we just want a copy
(git-fixes, bsc#1203098).
- commit d3fffdb
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
When a cookie is received and SSH authentication is not used osc_wrapper
crashes with message:
Can't use an undefined value as a symbol reference at MyBS.pm line 290.
Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- blacklist.conf: add c5deb27895e0, as no fix is needed (problem can't occur)
- commit d29d53a
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit 7fc364d
- Update
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Update
patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
Add missing objtool annotations from upstream commits to fix bsc#1202396.
- commit 8f6e21f
- KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP (git-fixes).
- commit 3b2de9e
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks (git-fixes).
- commit beb4e5a
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- commit df2ab3a
- objtool: Add support for intra-function calls (bsc#1202396).
- commit 72c2448
- objtool: Remove INSN_STACK (bsc#1202396).
- commit df6f4c2
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit 696a729
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit 9614631
- objtool: Fix ORC vs alternatives (bsc#1202396).
- commit 7725f8e
- objtool: Uniquely identify alternative instruction groups
(bsc#1202396).
- commit cad8676
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- commit f556567
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- commit 7537bdc
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit b0b1864
- objtool: Rename struct cfi_state (bsc#1202396).
- commit f1ccddb
- objtool: Support multiple stack_op per instruction
(bsc#1202396).
- commit bd1355d
- objtool: Support conditional retpolines (bsc#1202396).
- commit 7d5809e
- objtool: Convert insn type to enum (bsc#1202396).
- commit 1160056
- objtool: Rename elf_open() to prevent conflict with libelf
from elftoolchain (bsc#1202396).
- commit c167b3d
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- commit fc37030
- squashfs: fix xattr id and id lookup sanity checks
(bsc#1203013).
- commit e118d89
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- commit 6748621
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- commit da5fa15
- cifs: move from strlcpy with unused retval to strscpy
(bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
(bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
(bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
(bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
(bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
(bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
(bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
(bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
(bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
(bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
(bsc#1190317).
- commit de5bdb2
- objtool: Fix sibling call detection (bsc#1202396).
- commit 7a3804d
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- commit 34b4ec9
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
CVE-2022-3028).
- commit e68eb5b
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit c9ac9a2
- tar-up.sh: Include kernel signature in OBS upload.
It is not clear that OBS can handle uncompressed tar signatures but it
can still be verified manually.
- commit cb24650
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit d995183
- scripts: Verify tarball signature before use.
While there are Linux tarballs provided in standard location on many
machines it is not clear where these mirrors are mounted from, how
secure was the mirroring proccess, and the storage itself.
For local testing it is faster to use git but for OBS builds we want
the upstream tarballs to get bit-identical tarball files, and then we
also want the verification to ensure integrity of the mirror.
xz compressions is not completely deterministic, and while the tarball
content should be the same the bit representation varies. When
uploadiong to OBS it is desirable to use bit-identical files to prevent
OBS storing multiple big files with the same content inside but not
apparently identical.
- commit a075c40
- module: change to print useful messages from
elf_validity_check() (git-fixes).
- commit aa3765e
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit 99976e2
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit cbbd572
- module: harden ELF info handling (git-fixes).
- Refresh
patches.suse/0001-module-warn-if-module-init-probe-takes-long.patch.
- Delete
patches.suse/0005-modsign-print-module-name-along-with-error-message.patch
(info->mod->name is no longer available in module_sig_check() due to
the backported patch).
- commit 6bb95a5
- powerpc/perf: Add privileged access check for thread_imc
(FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in
(FATE#322448, bsc#1054914, git-fixes).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo)
(FATE#322448, bsc#1054914, git-fixes).
- Refresh patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch
- commit 0095cdd
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
(bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
(bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(bsc#1190317).
- commit d9eafa4
- ceph: don't truncate file in atomic_open (bsc#1202830).
- commit 5d95105
- cifs: change smb2_query_info_compound to use a cached fid,
if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
(bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- Backport causes crashes on all arches so revert the patch until
I find the root cause
- commit 83c44b2
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
(bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
(bsc#1190317).
- commit 5777710
- check sk_peer_cred pointer before put_cred() call
- commit 78087f4
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
path is empty (bsc#1190317).
- commit 11e7725
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
bsc#1202672).
- commit 743f12e
- net: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit c37013b
- Drop the unused function after porting on 4.12
- commit a8cf8a3
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
functions (git-fixes).
- commit 977d6ab
- blacklist.conf: update blacklist
- commit 185c40c
- mvpp2: fix panic on module removal (git-fixes).
- commit 7f3079c
- mvpp2: refactor the HW checksum setup (git-fixes).
- commit 8ea5b04
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- commit 10e6082
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- commit 9697304
- blacklist.conf: update blacklist
- commit 46ff3d0
- fuse: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit cb0be42
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit cfbed38
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit 851ec16
- tracing/uprobes: Check the return value of kstrdup() for
tu->filename (git-fixes).
- commit 8dca833
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
tracing (git-fixes).
- commit 7aa1321
- xprtrdma: Fix trace point use-after-free race (git-fixes).
- commit a8b511a
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- commit 2512414
- tracing/perf: Use strndup_user() instead of buggy open-coded
version (git-fixes).
- commit f7c4f1b
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
(bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
(bsc#1190317).
- commit 0965ebd
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- commit ea690c7
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- commit 73ad842
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- commit 7d782ba
- Revert "/USB: xhci: fix U1/U2 handling for hardware with
XHCI_INTEL_HOST quirk set"/ (git-fixes).
- commit 7bb63b3
- blacklist.conf: cleanup designed to break kABI
- commit d77a5a8
- blacklist.conf: cleanup on a minor driver that would require a kABI fixup
- commit 4b84bde
- blacklist.conf: optimization on a minor driver that would require a kABI fixup
- commit ab46ac0
- blacklist.conf: driver only introduced in v4.14
- commit c8efaee
- blacklist.conf: for an architecture unsupported on SLE12
- commit e27f3be
- blacklist.conf: irrelevant in our config
- commit cca8fdf
- blacklist.conf: subsystem the patch is for is introduced only in v4.13
- commit 94d5cd2
- squashfs: add more sanity checks in id lookup (git-fixes).
- commit 0993c72
- squashfs: add more sanity checks in inode lookup (git-fixes).
- commit 5e5b6f8
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- commit acc3d9a
- phy: tegra: fix device-tree node lookups (git-fixes).
- commit 8650336
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit f2d03b6
- blacklist.conf: very likely to cause regressions
- commit 857d8cc
- powerpc/xive: Fix refcount leak in xive_get_max_prio
(fate#322438 git-fixess).
- commit 6f2e0e1
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit ccc3683
- powerpc: define get_cycles macro for arch-override
(bsc#1065729).
- commit db10d90
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit c398028
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
(CVE-2022-2588 bsc#1202096).
- commit 05c19f7
- KVM: PPC: Book3S HV: Context tracking exit guest context before
enabling irqs (bsc#1065729).
- commit d7f9277
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit 2e356ce
- blacklist.conf: later reverted upstream
- commit a099951
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 202a421
- Revert "/r8152: adjust the settings about MAC clock speed down
for RTL8153"/ (git-fixes).
- commit 893a9a7
- MyBS: Avoid lock recursion in certificate check
SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
CA certificate as the SSL trust root.
Check that the error is caused by bad certificate, and don't handle
other errors so that users can see authentication errors correctly.
Also unlock the cookie storage in case the problem is resolved with
using the built-in certificate.
- commit 21d6a61
- net: usb: lan78xx: Connect PHY before registering MAC
(git-fixes).
- commit d406530
- blacklist.conf: misattributed
- commit 113cb73
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- commit 30cd9be
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit ea9c6cd
- MyBS: Save hoarded cookies to disk
The performance of the OBS SSH authentication system is very bad, and
can be overwhelmed by about 1 authentication/s.
With osc saving cookies to disk this is not seen as problem.
Saving cookies to disk in MyBS should work around the authentication
system performance problem until it's resolved.
The design ensures that processes competing for authentication use the
same cookie once one become available rether than authenticating
independently, overwhelming the authentication service.
- Reading cookie file is lockless, file update atomic with mv
- Requesting auth & writing out obtained cookie is locked
- To be able to break stale lock the lockfile is empty, cookie is saved
to a separate tmeporary file
Cookie file contains the whole Set-Cookie header content. It would be
possible to add support for multiple cookies but OBS only ever sets one
cookie so multiple cookies are not supported.
- commit 37ed7ba
- ext4: make sure ext4_append() always allocates new block
(bsc#1198577 CVE-2022-1184).
- commit bc8c541
- ext4: check if directory block is within i_size (bsc#1198577
CVE-2022-1184).
- commit b9efa04
- ext4: Fix check for block being out of directory size
(bsc#1198577 CVE-2022-1184).
- commit be40637
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528).
- commit e115339
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- commit f4a62aa
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- commit bfdf1f9
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking (bsc#1202528).
- commit a4caa5b
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- commit eedfc1d
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- commit 0d074a5
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1202528).
- commit 83cf4e8
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- commit b1b7482
- Fix releasing of old bundles in xfrm_bundle_lookup()
(bsc#1201264 bsc#1190397 bsc#1199617).
- commit bc50d6c
- btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528).
- commit 41ed5ae
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- commit 7ff1a2f
- cxgb4vf: update kernel-doc line comments (git-fixes).
- commit 86bb074
- cxgb4: update kernel-doc line comments (git-fixes).
- commit 54c720b
- cxgb4: fix endian conversions for L4 ports in filters
(git-fixes).
- commit aa42e53
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- commit dc23e3b
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- commit b83d2bf
- blacklist.conf: update blacklist
- commit 8032df7
- blacklist.conf: update blacklist
- commit aea5602
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- Delete
patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit 354153b
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- commit 68811a9
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1202528).
- commit d9b864b
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- commit a73dbd4
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- commit 60db43c
- btrfs: rip out may_commit_transaction (bsc#1202528).
- Refresh
patches.suse/btrfs-handle-preemptive-delalloc-flushing-slightly-differently.patch.
- commit c5ab5f9
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt (bsc#1202528).
- Refresh
patches.suse/btrfs-only-ignore-delalloc-if-delalloc-is-much-smaller-than-ordered.patch.
- commit 59f31f6
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528).
- commit f7a119e
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528).
- commit 9a30ad9
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1202528).
- commit a265556
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528).
- commit b31d6c3
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1202528).
- commit fbc80a6
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- commit db608fb
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- commit 8aab0b2
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- Refresh
patches.suse/0006-btrfs-move-and-export-can_overcommit.patch.
- Refresh
patches.suse/0020-btrfs-do-not-account-global-reserve-in-can_overcommit.patch.
- Refresh
patches.suse/Btrfs-fix-race-between-adding-and-putting-tree-mod-s.patch.
- Refresh
patches.suse/btrfs-ensure-replaced-device-doesn-t-have-pending-chunk-allocation.patch.
- Refresh
patches.suse/btrfs-fix-btrfs_calc_reclaim_metadata_size-calculation.patch.
- commit f88ccad
- net/mlx5: Clear LAG notifier pointer after unregister
(git-fixes).
- commit d878d7c
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- commit ece75a8
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC
pressure (git-fixes).
- commit 8794a66
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- commit 9d72e43
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- commit 3faa94c
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528).
- commit 9bb464a
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- commit dfed983
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- commit fa5b783
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- commit ed57e7f
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- commit 99a8046
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- commit efb656d
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- commit f95c0ae
- btrfs: improve preemptive background space flushing (bsc#1202528).
- commit 951dafe
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- commit f16f950
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- commit ac2920d
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1202528).
- commit 5a1a4e8
- ata: libata: add qc->flags in ata_qc_complete_template
tracepoint (git-fixes).
- commit 8897145
- blacklist.conf: not-relevant cleanups for drivers/char/random
- commit 4551df9
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
stale pointer (git-fixes).
- commit 8449873
- MyBS: Only send authorization when out of cookies
- commit 0e13567
- MyBS: Hoard cookies
- commit f84b974
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
(git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
(git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
(git-fixes).
- commit ce1e4d8
- MyBS: Add OBS SSH key support
- commit 2992b24
- kabi/severities: add mlx5 internal symbols
- commit 8c6dd4b
- net: ll_temac: Add more error handling of dma_map_single()
calls (git-fixes).
- commit af7573f
- net: ll_temac: Fix support for little-endian platforms
(git-fixes).
- Refresh
patches.suse/net-ll_temac-Fix-race-condition-causing-TX-hang.patch.
- commit 12402e7
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- commit 5bf9adc
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- commit 5222049
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq
for drop profiles (git-fixes).
- commit e2d5d61
- net: emaclite: Simplify if-else statements (git-fixes).
- commit 43fe9bd
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit f65c99f
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- commit 717b8ab
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup() (bsc#1201948 CVE-2022-36879).
- commit 6a240fe
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
(CVE-2022-20368 bsc#1202346).
- commit bcc8988
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
across ioctls (bsc#1202347 CVE-2022-20369).
- commit 0cf8c8f
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- commit 832ae90
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- commit 10f3936
- Update metadata references
- commit 7183678
- md/bitmap: don't set sb values if can't pass sanity check
(bsc#1197158).
- commit 34e4bcc
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit a207cec
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 30ef9f9
- Move kABI patches to kABI section.
- commit a80bab0
- powerpc: powernv: kABI: add back powernv_get_random_long
(bsc#1065729).
- commit 3080872
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
later in boot (bsc#1065729).
- commit 869d405
- md-raid: destroy the bitmap after destroying the thread
(git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- pNFS: Don't keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- commit 3bc259d
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
(bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit 42e06ba
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
(bsc#1120716).
- commit ce36184
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
(bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed()
on Power9 (bsc#1065729).
- commit 4e67aee
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- commit 9ad699f
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit a44d410
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1201726
CVE-2022-26373).
- commit 8e898cd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
(bsc#1201726 CVE-2022-26373).
- commit 9388584
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit 944805b
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
bsc#1202154).
- commit 0d36370
- ipv4: avoid using shared IP generator for connected sockets
(CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
bsc#1196616).
- commit df5e606
- blacklist.conf: Relatively high risk of unexpected performance change
- commit 58f819d
- blacklist.conf: Many dependencies with relatively high risk of unexpected performance change
- commit 56dc959
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- xfs: always free inline data before resetting inode fork during
ifree (bsc#1202017).
- commit 89a46fc
- blacklist.conf: remove 98c4f78dcdd8 from blacklist
This is a required fix, as 43518812d2 was backported.
- commit 62ac6c4
- blacklist.conf: Add fadump commits introducing boot_mem_top
bec53196adf4 powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel
7dee93a9a880 powerpc/fadump: support holes in kernel boot memory area
The current fadump code in 4.12 kernel does not support bootmem holes.
If these commits are backported the current backports need review for
use of boot_memory_size instead of boot_mem_top
- commit 66afc75
- powerpc/fadump: fix PT_LOAD segment for boot memory area
(bsc#1103269 ltc#169948 git-fixes).
- powerpc/fadump: make crash memory ranges array allocation
generic (bsc#1103269 ltc#169948 git-fixes).
- Refresh patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch
- commit 2607c5c
- blacklist.conf: Append 'drm/amdgpu/acp: Make PM domain really work'
- commit 5d0cbbf
- blacklist.conf: Append 'drm: mxsfb: Clear FIFO_CLEAR bit'
- commit a9d2273
- blacklist.conf: Append 'drm: mxsfb: Increase number of outstanding requests on V4 and newer HW'
- commit eb95663
- blacklist.conf: Append 'drm: mxsfb: Enable recovery on underflow'
- commit 5c872c1
- blacklist.conf: Append 'drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg'
- commit 9af6ddf
- blacklist.conf: Append 'drm/radeon: Fix off-by-one power_state index heap overwrite'
- commit 0f57ec5
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 2212d5c
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 6d1e3d5
- blacklist.conf: Append 'drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()'
- commit 5ae4891
- blacklist.conf: Append 'Fix misc new gcc warnings'
- commit ba680f8
- blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4'
- commit 6465ff9
- blacklist.conf: Append 'drm/amdgpu: check alignment on CPU page for bo map'
- commit 11881ba
- blacklist.conf: Append 'drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()'
- commit 06bd647
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit 278dbb6
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 46e7a2f
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 1a3ef34
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit e361acc
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit f730816
- blacklist.conf: Append 'drm/dp_mst: Kill the second sideband tx slot, save the world'
- commit ee6a373
- blacklist.conf: Append 'drm: mst: Fix query_payload ack reply struct'
- commit 9b06dd2
- blacklist.conf: Append 'drm/i915/gen8+: Add RC6 CTX corruption WA'
- commit 7617aa6
- blacklist.conf: Append 'make 'user_access_begin()' do 'access_ok()''
- commit 36185b4
- lkdtm: Disable return thunks in rodata.c (bsc#1114648).
- commit 1db863b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648).
- commit c693b03
- blacklist.conf: Add ppc numa commits
e75130f20b1f powerpc/numa: Offline memoryless cpuless node 0
10f78fd0dabb powerpc/numa: Fix a regression on memoryless node 0
- commit f94fd1c
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 7c39b90
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- commit 0c004d2
- netfilter: nf_queue: do not allow packet truncation below
transport header offset (bsc#1201940 CVE-2022-36946).
- commit 06aa700
- latent_entropy: avoid build error when plugin cflags are not
set (git-fixes).
- Refresh patches.suse/fdt-add-support-for-rng-seed.patch.
- commit 66e3bae
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
(git-fixes).
- random: always fill buffer in get_random_bytes_wait (git-fixes).
- commit 4bf323f
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
(bsc#1201651).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201651).
- scsi: qla2xxx: Zero undefined mailbox IN registers
(bsc#1201651).
- scsi: qla2xxx: Fix incorrect display of max frame size
(bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
injection (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
with I/Os (bsc#1201958).
Refresh:
- patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
(bsc#1201958).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
tests (bsc#1201958).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
timeouts (bsc#1201958).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
(bsc#1201958).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
(bsc#1201958).
- scsi: qla2xxx: Fix excessive I/O error messages by default
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1201958).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
(bsc#1201958).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201958).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1201958).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1201958).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
(bsc#1201958).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
(bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
(bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1201958).
- scsi: qla2xxx: edif: Remove old doorbell interface
(bsc#1201958).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
(bsc#1201958).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
authentication application (bsc#1201958).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1201958).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1201958).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
(bsc#1201958).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201958).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
(bsc#1201958).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
(bsc#1201958).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
(bsc#1201958).
- commit a8936d6
- Drop qla2xxx patch which prevented nvme port discovery
(bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
Upstream fixed the problem by reverting the offending commit.
Delete:
- patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 452db23
- scsi: lpfc: Address NULL pointer dereference after
starget_to_rport() (git-fixes).
- commit 996de99
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit 5f1b81f
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit 8656e81
- net: xilinx_emaclite: Do not print real IOMEM pointer
(git-fixes).
- commit 1032862
- mvpp2: suppress warning (git-fixes).
- commit 163d5b9
- net: ethernet: fix potential use-after-free in ec_bhf_remove
(git-fixes).
- commit 08e620e
- net: hamradio: fix memory leak in mkiss_close (git-fixes).
- commit d5b5550
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 4e39a7a
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
(git-fixes).
- commit 5a1c833
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
(git-fixes).
- commit 70491b7
- net: stmmac: dwmac1000: Fix extended MAC address registers
definition (git-fixes).
- commit 0a365bd
- net: mdio: octeon: Fix some double free issues (git-fixes).
- commit 770566f
- net: mdio: thunder: Fix a double free issue in the .remove
function (git-fixes).
- commit 77a03ff
- net: fec: fix the potential memory leak in fec_enet_init()
(git-fixes).
- commit 3c37ef9
- net: fec: check DMA addressing limitations (git-fixes).
- commit 994eea1
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
(git-fixes).
- commit c9228da
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (git-fixes).
- commit 2b936dd
- Refresh
patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c149c1b
- Remove our homegrown IBRS implementation
... now that there's an upstream version.
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Delete
patches.suse/x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Delete
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Delete
patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- commit 7278759
- media: saa7146: mxb: Fix a NULL pointer dereference in
mxb_attach() (git-fixes).
- commit d6ee03c
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- commit 2128de3
- media: uvcvideo: fix division by zero at stream start
(git-fixes).
- commit 24c7763
- blacklist.conf: cleanup breaking kABI by renames
- commit 112598f
- blacklist.conf: cleanup breaking kABI by renames
- commit 25ac149
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
(git-fixes).
- commit 945069e
- blacklist.conf: misattributed patch
- commit 379c546
- bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes).
- commit 3e6c035
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- commit acd09d7
- net: macb: mark device wake capable when "/magic-packet"/
property present (git-fixes).
- commit 674240e
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- commit 0674aaf
- vrf: Fix IPv6 with qdisc and xfrm (git-fixes).
- commit 0a2458c
- net: stmmac: dwmac1000: Disable ACS if enhanced descs are not
used (git-fixes).
- commit 2e76107
- net: stmmac: Fix misuses of GENMASK macro (git-fixes).
- commit fc6700d
- kABI workaround for including mm.h in fs/sysfs/file.c
(bsc#1200598 CVE-2022-20166).
- commit fe1fe6b
- blacklist.conf: update blacklist
- commit ae741a4
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
sysfs_emit (bsc#1200598 CVE-2022-20166).
- commit 3d23964
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
CVE-2022-20166).
- commit c8e2e5b
- drivers core: Remove strcat uses around sysfs_emit and neaten
(bsc#1200598 CVE-2022-20166).
- commit 5cd9512
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
* ...) functions (bsc#1200598 CVE-2022-20166).
- commit 7554520
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
(bsc#1200598 CVE-2022-20166).
- commit c5a70d7
- cxgb3/l2t: Fix undefined behaviour (git-fixes).
- commit 8076d39
- kabi/severities: add cxgb3 network driver
- commit 3a6a137
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit 5efdb64
- Sort in RETbleed backport into the sorted section
Now that it is upstream...
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
patches.suse/sched-topology-Improve-load-balancing-on-AMD-EPYC.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
patches.suse/x86-cpu-add-a-steppings-field-to-struct-x86_cpu_id.patch.
- Refresh
patches.suse/x86-cpu-add-table-argument-to-cpu_matches.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh
patches.suse/x86-microcode-amd-increase-microcode-patch_max_size.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch.
- Refresh
patches.suse/x86-speculation-add-srbds-vulnerability-and-mitigation-documentation.patch.
- Refresh
patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch.
- Refresh
patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- commit d06c642
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
for migration (bsc#1201610).
- commit 674875f
- random: fix crash on multiple early calls to (git-fixes)
- commit cf465a0
- vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1200910
CVE-2020-36558).
- commit 3c76a1f
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
(bsc#1201429 CVE-2020-36557).
- commit f15e18d
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- commit 7e31757
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit 704434f
- Refresh patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch
Fix the build error due to missing is_console_locked()
- commit 39e2064
- Delete patches.suse/IBRS-forbid-shooting-in-foot.patch.
Backported upstream commit
7c693f54c873 ("/x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS"/)
already takes care of that.
- commit e4bbbc2
- fbmem: Check virtual screen sizes in fb_set_var()
(CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
(CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
(CVE-2021-33655 bsc#1201635).
- commit c1a0922
- Delete patches.suse/x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
Superceded by the upstream version
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch
- commit 5309cbd
- blacklist.conf: add a few patches
- commit cf91d33
- serial: mvebu-uart: correctly report configured baudrate value
(git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(git-fixes).
- fsl_lpuart: Don't enable interrupts too early (git-fixes).
- arch_topology: Do not set llc_sibling if llc_id is invalid
(git-fixes).
- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
(git-fixes).
- commit 4567918
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit c9dc552
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 08341d7
- blacklist.conf: cosmetic fix
- commit 5ba3d81
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- commit 346b0d8
- blacklist.conf: adds an uevent user space is not ready for
- commit 6ac2a70
- usbnet: fix memory leak in error case (git-fixes).
- commit f3b6abf
- usbnet: fix memory allocation in helpers.
- commit 9363858
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
rx queue (bsc#1201381).
- commit 334fe0b
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- commit 6824fa5
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 1dda89e
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- commit ee19e9d
- pty: do tty_flip_buffer_push without port->lock in pty_write
(bsc#1198829 CVE-2022-1462).
- commit c0b9f34
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit 1b70eb4
- dm mirror log: round up region bitmap size to BITS_PER_LONG
(git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
(git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
(git-fixes).
- dm btree remove: fix use after free in rebalance_children()
(git-fixes).
- blk-cgroup: synchronize blkg creation against policy
deactivation (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
(git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
(git-fixes).
- blk-zoned: allow zone management send operations without
CAP_SYS_ADMIN (git-fixes).
- lib/hexdump.c: return -EINVAL in case of error in hex2bin()
(git-fixes).
- commit 4cd1fd7
- blacklist.conf: Update for git-fixes
- commit e740cc0
- net: ll_temac: Fix TX BD buffer overwrite (git-fixes).
- commit 1ff015f
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- commit 0c73d92
- net: ll_temac: Fix bug causing buffer descriptor overrun
(git-fixes).
- commit 2fe2e0f
- net: stmmac: fix missing IFF_MULTICAST check in
dwmac4_set_filter (git-fixes).
- commit 075d2fd
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit 1fccfbd
- blacklist.conf: update
- commit d2fcee3
- Refresh
patches.suse/v5-0001-crypto-DRBG-add-FIPS-140-2-CTRNG-for-noise-source.patch.
A modified version of the patch did make it mainline. Detected by git-fixes.
- commit 9eec360
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 2a23102
- Revert "/net/mlx5: Fix auto group size calculation (git-fixes)."/
This reverts commit b079f3521c00edccd6945f2e30562a049f4e8875.
I have to be sure that it's safe to modify mlx5 (KABI breakage)
- commit 0f9878e
- Revert "/net/mlx5e: Replace reciprocal_scale in TX select queue function"/
This reverts commit d5b41e7c4ddab05e45b493d6b8ed03c1b40281a0.
I have to be sure that it's safe to modify mlx5
- commit 37c02b5
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b5316fa
- CVE Mitigation for CVE-2022-29900 and CVE-2022-29901
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 594c7f1
- ibmvnic: Properly dispose of all skbs during a failover
(bsc#1200925).
- commit 0f02acf
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 8e56414
- KVM: x86: Trace the original requested CPUID function in
kvm_cpuid() (git-fixes).
- commit ca28b57
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 0f78721
- x86/common: Stamp out the stepping madness (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit ef0778a
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit cce4286
- x86/speculation: Use cached host SPEC_CTRL value for guest
entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit bd05ee9
- x86/speculation: Fix SPEC_CTRL write on SMT state change
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6c7f2f9
- x86/speculation: Fix firmware entry SPEC_CTRL handling
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 3a4c15c
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 739064a
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(git-fixes).
- commit 75c6284
- blacklist.conf: exclusive to an unsupported architecture
- commit 2b062b1
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
(git-fixes).
- commit 66d1de0
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (git-fixes).
- commit 8dddf8b
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (git-fixes).
- commit bdb6893
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit ce4a75d
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit b64e2f2
- intel_idle: Disable IBRS during long idle (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 24132fd
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 98205eb
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 899b6e2
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c97dcea
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 2807530
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 6c366af
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 5b948ee
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 4af828d
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit d021246
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit 25b1e2a
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit c23e13d
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 24e2d3e
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit a639386
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit a624aee
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit bfe5a3a
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 6905344
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 41db50f
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit f1df027
- x86: Add straight-line-speculation mitigation (bsc#1201050
CVE-2021-26341).
- Update config files.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit b67585f
- x86: Prepare inline-asm for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit a53fbef
- x86: Prepare asm files for straight-line-speculation
(bsc#1201050 CVE-2021-26341).
- commit 3593ddf
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
CVE-2021-26341).
- commit fa24b57
- net: Rename and export copy_skb_header (bsc#1200762,
CVE-2022-33741, XSA-403).
- commit 5e3ad99
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
bsc#1201251).
- commit 6ad5c1f
- xen/netfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33741, XSA-403).
- commit 459e62a
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-33740, XSA-403).
- commit b225a00
- xen/blkfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33742, XSA-403).
- commit 8bcc9cd
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-26365, XSA-403).
- commit f3412de
- scripts/sequence-patch.sh: create sub-function apply_one_patch()
Carve out the main functionality of applying a single patch from
apply_patches() into a sub-function.
- commit f24575e
- scripts/sequence-patch.sh: let "/--fast"/, "/--rapid"/ and "/"/ behave consistently
Today scripts/sequence-patch.sh will stop before applying a patch when
being called with "/--fast"/ or "/--rapid"/ and a patch name, while it will
apply the named patch when being called without "/--fast"/ or "/--rapid"/.
Change that by letting apply_patches() use the PATCHES_BEFORE[] and
PATCHES_AFTER[] arrays as apply_rapid_patches() and
apply_fast_patches() are doing already.
In order to keep the capability to single step through the remaining
patches add a function for that purpose.
- commit 134d511
- blacklist.conf: not relevant in the configs of SLE12
- commit 7a87c74
- USB: serial: option: add Quectel BG95 modem (git-fixes).
- commit c1672b3
- PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
(git-fixes).
- commit 4822675
- blacklist.conf: update
- commit 9b0cda8
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit b4944bb
- blacklist.conf: update
- commit b981815
- bonding: fix bond_neigh_init() (git-fixes).
- commit bd377d1
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit b079f35
- net/mlx5e: Replace reciprocal_scale in TX select queue function
(git-fixes).
- commit d5b41e7
- net/mlx5: Avoid double free of root ns in the error flow path
(git-fixes).
- commit 847972f
- net: stmmac: update rx tail pointer register to fix rx dma
hang issue (git-fixes).
- commit d50f8cc
- blacklist.conf: update
- commit 6b42a65
- net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes).
- commit cc111a8
- blacklist.conf: update
- commit def294a
- audit: fix a race condition with the auditd tracking code
(bsc#1197170).
- commit fb844f5
- Update metadata references
- commit 9f48d7c
- Refresh
patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch.
Fix a build warning.
- commit 539b424
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
sizes (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
crypt_page_alloc() (git-fixes).
- commit 7b5f638
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
bsc#1200599).
- commit c46afe6
- sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599).
- commit 3cb182d
- scripts/tar-up.sh: Detect untracked changes to rpm directory.
- commit bd49209
- ext4: make variable "/count"/ signed (bsc#1200820).
- commit 0ad871f
- writeback: Fix inode->i_io_list not be protected by
inode->i_lock error (bsc#1200821).
- commit b9b0ac9
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
patches.suse/vfs-add-super_operations-get_inode_dev: Refresh
- commit b58cf61
- blacklist.conf: Blacklist 623af4f538b5, 14362a254179, e730558adffb
- commit 2c2fce2
- blacklist.conf: Blacklist e583b5c472bd
- commit d532d93
- iomap: iomap_write_failed fix (bsc#1200829).
- commit fe41db9
- fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages
(bsc#1200873).
- commit 32bf312
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- commit e785aa5
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- commit cd7168a
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 6d17248
- blacklist.conf: Blacklist cb8435dc8ba3
- commit b518aff
- ext4: fix race condition between ext4_write and
ext4_convert_inline_data (bsc#1200807).
- commit 514183b
- ext4: fix use-after-free in ext4_rename_dir_prepare
(bsc#1200871).
- commit 895fa7d
- ext4: force overhead calculation if the s_overhead_cluster
makes no sense (bsc#1200870).
- commit 0291865
- ext4: fix overhead calculation to account for the reserved
gdt blocks (bsc#1200869).
- commit 5d9af1f
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
(bsc#1200806).
- commit 490eab5
- ext4: fix symlink file size not match to file content
(bsc#1200868).
- commit c9b8c45
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- commit 7ed9bdf
- writeback: Avoid skipping inode writeback (bsc#1200813).
- commit 0cccfea
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
universally for now) added two new compiler-dependent configs:
* CC_NO_ARRAY_BOUNDS
* GCC12_NO_ARRAY_BOUNDS
Ignore them -- they are unset by dummy tools (they depend on gcc version
== 12), but set as needed during real compilation.
- commit a14607c
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
bsc#1199487).
- commit 2c5abda
- Update series.conf
- commit 3724c0a
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 22a9ddc
- powerpc/perf: Fix the threshold compare group constraint for
power9 (bsc#1065729).
- powerpc/idle: Fix return value of __setup() handler
(bsc#1065729).
- commit 9f37a25
- md/raid0: Ignore RAID0 layout if the second zone has only one
device (git-fixes).
- commit 4cc9ba2
- tcp: drop the hash_32() part from the index calculation
(CVE-2022-1012 bsc#1199482).
- tcp: increase source port perturb table to 2^16 (CVE-2022-1012
bsc#1199482).
- tcp: dynamically allocate the perturb table used by source ports
(CVE-2022-1012 bsc#1199482).
Refresh patches.kabi/tcp-fix-race-condition-when-creating-child-sockets-from-syncookies-kABI-fix.patch
- tcp: add small random increments to the source port
(CVE-2022-1012 bsc#1199482).
- tcp: resalt the secret every 10 seconds (CVE-2022-1012
bsc#1199482).
Refresh patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- tcp: use different parts of the port_offset for index and offset
(CVE-2022-1012 bsc#1199482).
- kabi: return type change of secure_ipv_port_ephemeral()
(CVE-2022-1012 bsc#1199482).
- secure_seq: use the 64 bits of the siphash for port offset
calculation (CVE-2022-1012 bsc#1199482).
- commit 8d93613
- exec: Force single empty string when argv is empty
(bsc#1200571).
- commit 4ee3bdd
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
buffer address (bsc#1200343 ltc#198477).
- commit 1848f62
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key
handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
(git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
(git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
(git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector
packed decimal facility (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit 29454c7
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
(CVE-2022-20132 bsc#1200619).
- HID: check for valid USB device for many HID drivers
(CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
detection (CVE-2022-20132 bsc#1200619).
- HID: introduce hid_is_using_ll_driver (CVE-2022-20132
bsc#1200619).
- commit fb86cdd
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
CVE-2022-20141).
- commit 5040a6d
- certs: Add EFI_CERT_X509_GUID support for dbx entries
(bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 3cf594e
- kernel-binary.spec: check s390x vmlinux location
As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
directly into arch/s390/boot. As the specfile is shared among branches,
check both locations and let objcopy use one that exists.
- commit cd15543
- net: qede: Disable aRFS for NPAR and 100G (git-fixes).
- commit 3550a36
- net: qed: Disable aRFS for NPAR and 100G (git-fixes).
- commit 5318f6c
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- platform/chrome: cros_ec_proto: Send command again when timeout
occurs (git-fixes).
- commit 4cd9896
- blacklist.conf: optimization, not bugfix, polling mode works
- commit 9425795
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770)
- commit 2fedb7a
- SUNRPC: Fix the calculation of xdr->end in
xdr_get_next_encode_buffer() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
(git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing
(git-fixes).
- commit ae718ea
- usb: musb: Fix missing of_node_put() in omap2430_probe
(git-fixes).
- commit 3a2cb6a
- USB: storage: karma: fix rio_karma_init return (git-fixes).
- commit 7629407
- usb: usbip: add missing device lock on tweak configuration cmd
(git-fixes).
- commit dc00497
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- commit 5dbe808
- blacklist.conf: cleanup with extensive prerequisites
- commit a84a222
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
architectural PMU (git-fixes).
- commit a1252d0
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (git-fixes).
- commit 99b3a77
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- commit 8e75ed3
- kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
- commit f2e7348
- KVM: x86: Update vCPU's hv_clock before back to guest when
tsc_offset is adjusted (git-fixes).
- commit 86ddc48
- KVM: x86: Don't force set BSP bit when local APIC is managed
by userspace (git-fixes).
- commit 57ed1a0
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any
BSP (git-fixes).
- commit e73c808
- KVM: x86: clflushopt should be treated as a no-op by emulation
(git-fixes).
- commit c8ffffc
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic
is hw disabled (git-fixes).
- commit 2e9d5c6
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in
64-bit mode (git-fixes).
- commit 043f4fa
- kvm: i8254: remove redundant assignment to pointer s
(git-fixes).
- commit afdf86c
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
(git-fixes).
- commit 7924673
- KVM: x86: Allocate new rmap and large page tracking when moving
memslot (git-fixes).
- commit af3a295
- KVM: x86: remove stale comment from struct x86_emulate_ctxt
(git-fixes).
- commit 4941176
- KVM: x86: clear stale x86_emulate_ctxt->intercept value
(git-fixes).
- commit eab5f4b
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
attacks (git-fixes).
- commit 9438453
- KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes).
- commit 7592a55
- KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction
path (git-fixes).
- commit 52b7185
- KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
(git-fixes).
- commit c996e8b
- KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
(git-fixes).
- commit 9a1420d
- KVM: x86: do not modify masked bits of shared MSRs (git-fixes).
- commit 95ee3f1
- kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH
(git-fixes).
- commit 562c585
- KVM: x86/mmu: Treat invalid shadow pages as obsolete
(git-fixes).
- commit 73ee6fe
- KVM: x86: Manually flush collapsible SPTEs only when toggling
flags (git-fixes).
- commit b8ef0f8
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(git-fixes).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: use bdev_alignment_offset instead of
queue_alignment_offset (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes
(git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- target: remove an incorrect unmap zeroes data deduction
(git-fixes).
- commit d98a418
- blacklist.conf: add commit not needed
This commit needs another commmit not present,
and too large to add.
- commit 3afd40c
- blacklist.conf: add commit that breaks kABI
This commit just makes the compiler happy, but
breaks kABI.
- commit e382736
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit 9af4e3a
- tracing: Fix return value of trace_pid_write() (git-fixes).
- commit 0e11fd3
- KVM: x86: set ctxt->have_exception in x86_decode_insn()
(git-fixes).
- commit dc27a5e
- KVM: x86: always stop emulation on page fault (git-fixes).
- commit e9cd420
- KVM: x86: Manually calculate reserved bits when loading PDPTRS
(git-fixes).
- commit b1a2cff
- KVM: x86: Unconditionally call x86 ops that are always
implemented (git-fixes).
update patches.suse/0005-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
- commit d42160c
- KVM: x86: Fix x86_decode_insn() return when fetching insn
bytes fails (git-fixes).
- commit 3ff57f4
- kvm: x86: skip populating logical dest map if apic is not sw
enabled (git-fixes).
- commit 5dc0bda
- Remove unused variable in fbdev
Fixes the error shown below.
../drivers/video/fbdev/core/fbmem.c: In function 'fb_set_suspend':
../drivers/video/fbdev/core/fbmem.c:1904:6: warning: unused variable 'unused' [-Wunused-variable]
- commit e49f9c6
- KVM: nVMX: reset cache/shadows when switching loaded VMCS (git-fixes).
update patches.suse/kvm-nvmx-move-check_vmentry_postreqs-call-to-nested_vmx_enter_non_root_mode
update patches.suse/kvm-nvmx-don-t-reread-vmcs-agnostic-state-when-switching-vmcs.patch
update patches.suse/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch
- commit e121eab
- scripts/check-embargoed-bugz: Skip check for the direct to push to *_EMBARGO branch, too
- commit 2553069
- PCI: Tidy comments (git-fixes).
- Refresh
patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch.
- commit e6a6078
- add mainline tag for a pci-hyperv change
- commit 5039771
- netfilter: nf_tables: disallow non-stateful expression in sets
earlier (bsc#1200015).
- commit 1bb9b5b
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 996513e
- Update metadata references
- commit e2a92b4
- powerpc/xive: Add some error handling code to
'xive_spapr_init()' (fate#322438 git-fixes).
- commit 4f26eea
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
backlog (git-fixes).
- commit 1c252cc
- powerpc/numa: Prefer node id queried from vphn (bsc#1199237
bsc#1200173 ltc#198329).
- commit aa6b831
- powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438
git-fixes).
- commit e0a7e2f
- NFC: netlink: fix sleep in atomic bug when firmware download
timeout (CVE-2022-1975 bsc#1200143).
- commit a8211d8
- nfc: replace improper check device_is_registered() in netlink
related functions (CVE-2022-1974 bsc#1200144).
- commit d539b18
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
(bsc#1200045).
- commit 11584e2
- revert scsi: qla2xxx: Changes to support FCP2 Target
(bsc#1198438).
- commit 6f4a9ff
- lpfc: Set default protocol support to FCP only (bsc#1194124
bsc#1198899).
- commit 712c9e0
- lpfc: drop driver update 14.2.0.x
The amount of backport changes necessary for due to the refactoring is
introducing to much code churn and is likely to introduce regressions.
This ends the backport effort to keep the lpfc in sync with mainline.
- commit 38e014b
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- Refresh patches.suse/powerpc-64s-Remove-POWER9-DD1-support.patch.
- Refresh patches.suse/powerpc-Remove-Power8-DD1-from-cputable.patch.
- commit d40bf50
- usb: dwc3: gadget: Don't send unintended link state change
(git-fixes).
- commit 2385b45
- series: Resort and update meta data
Update meta data:
- patches.suse/powerpc-Enable-the-DAWR-on-POWER9-DD2.3-and-above.patch
- patches.suse/scsi-fnic-Replace-DMA-mask-of-64-bits-with-47-bits
- commit 27ea8c3
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- commit 415e104
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry
and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- commit e5cd72e
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
(git-fixes).
- commit 0a0f653
- blacklist.conf: relevant only if CONFIG_REGULATOR is set
- commit b1bf5bb
- blacklist.conf: adding 40fdea0284bb20, as it requires 8480ed9c2bbd56
which is not in the SLE12-SP5 kernel
- commit de76d0c
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(git-fixes).
- commit 9088d9f
- blacklist.conf: add cdb07bdea28e, which is not suitable. It is
supposed to be a cleanup patch removing a variable never read,
but this reasoning is wrong in the SLE12-SP5 kernel.
- commit fb2bee4
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- commit ae78266
- PCI / ACPI: Mark expected switch fall-through (git-fixes).
- commit a34b722
- btrfs: extent-tree: kill the BUG_ON() in
insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 7762823
- btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
(CVE-2019-19377 bsc#1158266).
- commit fa0dbe1
- KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 0f0e4c1
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 5415e79
- x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 8723394
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 9f38802
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f7cab5d
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit cc5a89b
- Blacklist some git-fixes for arm32 (stm32 and sun4i)
- commit 3b070b0
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch. - Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit bb2155d
- crypto: qat - don't cast parameter in bit operations
(git-fixes).
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- crypto: virtio: Fix dest length calculation in
__virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio - deal with unsupported input sizes (git-fixes).
- commit 7fb5389
- Update patch reference for libata fix (bsc#1118212).
- commit 16b85ae
- x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 5316230
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit bbc94eb
- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
- commit fb03aa3
- i40e: always propagate error value in i40e_set_vsi_promisc()
(git-fixes).
- commit 2566276
- i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
(git-fixes).
- commit d2d5567
- i40e: Remove scheduling while atomic possibility (git-fixes).
- commit 3b40ec0
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps
(git-fixes).
- commit 95721a6
- i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
- commit 93094b6
- i40e: Refactoring VF MAC filters counting to make more reliable
(git-fixes).
- commit 02ed711
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- commit 1d0e0bf
- kernel-binary.spec: Support radio selection for debuginfo.
To disable debuginfo on 5.18 kernel a radio selection needs to be
switched to a different selection. This requires disabling the currently
active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- perf: Fix sys_perf_event_open() race against self
(CVE-2022-1729, bsc#1199507).
- commit fc77f1c
- vxlan: fix memleak of fdb (git-fixes).
- commit 385caa2
- ext4: avoid cycles in directory h-tree (bsc#1198577
CVE-2022-1184).
- commit ec51c1b
- ext4: verify dir block before splitting it (bsc#1198577
CVE-2022-1184).
- commit 97bfb10
- USB: serial: qcserial: add support for Sierra Wireless EM7590
(git-fixes).
- commit 9a26d35
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- commit 1ba0453
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- commit c12b9bf
- USB: serial: pl2303: add device id for HP LM930 Display
(git-fixes).
- commit cb3a9ba
- blacklist.conf: no support for gadget mode in SLE12
- commit f8ace79
- ACPI: property: Release subnode properties with data nodes
(git-fixes).
- commit c063047
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1065729).
- commit 2da357e
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits
(bsc#1199631).
- commit e59adf4
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
ltc#159753).
- powerpc: Remove Power8 DD1 from cputable (bsc#1055117
ltc#159753).
- Refresh patches.suse/powerpc-64s-Remove-POWER9-DD1-support.patch
- commit 28c0fba
- debug: Lock down kgdb (bsc#1199426 CVE-2022-21499).
- commit 1cd17a0
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1199839).
- commit 9b6eecc
- scripts/git_sort/git_sort.py: add driver for-next repo
- commit bd4759e
- crypto: rsa-pkcs1pad - fix buffer overread in
pkcs1pad_verify_complete() (bsc#1197601).
- commit b5cd00f
- Add dtb-starfive
- commit 85335b1
- KVM: PPC: Propagate errors to the guest when failed instead
of ignoring (bsc#1061840 git-fixes).
- commit c8989fb
- Update patch reference for ACPI fix (CVE-2017-13695 bsc#1055710)
- commit e74f546
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- commit f0e0eab
- floppy: use a statically allocated error counter (bsc#1199063
CVE-2022-1652).
- commit 7173277
- Export new inet_ehash_nolisten3 symbol (bsc#1199671)
Update:
patches.kabi/tcp-fix-race-condition-when-creating-child-sockets-from-syncookies-kABI-fix.patch
- commit 92e37e7
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- commit 84d7ba8
- media: netup_unidvb: Don't leak SPI master in probe error path
(git-fixes).
- commit baae2da
- blacklist.conf: extremely intrusive prerequisites
- commit 331d415
- media: vim2m: Remove surplus name initialization (git-fixes).
- commit ff43341
- netfilter: nf_conntrack_tcp: re-init for syn packets only
(bsc#1199035).
- commit 7f196b5
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
options (bsc#1199035).
- commit f94c482
- netfilter: conntrack: re-init state for retransmitted syn-ack
(bsc#1199035).
- commit dd4faf1
- netfilter: conntrack: move synack init code to helper
(bsc#1199035).
- commit a34ad9a
- netfilter: conntrack: connection timeout after re-register
(bsc#1199035).
- commit 84b725c
- blacklist.conf: ("/watchdog: iTCO_wdt: Account for rebooting on second timeout"/)
Delete
patches.suse/watchdog-iTCO_wdt-Account-for-rebooting-on-second-ti.patch.
This change caused a regression on some systems (watchdog firing up
too fast) and ended up being reverted upstream (bsc#1199526).
- commit 001c898
- blacklist.conf: Add 7d613f9f72ec signal: Remove the bogus sigkill_pending in ptrace_stop
- commit 4730b82
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- nfc: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
bsc#1199605).
- commit d9ccce0
- SUNRPC: Ensure that the gssproxy client can start in a connected
state (git-fixes).
- Refresh
patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch.
- commit e49922d
- Revert "/SUNRPC: Ensure gss-proxy connects on setup"/ (git-fixes).
- Refresh
patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch.
- commit 7a29594
- btrfs: relocation: Only remove reloc rb_trees if reloc control
has been initialized (bsc#1199399).
- commit d95d9f9
- NFS: limit use of ACCESS cache for negative responses
(bsc#1196570).
- commit ef9d19f
- Fix incorrect back-port, fixing 2 build warnings.
- commit 9439daf
- Input: aiptek - properly check endpoint type (git-fixes).
- commit adce64b
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- commit c0c510c
- Input: ti_am335x_tsc - set ADCREFM for X configuration
(git-fixes).
- commit e4c804c
- Input: spaceball - fix parsing of movement data packets
(git-fixes).
- commit 539174a
- Input: appletouch - initialize work before device registration
(git-fixes).
- commit c34cd8b
- Input: elantench - fix misreporting trackpoint coordinates
(git-fixes).
- commit 7997e49
- blacklist.conf: cosmetic, fixes only a warning building kerneldoc
- commit 6049774
- blacklist.conf: cosmetic cleanup not relevant with our compiler
- commit ba2d5e6
- Input: xpad - add support for another USB ID of Nacon GC-100
(git-fixes).
- commit 2ec4daa
- blacklist.conf: ("/arm64: patch_text: Fixup last cpu should be master"/)
- commit be0ce1e
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- commit e712368
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 18f8665
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes).
- commit 0999b33
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 04ca715
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
- commit 800afa6
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes)
- commit 39de1e2
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ca97ce7
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 3d5101e
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit a87c9dd
- arm64: avoid -Woverride-init warning (git-fixes)
- commit 2129334
- arm64: berlin: Select DW_APB_TIMER_OF (git-fixes)
Update arm64 default config too.
- commit 0ecd431
- arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
- commit aff6d26
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- commit b3561b8
- USB: quirks: add a Realtek card reader (git-fixes).
- commit 00ce130
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- commit 89b73ba
- USB: serial: whiteheat: fix heap overflow in
WHITEHEAT_GET_DTR_RTS (git-fixes).
- commit 59b9eb6
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
(git-fixes).
- commit 17cb6f5
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
(git-fixes).
- commit cd550fd
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
compositions (git-fixes).
- commit de2ee2e
- xhci: stop polling roothubs after shutdown (git-fixes).
- commit 7a8d134
- bpf: fix panic due to oob in bpf_prog_test_run_skb (bsc#1197219,
CVE-2021-39711).
- commit 51bae76
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
(git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of
list iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state
(git-fixes).
- scsi: hisi_sas: Change permission of parameter prot_mask
(git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
(git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
(git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix payload initialization in
pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix payload initialization in
pm80xx_set_thermal_config() (git-fixes).
- scsi: pm8001: Fix command initialization in
pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in
pm80XX_send_read_log() (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- commit 7d2dad7
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit 26d8e0b
- Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413)
Also shorten the patch file name to standard size
- commit 636bc07
- arm64: csum: Fix handling of bad packets (git-fixes)
- commit f574d06
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 2b0b29d
- arm64: kgdb: Fix single-step exception handling oops (git-fixes)
- commit 2bf8d9a
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit d7f377c
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit 9b7c58a
- arm64: hw_breakpoint: Don't invoke overflow handler on uaccess (git-fixes)
- commit 1bcd840
- arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
- commit 882df6a
- arm64: hugetlb: avoid potential NULL dereference (git-fixes)
- commit 555706d
- arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
- commit b96856e
- blacklist.conf: ("/arm64: bcm2835: Drop select of nonexistent HAVE_ARM_ARCH_TIMER"/)
- commit c43d835
- blacklist.conf: ("/arm64: alternative: fix build with clang integrated assembler"/)
- commit 54b996b
- arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
- commit 1b169cc
- arm64: smp: fix smp_send_stop() behaviour (git-fixes)
- commit b6d82e4
- arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
- commit 1cb7bae
- arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
- commit c507980
- arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
- commit 254dd7d
- arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
- commit 24f9c76
- arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
- commit b66e175
- arm64: hibernate: check pgd table allocation (git-fixes)
- commit d832f17
- blacklist.conf: Add 173ee3962959 of: Add missing exports of node name compare functions
- commit 0dd7ac0
- blacklist.conf: Add 35d2f249ef0 powerpc/64s: Fix copy-paste data exposure into newly created tasks
- commit ed610b6
- blacklist.conf: Add ef0e3b650f8d powerpc/perf: Fix Threshold Event Counter Multiplier width for P10
- commit a1fd7b5
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (bsc#1195612 CVE-2022-24448).
- commit dd7b1a9
- media: dib0700: fix undefined behavior in tuner shutdown
(git-fixes).
- commit 161f5d6
- media: dmxdev: fix UAF when dvb_register_device() fails
(git-fixes).
- commit a5f86c7
- media: stk1160: fix control-message timeouts (git-fixes).
- commit a12f4c4
- media: s2255: fix control-message timeouts (git-fixes).
- commit a9c8dfb
- media: pvrusb2: fix control-message timeouts (git-fixes).
- commit 16e2d20
- media: em28xx: fix control-message timeouts.
- commit a04e6eb
- media: cpia2: fix control-message timeouts (git-fixes).
- commit 08eac6f
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- commit 723dad6
- media: redrat3: fix control-message timeouts (git-fixes).
- commit 8ba5db7
- media: mceusb: fix control-message timeouts (git-fixes).
- commit 2cb626b
- media: cx23885: Fix snd_card_free call on null card pointer
(git-fixes).
- commit 00ecca7
- media: mtk-vpu: Fix a resource leak in the error handling path
of 'mtk_vpu_probe()' (git-fixes).
- commit f0a6451
- blacklist.conf: breaks API in a way visible to user space
- commit c6a60a3
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 961a274
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- commit 09cd25b
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit 604de00
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit 50f0114
- sched/core: Add __sched tag for io_schedule() (git-fixes)
- commit 9d87590
- sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
- commit ecffaaa
- Fix kernel-vanilla build issue
Fix:
[ 315s] CC [M] fs/fat/namei_vfat.o
[ 315s] CC kernel/elfcore.o
[ 315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
[ 315s] Cannot find symbol for section 1: .text.
[ 315s] kernel/elfcore.o: failed
[ 315s] make[3]: *** [kernel/elfcore.o] Error 1
due to toolchain updates and the patch missing in the vanilla flavor. So
move it there.
- Fix kernel-vanilla build issue
Fix:
[ 315s] CC [M] fs/fat/namei_vfat.o
[ 315s] CC kernel/elfcore.o
[ 315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
[ 315s] Cannot find symbol for section 1: .text.
[ 315s] kernel/elfcore.o: failed
[ 315s] make[3]: *** [kernel/elfcore.o] Error 1
due to toolchain updates and those two missing in the vanilla flavor. So
move them there.
- commit 23d6a8f
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit 356d15d
- Revert "/SUNRPC: attempt AF_LOCAL connect on setup"/ (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- NFSv4: Don't invalidate inode attributes on delegation return
(git-fixes).
- commit 68eb601
- Refresh patches.suse/edac-amd64-add-family-ops-for-family-19h-models-00h-0fh.patch.
Fix a mis-backport, see bsc#1199239.
- commit f96a9c6
- veth: Ensure eth header is in skb's linear part (git-fixes).
- commit 6ff2c01
- drivers: net: xgene: Fix regression in CRC stripping
(git-fixes).
- commit 602a1e3
- qed: validate and restrict untrusted VFs vlan promisc mode
(git-fixes).
- commit ad0651e
- qed: display VF trust config (git-fixes).
- commit 9699ef6
- net: bcmgenet: Don't claim WOL when its not available
(git-fixes).
- commit a1f5118
- qed: return status of qed_iov_get_link (git-fixes).
- commit 159f7e9
- net: qlogic: check the return value of dma_alloc_coherent()
in qed_vf_hw_prepare() (git-fixes).
- commit 9c3a46d
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- commit b8799d9
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
- commit 08b3135
- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
- commit 0fb13cd
- arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
- commit 07a9393
- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (git-fixes)
- commit e55d0f7
- blacklist.conf: ("/arm64: kaslr: keep modules inside module region when KASAN is enabled"/)
- commit 1b6c511
- arm64/mm: Inhibit huge-vmap with ptdump (git-fixes).
Refresh patches.suse/arm64-map-FDT-as-RW-for-early_init_dt_scan.patch.
- commit 1547369
- arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
- commit 4d8706c
- crypto: arm64/aes-neonbs - don't access already-freed walk.iv (git-fixes)
- commit fac52ff
- arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
- commit 1717208
- arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
- commit 684672b
- blacklist.conf: ("/arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value"/)
- commit 94505c7
- arm64: Fix size of __early_cpu_boot_status (git-fixes)
- commit 6601dcf
- arm64: compat: Reduce address limit (git-fixes)
- commit 04e4a55
- arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
- commit 02dab80
- arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
- commit 67d23fd
- blacklist.conf: ("/arm64/mm: fix kernel-doc comments"/)
- commit b109706
- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes)
- commit 60a1549
- arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
- commit b48e6fb
- arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug (git-fixes)
- commit aa9cc22
- arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
- commit 931dd8d
- arm64: Relax GIC version check during early boot (git-fixes)
- commit 755c19b
- arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
- commit 54c508c
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
(bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
(bsc#1196426 CVE-2021-33061).
- commit 7ca9841
- net: mana: Remove unnecessary check of cqe_type in
mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
mana_gd_create_dma_region() (bsc#1195651).
- commit 1c0dbce
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit be1f831
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
- commit 1a3a046
- video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
- commit b9d0ff6
- video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
- commit 43837e5
- PCI: Do not enable AtomicOps on VFs (bsc#1129770)
- commit c8f8eeb
- ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
- commit d1ab88b
- fsl/fman: Check for null pointer after calling devm_ioremap
(git-fixes).
- commit a939025
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit df66a4a
- can: gs_usb: fix use of uninitialized variable, detach device
on reception of invalid USB data (git-fixes).
- commit 8660202
- net: ethernet: mtk_eth_soc: fix return values and refactor
MDIO ops (git-fixes).
- commit 0892190
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
(git-fixes).
- commit 039c504
- i40e: Fix incorrect netdev's real number of RX/TX queues
(git-fixes).
- commit 71ccdfa
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 0fdc23e
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit e2aedd0
- USB: Fix xhci event ring dequeue pointer ERDP update issue
(git-fixes).
- commit c9dd9d4
- blacklist.conf: Append 'vgacon: Propagate console boot parameters before calling `vc_resize''
- commit 049412f
- blacklist.conf: kABI
- commit 82bdaff
- blacklist.conf: irrelevant in our configs
- commit 56584e8
- blacklist.conf: cleanup, not a fix
- commit d0b397b
- net/x25: Fix null-ptr-deref caused by x25_disconnect
(CVE-2022-1516 bsc#1199012).
- commit 70361a9
- blacklist.conf: Append 'backlight: qcom-wled: Fix off-by-one maximum with default num_strings'
- commit 51cd556
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit f58734a
- video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
- commit 783e7a7
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#1129770)
- commit 155ebc4
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
- commit 639ac93
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
- commit e434e14
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
- commit 344bc32
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#1129770)
- commit 66c9a63
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770)
- commit 816cbfa
- parisc/sticon: fix reverse colors (bsc#1129770)
- commit 96cba65
- video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
- commit b2ee4b1
- fbmem: don't allow too huge resolutions (bsc#1129770)
- commit 3261ce6
- backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
- commit 1e071a0
- Restore kabi after Revert "/NFSv4: Handle the special Linux file
open access mode"/ (git-fixes).
- commit 454c575
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- commit ae8eb8d
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- commit 1ab34f7
- blacklist.conf: misattributed
- commit 67e9964
- blacklist.conf: irrelevant in our config
- commit b67c63d
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- commit fba8723
- media: stkwebcam: fix memory leak in stk_camera_probe
(git-fixes).
- commit 93825c5
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
(git-fixes).
- commit 40501ef
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
(git-fixes).
- commit 451e148
- media: rc-loopback: return number of emitters rather than error
(git-fixes).
- commit cff83f4
- media: uvc: don't do DMA on stack (git-fixes).
- commit c3b7b8e
- media: videobuf2-core: dequeue if start_streaming fails
(git-fixes).
- commit dc1215d
- media: lmedm04: Fix misuse of comma (git-fixes).
- commit fdc42cf
- ovl: fix missing negative dentry check in ovl_rename()
(CVE-2021-20321 bsc#1191647).
- commit 3e23b63
- blacklist.conf: duplicate
- commit cf7be65
- blacklist.conf: cleanup
- commit 41d47c2
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
(bsc#1028340 bsc#1198825).
- commit 058dc1f
- rtl8187: fix control-message timeouts (git-fixes).
- commit 79977ac
- ath6kl: fix division by zero in send path (git-fixes).
- commit 4d7c95f
- ath6kl: fix control-message timeout (git-fixes).
- commit 77388d0
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- commit 4a06a7f
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- commit 85a369e
- libertas: Fix possible memory leak in probe and disconnect
(git-fixes).
- commit 3b6017c
- libertas_tf: Fix possible memory leak in probe and disconnect
(git-fixes).
- commit 966339e
- ath10k: fix max antenna gain unit (git-fixes).
- commit b33c09d
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- commit d0dc5a4
- mwifiex: Send DELBA requests according to spec (git-fixes).
- commit 1fdac31
- mwifiex: Read a PCI register after writing the TX ring write
pointer (git-fixes).
- commit 3308154
- b43: fix a lower bounds test (git-fixes).
- commit 1a2c981
- b43legacy: fix a lower bounds test (git-fixes).
- commit 12ea1d7
- blacklist.conf: optimization that breaks kABI
- commit 0b8cb68
- USB: usb-storage: Fix use of bitfields for hardware data in
ene_ub6250.c (git-fixes).
- commit 8485f85
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- commit e071cd2
- USB: serial: simple: add Nokia phone driver (git-fixes).
- commit 6cdbd34
- blacklist.conf: optimization
- commit efab6ed
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- commit 8306949
- blacklist.conf: no gadget mode in SLE12
- commit 6d57b76
- usb: ulpi: Call of_node_put correctly (git-fixes).
- commit 98c8547
- USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
- commit d42a2ba
- USB: Fix "/slab-out-of-bounds Write"/ bug in
usb_hcd_poll_rh_status (git-fixes).
- commit 7c8f2b6
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
(git-fixes).
- commit 6c78568
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race
(git-fixes).
- commit 62d7e13
- io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros
(git-fixes).
- commit 48bc31d
- mxser: fix xmit_buf leak in activate when LSR == 0xff
(git-fixes).
- PCI: iproc: Fix out-of-bound array accesses (git-fixes).
- PCI: Fix overflow in command-line resource alignment requests
(git-fixes).
- PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
(git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
- Refresh
patches.suse/PCI-qcom-Add-missing-reset-for-ipq806x.patch.
- PCI: Add device even if driver attach failed (git-fixes).
- PCI/switchtec: Read all 64 bits of part_event_bitmap
(git-fixes).
- commit 9f2996c
- SUNRPC: Handle low memory situations in call_status()
(git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
(git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
(git-fixes).
- fs/nfs: Use fatal_signal_pending instead of signal_pending
(git-fixes).
- commit 2cecf8b
- Refresh
patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
Update git-commit now that it has landed.
- commit 4e48858
- Update
patches.suse/drm-ttm-nouveau-don-t-call-tt-destroy-callback-on-al.patch
(bsc#1175232 bsc#1183723 CVE-2021-20292).
- commit 9708de1
- net-sysfs: call dev_hold if kobject_init_and_add success
(CVE-2019-20811 bsc#1172456).
- commit 5de8a61
- pahole 1.22 required for full BTF features.
also recommend pahole for kernel-source to make the kernel buildable
with standard config
- commit 364f54b
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748).
- commit 25ea790
- random: check for signal_pending() outside of need_resched()
check (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
(git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- commit 0ec1c9f
- blacklist.conf: blacklist compile fix for test routines
- commit 0cd9e6f
- blacklist.conf: add one ARCH_NOMADIK entry
- commit f5b6eaf
- Update
patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch
(bsc#1051510 bsc#1084513 CVE-2018-7755).
- commit 371ca37
- use jobs not processors in the constraints
jobs is the number of vcpus available to the build, while processors
is the total processor count of the machine the VM is running on.
- commit a6e141d
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit f3d608f
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit c2b5f0e
- scripts/run_oldconfig.sh: use pahole from dummy-tools if available (bsc#1198388)
Similar to other dummy-tools, use also pahole from dummy-tools, if it is
available. This makes the configs consistent on all distros, not
dependining on developers' version.
- commit a9e6b6c
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(bsc#1191958 CVE-2021-43389).
- commit 6296574
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect (CVE-2021-38208 bsc#1187055).
- commit 54aed86
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 01cc4ae
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803).
- commit e3bcaa0
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit ffb367f
- kABI fix for tcp: fix race condition when creating child
sockets from syncookies (bsc#1197075).
- commit fd09edb
- tcp: Fix potential use-after-free due to double kfree()
(bsc#1197075).
- commit ad52893
- tcp: fix race condition when creating child sockets from
syncookies (bsc#1197075).
- commit 6729a4f
- NFSv4: Fix a regression in nfs_set_open_stateid_locked()
(bsc#1196247).
- kabi fix for NFSv4: Wait for stateid updates after
CLOSE/OPEN_DOWNGRADE (bsc#1196247).
- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE
(bsc#1196247).
Adjust some kabi fixes to match.
- NFSv4.x recover from pre-mature loss of openstateid (bsc#1196247).
- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE
(bsc#1196247).
- NFSv4: Don't try to CLOSE if the stateid 'other' field has
changed (bsc#1196247).
- commit 639faa6
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- commit c63cb9b
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- commit 323e981
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- commit 9fa453a
- net/mlx5e: Reduce tc unsupported key print level (git-fixes).
- commit ccf2751
- Update
patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
(bsc#1198400).
- Update
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
(bsc#1198400).
- commit b81f481
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (bsc#1198413).
- commit 9eb132f
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit f836b54
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit b729b95
- Revert "/module, async: async_synchronize_full() on module init
iff async is used"/ (bsc#1197888).
- commit 23e6efe
- i40e: add correct exception tracing for XDP (git-fixes).
- commit 646c060
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure
(CVE-2021-20292 bsc#1183723).
- commit f1a5fa2
- i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
- commit eba7817
- blacklist.conf: misattributed in upstream
- commit d24b230
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- commit 49769d6
- blacklist.conf: cleanup, not a fix
- commit 7a11af1
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
(git-fixes).
- commit dc3e8da
- blacklist.conf: depends on intrusive updates
- commit 86c3906
- x86/speculation: Restore speculation related MSRs during S3
resume (bsc#1114648).
- commit 46f1ca5
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
commands (git-fixes).
- commit d81a725
- git_sort: Fix error message for patches missing Git-commit.
To reject unsortable patches from out-of-tree section patches without a
Git-commit that don't have Patch-mainline Submitted or Not yet are
rejected with an error message saying that this tag is not supported.
However, this is the case also for patches that have Patch-mainline
Queued or version which are missing Git-commit.
Add a separate error message for this case.
Fixes: eaff9bcc7268 ("/git_sort/lib: Only allow patches intended for mainline."/)
- commit 24354fd
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
- commit 3893e26
- fuse: handle kABI change in struct fuse_req (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit e67cd7e
- x86/pm: Save the MSR validity status at context setup
(bsc#1114648).
- commit 87c5893
- livepatch: Don't block removal of patches that are safe to
unload (bsc#1071995).
- commit 3b32a28
- fix parallelism for rpc tasks (bsc#1197663).
- Make the xprtiod workqueue unbounded (bsc#1197663).
- commit 8b97258
- Refresh
patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch.
Fix missplaced qdisc_put()
- commit 883b3be
- xen: fix is_xen_pmu() (git-fixes).
- commit bd40deb
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c99cc8
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit dd22f66
- xen: don't continue xenstore initialization in case of errors
(git-fixes).
- commit 6a9b916
- blacklist.conf: 1dbd11ca75fe ("/xen: remove gnttab_query_foreign_access()"/)
- commit 37fa08f
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
- commit c239ab7
- RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
- commit 986a537
- RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
- commit dacc35c
- RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
- commit f3ecb3d
- Update
patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
references (add CVE-2022-28356 bsc#1197391).
- commit 658b50e
- net: rtlwifi: properly check for alloc_workqueue() failure
(git-fixes).
- commit 3c2f34d
- blacklist.conf: dependency would break kABI
- commit 0dc5499
- mac80211: fix station rate table updates on assoc (git-fixes).
- commit 7c6c73d
- mt7601u: fix rx buffer refcounting (git-fixes).
- commit f6f3ca9
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit cfcccfb
- arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
- commit bbc565a
- arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
- commit 03dcd08
- arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
- commit a917d0c
- arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes)
- commit f170463
- arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
- commit b039486
- blacklist.conf: ("/arm64: defconfig: Re-enable bcm2835-thermal driver"/)
- commit e6a130b
- arm64: cmpxchg: Use "/K"/ instead of "/L"/ for ll/sc immediate constraint (git-fixes)
- commit 7722c1f
- arm64: relocatable: fix inconsistencies in linker script and options (git-fixes)
- commit 64d186d
- arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
- commit 310ed92
- arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
- commit 2bbad05
- arm64: fix for bad_mode() handler to always result in panic (git-fixes)
- commit 14351ce
- arm64: only advance singlestep for user instruction traps (git-fixes)
- commit cf205ee
- crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
- commit 3a20ee6
- scripts/python: Align with kbuild.
The port to python3 happened independently in kernel-source and kbuild
creating some source differences.
These differences cause problems with applying patches across different
repositories. Align the sources by removing trivial differences.
- commit 9796048
- qed: Enable automatic recovery on error condition (bsc#1196964).
- commit 2fdc961
- scripts/gitlog2changes: Fix parsing of GPG-signed commit
- commit a384f30
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- scripts: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit 2ea024c
- scripts/wd-functions.sh: fix get_branch_name() in worktree
Instead of using a hard-coded path for the git directory, use git
rev-parse with --git-dir flag, introduced since 0.99.7, to find the git
directory so branch name can be correctly detected while in git
worktrees.
- commit 283838a
- scripts/run_oldconfig.sh: Ignore PAHOLE_VERSION.
- commit c585f2b
- git_sort.py: Add bpf-next tree.
- commit a4d4ce2
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit b6d78fb
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
bsc#1198484)
Let's iron out the reduced initrd optimisation in Tumbleweed.
Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- git_sort: Fix error when sorted section is empty.
- commit 06a0c32
- MyBS.pm: support the password-store keyring
osc can use password-store via the Python keyring and password-store backend.
We can detect this configuration from its specific credentials_mgr_class
setting, and instead call the 'pass' command directly, similarly to the
secret-tool.
- commit 38694df
- README: Remove remaining traces of Novell
- commit fbc8e4e
- git_sort: tests: Fix warning about default branch
Since the version in SLE 15 git init prints this warning which is logged
in the test result:
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
The -b argument to git init to suppress this warning is not available on
git versions that do not print the warning.
pygit2.init_repository does not print this warning so use it instead.
- commit 873477c
- git_sort: tests: Fix quilt mode test on TW
The quilt mode test requires getopt which is no longer installed by
default.
- commit 2e0e020
- scripts/check-embargoed-bugz: git pre-push script for checking embargoed bugs
- commit f5044f8
- scripts/stableids: allow machine to be localhost
And do not attempt to ssh anywhere in that case.
- commit 2e223ff
- scripts/stableids: number more than 999 patches properly
I.e. pad enough number of zeros for patches count >= 1000.
- commit ecfeb07
- scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree
- commit ce56f17
- scripts/git-pre-commit: Detect empty patches.
- commit 616effa
- git_sort/lib: use correct class name for MutableSet
[BUG]
With latest python3.10, all git_sort scripts fails to start:
$ ./scripts/git_sort/series_insert.py
Traceback (most recent call last):
File "/~/btrfs/suse/kernel-source/./scripts/git_sort/series_insert.py"/, line 34, in <module>
import lib
File "/~/btrfs/suse/kernel-source/scripts/git_sort/lib.py"/, line 569, in <module>
class OrderedSet(collections.MutableSet):
AttributeError: module 'collections' has no attribute 'MutableSet'
[CAUSE]
From python3.3 and later, MutableSet needs to be referred using
"/collections.abc.MutableSet"/, instead of just "/collections.MutableSet"/.
After python3.9, the old compatible behavior seems to be removed, thus
causing above crash.
[FIX]
Try to import MutableSet from collections.abc first, if not found, then
try again from collections.
For v3.10 the first try should success, while on v3.4 I don't have any
system to test though. Hopes this would work.
- commit 5fedfe0
- git_sort: Use -next rather than -testing in gregkh/usb
- commit 7232b7b
- git_sort: Add driver-core repository.
- commit d7ae15d
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857)
For smooth migration with the former kernel-preempt user, kernel-default
provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- commit d292a81
- scripts/git_sort/git_sort.py: add Greg KH's USB repo
- commit bd0fd0c
- libata: add horkage for ASMedia 1092 (git-fixes).
- commit 1ec1df0
- scripts/osc_wrapper: fix issue where osc build cannot find git HEAD if
checked out branch is a worktree
- commit 14421cd
- test_series_sort.py: Also test submitted patch.
- commit 6a7dd95
- scripts/git_sort/tests: Update to current codestreams.
- commit 94b31df
- git_sort/lib: Only allow patches intended for mainline.
- commit eaff9bc
- check-patchhdr: Do not require Patch-mainline on kABI patches.
These patches are not meant to be submitted, anyway.
- commit b5822d2
- header.py: Reject Patch-mainline: No
This tag is deprecated. Never or Not yet should be used instead.
- commit 50efd72
- scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree
- commit 60ddeaf
- scripts/git_sort/git_sort.py: add gpio maintainers git tree
- commit 189ee55
- MyBS.pm: Do not use pool as suffix for QA repository.
- commit 1c60609
- MyBS.pm: Use pool repository when present.
The standard repository in SLE15 SP3 in OBS does not contain packages.
- commit a1fda61
- scripts/git_sort/git_sort.py: Update drm-next repo
- commit c36d95b
- scripts/bugzilla: report only active versions
Report only product versions that are marked as active. This makes
bugzilla-create work properly for products with inactive versions.
- commit ef0f3ae
- scripts/run_oldconfig.sh: pretend RUSTC doesn't exist
HAS_RUST and RUSTC_VERSION is set (or unset) depending if rustc exists
on a machine where run_oldconfig.sh is run. We don't want the config to
oscillate, so disable rust completely for the time being.
Don't use /bin/false, use nonsense like /nothing/nowhere instead. It
makes scripts/rust-version.sh NOT to scream about missing output.
If we ever want to support rust, we have to:
* introduce dummy-tools into rust world (there is no CROSS_COMPILE
before RUST currently)
* change ignored configs in rpm/check-for-config-changes
- commit 8149db0
- test-all.sh: Pass argument list to Python and make script executable
Improve the helper shell script:
- Pass command line options to python3 to allow things like "/-v"/.
- Set the executable bit, so it can be invoked directly.
- commit 7cc2bcf
- scripts/git_sort/git_sort.py: Add repo for Chuck Lever
Check Lever (aka "/cel"/) is co-maintainer for nfsd.
- commit 7d3e0dc
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 3bdd6db
- header.py: Fix unmatched prentheses.
Fixes: 65d0b2d07e8c ("/README, patch-tag-template, header.py: Abolish Novell and FATE (bsc#1189904)."/)
- commit ffde1c0
- README, patch-tag-template, header.py: Abolish Novell and FATE
(bsc#1189904).
- commit 65d0b2d
- scripts/sequence-patch.sh: Add --signing-key option
The --signing-key option allows the user to specify a certificate and key
to be used for module signing. Checks ensure that it can also be used
for signing the kernel for UEFI Secure Boot.
- commit d2affe4
- scripts: support gz and zst compression methods
Extend 95df98b61fde ("/scripts/supported-conf-fixup: recognize compressed modules"/)
for gzip and zstd compression.
- commit deab245
- run_oldconfig.sh: Also make scripts executable.
When new scripts ar added by a patch they are not executable after
sequence-patch.
- commit 17cad6a
- commit b70c29e
- Add dtb-microchip
- commit c797107
- MyBS: Fix the kernel-obs-build existence check.
- commit 9cd6187
- MyBS: Only wipe kernel-obs-build when it exists.
It does not exist for livepatches.
- commit ca3fae0
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
(git-fixes CVE-2021-4157 bnc#1194013).
- commit 957ab2c
- MyBS: Wipe kernel-obs-build after uploading a kernel.
kernel-obs-build is a subpackage of kernel-default built by repacking
kernel-default and is used for building other packages.
In development repositories it is possible that a broken kernel that
does not boot is uploaded, and when kernel-obs-build is built with the
broken content no packages can be built anymore in the QA repository
that uses the kernel-obs-build.
Wipe the kernel-obs-build binaries on upload so that stale broken
binaries don't remain. The package need to be rebuilt with the new
kernel binaries anyway so this does not cause useless rebuilds (unless
you reup-load same git revsion).
Alternative would be to create much more complex repository setup with
aggeregates which does not sound like it would save anything.
- commit c5a3108
This was accidentally merged into packaging rather than scripts as
kernel-source commit 65979e3c8b2d ("/scripts/git_sort/git_sort.py: add bpf
git repo"/).
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 3b45eef
- commit abd8982
- blacklist.conf: Add c420644c0a8f powerpc: Use mm_context vas_windows
counter to issue CP_ABORT
- commit e9d175b
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 6b8a8e7
- scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
- commit d3f1aea
- run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
- commit 2b68831
- scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
scripts/dummy-tools is a cross-toolchain from the kernel which
advertises support for _everything_ (on the toolchain side). Using
these, we obtain super-configs which are then reduced during build time
when real toolchain (like gcc, ld, ...) is used.
This allows us to drop the need for cross-compilers, specific versions
of gcc etc. This is always pain as run_oldconfig.sh ran on different
machines produces different configs.
- commit f1e7bc3
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- scripts/wd-functions.sh: add tar.gz base kernel tarball
Linux -rc snapshots are released as tar.gz files, add support for them.
- commit d4457f3
- git-sort: Update nvme repo branch.
- commit f005189
- scripts/python/check-patchhdr: explicitly prefer python3
Debian and OpenSUSE Tumblweed no longer have the /usr/bin/python
symlink, at least this is explained and spelled out on the Debian
Python Policy [0]. This guideline specifically requests that scripts
do not use `/usr/bin/env`, do not use `/usr/bin/python` and instead
use the exact version desired.
So do just that. Without this, you cannot use kernel-source and commit
changes without a warning of the python interpreter missing.
With regards to support to Python 2, some SLE release will simply have
a python2 script, and some releases for Python3. Release branches where
we have python 3 can opt-in to embrace this patch.
[0] https://www.debian.org/doc/packaging-manuals/python-policy/ch-python.html#s-interpreter
- commit a81b795
- scripts/tar-up.sh: remove -u from helptext
Fixes commit 3efbe774d5cfa0ced909811a7fc3fe16bffaf580
- commit 606be75
- commit 3233d64
- scripts/renamepatches: Add explanation.
- commit c7715af
- scripts/renamepatches: Tool for unifying patch filenames across
branches.
It often happens that different developers add patches under different
names to different branches. When the branches are merged the patches
are added twice instead of causing a conflict.
Renaming patches in advance in one of the branches makes merging much
more straightforwared.
- commit 0951065
- scripts/stableids: s/bnc/bsc/ and cleanup old versions
The current reference to be used is bsc, not bnc anymore. So update the
script.
And remove all discontinued stable versions.
- commit 193862b
- scripts/git_sort/git_sort.py: Add clock maintainer tree
- commit 5435172
- scripts/git_sort/git_sort.py: update SCSI and NVMe repositories
- commit 509f06e
- commit 793c656
- scripts: Support gnome_keyring for OBS connections
.oscrc may specify keyring= or gnome_keyring= directive to instruct us
obtaining the password from the local keyring. When only the latter is
specified we would fail to fetch the password. Fix this by handling
gnome_keyring= as keyring= too.
- commit c496909
- scripts/git-fixes: Import script from kbuild.
- commit 3e66f73
- scripts/git_sort/git_sort.py: add gitloite to k_org_prefixes
If you define in your gitconfig to use gitolite for accessing kernel.org
the scripts won't recongnise your remotes in $LINUX_GIT
Add gitloite support to k_org_prefixes
- commit 27af818
- scripts/run_oldconfig.sh: support setting config options with value
Existing -nco-* options for run_oldconfig.sh only allow adding/replacing
options with y or m values or disabling them but cannot be used to set
options which take e.g. a number or string as value.
Add new parameter -nco which allows setting a config option to an arbitrary
value, e.g.
./run_oldconfig -nco LOG_BUF_SHIFT=18
./run_oldconfig -nco DEFAULT_TCP_CONG="/cubic"/
- commit 9c449cf
- MyBS.pm: use secret-tool instead of custom script
secret-tool is available from the package of the same name under
Leap and Tumbleweed.
- commit d2378aa
- scripts/lib/SUSE/MyBS.pm: Fix uninitialized value.
- commit 47ccb93
- scripts/lib/SUSE/MyBS.pm: Support new style obfuscated password.
- commit 5f57bd3
- scripts: Simplistic keyring implementation for bs-upload-kernel
This adds a very simply PoC implementation for querying the keyring
for the OBS password. It's obviously not really secure, but still
better than storing the password in plain text or with trivial
encryption. I couldn't find a plain perl implementation of the
secretstorage protocol.
- commit 4bafc0a
- scripts/run_oldconfig.sh: Ignore CONFIG_CC_VERSION_TEXT
- commit e81b5cd
- git_sort: drop nvme repositories from the list
The nvme-5.8 branch has been rebased four times in three weeks so that
trying to manage nvme patches with git_sort means more harm than good.
- commit b382424
- scripts/lib/SUSE/MyBS.pm: update for OBS
Similar to 3ae8f5694d41...
- commit 54326bb
- scripts/lib/SUSE/MyBS.pm: Adjust basic auth realm for IBS.
- commit 3ae8f56
- scripts/run_oldconfig.sh: Ignore LD_VERSION in config.
- commit e3040fe
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e1a964f
- git_sort: update URL of net and net-next reporitories
With the introduction of Jakub Kicinski as co-maintainer, the official
URL of net and net-next trees was changed from davem/* to netdev/*.
The original URLs are preserved as aliases but let's switch to the
official ones.
Keeping the old URLs with lower priority so that git_sort can update
Git-repo tags and subsection headers without complaints about unrecognized
repository.
- commit 4457462
- scripts/git_sort/git_sort.py: add masahiroy/linux-kbuild.git repository
- commit 1ed2975
- scripts/git_sort/git_sort.py: Add ulfh/mmc
- commit 7febf5c
- scripts/supported-conf-fixup: support guards containing a dash
The script expects guards to contain only letters and digits (apart from
the leading '-' or '+'). As we are using "/+foo-kmp"/ style guards to mark
modules to put into an internal KMP, we need the script to expect '-'
characters as well.
- commit ce984f3
- scripts/git_sort/git_sort.py: add efi/next repository
- commit 5c191a3
- scripts/git_sort/git_sort.py: add linux-pinctrl repository
- commit 73604d8
- scripts/git_sort/git_sort.py: Add EDAC for-next queue
- commit e718107
- scripts/git_sort/git_sort.py: add thermal/linux.git to the repo list
- commit 84aca34
- scripts/git_sort/git_sort.py: add linux-ipmi repository
- commit 78b705e
- Remove git_sort tests for openSUSE-42.3 (EOL).
- commit d090435
- scripts/check-patch-blacklist: Exit gracefully if blacklist.conf is not present
- commit fe1be04
- scripts/osc_wrapper: make it work with osc >= 0.165
osc >= 0.165 by default tries to run services. This needs an .osc dir
and _project, _package, and _files in it. So disable running services as
we do not need them.
- commit 58db0dd
- scripts/stableids: handle new DRM commits tagging
- commit 4fec579
- scripts/log2: Add --amend option
This works similarly like git-commit --amend option, used for folding the
changes onto the commit HEAD. Unlike git-commit, this re-invokes
scripts/log and the changelog entry is completely refreshed, hence the
previous manual change in the log may be lost and need to be re-entered.
- commit 38eaa49
- Copy git-sort merge tool installation instructions to README.md
- commit 5596d4b
- scripts/git_sort/git_sort.py: Remove s390/linux.git for-linus
This branch no longer exists.
- commit c4479c2
- scripts/sequence-patch.sh: Add --dry-run option
It is often sufficient to check whether the patch series applies
without writing out the patched files.
- commit b999a1f
- scripts/git_sort/git_sort.py: Add device tree repository
- commit 3069f2e
- scripts/git_sort/git_sort.py: add dma-mapping repository
- commit bf870d0
- scripts: stableids, handle new pattern
They started using capital C in commit.
- commit dd41f26
- scripts/git_sort/git_sort.py: add arm64 repository
Delete no longer existing repository linux-mmots
- commit 2e5580a
- scripts/install-git-hooks: Fix spelling of git option --remove-section
- commit 19cc664
- git_sort.py: add soundwire repo.
- commit 99afd50
- git-pre-commit: Warn on blacklisted commits.
- commit 0dea234
- scripts/git_sort/git_sort.py: Add perf repository.
- commit 727e371
- Revert "/scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote"/
This reverts commit 061a324a9d93e90ad21e077b956ed3184203e3cc.
- commit 3373b12
- scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote
It doesn't exist (anymore).
- commit 061a324
- cripts/git_sort/git_sort.py add jejb/scsi repository.
- commit d1fd61a
- scripts/stableids: add dump_only option
This is useful for generating only SHAs. These are used for putting
stable patches into sorted section.
- commit 7669764
- scripts/stableids: add bnc for 5.3 kernel
There is a map of bncs for various kernels. SLE15-SP2 is based on 5.3,
so add the reference.
- commit 7650550
- commit 74150a8
- scripts/git_sort/git_sort.py:
- commit a6474a1
- git-sort: merge_tool: Catch parsing errors of patches from remote branch
Avoids unsightly python backtraces for problems such as a Git-commit id
which is not in LINUX_GIT.
- commit 1eef4e7
- scripts/sort_supported.rb: Script for sorting supported.conf
This script uses a heuristic that works on 99% entries.
There are two lines in current supported.conf that need adjustment in
comment to pass.
- commit 398394f
- scripts/supported-conf-fixup: recognize compressed modules
At the moment, just allow *.ko.xz in addition to *.ko. It would be nice to
make it respect COMPRESS_MODULES from rpm/config.sh but that would require
someone who does actually speak Perl.
- commit 95df98b
- git-sort: merge_tool: Preserve the order of patches when calculating "/added"/
When merging, the relative order of the patches added to the out-of-tree
section between the merge base and remote must be preserved. Previously it
was not, on the erroneous expectation that all added patches are
commit-sorted. Therefore, added patches (remote - base) in the oot
subsection were appended in shuffled order to the oot subsection of the
result.
- commit aa6b527
- scripts/run_oldconfig.sh: support rt partial debug config.
- commit e1353be
- scripts/git_sort/README.md: Update quilt-ks repository URL
- commit 03c796b
- commit 03c6291
- commit 6c1fcb9
- scripts/run_oldconfig.sh: Fix native config check in kbuild.
- commit 93c6080
- commit cbd56d5
- commit 629ccf3
- scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488)
The script assumed a remote named 'origin' exists. While this is true
for cloning a repo with default options, the name of the remote can be
easily changed. Also there can be more than one remotes.
Extend the script to exclude a branch named 'scripts' in all configured
remotes.
- commit b98fb06
- commit df44667
- scripts/git_sort/git_sort.py:
- commit f216f54
- scripts/guards: Add missing link.
- commit 9d16ecd
- commit c2096bb
- commit 3f9c688
- git_sort: add crypto maintainer tree.
- commit f74c585
- git-sort: tests: Use --no-gpg-checks in SLE12-SP2 Dockerfile
The updated SLE12-SP2 docker image uses a repo that needs --no-gpg-checks
for non-interactive usage.
- commit ce25676
- git-sort: qcp: Create subdir of quilt's .pc if needed
qcp.py creates a ~refresh file under a subdirectory of quilt's "/.pc"/
directory. If there haven't been other patches applied yet which are in the
same subdirectory (ex: "/patches.fixes"/), that directory does not exist.
This situation can also occur in other scenarios when using `rapidquilt`.
change qcp to create the directory if needed, instead of failing.
- commit 4f437ad
- commit 3d5eb00
- git-sort: README: Add information about how to report problems
- commit 332fdaa
- scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
- commit 3ef3587
- git-sort: Always explicitely handle a pygit2 import error
As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73
("/series_sort: Catch pygit2 import failure."/) is wrong; given that there is
no explicit installation step of the git-sort scripts and that they are
"/just there"/ in the kernel-source repository, every user-callable script
needs to check that the user followed installation requirements.
- commit 50602bd
- git-sort: Move mainline remote check to series_sort
git_sort can be used on any git repository. series_sort OTOH needs the
reference repository to be a clone of the mainline Linux kernel repository.
Move the warning accordingly.
Using the same rationale as in commit 6d67b1042a73 ("/series_sort: Catch
pygit2 import failure."/), the check is only in series_sort.py even though
other scripts like series_insert.py have the same requirement.
Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 6daf637
- git-sort: Move mainline remote check to series_sort
git_sort can be used on any git repository. series_sort() OTOH expects the
reference repository to be a clone of the mainline Linux kernel repository.
Move the warning accordingly and make it an error since further operations
would fail.
Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 9b0e07a
- scripts: git_sort: Warn about missing upstream repo
I've witnessed several people having misconfigured their remotes and
then calling sortig scripts on series.conf results in cryptic error
messages like:
> Traceback (most recent call last):
> File "/scripts/git_sort/series_sort.py"/, line 121, in <module>
> sorted_entries = lib.series_sort(index, input_entries)
> File "//home/mkoutny/suse/kernel-source-12-sp3/scripts/git_sort/lib.py"/, line 425, in series_sort
> for e in sorted(result[head].items(), key=operator.itemgetter(0))])
> KeyError: None HEAD
Add warning when the upstream torvalds/linux remote is not found to give
users a clue about the situation.
- commit 027d524
- scripts/sequence-patch.sh: fix --fuzz option
The --fuzz getopt long param was not accepting values.
- commit 0307fc9
- README: Adjust links to internal wiki.
- commit 2ee9bf3
- commit 52b5cf3
- commit 86af8b9
- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
- commit e19d62a
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- commit 4223e69
- scripts/bugzilla: use /usr/bin/python3 directly
/usr/bin/env python3 allows the first interpreter in $PATH to be use, which
can product unreliable results.
- commit 8296635
- scripts/python/suse_git/header.py: add jsc#w+-d+ for Jira references
With the upcoming switch to Jira for feature tracking, we need to teach
the checker about the new tag. Enforcement is still disabled.
- commit b7bee5d
- scritps/log2: add patch changes to index before running checks.
- commit 90691bf
- git-sort: series_sort: Make "/series.conf"/ the implicit argument
Similar to series_insert, "/series.conf"/ becomes the default file where to
read/write the patch series. In contrast to series_sort, if the input is
not a tty and no argument is specified, the old mode is preserved, which is
to behave as an stdin/stdout filter. This way, the original usecase of
piping all or a subset of series.conf lines through series_sort (for
example, in the method described in the script header) remains unchanged.
- commit a010ff5
- git-sort: quilt-mode: Fix git_sort.py path
Commit e5655f63f99c ("/git-sort: Remove tools not related to series_sort"/)
removed the "/git-sort"/ symlink but did not update quilt-mode.sh to use the
direct path to git_sort.py.
- commit 949d090
- scripts/git_sort/git_sort.py: add kvalo/wireless-drivers-next/master
- commit 46e9bdf
- git-sort: Handle new pygit2.discover_repository behavior
A consequence of pygit2 commit c32ee0c25384 ("/Now discover_repository
returns None if repo not found"/).
- commit 9ae2824
- tar-up.sh: do not copy files ending with ~
- commit 70993c1
- check-patchhdr: Remove "/slightly strange pattern"/
Make fuller use of the unittest API:
* use assertRaises when testing exceptions
* use assertEqual when testing for equality
* reorder arguments to (expected value, actual value) when testing for
equality, for more intuitive output in case of failure
* use unittest.skip instead of commenting out tests
- commit ba48e04
- git-sort: Add license text
- commit c7a1094
- git-sort: Remove tools not related to series_sort
Some scripts were copied over from the ksapply repository but are not
needed for git-sort, series_sort or quilt-mode. In preparation for moving
the series_sort code to its own repository, remove these scripts. They can
still be found in the ksapply repository:
https://gitlab.suse.de/benjamin_poirier/ksapply
- commit e5655f6
- scripts/sequence-patch.sh: Add --rapid option
It uses rapidquilt to apply patches.
- commit 7178c2c
- commit 8ce95c7
- scripts: Run pre-commit checks only once when splitting changes into multiple commits
Instead of repeating the series_sort check for each patch, we can do the
check once at the beginning, which saves time. Same goes for the other
checks part of the pre-commit hook.
- commit 0f98ccc
- run_oldconfig - crosscompile
- commit 98367ef
- scripts/log2: add --no-edit argument.
- commit 990531c
- commit 8592674
- scripts/lib/SUSE/MyBS.pm: new osc stores oscrc in .config
So enumerate both possibilities before giving up.
- commit cd4eb98
- scripts: use syncconfig instead of silentoldconfig where available
Since mainline commit 0085b4191f3e ("/kconfig: remove silentoldconfig
target"/), "/make silentoldconfig"/ can be no longer used. Use "/make
syncconfig"/ instead if available.
- commit 0d0454a
- git_sort.py: Add drm-misc-next to list of repos/branches
DRM fixes occationally go from drm-misc-next directly into linux-next
without the intermediate step of drm-next. Support for drm-misc-next is
required by several recent commits.
- commit 379ad30
- git_sort.py: Remove trailing whitespace
- commit c5e56ea
- scripts/series2git: Strip [PATCH] prefix in the subject line
This makes the commit a bit more similar to the original change.
- commit 3d0cc05
- Distribute git configuration in a versioned file
The kernel-source repository uses a script to set certain git config values
which are meant to be distributed to all users. This mechanism makes it
cumbersome to update these configuration values and eventually track their
history.
For security reasons, git does not have a way to implicitly include
configuration values in a repository's content. However, we can explicitly
include extra configuration values from a versioned file using the
"/include.path"/ configuration directive. Reuse the old mechanism to add this
directive (which should hopefully not need changes in the future) and
include the actual configuration values of interest to all users in a
separate file.
- extra-gitconfig:
- scripts/install-git-hooks:
- commit c8faf99
- Configure attributes using .gitattributes file
As stated in gitattributes(5):
Attributes which should be version-controlled and distributed to
other repositories (i.e., attributes of interest to all users)
should go into .gitattributes files.
Therefore, move the currently-used attributes to a .gitattributes file.
This is to support future changes to attributes.
The attributes in $GIT_DIR/info/attributes have precedence over
.gitattributes. Therefore, users who have run scripts/install-git-hooks
from a version predating this patch may have attributes in
$GIT_DIR/info/attributes that override the ones in .gitattributes.
Unfortunately, we are stuck with this blemish from the past and must
forever clean up the mess.
- .gitattributes:
- .gitignore:
- scripts/install-git-hooks:
- commit 668a353
- commit 097d8f0
- Update documentation wrt. Patch-mainline
Common practice is to set Patch-mainline to a Linux release tag. More
than 95% of all patches follow this convention. The remaining 5% have
been fixed accordingly in SLE15.
The documentation is inconsistent wrt. to the content of Patch-mainline.
In some places it refers to a release tag, in others it refers to a version
number. With this cleanup, documentation in scripts/ refers to release tags.
This change is a follow-up for commit 1d81d2699cd3.
- README: Update documentation wrt. Patch-mainline
Common practice is to set Patch-mainline to a Linux release tag. More
than 95% of all patches follow this convention. The remaining 5% have
been fixed accordingly in SLE15.
The README file is inconsistent wrt. to the content of Patch-mainline.
In some places it refers to a release tag, in others it refers to a version
number. With this cleanup, it refers to release tags everywhere.
This change is a follow-up for commit 1d81d2699cd3.
- commit 57b996f
- tar-up.sh: allow packaging multiple architectures.
tar-up.sh has -a option to generate package for a particular
architecture. Extend the -a option processing to accept comma separated
list of architectures. Also fix a bug with ppc64 selecting both ppc64
and ppc64le.
- commit 1d17b6d
- scripts/git_sort/README.md: Add update_clone.py documentation
- commit 2286fa5
- scripts/tar-up.sh: Don't package gitlog-excludes file
Also fix the evaluation of gitlog-excludes file, too
- commit 18a9758
- scripts: sequence-patch.sh: Use '_' to replace '#' charactor (bsc#1107937)
The pound char ('#') could cause kernel "/make prepare"/ failure if
toolchain contains latest automake (1.15).
"/make prepare"/ wil fail like:
$ LANG=C make modules_prepare
[snip]
CALL scripts/checksyscalls.sh
DESCEND objtool
HOSTCC /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep.o
HOSTLD /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o
LINK /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep
/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/.fixdep-in.o.cmd:1: *** missing separator. Stop.
make[4]: *** [Makefile:42: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o] Error 2
make[3]: *** [/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/build/Makefile.include:4: fixdep] Error 2
make[2]: *** [Makefile:52: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/libsubcmd.a] Error 2
make[1]: *** [Makefile:61: objtool] Error 2
make: *** [Makefile:1689: tools/objtool] Error 2
The cause is latest make will consider pound char as a separator.
Kernel has some fixes for it:
9feeb638cde0 ("/tools build: fix # escaping in .cmd files for future Make"/)
9564a8cf422d ("/Kbuild: fix # escaping in .cmd files for future Make"/)
But backporting those 2 fixes can't solve the problem if the kernel
path contains '#'.
Considering how common we name the branch using bsc#123456, it would
definitely cause problem if using some rolling release distributions.
Fix the $TAG variable by replacing the '#' to '_', so we won't need to
bother the problem.
- commit 4be920f
- commit b5a813e
- scripts/sequence-patch.sh: use kernel-azure instead of kernel-default
- commit c2c287e
- scripts/git_sort/qcp.py: Print info message on stdout
- commit 38de9a0
- git-sort: Run tests under SLE15
- commit a31a983
- git-sort: Run tests under openSUSE Leap 15.0
- commit 825f5ea
- git-sort: Update sle12-sp3 docker image name
name changed, most likely as a result of the recent changes to
registry.suse.de
- commit 678ee7d
- git-sort: Update openSUSE docker image names
The "/opensuse"/ project "/has been deprecated in favor of the opensuse/leap
and opensuse/tumbleweed images provided and maintained by the openSUSE
Project release team"/. [https://store.docker.com/images/opensuse]
- commit 7a9578c
- commit 8effdc9
- scripts/cvs-wd-timestamp: use UTC timezone
Do not respect users' time zone and use the predictable one. So that
when people upload a kernel (e.g. tar-up and osc_wrapper upload), the
time stamp makes no difference.
- commit 386cbe7
- scripts/git_sort/git_sort.py:
- commit 3ac5af6
- commit 17f9140
- commit 36a3f5c
- scripts: run_oldconfig.sh: pass $CC via $MAKE_ARGS
For some reason, "/make oldconfig"/ ignores CC environment variable so that
"/CC=gcc-8 make oldconfig"/ still uses default gcc. To actually use compiler
passed to run_oldconfig.sh by buildtest-kernel script, we need to pass CC
value as an argument to make, i.e. "/make CC=gcc-8 oldconfig"/.
If run_oldconfig.sh is run with CC set, add its value to MAKE_ARGS.
- commit 5672543
- scripts/git_sort/README.md: Add quilt-ks OBS repo key fingerprint
- commit 1b3ea9a
- scripts/git_sort/git_sort.py: add modules-next tree
- commit 9804f92
- commit 1cbf60e
- scripts/git_sort/patch.py: Fix patch writeback
The file must be truncated otherwise we have stray content from the former
patch leftover at the end of the file when the new patch is shorter.
- commit a597010
- scripts/git_sort/series_conf.py: Fix Patch parameter
Fixes: e68bd465cdc4 ("/git-sort: Rewrite Patch class to read bytes instead of str"/)
- commit 7674464
- scripts: Make sure hooks directory exists
When using git worktrees they have a separate git directory which does not
contain the 'hooks' directory by default. Let's create it when installing
hooks.
- commit 2905fbd
- scripts/git_sort/patch.py: Fix detection of patch header end
Consider linux commit 1e047eaab3bb ("/block/loop: fix deadlock after
loop_set_status"/), some lines from the log start with "/---"/ but do not mark
the end of the patch header. Fix the pattern matching to match what is done
in quilt.
Also add a test which triggers the issue.
- commit b710f8d
- scripts: ignore CONFIG_GCC_VERSION when checking for oldconfig changes
Since 4.18-rc1, "/make oldconfig"/ writes gcc version and capabilities into
generated .config. Thus whenever we build the package or run checks with
different gcc version than used to update config/*/*, check for "/outdated
configs"/ fails.
As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both
configs before comparing them. This way, the check won't fail unless run
with newer gcc which would add new capabilities. More robust solution will
require a wider discussion.
- scripts/git_sort/git_sort.py: Remove dead code
- commit 45100db
- scripts/git_sort/lib.py: Add some docstrings
- commit 271ab0a
- scripts: Support a bare LINUX_GIT
This was already tried in commit 130e61c098de ("/scripts/linux_git.sh:
support more dirs and bare repos"/) but it missed modifying all related
usages which hardcode "//.git"/.
- commit a6d98d2
- scripts/git_sort/git_sort.py: Support bare repository
get_heads() assumes that the repository has the default configuration of
fetch refspecs following `git clone`. This does not work if the user
modified the refspecs or used `git clone --bare`. Change get_heads()
to perform the transformation of the remote branch name into the local ref
according to refspec configuration.
- commit 56e8686
- scripts/tests/test_linux_git.py: Clarify tests
Each actual test case is moved to its own unittest case. This produces
clearer output.
- commit 9ce16e2
- Delete series.conf.
Commit 8c4b29dee8b2 ("/scripts/git-pre-commit: only sort series when
required"/) added an empty series.conf to the scripts branch.
- commit b6e9b17
- check-patchhdr: Use print_function instead of sys.stderr.write.
Commit 5ba62488b03 switched to using sys.stderr.write(), but the right
way to do prints with python 2/3 compatibilty is to import
print_function and use print().
- commit 653e07e
- git-sort: Rewrite Patch class to read bytes instead of str
Some patches contain characters from multiple encodings, for example a
backport of commit 395072592e8e ("/drm/i915: broken copyright encoding in
intel_bios.c"/). Reading those files in text mode triggers a
UnicodeDecodeError. Therefore, read patch files as bytes and convert the
header only to str. At the same time, the constructor is simplified to
accept only a stream.
- commit 0c3fcd6
- check-patchhdr fix error printing on python2.
- commit 5ba6248
- scripts: scripts/log should work with python2.
- commit 3a12a82
- git-sort: Handle empty Git-commit tags
Although rejected by the current check-patchhdr, some old patches still
have such invalid tags.
- commit 3b4c077
- scripts/git_sort/update_clone.py: Support modifying remotes in an existing repository
- commit ced4b81
- scripts/git_sort/git_sort.py: Use Repository.remotes instead of parsing config
- commit 93be9e4
- scripts/bugzilla-create: fix usage header
The usage header specified BUGIDs for the arguments when it expects
patch files.
- commit 791c922
- scripts/bugzilla-create: skip 'unspecified' version
Some products provide an 'unspecified' version name in the list of versions
but it can't be used to file a report. Let's skip it.
- commit d7a9adc
- scripts/log2: splice_series: Use cat to echo all remaining lines
The "/after patch"/ state echoes all remaining lines from the old series
without any possible state change. Instead of reading line by line, use the
more efficient `cat`.
- commit f6fb30c
- scripts/log2: Fix splice_series when adding two consecutive sections
Currently, if adding two new sections back to back, when doing
splice_series for the patches in the first section, they will be followed
by all of the added whitespace lines, including the ones that followed the
second section. That's unsightly. Stop echoing added whitespace lines once
a new non-empty line is encountered.
- commit dae2e83
- scripts/git_sort/git_sort.py: Support libgit/pygit2 0.27
With the update to libgit 0.27, pygit2 returns Repository Config elements
ConfigEntry instances instead of plain str as before. Introduce an
adaptation layer to support both old and new interfaces.
- commit f170315
- scripts/log2: Fix argument passing to splice_series
Multiple users reported seeing the following error
Error: new series does not contain all lines from old series.
after commit 4a3b64a07ab6 ("/scripts/log2: Improve automatic series.conf
modifications"/).
Reproduction seems to depend on the bash version; it occurs on SLE12-SP3
with 4.3.42 but not on tumbleweed with 4.4.19. The problem is caused by the
fact that `read -r -u 4 new` in splice_series reads the entire content of
$new_series as one line. $new_series is passed as a here string on file
descriptor 4, `4<<<$new_series`.
According to bash(1) for version 4.3.42, "/Pathname expansion and word
splitting are not performed."/ for here strings. However, it appears like
word splitting might be for certain invocations (not all, for reasons I
don't understand). Work around the problem by replacing the here string
with a simpler construct.
Referenches: bsc#1094120
- commit 5845ab1
- git-sort: merge_tool: Fix handling of moved patches in remote branch
Patches that have changed subsystem section between the base and remote
refs must be processed in upstreaming mode because their new git-repo tag
after the merge will not match their old section in series.conf from the
local ref.
References: bsc#1093777
- commit b806cf0
- scripts/git_sort/tests/test_series_insert.py: Make it executable, like other tests
- commit ecd3542
- scripts/git_sort/series_conf.py: Document pygit2 dependency avoidance
- commit ac02a72
- scripts/git_sort/sequence-insert.py: Udate doc to reflect path change
The scripts have been merged in kernel-source and are no longer part of a
separate "/ksapply"/ repository.
- commit 597c570
- scripts/git_sort/clone_all.py: Combine --no-tags option
- commit 5c06131
- scripts/sequence-patch.sh: update supported.conf parsing (fate#319339)
+*-kmp is a valid guard that should results in a module being flagged
as supported. This clones the logic from the spec file to reflect that.
- commit d897f77
- scripts/python/check-patchhdr: Port to python3
- commit 4e62ede
- scripts/git_sort/README.md: Update according to the new --upstream option
- commit 18d4825
- scripts/osc_wrapper: fix argument swap
- commit 511c395
- commit 94752b1
- scripts/tests/lib.py:
- scripts/tests/test_log2.py:
- scripts/log2:
Add splice_series() tests. Coverage is measured using kcov:
https://github.com/SimonKagstrom/kcov
- commit 82873ff
- scripts/log2: Improve automatic series.conf modifications
When multiple patches are added at once and individual commits are created
automatically, the modifications to series.conf are split into individual
changes that add one new patch line each. Currently, all new comments and
empty lines are added along with the first patch. Change scripts/log2 so
that the comments preceding a patch and the whitespace lines following it
are added together with the patch.
- commit 4a3b64a
- scripts/git_sort/series_conf.py: Update pipe workaround for python3
The workaround needs to be updated after the migration from python 2 to 3.
Use the solution described here:
https://stackoverflow.com/questions/26692284/brokenpipeerror-in-python
https://bugs.python.org/issue11380
- commit c45b3a2
- bs-upload-kernel: build klp_symbols when supported.
cherry-picked from kbuild
- commit aa873d6
- scripts/git_sort/clone_all.py: Add a script to setup a repository with all remotes from git_sort
- commit 55a1366
- scripts/git_sort/git_sort.py: Fix Head uniqueness check
- commit 7c5bc66
- scripts/git_sort/git_sort.py: Fix remote list
- commit 64ee72a
- git-sort: Add option to control movement of patches between subsystem sections
Currently, a valid ordering in series.conf may become outdated after a
subsystem repository is merged into an upstream repository. At that point,
a series.conf which passed the validation check in the past would no longer
be accepted because, for example, patches in the "/net"/ section should move
to the "/mainline"/ section. This means that users often have to first
refresh the ordering in series.conf to reflect upstream changes before
adding new patches. In order to reduce the burden on users, make it the
default that patches will remain in their current subsystem section unless
it is explicitely requested to move them to upstream sections. This should
effectively accept an outdated but once-valid ordering.
- commit cb21f89
- git-sort: Ignore empty input lines
- commit 51f0b86
- git-sort: Encapsulate indexed commit information in a sortable object
This eases the comparison and sorting of commits from different heads.
- commit 3959932
- sequence-patch: just exist if there is no config.sh
- commit 7ae9881
- git-sort: Fix compatibility with old `comm`
Certain distro releases have an older `comm` which doesn't support the
"/--total"/ option. Use a trivial workaround. Also add tests for
pre-commit.sh, including one which triggers this problem.
- commit 52e4510
- git-sort: Fix interpreter
- commit c6628e6
- git-sort: Extend series_sort tests
... and fix related issues.
- commit 535548a
- git_sort.py: remove duplicate remote.
- commit e5476dc
- scripts: add bugzilla-create and bugzilla-resolve scripts
bugzilla-create will accept a list of one or more patches, and
for each one:
- create bugzilla reports with the patch subject as the summary
- update the patch References tag to contain the new report ID
- attach the patch to the report
- assign the bug to the reporter
bugzilla-resolve will accept a list of one or more bug IDs and resolve
them as FIXED with an automated message indicating they have been
committed to the kernel git repo.
Use of either requires that the user set up a ~/.bugzillarc as documented
in the scripts/bugzilla-create help or attempts to create bug reports
will fail with authorization required errors.
- commit 3dff52c
- commit de89c2b
- scripts/git_sort/git_sort.py: Handle unsupported cache db format
The upcoming python3 port will introduce two changes to the database format
used for the cache: the default database format of python's "/shelve"/ module
changed from bdb to gnu dbm and the default protocol version of the
"/pickle"/ module changed from 0 to 3.
python2 only supports the gnu dbm format if the gdbm module is available.
python2 does not handle pickle protocol version 3. In case a user runs the
python3 version of git-sort and then runs the python2 version again, the
cache file will be unreadable. Handle that situation explicitly by
rebuilding the cache.
If this commit is not available, the alternative workaround is to delete
the cache file manually (typically under ~/.cache/git-sort).
- commit 15bd1c2
- commit 17db4b8
- scripts/git_sort/git_sort.py:
- commit bfef53d
- git-sort: pre-commit: Don't specify series.conf path relative to scripts
commit hooks run from the root of the working tree in a non-bare repository
(according to githooks(5)). Therefore, the path to series.conf can be
specified relative to that root. This change also allows to run the scripts
from an alternate location during development.
- commit b87f537
- git-sort: pre-commit: Run if sorted patch files have changed
Previously we would run the checker script only if the sorted section of
series.conf had changed. However, a commit could render the sort invalid by
making changes to the tags of a patch that is in the sorted section but no
changes to series.conf. Therefore, check the sorted series and the patches
that it contains if either have changed.
- commit 9ea0831
- git-sort: series_conf: Add a mode to print names only
Print patch file names from the sorted section without comments or empty
lines.
- commit 58b9d36
- git-sort: Extend series_insert.py test to trigger an error
adds a test which triggers the problem fixed in commit 4c26c132dc7b
("/scripts/git_sort/series_insert.py: Fix exception names"/)
- commit 21902a2
- git-sort: Add a test of series_insert.py
- commit 25ab285
- git-sort: Factor out test code to write patches
- commit 39e1be1
- scripts: Allow excluding commits in changelog
For ignoring superfluous commits appearing the changelog, add a
capability to scripts to ignore the given commit list.
User can put the commit IDs in rpm/gitlog-excludes file so taht
tar-up.sh will ignore them.
- commit 2d24811
- scripts/git_sort/series_insert.py: Fix exception names
After factoring out exception classes, series_insert.py was not
updated.
Fixes: 9ad1206cfd3a45dc0f7825d0f93053a9fd9fb07e
- commit 4c26c13
- scripts/git_sort/pre-commit.sh:
- scripts/git-pre-commit:
Refine the sorted section check
Because series_sort.py has some dependencies (namely pygit2), avoid running
it unless there was a change in the sorted section.
- commit 27a0058
- git-sort: Factor out series.conf splitting
- commit 9e149fc
- git-sort: Factor out exception classes
- commit 9ad1206
- scripts/git_sort/merge_tool.py: Update tags
merge_tool can create an invalid series.conf (example in merge commit
3e43fe0554). It may move patches to upstream repositories sections in
series.conf but it does not update the Git-repo tags in those patches
accordingly. Fix that problem. Also explicitely `git add` those modified
patches to make sure that they end up in the merge commit.
- commit 7b8db07
- git-sort: Add Dockerfiles to run tests under different OS releases
- commit eef6cac
- commit f41d7e5
- commit e4a7aa9
- git-sort: Catch some simple error cases
.. and print formatted error messages instead of python backtraces.
- commit 4f82790
- git-sort: Use a consistent variable name for subprocess results
- commit a240443
- git-sort: Add merge_tool test
- commit a426acf
- git-sort: Port to python3
Most of the changes are related to subprocess calling, encoding and str vs.
bytes.
- commit 600ead2
- git-sort: Replace __cmp__ operators
In Python 3 the support for __cmp__() has been removed.
- commit 404509f
- Revert "/scripts/osc_wrapper: fix quoting of osc define"/
This reverts commit ac17e1f7e8d084b86ee7094833db7f9fce9bc503.
Apparently the quoting level is different depending on how you build :/
- commit e08c406
- git-sort: Fix tag parsing for describe()
Fix the following traceback:
File "/./scripts/git_sort/series_sort.py"/, line 123, in <module>
lib.update_tags(index, to_update)
File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/lib.py"/, line 454, in update_tags
patch.change(tag_name, index.describe(entry.cindex))
File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/git_sort.py"/, line 516, in describe
if self.version_match.match(tag)]
AttributeError: '_pygit2.Commit' object has no attribute 'get_object'
It happens when there are lightweight tags formatted like release tags (ex:
v2.6.13.4).
- commit cf4f000
- git_sort: Add an alias of linux.git
- commit 5aa06b0
- commit e89e2b8
- scripts/git_sort/merge_tool.py: Catch `merge` execution failure.
Print a verbose error message.
- commit b9651cd
- git_sort: add remotes from SLE15
- commit f433a01
- scripts/git_sort/merge_tool.py: Update instructions.
Since the git-sort scripts have been merged in the kernel-source
repository, the path can be stated in an unambiguous way.
- commit 6e10fbf
- commit dd15feb
- Relax checks on xen patches.
- commit b3a11cb
- commit 1134911
- git-sort: lib: Fix handling of workdir with no patches applied.
- commit b1c58cb
- git-sort: lib_tag.sh: Limit the attribution tags that are recognized.
limits the attribution tags that are recognized to the ones accepted by
check-patchhdr.
- commit bc6beb7
- git-sort: qdupcheck: Fix handling of workdir with no patches applied.
- commit 4aa2f24
- git-sort: tag: Trivial, use specialized function.
- commit 6573793
- git-sort: qgoto: Fix handling of workdir with no patches applied.
- commit 375c498
- git-sort: Fix splitting of series.conf
If "/before"/ and "/after"/ have the same content (for example, empty), the
assertion would inappropriately trigger.
Also flush remaining comments and whitespace buffers.
Add a related test.
- commit 3e2b4fa
- git-sort: series_sort: Fix error message when the sorted subsection is absent.
... and add a test that triggers it.
- commit 9602358
- scripts/osc_wrapper: fix quoting of osc define
- commit ac17e1f
- git-sort: Fix SortIndex interface to repository heads.
A few library functions assume that they can access the repo_heads from
index.repo_heads. Restore that attribute and add a basic test of
series_sort which catches this problem.
Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 6a71e74
- git-sort: Fix cache rebuild condition.
Currently, when "/-d"/ gives the expected information that the cache will not
be rebuilt, `git sort` still rebuilds the cache. Fix this problem and add a
test to catch it.
Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 7b8b987
- git-sort: Check cache integrity
References: bsc#1078216
- commit bcc8a71
- git-sort: Add cache tests
- commit f888ef7
- git-sort: Encapsulate cache management in an object.
moves cache management code out of the SortIndex and avoids instantiating a
SortIndex when running in the dump mode.
- commit 2c7d8e4
- git-sort: Factor out functions to read local repository.
moves repository reading functions out of the SortIndex. Those functions
are not closely tied to the index and moving them out will ease
refactoring.
- commit 587a8d2
- git-sort: Extend unit test with (fake) Linux repository.
Add a basic test of the sorting functionality.
- commit 5dd770a
- git-sort: Control quilt configuration.
Some scripts parse the output of quilt. However that output can change
depending on certain quilt options. This, in turn, breaks some expectations
of the scripts. Fix this by specifying which configuration quilt should use
when its output will be parsed.
For example, qgoto assumed that the output of `quilt top` begins with
"/patches/"/ but that depends on the QUILT_PATCHES_PREFIX configuration
variable.
- commit 79b5128
- scripts/install-git-hooks: Use /bin/bash when creating new pre-commit hook
Commit c8a5532f3db3 ("/scripts/*: Set /bin/bash explicitly"/) already
explicitly set all shebangs to point to /bin/bash since the majority
of the scripts are using bashisms. However, it missed the shebang that
is created by install_snippet() function in install-git-hooks. This
commit makes the printed shebang also point to /bin/bash.
This fixes a failure due to scripts/git-pre-commit having a /bin/bash
shebang, but being sourced from .git/hooks/pre-commit, which in turn
uses /bin/sh, essentially ignoring the shebang of the git-pre-commit
script.
This will apply to newly installed hooks.
- commit 7c8b438
- scripts/git_sort: fix Patch-mainline generated for untagged mainline commits
For patches with commit id in mainline but not tagged yet, git_sort.py
generates Patch-mainline referring to next expected tag. If latest mainline
tag is an RC, e.g. 4.15-rc7, it generates text like
Patch-mainline: v4.16 or v4.15-rc8 (next release)
but it should be
Patch-mainline: v4.15 or v4.15-rc8 (next release)
Fixes: 7dce3df8966c ("/Make series_sort and commit check work together."/)
- commit 4f08653
- commit e85eac6
- commit b2e262e
- commit afc2448
- commit 2364997
- commit 2f6a084
- commit 6d67b10
- scripts/git_sort/lib.py: Suppress quilt output in check_series().
In particular, this fixes garbage output when running qgoto.py before the
series file has been swapped.
- commit 5574911
- commit 70729dd
- git_sort: Check for a tag's presence when changing it.
Its absence would indicate an improperly tagged patch.
- commit 0acd905
- scripts/git_sort/qcp.py: Fix function call with wrong arguments.
One of the calls to Patch.get() was not properly changed when updating from
tag_get().
Also throw in a comment fix for the related function.
Fixes: c089092e7d98 ("/git-sort: Encapsulate patch tag operations in an object."/)
- commit 442047d
- scripts/git_sort/git_sort.py: add more networking remotes
pablo/nf.git netfilter fixes for net
pablo/nf-next.git netfilter patches for net-next
horms/ipvs.git IPVS fixes for net
homes/ipvs-next IPVS patches for net-next
klassert/ipsec.git IPsec fixes for net
klassert/ipsec-next.git IPSEC patches for net-next
- commit daa89da
- scripts/git_sort/clean_header.sh: Explicitely handle an error.
The code to determine the remote url for a commit may fail without any
output. Add a message for this common error scenario.
- commit 2d3beda
- scripts/git_sort/series_insert.py: Catch an exception for nicer output.
- commit 0d59b48
- scripts/git-pre-commit: only sort series when required
The series file only needs sorting when a patch or the series.conf
file have changed. We can skip sorting if there is nothing to do.
- commit 8c4b29d
- scripts/git-pre-commit: make series sorting configurable by branch
Since we don't want to sort the series on every branch, we should
make that configurable. Adding "/SERIES_SORT=yes"/ to rpm/config.sh
will enable it.
- commit 9e192a4
- scripts/log2: actually invoke scripts/check-patch-dirs
The previous commit added scripts/check-patch-dirs but didn't actually
invoke it as indicated in the log message.
- commit 23674da
- scripts/check-patch-dirs: enforce adding patches only into proper dirs
The master and stable branches now only allow patches in patches.suse,
patches.kernel.org, patches.rpmify, and patches.kabi.
scripts/check-patch-dirs will check the branch and ensure that patches
being added or modified are only allowed in the directories listed
above. It will be invoked automatically via scripts/log2.
- commit 77b939d
- Make series_sort and commit check work together.
- commit 7dce3df
- scripts/git_sort/git_sort.py: Add some remote heads.
According to current patches in SLE15.
- commit 131a901
- scripts/git_sort/git_sort.py: Remove linux-next from remotes.
As pointed out by Vlastimil, linux-next is not even good for patches from
akpm:
Using linux-next commit id's for akpm's mmotm tree is almost
certainly wrong, because they unique to next-$DATE snapshot, and on
the next day the commit id will be different. It will also never be
merged into mainline with the same id.
- commit 4809ebe
- scripts/git_sort/git_sort.py: Add some remote heads.
According to patches currently found in SLE15.
- commit a3e6d3f
- scripts/git_sort/git_sort.py: Move linux-next at the end of the remote list.
- commit 3a30505
- scripts/git_sort/git_sort.py: add s390 maintainer tree
- commit 58f8a70
- scripts/git_sort/lib.py: Only set cindex when it matches with dest_head.
Consider a patch which is in the section for a remote head that is not
available locally and the commit from that patch is found in another remote
head which is available locally and is sorted as downstream from the
current one.
In that case (commit found, repo not indexed, patch moved downstream, good
tag), self.cindex is set to a value relative to a different head ("/head"/)
than self.dest_head ("/current_head"/). This leads to an exception in
series_sort().
- commit 28ae23c
- scripts/git-pre-commit: Check the content of the series.conf sorted section.
- commit 869e9a9
- scripts/git_sort/git_sort.py: Clear environment before running git.
Otherwise we run into trouble when running git_sort as part of a git commit
hook.
- commit a0f314d
- README: Add information about sorted patches section of series.conf
- commit 636f808
- scripts/git_sort/series_sort.py: Pass --check if there is no sorted section.
- commit 270922f
- scripts/git_sort/README.md: Add information about series_insert.py
- commit ad9a342
- scripts/git_sort/lib.py: Rewrite Git-repo tag when patch moves upstream.
The first change is cosmetic since in that branch head == current_head.
The second change fixes a (copy/paste) bug.
These two branches now contain the same code. Leave them separate
nevertheless for clarity (with the comments).
- commit fe1fe99
- git-sort: Add a script to insert new entries in series.conf.
Specifically, to add new patches to the sorted section of series.conf.
- commit 089b4ef
- scripts/git_sort/lib.py: Rewrite Git-repo only if it differs.
An entry may move upstream but already have the target Git-repo tag. This
will happen if a series.conf line is moved to the "/out-of-tree"/ section to
be resorted. Currently, if the Git-repo is not in the canonical (git://)
form, the tag value will be needlessly rewritten.
- commit 0ac6457
- Revert "/scripts/linux_git.sh: support more dirs and bare repos"/
This reverts commit 130e61c098de9f6c49d36a9210ecc5d5b7758c47.
This breaks user branch builds.
- commit d76dbca
- commit 9f5c189
- scripts/linux_git.sh: support more dirs and bare repos
linux-2.6 was used only for historical reasons. New clones put
theirselves to "/linux"/. Or even to "/linux.git"/ when only a bare
repository is created. So walk over all these and pick the right one.
- commit 130e61c
- scripts: Factor out function to determine mainline Linux git repository path.
- commit 842e04c
- git-sort: Factor out function to determine scripts path
- commit 02a6641
- scripts/series2git: skip expanded stable patches.
- commit 79c578b
- scripts/git_sort/lib.py: Automatically try to replace series.
The modified quilt (described in scripts/git_sort/README.md) replaces the
stock "/series"/ file with a symlink to series.conf when any command is run
from a kernel-source expanded tree.
If we detect that this replacement has not been done, instead of directly
erroring out, first try to run a simple quilt command so that the
replacement takes place.
- commit 1a7c329
- scripts/git_sort/git_sort.py: Fix != comparison of RepoURL objects.
__cmp__() needs to be implemented.
- commit 7b51a6e
- git-sort: Update Git-repo tags.
Patch tags are updated when a patch is moved to a new section or a tag is
outdated. Note that this only happens when the respective commit is found
locally.
- commit 79c65c9
- scripts/git_sort/lib.py: Remove section headers from series header.
Currently, if there is no mainline section, the first thing that will be
found inside the sorted patches section is a section header like
"/# out-of-tree patches"/. It will be considered to be a comment that's part
of the series header ("/# sorted patches"/). Change series_header() to filter
out such section headers.
- commit 455039b
- scripts/git_sort/lib.py: provide LINUX_GIT fallback.
This is same as previous scripts do (see scripts/wd-functions.sh)
- commit edc5eca
- scripts/git_sort/git_sort.py: Introduce describe() function.
It is similar to `git describe --contains` while restricting the result to
the mainline linux tags corresponding to releases and release candidates
(rc).
- commit 0abe03a
- scripts/git_sort/git_sort.py: Fix an erroneous reference to a global variable.
- commit 2811919
- git-sort: Set cwd when calling git.
avoids repetitive code
- commit 3611e1d
- git-sort: Encapsulate patch tag operations in an object.
This allows a single read of the patch file, multiple operations (read and
write) followed by a single write.
- commit c089092
- commit e814cbe
- scripts/git_sort/git_sort.py: Recognize repository urls that don't end with .git
It is possible to clone from a URL while omitting the suffix "/.git"/.
- commit 439e8ef
- scripts/git_sort/lib.py: Group related code together.
There should be no difference in "/object"/ code.
- commit a1e71a3
- scripts/git_sort/lib.py: Remove unused function.
- commit 8a0c736
- scripts/git_sort/git_sort.py: Update remote list according to currently in-use remotes
- commit 5d61b5f
- git-sort: Get commit information from git-sort index
Currently, we assume that a commit can be sorted if it is found in the git
repository. However, this assumption is wrong because some commits are not
indexed (not reachable from one of the (url, branch) pairs in "/remotes"/).
These commits end up in the "/unknown/local patches"/ section. Moreover, we
determine the Head for a commit by matching the content of the Git-repo tag
to a reverse map of the urls in "/remotes"/. This artificially limits us to a
single branch per url in the Git-sort index.
This patch changes from_patch() to use the git-sort index to determine if a
commit can be sorted. If the commit is found, the Head for a patch is
determined using the git-sort index information. If the commit is not found
(because its respective subsystem repository is not available locally), we
rely on the section comment in series.conf. The Git-repo tag is ignored.
- commit 1a4488a
- scripts/git_sort/lib.py: Extract some constants
- commit 21e1549
- scripts/git_sort/git_sort.py: Make Head objects comparable.
If "/remotes"/ is properly sorted, this allows to determine is one Head is
the upstream of another.
- commit 8d50e81
- scripts/git_sort/git_sort.py: Parse abbreviated url without extension.
This is the format output by RepoURL.str()
- commit 16928c0
- git-sort: Encode local/virtual head urls using None.
- commit 2056d71
- scripts/git_sort/git_sort.py: Add a function to lookup a commit.
- commit 544f5d0
- git-sort: Store history as a dict of indexes.
.. instead of a list of commits. This new structure is faster to look up if
a commit was reached from a head.
- commit e8d72dd
- scripts/git_sort/git_sort.py: Avoid a dual personality history
Since commit 897bbc34bdb7 ("/git-sort: Encapsulate repo url and branch name
into objects"/) history will either be a plain dict or an OrderedDict
depending on whether it comes from the cache or get_history(). Always use
an OrderedDict.
- commit e8e47be
- scripts/git_sort/series_sort.py: Introduce --check option.
This mode does not modify the series file but reports via exit status 2 if
the series is not sorted. It should be helpful in implementing a commit
hook.
- commit 9dd4e1b
- scripts/git_sort/git_sort.py: Disambiguate remote revision.
avoids ambiguity in case there is a local branch or tag with a name that
conflicts with the remote.
- commit e57d843
- scripts/git_sort/git_sort.py: Recognize http protocol for kernel.org
As reported by Oliver Neukum, git repositories hosted on kernel.org are
also available (via redirect) from http.
- commit 720a01f
- commit 22da616
- commit 2a6898e
- scripts/git_sort/lib.py: Give some advice in error message.
- commit 32b858b
- git-sort: Encapsulate repo url and branch name into objects
This fixes the fact that alias urls for the same repository (ex: via git://
or https:// protocol) were no longer recognized as such.
- commit 897bbc3
- git-sort: Introduce cache version
to support updating from older format.
- commit 4f1bbbb
- git-sort: Encapsulate sorting logic into an object
This allows initializing the cache once and then making repeated calls that
consult it.
- commit 76bf0ca
- scripts/git_sort/lib.py: Fix format string
Fixes: ksapply.git 1714bbedc549 ("/Preserve order and name of unavailable subsystem sections"/)
- --
lib.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib.py b/lib.py
index c5e7d8f..e8bb65d 100644
- -- a/lib.py
+++ b/lib.py
@@ -340,7 +340,7 @@ def get_url_map():
for canon_url, branch_name in git_sort.remotes:
if canon_url in result:
raise KSException("/URL mapping is ambiguous, "/%s"/ may map to "/
- "/multiple head names"/)
+ "/multiple head names"/ % (canon_url,))
result[canon_url] = git_sort.head_name(canon_url, branch_name)
return result
- -
2.14.2
- commit fc35d7f
- scripts/git_sort/lib.py: Remove printing of leftover subsystem entries
There should be no more of those after ksapply.git c4dea303ad73 ("/Error out
when trying to series_sort a patch from a repo that is not indexed"/)
- commit 29ae46a
- scripts/git_sort/git_sort.py: Catch some exceptions.
... to make the output less scary for users.
As in lib.py, GSException is for internal errors (in the git_sort code) and
GSError is for external errors.
- commit e8de5e6
- scripts/git_sort/git_sort.py: Give some advice in error message.
- commit 5aee432
- No more icecream.
- commit 04a66b3
- scripts/git_sort/lib.py:
Update marker for the end of the sorted section. "/Wireless Networking"/ will
not always follow the sorted section.
- commit d0e0545
- git-sort: Add more remote heads
Contributed by Jiri Kosina <jkosina@suse.cz>
- commit 785f657
- scripts/series_sort.py:
- scripts/git_sort/README.md:
- scripts/git_sort/lib.py:
- scripts/git_sort/quilt-mode.sh:
Make required adjustments for flattened directory structure.
- commit 62c6754
- scripts/git_sort/README.md:
- scripts/git_sort/armor_origin.sh:
- scripts/git_sort/backport-mode.sh:
- scripts/git_sort/check_missing_fixes.sh:
- scripts/git_sort/clean_conflicts.awk:
- scripts/git_sort/clean_header.sh:
- scripts/git_sort/git-f1:
- scripts/git_sort/git-overview:
- scripts/git_sort/git-sort:
- scripts/git_sort/git_sort.py:
- scripts/git_sort/ksapply.sh:
- scripts/git_sort/lib.py:
- scripts/git_sort/lib.sh:
- scripts/git_sort/lib_from.sh:
- scripts/git_sort/lib_tag.py:
- scripts/git_sort/lib_tag.sh:
- scripts/git_sort/merge_tool.py:
- scripts/git_sort/patch_body.awk:
- scripts/git_sort/patch_header.awk:
- scripts/git_sort/qcp.py:
- scripts/git_sort/qdupcheck.py:
- scripts/git_sort/qgoto.py:
- scripts/git_sort/quilt-mode.sh:
- scripts/git_sort/refs_in_series.sh:
- scripts/git_sort/rename_patch.sh:
- scripts/git_sort/sequence-insert.py:
- scripts/git_sort/series_sort.py:
- scripts/git_sort/update-configs.sh:
- scripts/git_sort/vi-conflicts.sh:
Import from
https://gitlab.suse.de/benjamin_poirier/ksapply 5b025d0
https://github.com/benthaman/git-helpers 6479796
- commit 0aaea3b
- scripts/stableids: add 4.12 as SLE15 kernel
- commit 58b8d0c
- scripts/stable*: generate one file per commit
- commit 1dc9b0e
- scripts/stableids: drop support for 2.6.x.y
- commit e23e1fc
- commit f575c68
- commit 2717fab
- SUSE::MyBS: Do not create repositories with no architectures to build
- commit 31029c0
- scripts/stableids: pass --no-renames to diff
- commit 55832be
- scripts/osc_wrapper: Accept --ibs | --obs as the first parameter
It is a parameter of the subcommands, but people tend to confuse it.
- commit 30f26fb
- scripts/stop-sync: Use the kerncvs.suse.de hostname
- commit e52fa92
- README: add comment regarding bisectability of patch series
- commit c8c4199
- scripts/osc_wrapper: Replace '/' with ':' in cve/* branch names
- commit 117c8c7
- bs-upload-kernel: Workaround for vim syntax highlighting
- commit dcede42
- SUSE::MyBS: Sync with kbuild.git
Cherry-pick part of 948fd5e15d06 ("/bs-check-kernel-results: Use
make-stderr.log if available"/).
- commit 7a4e6fb
- keyutils
-
- Apply default TTL to DNS records from getaddrinfo() (upstream):
* dns-Apply-a-default-TTL-to-records-obtained-from-get.patch
- krb5
-
- Fix prefix reported by krb5-config, libraries and headers are not
installed under /usr/lib/mit prefix. (bsc#1211411);
- Update logrotate script, call systemd to reload the services
instead of init-scripts; (bsc#1206152);
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bsc#1205126);
- Added patches:
* 0126-Fix-integer-overflows-in-PAC-parsing.patch
- less
-
- Fix Startup terminal initialization, bsc#1200738
* bsc1200738.patch
- libX11
-
- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
* Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
* fixes regression introduced with security update for
CVE-2022-3555 (bsc#1204425, bsc#1208881)
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libcap
-
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
- libcroco
-
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
any productions (boo#1171685 CVE-2020-12825).
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libfastjson
-
- update to 0.99.8:
* make build under gcc7 with strict settings (warning==error)
* bugfix: constant key names not properly handled
* fix potentially invalid return value of fjson_object_iter_begin
* fix small potential memory leak in json_tokener
- update to 0.99.7:
* add option for case-insensitive comparisons
* Remove userdata and custom-serialization functions
- update to 0.99.6:
* fixes for platforms other than GNU/Linux
- update to 0.99.5:
* fix floating point representation when fractional part is missing
* m4: fix detection of atomics
* add fjson_object_dump() and fjson_object_write() functions
- libgcrypt
-
- FIPS: Auto-initialize drbg if needed. [bsc#1200095]
* Add a _gcry_drbg_init() to _gcry_drbg_randomize() and to
_gcry_drbg_add_bytes() to fix a crash in FIPS mode.
* Add libgcrypt-FIPS-Autoinitialize-drbg-if-needed.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- liblogging
-
- Use %license instead of %doc [bsc#1082318]
- fix SLE 12 build
- Use python3 version of rst2man when available
- Run spec-cleaner
- liblogging 1.0.6:
* fix small memory leaks in libstdlog
* enhancement: sigsafe_printf now recognizes the "/j"/ length
modifier
* fix: build_file_line and build_syslog_frame call the
__stdlog_print_* functions incorrectly
* Implement a STDLOG_PID option
* bugfix: potentialSEGV in the stdlog_sigsafe_string formatter
if NULL pointer was passed in
* bugfix: stdlog_sigsafe_printf mis-handles an int or unsigned
int
* build system: auto-detect presence of journal libraries
- When building with systemd-journal support, only buildrequire
pkgconfig(libsystemd-journal) on openSUSE 13.1. On newer
versions, buildrequrie pkgconfig(libsystemd). The sublibaries have
been merged in version 209 (13.2 shipped systemd 210).
- make the suse_version portable
- fix broken conditional with sles_version macro
- Remove redundant ldconfig requires
- liblogging 1.0.5:
+ cleanup for systemd-journal >= 209
+ bugfix: date stamp was incorrectly formatted
- libnl-1_1
-
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
Add: libnl-1_1-fix-elevation-of-privilege-vulnerability.patch
- libnl3
-
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
Add: libnl3-fix-elevation-of-privilege-vulnerability.patch
- libseccomp
-
- Speed up database handling when handling lots of rules like in docker
(bsc#1209407)
Added backported patches:
- 01-21b98d85e8bfdb701a5f9afd54ff5175af910a45.patch
- 02-19af04da86e9a4168a443f3563fc7aec8839edf0.patch
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
- add 0001-fix-parms.r_addr-memory-leak.patch
- libxml2
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- Security fix: [bsc#1069689, CVE-2017-16932]
* parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion inparameter entities.
* Add libxml2-CVE-2017-16932.patch
- Sync and fix changelog entries between libxml2 and
python-libxml2.
- Security fix: [bsc#1199132, CVE-2022-29824]
* Integer overflow leading to out-of-bounds write in buf.c
(xmlBuf*) and tree.c (xmlBuffer*)
* Add libxml2-CVE-2022-29824.patch
* Add libxml2-CVE-2022-23308.patch
* Add libxml2-CVE-2021-3541.patch
- Version update to 2.9.7 release:
* Bug Fixes:
+ xmlcatalog: restore ability to query system catalog easily
+ Fix comparison of nodesets to strings
* Improvements:
+ Add Makefile rules to rebuild HTML man pages
+ Remove generated file python/setup.py from version control
+ Fix mixed decls and code in timsort.h
+ Rework handling of return values in thread tests
+ Fix unused variable warnings in testrecurse
+ Fix -Wimplicit-fallthrough warnings
+ Upgrade timsort.h to latest revision
+ Fix a couple of warnings in dict.c and threads.c
+ Fix unused variable warnings in nanohttp.c
+ Don't include winsock2.h in xmllint.c
+ Use __linux__ macro in generated code
* Portability:
+ Add declaration for DllMain
+ Fix preprocessor conditional in threads.h
+ Fix macro redefinition warning
+ many Windows specific improvements
* Documentation:
+ xmlcatalog: refresh man page wrt. quering system catalog easily
- Includes bug fixes from 2.9.6:
* Fix XPath stack frame logic
* Report undefined XPath variable error message
* Fix regression with librsvg
* Handle more invalid entity values in recovery mode
* Fix structured validation errors
* Fix memory leak in LZMA decompressor
* Set memory limit for LZMA decompression
* Handle illegal entity values in recovery mode
* Fix debug dump of streaming XPath expressions
* Fix memory leak in nanoftp
* Fix memory leaks in SAX1 parser
- Drop libxml2-bug787941.patch
* upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
- Update package summaries and RPM groups. Trim descriptions for
size on secondary subpackages. Replace install call by a
commonly-used macro.
- Add patch to fix TW integration:
* libxml2-bug787941.patch
- Version update to 2.9.5 release:
* Merged all the previous cve fixes that were patched in
* Few small tweaks
- Remove merged patches:
* libxml2-CVE-2016-4658.patch
* libxml2-CVE-2017-0663.patch
* libxml2-CVE-2017-5969.patch
* libxml2-CVE-2017-9047.patch
* libxml2-CVE-2017-9048.patch
* libxml2-CVE-2017-9049.patch
* libxml2-2.9.4-fix_attribute_decoding.patch
- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
XPointer ranges. Namespace nodes must be copied to avoid
use-after-free errors. But they don't necessarily have a physical
representation in a document, so simply disallow them in XPointer
ranges [bsc#1005544] [CVE-2016-4658]
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
push parser that fails with bogus UTF-8 encoding error when
multi-byte character in large CDATA section is split across
buffer [bnc#962796]
- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix
that doesn't break other applications
- buildignore python to avoid build cycle
- fix version
- renamed to python-libxml2 to follow python naming expectations
- do not require python but let rpm figure it out
- buildrequire python-xml to fix build
- libxslt
-
- Security Fix: [bsc#1208574, CVE-2021-30560]
* Use after free in Blink XSLT
* Add libxslt-CVE-2021-30560.patch
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- libzypp
-
- curl: Trim user agent and custom header strings (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. Violation
results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 16.22.8 (0)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
(bsc#1208329)
Maximum time in seconds that you allow the connection phase to
the server to take. This only limits the connection phase, it has
no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- version 16.22.7 (0)
- Removing a PTF without enabled repos should always fail
(bsc#1203248)
Without enabled repos, the dependent PTF-packages would be
removed (not replaced!) as well. To remove a PTF "/zypper install
- - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
This will update the installed PTF packages to their latest
version.
- version 16.22.6 (0)
- properly reset range requests (bsc#1204548)
- version 16.22.5 (0)
- Fix package signature check (bsc#1184501)
- logrotate
-
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
* enforce stricter parsing to avoid CVE-2021-3864
* Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
* Added patch logrotate-dont_warn_on_size=_syntax.patch
- lvm2
-
- LVM volume groups are not being cleaned up after kiwi image build (bsc#1142550)
+ bug-1142550_02-LVM-vg-are-not-being-cleaned-up-after-kiwi-image-build.patch
- mozilla-nspr
-
- update to version 4.35
* fixes for building with clang
* use the number of online processors for the
PR_GetNumberOfProcessors() API on some platforms
* fix build on mips+musl libc
* Add support for the LoongArch 64-bit architecture
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- update to version 4.34
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
- update to 4.33:
* fixes to build system and export of private symbols
- mozilla-nss
-
- update to NSS 3.90
* bmo#1623338 - ride along: remove a duplicated doc page
* bmo#1623338 - remove a reference to IRC
* bmo#1831983 - clang-format lib/freebl/stubs.c
* bmo#1831983 - Add a constant time select function
* bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
* bmo#1830973 - output early build errors by default
* bmo#1804505 - Update the technical constraints for KamuSM
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
* bmo#1790763 - Enable default UBSan Checks
* bmo#1786018 - Add explicit handling of zero length records
* bmo#1829391 - Tidy up DTLS ACK Error Handling Path
* bmo#1786018 - Refactor zero length record tests
* bmo#1829112 - Fix compiler warning via correct assert
* bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
* bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
* bmo#1784163 - Fix reading raw negative numbers
* bmo#1748237 - Repairing unreachable code in clang built with gyp
* bmo#1783647 - Integrate Vale Curve25519
* bmo#1799468 - Removing unused flags for Hacl*
* bmo#1748237 - Adding a better error message
* bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
* bmo#1782980 - Fall back to the softokn when writing certificate trust
* bmo#1806010 - FIPS-104-3 requires we restart post programmatically
* bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
* bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
* bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
* bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
* bmo#1822076 - fix rst warnings in nss doc
* bmo#1821997 - Fix incorrect pygment style
* bmo#1821292 - Change GYP directive to apply across platforms
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
* bmo#1804505 - Update the technical constraints for KamuSM.
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
* bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
* bmo#1820175 - PR_STATIC_ASSERT is cursed
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1820175 - Fix unreachable code warning in fuzz builds
* bmo#1820175 - Fix various compiler warnings in NSS
* bmo#1820175 - Enable various compiler warnings for clang builds
* bmo#1815136 - set PORT error after sftk_HMACCmp failure
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
* bmo#1804660 - Make high tag number assertion failure an error
* bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
length from 284 to 384
* bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
* bmo#1789436 - Fix build failure on Windows
* bmo#1811337 - migrate Win 2012 tasks to Azure
* bmo#1810702 - fix title length in doc
* bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
* bmo#1570615 - Add presence/absence tests for TLS GREASE
* bmo#1804688 - Correct addition of GREASE value to ALPN xtn
* bmo#1789436 - CH extension permutation
* bmo#1570615 - TLS GREASE (RFC8701)
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
- update to NSS 3.88.1
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
* bmo#1212915 - Add check for ClientHello SID max length
* bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
* bmo#1790357 - ECH client - Discard resumption TLS < 1.3
Session(IDs|Tickets) if ECH configs are setup
* bmo#1714245 - On HRR skip PSK incompatible with negotiated
ciphersuites hash algorithm
* bmo#1789410 - ECH client: Send ech_required alert on server
negotiating TLS 1.2. Fixed misleading Gtest,
enabled corresponding BoGo test
* bmo#1771100 - Added Bogo ECH rejection test support
* bmo#1771100 - Added ECH 0Rtt support to BoGo shim
* bmo#1747957 - RSA OAEP Wycheproof JSON
* bmo#1747957 - RSA decrypt Wycheproof JSON
* bmo#1747957 - ECDSA Wycheproof JSON
* bmo#1747957 - ECDH Wycheproof JSON
* bmo#1747957 - PKCS#1v1.5 wycheproof json
* bmo#1747957 - Use X25519 wycheproof json
* bmo#1766767 - Move scripts to python3
* bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
* bmo#1805907 - Extending RSA-PSS bltest test coverage
(Adding SHA-256 and SHA-384)
* bmo#1804091 - NSS needs to move off of DSA for integrity checks
* bmo#1805815 - Add initial testing with ACVP vector sets using
acvp-rust
* bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
* bmo#1803226 - NULL password encoding incorrect
* bmo#1804071 - Fix rng stub signature for fuzzing builds
* bmo#1803595 - Updating the compiler parsing for build
* bmo#1749030 - Modification of supported compilers
* bmo#1774654 - tstclnt crashes when accessing gnutls server
without a user cert in the database.
* bmo#1751707 - Add configuration option to enable source-based
coverage sanitizer
* bmo#1751705 - Update ECCKiila generated files.
* bmo#1730353 - Add support for the LoongArch 64-bit architecture
* bmo#1798823 - add checks for zero-length RSA modulus to avoid
memory errors and failed assertions later
* bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
* bmo#1803190 - conscious language removal in NSS
* bmo#1794506 - Set nssckbi version number to 2.60
* bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3
TrustCor Root Certificates
* bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
* bmo#1797559 - Remove EC-ACC root cert from NSS
* bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
* bmo#1794495 - Remove Network Solutions Certificate Authority
* bmo#1802331 - compress docker image artifact with zstd
* bmo#1799315 - Migrate nss from AWS to GCP
* bmo#1800989 - Enable static builds in the CI
* bmo#1765759 - Removing SAW docker from the NSS build system
* bmo#1783231 - Initialising variables in the rsa blinding code
* bmo#320582 - Implementation of the double-signing of the message
for ECDSA
* bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
- update to NSS 3.84
* bmo#1791699 - Bump minimum NSPR version to 4.35
* bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
* bmo#1788875 - Remove set-but-unused variables from
SEC_PKCS12DecoderValidateBags
* bmo#1563221 - remove older oses that are unused part3/ BeOS
* bmo#1563221 - remove older unix support in NSS part 3 Irix
* bmo#1563221 - remove support for older unix in NSS part 2 DGUX
* bmo#1563221 - remove support for older unix in NSS part 1 OSF
* bmo#1778413 - Set nssckbi version number to 2.58
* bmp#1785297 - Add two SECOM root certificates to NSS
* bmo#1787075 - Add two DigitalSign root certificates to NSS
* bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
* bmo#1771100 - Added bug reference and description to disabled
UnsolicitedServerNameAck bogo ECH test
* bmo#1779361 - Removed skipping of ECH on equality of private and
public server name
* bmo#1779357 - Added comment and bug reference to
ECHRandomHRRExtension bogo test
* bmo#1779370 - Added Bogo shim client HRR test support. Fixed
overwriting of CHInner.random on HRR
* bmo#1779234 - Added check for server only sending ECH extension
with retry configs in EncryptedExtensions and if not
accepting ECH. Changed config setting behavior to
skip configs with unsupported mandatory extensions
instead of failing
* bmo# 1771100 - Added ECH client support to BoGo shim. Changed
CHInner creation to skip TLS 1.2 only extensions to
comply with BoGo
* bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
server accept_confirmation bugs
* bmo#1771100 - Update BoGo tests to recent BoringSSL version
* bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
* bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
* bmo#1784724 - Initialize local variables in
TlsConnectTestBase::ConnectAndCheckCipherSuite
* bmo#1784191 - Cast the result of GetProcAddress
* bmo#1681099 - pk11wrap: Tighten certificate lookup based on
PKCS #11 URI.
- update to NSS 3.81
* bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
* bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
* bmo#1779285 - Add no_application_protocol alert handler and
test client error code is set
* bmo#1777672 - Gracefully handle null nickname in
CERT_GetCertNicknameWithValidity
* required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
sufficient (boo#1202118)
- update to NSS 3.80
* bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
* bmo#1617956 - Add support for asynchronous client auth hooks.
* bmo#1497537 - nss-policy-check: make unknown keyword check optional.
* bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
by allocating it on initialization. Replaced
redundant code with assert. Debug builds: Added
buffer freeing/allocation for each record.
* bmo#1773022 - Mark 3.79 as an ESR release.
* bmo#1764206 - Bump nssckbi version number for June.
* bmo#1759815 - Remove Hellenic Academic 2011 Root.
* bmo#1770267 - Add E-Tugra Roots.
* bmo#1768970 - Add Certainly Roots.
* bmo#1764392 - Add DigitCert Roots.
* bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
* bmo#1366464 - Compare signature and signatureAlgorithm fields in
legacy certificate verifier.
* bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
* bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1760998 - Avoid data race on primary password change.
* bmo#1769063 - Replace ppc64 dcbzl intrinisic.
* bmo#1771036 - Allow LDFLAGS override in makefile builds.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
fixes to PBKDF2 parameter validation.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
validate extra PBKDF2 parameters according to FIPS 140-3.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
update session->lastOpWasFIPS before destroying the key after
derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
excess code.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
checks. Thanks to Martin for the DHKey parts.
- Add manpages to mozilla-nss-tools (bsc#1208242)
- update to NSS 3.79.4 (bsc#1208138)
* Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
(CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
(bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
* Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
(CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- update to NSS 3.79.1 (bsc#1202645)
* bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1759794 - protect SFTKSlot needLogin with slotLock.
* bmo#1760998 - avoid data race on primary password change.
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
rest of the DSA ciphers, keeping signature verification only
(bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI.
- Remove upstreamed patches:
* nss-fips-version-indicators.patch
* nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
- bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- bmo#1766907 - Update mercurial in clang-format docker image.
- bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- bmo#1764788 - Correct invalid record inner and outer content type alerts.
- bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
bmo#1763120 - Add ECH Grease Support to tstclnt
bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Update nss-fips-constructor-self-tests.patch to scan
LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
test certificate creation and disables the library checksum
validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
makes the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
Most of the relevant changes are already upstream since NSS 3.60.
- Mozilla NSS 3.68.4 (bsc#1200027)
* Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
(bmo#1767590)
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- nfs-utils
-
- 0206-gssd-Fix-inner-loop-variable-reuse.patch
Fix for previous patch
(bsc#1210136)
- 0205-nfsd.man-fix-typo-in-section-on-scope.patch
bsc#1209859
- 0204-Don-t-assume-the-machine-account-will-be-in-upp.patch
Be more flexabily with case of machine account name
(bsc#1207245)
- 0203-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
Avoid modprobe errors when sysctl is not installed.
(bsc#1200710 bsc#1207022 bsc#1206781)
- Add 0202-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Allow server scope to be set - removes the need to run nfsd
inside a private UTS namespace for fail-over applications
(bsc#1203746)
- 0201-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- ntp
-
- Update to 4.2.8p17:
* Fix some regressions of 4.2.8p16
- Update to 4.2.8p16:
* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date
* [Sec 3807], bsc#1210390, CVE-2023-26555:
praecis_parse() in the Palisade refclock driver has a
hypothetical input buffer overflow.
* [Sec 3767] An OOB KoD RATE value triggers an assertion when
debug is enabled.
* Obsoletes: ntp-CVE-2023-26551.patch, ntp-sntp-dst.patch,
ntp-ENOBUFS.patch
* Multiple bug fixes and improvements. For details, see:
/usr/share/doc/packages/ntp/ChangeLog
http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/
- Follow upstream's suggestion to build with debugging disabled:
https://www.ntp.org/support/securitynotice/ntpbug3767/
- bsc#1210386: out-of-bounds writes in mstolfp()
* CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554
* Add ntp-CVE-2023-26551.patch
- openldap2
-
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
* 0227-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
- bsc#1203320 - Resolve broken symlinks in documentation
- bsc#1198341 - Prevent memory reuse which may lead to instability
* 0226-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
* 0225-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1198383 - Resolve issue with SASL init
* 0224-ITS-8648-init-SASL-library-in-global-init.patch
- openssh
-
- Add -Y option (jsc#SLE-24949)
+ openssh-More-BSD-compat-functions-recallocarray-getpagesize-.patch
+ openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch
+ openssh-New-option-parsing-functions.patch
+ openssh-ssh-keygen-ssh-agent-intergration.patch
+ openssh-test-updates.patch
+ openssh-test-fixups.patch
+ openssh-Add-ssh-keygen-Y-option-sshsig.patch
- Ship added protocol file as documentation.
- Refresh openssh-7.2p2-gssapi_key_exchange.patch: fix up tests broken by gssapi
- Run tests during build
- cycle patches through git, use autopatch.
- openssl-1_0_0
-
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Reworked openssl-CVE-2022-4304.patch
* Refreshed openssl-CVE-2023-0286.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Fix DH key generation in FIPS mode, add support for constant BN for
DH parameters [bsc#1202062]
* Add patch: openssl-fips_fix_DH_key_generation.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- openssl-Groundwork-for-a-perl-based-testing-framework.patch
- openssl-Add-recipes-for-the-larger-protocols.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add openssl-CVE-2022-4304.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Added openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
- Fixed error in openssl-CVE-2022-1292.patch resulting in misnamed
variable.
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
- openssl-1_1
-
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Add openssl-CVE-2022-4304.patch
* Removed patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
* Refreshed openssl-CVE-2023-0286.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
* Double free after calling PEM_read_bio_ex()
* Add patches:
- openssl-CVE-2022-4450-1of2.patch
- openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Encrypt the sixteen bytes that were unencrypted in some circumstances
on 32-bit x86 platforms.
* [bsc#1201099, CVE-2022-2097]
* added openssl-CVE-2022-2097.patch
- Added openssl-1_1-Fix-file-operations-in-c_rehash.patch
* bsc#1200550
* CVE-2022-2068
* Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
* Openssl failed tests because of expired certificates.
* bsc#1185637
* Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
* Added: openssl-CVE-2022-1292.patch
* properly sanitise shell metacharacters in c_rehash script.
- p11-kit
-
- Conflict with ca-certificates < 1_201403302107-15.6.2 to make sure
update-ca-certifictes calls trust export with --format=pem-directory-hash
(bsc#1201985)
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
Added p11-kit-CVE-2020-29362.patch:
- pcre
-
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
* bsc#1199232
* CVE-2022-1586
* Fixes unicode property matching issue
- permissions
-
* mariadb: settings for new auth_pam_tool (bsc#1160285)
- Update to version 20170707:
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
* chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
* add capability for prometheus-blackbox_exporter (bsc#1191194)
* make btmp root:utmp (bsc#1050467)
* pcp: remove no longer needed / conflicting entries
- Update to version 20170707:
- psmisc
-
* Add a fallback if the system call name_to_handle_at() is
not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
* Replace the synchronizing over pipes of the sub process for the
stat(2) system call with mutex and conditions from pthreads(7)
(bsc#1194172)
- Add patch psmisc-22.21-statx.patch
* Use statx(2) or SYS_statx system call to replace the stat(2)
system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- python
-
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built
- The condition around libnsl-devel BuildRequires is NOT
switching off NIS support on SLE < 15, support for NIS used to
be in the glibc itself. Partial revert of sr#1061583.
- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
the documentation even with the current Sphinx. (SUSE-ONLY
PATCH, DO NOT SEND UPSTREAM!)
- Enable --with-system-ffi for non-standard architectures.
- SLE-12 builds nis.so as well.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
for SLE-12.
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Filter out executable-stack error that is triggered for i586
target.
- python-M2Crypto
-
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- python-base
-
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built
- The condition around libnsl-devel BuildRequires is NOT
switching off NIS support on SLE < 15, support for NIS used to
be in the glibc itself. Partial revert of sr#1061583.
- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
the documentation even with the current Sphinx. (SUSE-ONLY
PATCH, DO NOT SEND UPSTREAM!)
- Enable --with-system-ffi for non-standard architectures.
- SLE-12 builds nis.so as well.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Disable NIS for new products, it's deprecated and gets removed
- Add skip_unverified_test.patch because apparently switching off
SSL verification doesn't work on older SLE.
- Restore python-2.7.9-sles-disable-verification-by-default.patch
for SLE-12.
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Filter out executable-stack error that is triggered for i586
target.
- python-cffi
-
- Add require-writable.patch to support the optional argument
"/require_writable"/ in "/from_buffer"/ method, that's used by the
python-cryptography security fix gh#pyca/cryptography@9fbf84efc861
(bsc#1208036, CVE-2023-23931)
The upstream patch can be found here:
https://foss.heptapod.net/pypy/cffi/-/commit/c5c4d32c3e3ec0fbaabc4b9890fd17c9c58407d2
- python-cryptography
-
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
* Don't allow update_into to mutate immutable objects
- python-requests
-
- Add CVE-2023-32681.patch to fix unintended leak of
Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
Upstream commit: gh#psf/requests@74ea7cf7a6a2
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python3
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
(bsc#1070738, bsc#1199441), as the relevant feature (REPL
history) is now built into Python itself.
- python3-base
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
(bsc#1070738, bsc#1199441), as the relevant feature (REPL
history) is now built into Python itself.
- python3-lxml
-
- Add patch CVE-2021-28957-prevent-formaction.patch:
* Sanitize HTML5 formaction attributes to prevent an XSS
(bsc#1184177, CVE-2021-28957)
- Add patch CVE-2020-27783.patch to fix CVE-2020-27783 mXSS due to the use of
improper parser
Fix bsc#1179534
- python36
-
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
email.generator.py from replacing a non-existent header
(bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Rename support-expat-245.patch to
support-expat-CVE-2022-25236-patched.patch to unify the patch
with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
on s390x.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- release-notes-sles
-
- 12.5.20220930 (tracked in bsc#933411)
- Added note about /var/run volatility (jsc#SLE-5601)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Updated LibreOffice note (jsc#SLE-24441)
- Updated Java 1.7 lifecycle (jsc#PED-2073)
- 12.5.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-2073)
- 12.5.20220718 (tracked in bsc#933411)
- Added note about Samba 4.15 (jsc#SLE-23330)
(bsc#1196097)
- Added note about DFS share failover (jsc#SLE-20041)
- Added note about Xenstore stubdom (bsc#1185196)
- Added note about CONFIG_NUMA_EMU (jsc#SLE-11600)
- Removed LibreOffice and MariaDB from requiring specific contracts
- rpm
-
- backport pgp hardening changes from upstream [bsc#1185299]
new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try to acquire the
database lock [bsc#1183659]
new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
[CVE-2021-20271] [CVE-2021-20266]
[bsc#1183543] [bsc#1183545] [bsc#1183632]
new patch: headerchk3.diff
- backport fixes for various format handling bugs [bsc#996280]
new patch: formatbugs.diff
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- add Requires for latest lbfastjsion version (bsc#1202243)
- fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
* add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
syslog reception (bsc#1199061)
* add CVE-2022-24903.patch
- Upgrade to rsyslog 8.2106.0 (bsc#1188039)
* remove obsolete patches:
0001-Fix-race-condition-related-to-libfastjson-when-using.patch
0001-core-action-if-commitTransaction-fails-try-individua.patch
0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
0001-core-fix-sequence-error-in-msg-object-deserializer.patch
0001-imfile-multiline-timeout-does-not-work-after-rsyslog.patch
0001-imptcp-fix-Segmentation-Fault-when-octet-count-is-to.patch
0001-imudp-bugfix-potential-segfault-in-ratelimiting.patch
0001-omfile-bugfix-file-handle-leak.patch Deleted
0001-omfile-bugfix-race-file-when-async-writing-is-enable.patch
0002-core-action-bugfix-100-CPU-utilization-on-suspension.patch
pmaixforwardedfrom-bugfix-potential-misadressing.patch Deleted
pmcisconames-bugfix-potential-misadressing.patch Deleted
rsyslog-flush-dyn-file.patch Deleted
rsyslog-unit.patch Deleted
* update changelog with changes from newer version
- Upgrade to rsyslog 8.2106.0:
* NOTE: the prime new feature is support for TLS and non-TLS connections
via imtcp in parallel. Furthermore, most TLS parameters can now be overriden
at the input() level. The notable exceptions are certificate files, something
that is due to be implemented as next step.
* 2021-06-14: new global option "/parser.supportCompressionExtension"/
This permits to turn off rsyslog's single-message compression extension
when it interferes with non-syslog message processing (the parser
subsystem expects syslog messages, not generic text)
closes https://github.com/rsyslog/rsyslog/issues/4598
* 2021-05-12: imtcp: add more override config params to input()
It is now possible to override all module parameters at the input() level. Module
parameters serve as defaults. Existing configs need no modification.
* 2021-05-06: imtcp: add stream driver parameter to input() configuration
This permits to have different inputs use different stream drivers
and stream driver parameters.
closes https://github.com/rsyslog/rsyslog/issues/3727
* 2021-04-29: imtcp: permit to run multiple inputs in parallel
Previously, a single server was used to run all imtcp inputs. This
had a couple of drawsbacks. First and foremost, we could not use
different stream drivers in the varios inputs. This patch now
provides a baseline to do that, but does still not implement the
capability (in this sense it is a staging patch).
Secondly, we now ensure that each input has at least one exclusive
thread for processing, untangling the performance of multiple
inputs from each other.
see also: https://github.com/rsyslog/rsyslog/issues/3727
* 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown
tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and,
in theory, also others - even ones we do not know about). However, the
internal synchornization did not properly take multiple tcpsrv users
in consideration.
As such, a single user could hang under some circumstances. This was
caused by improperly awaking all users from a pthread condition wait.
That in turn could lead to some sluggish behaviour and, in rare cases,
a hang at shutdown.
Note: it was highly unlikely to experience real problems with the
officially provided modules.
* 2021-04-22: refactoring of syslog/tcp driver parameter passing
This has now been generalized to a parameter block, which makes it much cleaner and
also easier to add new parameters in the future.
* 2021-04-22: config script: add re_match_i() and re_extract_i() functions
This provides case-insensitive regex functionality.
closes https://github.com/rsyslog/rsyslog/issues/4429
- Upgrade to rsyslog 8.2104.0:
* rainerscript: call getgrnam_r repeatedly to get all group members
(bsc#1178490)
* new contributed module imhiredis
* new built-in function get_property() to access property vars
* mmdblookup: add support for mmdb DB reload on HUP
* script bugfix: empty array in foreach() improperly handled
* imjournal bugfixes (handle leak, empty file)
* new contributed function module fmunflatten
* test bugfix: some tests did not work with newer TLS library versions
* some improvements to project CI
- update remote.conf example file to new 'Address' and 'Port' notation
(bsc#1182653)
- HTTPS URLs used for source
- Upgrade to rsyslog 8.2102.0:
* omfwd: add stats counter for sent bytes
* omfwd: add error reporting configuration option
* action stats counter bugfix: failure count was not properly incremented
* action stats counter bugfix: resume count was not incremented
* omfwd bugfix: segfault or error if port not given
* lookup table bugfix: data race on lookup table reload
* testbench modernization
* testbench: fix invalid sequence of kafka tests runs
* testbench: fix kafkacat issues
* testbench: fix year-dependendt clickhouse test
- Upgrade to rsyslog 8.2012.0:
* testbench bugfix: some tests did not work in make distcheck
* immark: rewrite with many improvements
* usability: re-phrase error message to help users better understand cause
* add new system property $now-unixtimestamp
* omfwd: add new rate limit option
* omfwd bug: param "/StreamDriver.PermitExpiredCerts"/ is not "/off"/ by default
- prepare usrmerge (boo#1029961)
- fix location and naming of journald dropin (bsc#1178288)
- remove legacy stuff from specfile
* sysvinit is not supported anymore, so remove all tests
related to systemv in the specfile
- Upgrade to rsyslog 8.2010.0:
* gnutls TLS subsystem bugfix: handshake error handling
* core/msg bugfix: memory leak
* core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object
* openssl TLS subsystem: improvments of error and status messages
* add 'exists()' script function to check if variable exists
* core bugfix: do not create empty JSON objects on non-existent key access
* gnutls subsysem bugfix: potential hang on session closure
* core/network bugfix: obey net.enableDNS=off when querying local hostname
* core bugfix: potential segfault on query of PROGRAMNAME property
* imtcp bugfix: broken connection not necessariy detected
* new module: imhttp - http input
* mmdarwin bugfix: potential zero uuid when reusing existing one
* imdocker bugfix: build issue on some platforms
* omudpspoof bugfix: make compatbile with Solaris build
* testbench fix: python 3 incompatibility
* core bugfix: segfault if disk-queue file cannot be created
* cosmetic: fix dummy module name in debug output
* config bugfix: intended warning emitted as error
- Upgrade to rsyslog 8.2008.0
Way too many changes since 8.39.0 to be listed here.
- Added custom unit file rsyslog.service because
systemd service file was removed from upstream project
- Removed obsolete patches:
* 0001-satisfy-gcc-flag-fno-common.patch
* rsyslog-pgsql-pkg-config.patch
* rsyslog-unit.patch
- fix race in async writer (bsc#1179089)
- fix potential misaddressing in pmcisconames (CVE-2019-17042,
bsc#1153459)
- fix potential misaddressing in pmaixforwardedfrom (CVE-2019-17041,
bsc#1153451)
- omfile bugfix: FlushOnTXEnd does not work reliably with dynafiles
(bsc#1084682)
- Use systemd_ordering instead of requiring to make rsyslog useable
in containers.
- Fix the URL for bug reporting, should not point to novell.com
(bsc#1173433)
- Add support for omkafka which is now in Factory, and 15.x repos
- avoid build error with gcc flag -fno-common (bsc#1160414)
* add 0001-satisfy-gcc-flag-fno-common.patch
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- Add rsyslog-pgsql-pkg-config.patch: use pkgconfig to find the
right libraries/directories for postgresql. According to pgsql
upstream, pg_config must only be used to buildpgsql modules.
- Upgrade to rsyslog 8.39.0
* imfile: improve truncation detection
* imjournal: work around journald excessive reloading behavior
* errmsg: remove no longer needed code
* queue bugfix: invalid error message on queue startup
* bugfix imrelp: regression with legacy configuration startup fail
* bugfix imudp: stall of connection and/or potential segfault
* bugfix gcry crypto driver: small memleak
* fix potential misadressing in encryption subsystem
* ksi subsystem changes
* bugfix core: regex compile error messages could be incorrect
* bugfix core: potential hang on rsyslog termination
* bugfix imkafka: system hang when backgrounded
* bugfix imfile: file change was not reliably detected
* bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr
* bugfix queue subsystem: DA queue did ignore encryption settings
* bugfix KSI: lmsig-ksils12 module skips signing the last block
* bugfix fmhash: function hash64mod sometimes returned wrong result
* bugfix core/debug: data written to random fd 2 under some debug settings
- rsyslog configuration cleanup by filter rules in separate files (bug#1102720)
* add parsing of additional filter rules in /etc/rsyslog.d/*.frule
* add acpid.frule, firewall.frule, NetworkManager.frule
- Enable ForwardToSyslog for journald to get syslog messages
[bsc#1110456]
- Update to rsyslog 8.38.0:
* imfile: support for endmsg.regex
* omhttp: new contribued module
* imrelp: add support for seting address to bind to (#894)
* ommysql: support mysql unix domain socket
* omusrmsg: do not fall back to max username length of 8
* various bug fixes and minor updates to other modules and core
* various fixes for memory leaks
- remove references to obsolete SYSLOG_REQUIRES_NETWORK
variable (bsc#1101642)
- rsyslog 8.36.0:
* Liblogging-stdlog deprecated
* OpenSSL based TLS driver added in addition to GnuTLS
* GnuTLS TLS driver: support intermediate certificates
* imptcp: add ability to configure socket backlog
* fmhash: new hash function module
* updates and fixes to various modules
* omfwd: add support for bind-to-address for UDP
* mmkubernetes: new module
- updates and fixes to various modules
- rsyslog 8.33.1:
* devcontainer: use some more sensible defaults
* auto-detect if running inside a container (as pid 1)
* config: add include() script object
* template: add option to generate json "/container"/
* core/template: add format jsonf to constant template entries
* config: add ability to disable config parameter ("/config.enable"/)
* script: permit to use environment variables during configuration
* new global config parameter "/shutdown.enable.ctlc"/
* config optimizer: detect totally empty "/if"/ statements and optimize them out
* template: constant entry can now also be formatted as json field
* omstdout: support for new-style configuration parameters added
* core: set TZ on startup if not already set
* imjournal bugfix: file handle leak during journal rotation
* lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
* script bugfix: replace() function worked incorrectly in some cases
* core bugfix: misadressing in external command parser
* core bugfix: small memory leak in external command parser
* core bugfix: string not properly terminated when RFC5424 MSGID is used
* bugfix: strndup() compatibility layer func copies too much
- the upstream systemd unit file was changed to no longer write the
rsyslog pid, as it is no longer required for tracking under
systemd (-iNONE). Adjust rsyslog-unit.patch to match.
- Use %license instead of %doc [bsc#1082318]
- fix includes for apparmor profile (bsc#1080238) (bsc#901418)
- rsyslog 8.32.0
* libfastjson 0.99.8 required
* libczmq >= 3.0.2 is now required for omczmq
* libcurl is now needed for rsyslog core
* rsyslogd: add capability to specify that no pid file shall be written
* core improvements and bug fixes
* RainerScript improvements and bug fixes
* build fixes, including gcc7 fixes
drop 0001-imgssapi-fix-compiler-warnings.patch
* various bug fixes in multiple modules
* imudp: fix segfault in ratelimit code (bsc#1149094)
- remove build dependency on libee
- Disable news by default, we don't need to clobber all systems
with this for the very few remaining news servers
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Ensure user "/news"/ exists - bsc#1068678
- rsyslog 8.30.0
* changed behaviour: all variables are now case-insensitive by default
* core: handle (JSON) variables in case-insensitive way
* imjournal: made switching to persistent journal in runtime possible
* mmanon: complete refactor and enhancements
* imfile: add "/fileoffset"/ metadata
* RainerScript: add ltrim and rtrim functions
* core: report module name when suspending action
* core: add ability to limit number of error messages going to stderr
* tcpsrv subsystem: improvate clarity of some error messages
* imptcp: include module name in error msg
* imtcp: include module name in error msg
* tls improvement: better error message if certificate file cannot be read
* omfwd: slightly improved error messages during config parsing
* ommysql improvements
* ommysql bugfix: do not duplicate entries on failed transaction
* imtcp bugfix: parameter priorityString was ignored
* template/bugfix: invalid template option conflict detection
* core/actions: fix handling of data-induced errors
* core/action bugfix: no "/action suspended"/ message during retry processing
* core/action: if commitTransaction fails, try individual messages (bsc#1152760)
* core/ratelimit bugfix: race can lead to segfault
* core bugfix: rsyslog aborts if errmsg is generated in early startup
* core bugfix: informational messages was logged with error severity
* core bugfix: --enable-debugless build was broken
* queue bugfix: file write error message was incorrect
* omrelp bugfix: segfault when rebindinterval parameter is used
* omkafka bugfix: invalid load of failedmsg file on startup if disabled
* kafka bugfix: problem on invalid kafka configuration values
* imudp bugfix: UDP oversize message not properly handled
* core bugfix: memory corruption during configuration parsing
* core bugfix: race on worker thread termination during shutdown
* omelasticsearch: avoid ES5 warnings while sending json in bulkmode
* omelasticsearch bugfix: incompatibility with newer ElasticSearch version
* imptcp bugfix: invalid mutex addressing on some platforms
* imptcp bugfix: do not accept missing port in legacy listener definition
- build requirements:
* libfastjson 0.99.7 is now mandatory
* libsystemd-journal >= 234 is now recommended
- packaging:
* add upstream build fix 0001-imgssapi-fix-compiler-warnings.patch
- rsyslog 8.29.0:
* imptcp: add experimental parameter "/multiline"/
* imptcp: framing-related error messages now also indicate remote peer
* imtcp: framing-related error messages now also indicate remote peer
* imptcp: add session statistics conunter
* imtcp: add ability to specify GnuTLS priority string
* impstats: add new ressoure counter "/openfiles"/
* pmnormalize: new parser module
* core/queue: provide informational messages on thread startup and shutdown
* omfwd/udp: improve error reporting, depricate maxerrormessages parameter
* core: add parameters debug.file and debug.whitelist
* core/net.c: improve UDP socket creation error messages
* omfwd/udp: add "/udp.sendbuf"/ parameter
* core: make rsyslog internal message rate-limiter configurable
* omelasticsearch bugfixes and changed ES5 API support
+ avoid 404 during health check
+ avoid ES5 warnings while sending json
+ bugfix for memomry leak while writing error file
* imfile bugfix: wildcard detection issue on path wildcards
* omfwd bugfix: always give reason for suspension
* omfwd bugfix: configured compression level was not properly used
* imptcp bugfix: potential socket leak on session shutdown
* omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode
* imklog: fix permitnonkernelfacility not working
* impstats bugfix: impstats does not handle HUP
* core bugfix: segfault after configuration errors
* core/queue bugfixes
* lmsig_ksi: removed pre-KSI_LS12 components
Version 8.28.0 [v8-stable] 2017-06-27
* omfwd: add parameter "/tcp_frameDelimiter"/
* omkafka: large refactor of kafka subsystem
* imfile: improved handling of atomically renamed file (w/ wildcards)
* imfile: add capability to truncate oversize messages or split into multiple
* mmdblookup fixes and extensions
* bugfix: fixed multiple memory leaks
* imptcp: add new parameter "/flowControl"/
* imrelp: add "/maxDataSize"/ config parameter
* multiple modules: gtls: improve error if certificate file can't be opened
* omsnare: allow different tab escapes
* omelasticsearch: converted to use libfastjson instead of json-c
* imjournal: _PID fallback
* added fallback for _PID proprety when SYSLOG_PID is not available
* introduced new option "/usepid"/ which sets which property should
rsyslog use, it has 3 states system|syslog|both, default is both
* deprecated "/usepidfromsystem"/ option, still can be used
and override the "/usepid"/
* it is possible to revert previous default with usepid="/syslog"/
* multiple modules: add better error messages when regcomp is failing
* omhiredis: fix build warnings
* imfile bugfix: files mv-ed in into directory were not handled
* omprog bugfix: execve() incorrectly called
* imfile bugfix: multiline timeout did not work if state file exists
* lmsig_ksi-ls12 bugfix: build problems on some platforms
* core bugfix: invalid object type assertion
* regression fix: local hostname was not always detected properly...
* bugfix: format security issues in zmq3 modules (bsc#1051798)
* bugfix build system: add libksi only to those binaries that need it
* bugfix KSI ls12 components: invalid tree height calculation
* bugfix imfile: fix multiline timeout code (bsc#1133847)
- Drop module-guardtime package
* Upstream libgt died and it does not work with new openssl
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "/maxFrameSize"/ parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "/discardTruncatedMsg"/ to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "/discardTruncatedMsg"/ to permit truncation of
oversize messages
* add "/maxFrameSize"/ parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "/file not found error"/ repeatedly being reported
for configured non-existing file. In polling mode, this message
appeared once in each polling cycle, causing a potentially very large
amout of error messages. Note that they were usually emitted too
infrequently to trigger the error message rate limiter, albeit often
enough to be a major annoance.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "/fileNotFoundError"/ to optinally disable
"/file not found"/ error messages
- core: replaced gethostbyname() with getaddrinfo() call
Gethostbyname() is generally considered obsolete, is not reentrant and
cannot really work with IPv6. Changed the only place in rsyslog where
this call remained.
Thanks to github user jvymazal for the patch
- omkafka: add "/origin"/ field to stats output
See also https://github.com/rsyslog/rsyslog/issues/1508
Thanks to Yury Bushmelev for providing the patch.
- imuxsock: rate-limiting also uses process name
both for the actual limit procesing as well as warning messages emitted
see also https://github.com/rsyslog/rsyslog/pull/1520
Thanks to github user jvymazal for the patch
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
Thanks to github user hdatma for his help in getting this done.
- build now works on solaris again
- imfile: fix cross-platform build issue
see also https://github.com/rsyslog/rsyslog/issues/1494
Thanks to Felix Janda for bug report and solution suggestion.
- bugfix core: segfault when no parser could parse message
- core bugfix: memory leak when internal messages not processed
internally (bsc#1190483)
- VUL-0: CVE-2018-16881: rsyslog: imptcp: integer overflow when Octet-Counted
TCP Framing is enabled (bsc#1123164)
- rsyslog 8.26.0:
* liblognorm 2.0.3 is required for mmnormalize
* enable internal error messages at all times
* core: added logging name of source of rate-limited messages
* omfwd: omfwd: add support for network namespaces
* imrelp: honor input name if provided when submitting to impstats
* imptcp: add ability to set owner/group/access perms for uds
* mmnormalize: add ability to load a rulebase from action() parameter
* pmrfc3164 improvements
+ permit to ignore leading space in MSG
+ permit to use at-sign in host names
+ permit to require tag to end in colon
* add new global parameter "/umask"/
* core: make use of -T command line option more secure
* omfile: add error if both file and dynafile are set
* bugfix: build problem on MacOS (not a supported platform)
* regression fix: in 8.25, str2num() returned error on empty string
* bugfix omsnmp: improper handling of new-style configuration parameters
* bugfix: rsyslog identifies itself as "/liblogging-stdlog"/ in internal messages
* bugfix imfile: wrong files were monitored when using multiple imfile inputs
* bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults
* bugfix: immark emitted error messages with text "/imuxsock"/
* bugfix tcpflood: build failed if RELP was disabled
* fix gcc6 compiler warnings
* the output module array passing interface has been removed
- use 8.25.0 documentation tarball
- rsyslog 8.25.0:
* imfile: add support for wildcards in directory names
* add new global option "/parser.PermitSlashInProgramname"/
* mmdblookup: fix build issues, code cleanup
* improved debug output for queue corruption cases
* an error message is now displayed when a directory owner cannot be set
* rainerscript: add new function ipv42num
* rainerscript: add new function num2ipv4
* bugfix: ratelimiter does not work correctly is time is set back
* core: fix potential message loss in old-style transactional interface
* bugfix queue subsystem: queue corrupted if certain msg props are used
* bugfix imjournal: fixed situation when time goes backwards
* bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
* bugfix core: str2num mishandling empty strings
* bugfix rainerscript: set/unset statement do not check variable name validity
* bugfix mmrm1stspace: last character of rawmsg property was doubled
* bugfix imtcp: fix very small (cosmetic) memory leak
* However, the leak breaks memleak checks in the testbench.
* fix segfault in libc (bsc#1156499)
- salt
-
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Added:
* ignore-extend-declarations-from-excluded-sls-files.patch
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Added:
* include-stdout-in-error-message-for-zypperpkg-561.patch
- Fix state.apply in test mode with file state module
on user/group checking (bsc#1202167)
- Added:
* fix-state.apply-in-test-mode-with-file-state-module-.patch
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
* retry-if-rpm-lock-is-temporarily-unavailable-547-551.patch
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Added:
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* add-support-for-gpgautoimport-to-refresh_db-in-the-z.patch
- Add support for name, pkgs and diff_attr parameters to upgrade
function for zypper and yum (bsc#1198489)
- Added:
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Added:
* normalize-package-names-once-with-pkg.installed-remo.patch
* unify-logic-on-using-multiple-requisites-and-add-onf.patch
- Fix handling of a sign-in response by a syndic node (bsc#1199906)
- Added:
* fix-handling-of-a-sign-in-response-by-a-syndic-node-.patch
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
- Added:
* remove-redundand-overrides-causing-confusing-debug-l.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- Added:
* fix-for-cve-2022-22967-bsc-1200566.patch
- samba
-
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).
- CVE-2022-38023: Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).
- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042).
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099).
* Add support for bind 9.18; (bso#14986).
* logging dsdb audit to specific files does not work;
(bso#15076).
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069)
* netgroups support removed; (bso#15087); (bsc#1199247).
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734).
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071).
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
* vfs_gpfs recalls=no option prevents listing files; (bso#15055).
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071).
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091).
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108).
* smbd doesn't handle UPNs for looking up names; (bso#15054).
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443).
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Revert NIS support removal; (bsc#1199247);
- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);
- Update to 4.15.7
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written
to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal; (bso#14983);
* Simple bind doesn't work against an RODC (with non-preloaded users);
(bso#13879);
* Crash of winbind on RODC; (bso#14641);
* uncached logon on RODC always fails once; (bso#14865);
* KVNO off by 100000; (bso#14951);
* LDAP simple binds should honour "/old password allowed period"/;
(bso#15001);
* wbinfo -a doesn't work reliable with upn names; (bso#15003);
* Simple bind doesn't work against an RODC (with non-preloaded
users); (bso#13879);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* Regression: create krb5 conf = yes doesn't work with a single KDC;
(bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
previous versions; (bsc#1198663);
- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);
- Add missing samba-libs requirement to samba-winbind package;
(bsc#1198255);
- sg3_utils
-
- Update to version 1.43+48.63a5696:
* sg_turs: do not report error for standby or unavailable ports
(bsc#1186628)
* drop 55-scsi-sg3_id.rules-fix-SCSI_IDENT_LUN_NAA_EXT-case.patch
(now included in git tarball)
- shadow
-
- bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch
- shim
-
- add CVE number against bsc#
+ (bsc#1198458, CVE-2022-28737)
- Update shim to 15.7-150300.4.11.1 from SLE15-SP3
+ Version: 15.7, "/Thu Mar 17 2023"/
+ Update the SLE signatures
+ Include the fixes for bsc#1205588, bsc#1202120, bsc#1201066,
bsc#1198458, bsc#1198101, bsc#1193315, bsc#1193282
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
- update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
- update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
- update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
related test failures on 32 bit
- update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
- update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
- update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
sqlite-src-3380100-atof1.patch
- update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like "/--wrap N"/,
"/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
- update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("/START"/) is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
- sudo
-
- Fix CVE-2023-28486, sudo does not escape control characters in
log messages, (CVE-2023-28486, bsc#1209362)
* Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
* bsc#1203201
* Do not re-enable the reader when flushing the buffers as part
of pty_finish().
* While sudo-observe-SIGCHLD patch applied earlier prevents a
race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
* bsc#1206483
* Fix a situation where "/sudo -U otheruser -l"/ would dereference
a NULL pointer.
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Modified sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Fixes crash while using sssd plugin caused by regression
introduced by this patch
* bsc#1206170
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Modified sudo-sudoers.patch
* bsc#1177578
* Removed redundant and confusing 'secure_path' settings in
sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Ignore entries when converting LDAP to sudoers. Prevents empty
host list being treated as "/ALL"/ wildcard.
* bsc#1201462
* Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
- supportutils
-
- Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Changed _sanitize_file to include lio_setup.sh (bsc#1206350)
- Changes to supportconfig version 3.0.11
+ Added _sanitize_file and applied it as needed (bsc#1203818)
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.7 (bsc#1209026)
+ Include information about the cached registration data
+ Collect the data that is sent to the update infrastructure during
registration
- systemd
-
- Import commit 95ad6444b8d4c9cbd6c745ba9b4463264109ee11
acb6da7b4a pager: make pager secure when under euid is changed or explicitly requested
7c8bbe16a2 pager: set $LESSSECURE whenver we invoke a pager (bsc#1208958 CVE-2023-26604)
e931881112 core: if the start command vanishes during runtime don't hit an assert (bsc#1206985)
- Import commit 284594087815b5a621c9cbdfd7fde382c3fa110e
408bdd5b5c units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
c9d71f32e9 vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode)
36cea26f87 vconsole-setup: add more log messages
ed5157ad87 units: restore Before dependencies for systemd-vconsole-setup.service
e9ae2bacc4 vconsole-setup: add lots of debug messages
40b348e753 Add enable_disable() helper
33ac2fa67a vconsole: correct kernel command line namespace
41e28b24d6 vconsole: Don't do static installation under sysinit.target
d5a5e14c0b vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636)
4e62cab082 vconsole: updates of keyboard/font loading functions
8fd6316be5 vconsole: Add generic is_*() functions
a755ea98ec vconsole: add two new toggle functions, remove old enable/disable ones
9ca3cfe2aa vconsole: copy font to 63 consoles instead of 15
7ddfcaab83 vconsole: add log_oom() where appropriate
8d61f5bde5 vconsole-setup: Store fonts on heap (#3268)
6efe43abe2 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
1f09db3094 errno-util: add new errno_or_else() helper
- Drop 5000-errno-util-add-new-errno_or_else-helper.patch
5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
They have been integrated in SUSE/v228, see above.
- Disable coredump support when building the mini flavor to avoid pulling in
elfutils as some elf macro definitions are now needed by coredump.c
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-errno-util-add-new-errno_or_else-helper.patch
Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
- Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234
e4ba341080 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
20743c1a44 logind: fix crash in logind on user-specified message string
b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
4b56c3540a parse-util: introduce pid_is_valid()
aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)
- Rebase 0001-logind-unmount-runtime-path-in-a-dedicated-process.patch
- systemd-presets-branding-SLE
-
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
- tar
-
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436-1.patch
* bsc1202436-2.patch
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
results in use of uninitialized memory for a conditional jump
(CVE-2022-48303, bsc#1207753)
* fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-fix-no-overwrite-dir.patch
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- tcl
-
- [bsc#1206623], tcl-string-compare.patch:
Fix [string compare -length] on big endian and improve
[string equal] on little endian.
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- telnet
-
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
(CVE-2022-39028, bsc#1203759)
CVE-2022-39028.patch
- timezone
-
- timezone update 2023c:
* Revert changes made in 2023b
- timezone update 2023b:
* Lebanon delays the start of DST this year.
- timezone update 2023a:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- Update to reflect new Chile DST change, bsc#1202310
* bsc1202310.patch
- unzip
-
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
- update-alternatives
-
- util-linux
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- util-linux-systemd
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- vim
-
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0814...v9.0.1234
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- missing-vim-client: removed
- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch)
- source correct suse.vimrc file (boo#1182324)
- stop owning /etc/vimrc so the old, distro provided config actually
gets removed. Leaving it around leads to a duplicated autocmd for
* .spec, leading to spec file template inserted twice.
- own some dirs in vim-data-common so installation of vim-small
doesn't leave not owned directories (boo#1173256).
- Add vi as slave to update-alternatives so that every package
has a matching "/vi"/ symlink (bsc#1174564, boo#1176549).
- Removed patches:
* disable-unreliable-tests-arch.patch
* CVE-2016-1248.patch
* CVE-2017-5953.patch
* CVE-2017-6349.patch
* CVE-2017-6350.patch
* restrict-shell-commands.patch
* source-check-sandbox.patch
* vim-8.0.1568-CVE-2021-3778.patch
* vim-8.0.1568-CVE-2021-3796.patch
* vim-8.0.1568-CVE-2021-3872.patch
* vim-8.0.1568-CVE-2021-3927.patch
* vim-8.0.1568-CVE-2021-3928.patch
* vim-8.0.1568-CVE-2021-3984.patch
* vim-8.0.1568-CVE-2021-4019.patch
* vim-8.0.1568-CVE-2021-4193.patch
* vim-8.0.1568-CVE-2021-46059.patch
* vim-8.0.1568-CVE-2022-0319.patch
* vim-8.0.1568-CVE-2022-0351.patch
* vim-8.0.1568-CVE-2022-0361.patch
* vim-8.0.1568-CVE-2022-0413.patch
* vim-8.0.1568-globalvimrc.patch
* vim-7.1.314-CVE-2009-0316-debian.patch
* vim-7.3-diff_check.patch
* vim-python35.patch
* vim-speedup-yaml.patch
- Updated patches:
* vim-7.3-filetype_changes.patch
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-gvimrc_fontset.patch
* vim-7.3-help_tags.patch
* vim-7.3-mktemp_tutor.patch
* vim-7.3-name_vimrc.patch
* vim-7.3-sh_is_bash.patch
* vim-7.3-use_awk.patch
* vim-7.4-disable_lang_no.patch
* vim-7.4-filetype_apparmor.patch
* vim-7.4-filetype_mine.patch
* vim-7.4-highlight_fstab.patch
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim73-no-static-libpython.patch
* vim-7.4-rpmlintrc
* vim73-no-static-libpython.patch
- Added patches:
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim-8.1.0297-dump3.patch
* vim-8.2.2411-globalvimrc.patch
* disable-unreliable-tests.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v7.4.326...v9.0.0814
- which
-
- https urls, added signature (but did not find the public key)
- Use %license instead of %doc [bsc#1082318]
- Move installinfo scriptlet to preun so it won't fail
- Cleanup spec file with spec-cleaner
- Correct usage of info scriplets
- GNU which 2.21:
* Upgraded code from bash to version 4.3 (now uses eaccess).
* Fixed a bug related to getgroups / sysconfig that caused Which
not to see more than 64 groups for a single user
* Build system maintenance.
- Update project and source URL to GNU project
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
correctly OR grouped lease status (bnc#896188)
netlink attribute if provided by the kernel (bnc#885007).
do not detect persistence but set if requested only (bnc#876845).
- client: do not mix shared with exclusive references (bnc#877776)
- extensions: disabled writing of wickedd.log (debug) file
- addrconf: initial lease writing/parsing helpers / disarmed
- several lldp fixes, mostly for parsing / formatting
- xfsprogs
-
- mkfs: validate extent size hint parameters (bsc#1138247)
- add xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch
- add xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch
- add xfsprogs-mkfs-validate-extent-size-hint-parameters.patch
- xfs_repair: Fix root inode's parent when it's bogus for sf directory
(bsc#1138227)
- add xfsprogs-xfs_repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch
- yast2-packager
-
- Do not fail when the installation URL contains a space
(bsc#1201816)
- 3.3.5
- yast2-printer
-
- Try to connect with SMB3 protocol when testing SMB printers
(bsc#1084277)
- 3.2.1
- yast2-registration
-
- fix crash of autoyast config dialog (bsc#1152913)
- 3.3.1
- yast2-storage
-
- Partitioner: PVs are not wrongly removed when resizing a VG
(bsc#1197208).
- 3.2.23
- yast2-transfer
-
- Fixed TFTP download, truncate the target file to avoid garbage
at the end of the file when saving to an already existing file
(bsc#1208754)
- 3.1.4
- zlib
-
- Fix deflateBound() before deflateInit(), bsc#1210593
bsc1210593.patch
- Add DFLTCC support for using inflate() with a small window,
fixes bsc#1206513
* bsc1206513.patch
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch
- Fix heap-based buffer over-read or buffer overflow in inflate via
large gzip header extra field (bsc#1202175, CVE-2022-37434,
CVE-2022-37434-extra-header-1.patch,
CVE-2022-37434-extra-header-2.patch).
- zypper
-
- Add expert (allow-*) options to all installer commands
(bsc#428822)
- version 1.13.64
- Provide "/removeptf"/ command (bsc#1203249)
A remove command which prefers replacing dependant packages to
removing them as well.
A PTF is typically removed as soon as the fix it provides is
applied to the latest official update of the dependant packages.
But you don't want the dependant packages to be removed together
with the PTF, which is what the remove command would do. The
removeptf command however will aim to replace the dependant
packages by their official update versions.
- BuildRequires: libzypp-devel >= 16.22.6.
- version 1.13.63
- Return ZYPPER_EXIT_INF_RPM_SCRIPT_FAILED (107) also if %posttrans
script failed. Requires ZYPPER_ON_CODE12_RETURN_107=1 being set
in the environment (bsc#1198139)
- version 1.13.62
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- version 1.13.61