- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
SCC will be stored inside of the credentials file for later use on API calls.
This way we add system clone detection for systems using this version of SUSE
Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
information in SCC and proxies more accurate. (bsc#1196076)
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
Adds binutils-add-efi-aarch64-1.diff,
binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
in crash not accepting some of our .ko.debug files.
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- cloud-regionsrv-client
-
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- containerd
-
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
- curl
-
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- dbus-1
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- ------------------------------------------------------------------
- dbus-1-x11
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- docker
-
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- expat
-
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
- glibc
-
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- pthread-cond-wait-stack-align.patch: x86: fix stack alignment in
pthread_cond_[timed]wait (bsc#1196852)
- gnutls
-
- sysrng-linux: re-open /dev/urandom every time [bsc#1204763]
* Control the file descriptor closing method
* Backported from c95312c5831be5418dc02a86d72bcd1eafd4c145
* Add gnutls-re-open-dev_urandom-every-time.patch
- google-guest-configs
-
- Add nvme-cli to Requires (bsc#1204068, bsc#1204091)
- grub2
-
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520)
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- Remove zfs modules (bsc#1205554)
* grub-remove-zfs-modules.patch
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- kernel-default
-
- ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames (bsc#1207168).
- commit cec1a9b
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1207195).
- commit b48b001
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit e326580
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit f3bb269
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit d5cf3c0
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit fcfa387
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 9f135a3
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit d23f0d2
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit db5c7ff
- blacklist.conf: add f6d061d61712 ("/kernel/module: Fix memleak in
module_add_modinfo_attrs()"/)
- commit adb3140
- README.BRANCH: Remove Petr Tesařík from README.BRANCH
Petr is no longer with SUSE, and the address bounces.
- commit a114688
- blacklist.conf: ppc radix hugepage ioremap
Add commits related to this feature we don't have on 4.12
- commit 30daa9a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc/smp: Set numa node before updating mask (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit 1c66115
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
(bsc#1065729).
- powerpc/futex: Fix warning: 'oldval' may be used uninitialized
in this function (bsc#1065729).
- Refresh patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch
- commit 3acc489
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
(bsc#1065729).
- powerpc/pseries/hvconsole: Fix stack overread via udbg
(bsc#1065729).
- powerpc/boot: Fix missing check of lseek() return value
(bsc#1065729).
- powerpc/traps: Fix the message printed when stack overflows
(bsc#1065729).
- powerpc/pseries: add of_node_put() in dlpar_detach_node()
(bsc#1065729).
- powerpc/pseries: Fix node leak in
update_lmb_associativity_index() (bsc#1065729).
- powerpc/powernv/eeh/npu: Fix uninitialized variables in
opal_pci_eeh_freeze_status (bsc#1065729).
- powerpc/mm: Make NULL pointer deferences explicit on bad page
faults (bsc#1065729).
- powerpc/xmon: fix dump_segments() (bsc#1065729).
- powerpc/64/module: REL32 relocation range check (bsc#1065729).
- powerpc/time: Fix clockevent_decrementer initalisation for PR
KVM (bsc#1065729).
- powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
(bsc#1065729).
- powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
(bsc#1065729).
- powerpc/boot: Disable vector instructions (bsc#1065729).
- powerpc/time: Use clockevents_register_device(), fixing an
issue with large decrementer (bsc#1065729).
- powerpc/xive: Move a dereference below a NULL test
(bsc#1065729).
- powerpc/64s/hash: Fix stab_rr off by one initialization
(bsc#1065729).
- powerpc/iommu: Avoid derefence before pointer check
(bsc#1065729).
- powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
- powerpc/boot: Fix 64-bit boot wrapper build with non-biarch
compiler (bsc#1065729).
- Refresh patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch
- commit 5dcb3e2
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 3922d2a
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit 5804d85
- arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
- commit 714ef7f
- arm64: smp: Handle errors reported by the firmware (git-fixes)
- commit 9d794c2
- blacklist.conf: ("/arm64: mm: Prevent mismatched 52-bit VA support"/)
- commit f1a361c
- arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
- commit 6cee162
- arm64: ftrace: don't adjust the LR value (git-fixes)
- commit eb42f1a
- arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes)
- commit c7b004f
- arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes)
- commit b2c772e
- arm64: makefile fix build of .i file in external module case (git-fixes)
- commit 195399e
- blacklist.conf: ("/arm64: percpu: Initialize ret in the default case"/)
- commit 4e64a56
- blacklist.conf: ("/arm64: lib: use C string functions with KASAN enabled"/)
- commit dd95ca4
- arm64: jump_label.h: use asm_volatile_goto macro instead of "/asm (git-fixes)
- commit eb342d8
- arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
- commit 14aabd0
- arm64: alternative: Use true and false for boolean values (git-fixes)
- commit 301b65d
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes)
- commit a25e150
- arm64: make secondary_start_kernel() notrace (git-fixes)
- commit 4106666
- blacklist.conf: ("/arm64: defconfig: Enable Rockchip io-domain driver"/)
- commit ad93c99
- arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes)
- commit e15bbd4
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
- commit 62841b2
- arm64: ptrace: remove addr_limit manipulation (git-fixes)
- commit e003877
- blacklist.conf: Add ppc fixes only applicable to 4.14
- commit 131a7b8
- blacklist.conf: Add reverted ppc commit
- commit a8b8b81
- NFS Handle missing attributes in OPEN reply (bsc#1203740).
- commit 5c8477f
- blacklist.conf: cosmetic fix
- commit 4cdceea
- blacklist.conf: cosmetic fix
- commit 0413215
- blacklist.conf: adds a WARN only
- commit f484812
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
loaded (git-fixes).
- commit c42a78e
- blacklist.conf: changes API
- commit df9a032
- blacklist.conf: powerpc watchdog implemented in 4.13
- commit 7400877
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 3059da1
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- Refresh patches.suse/powerpc-disable_fixed_phb_option.patch
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit e9baafc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit 445debb
- blacklist.conf: fixes for bugs we don't have
git-fixes suggests patches from a later LTS which are fixes for patches
that we don't have. So blacklist them.
- commit 7eacd62
- Refresh patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
This has landed in mainline so update commit info
- commit 102542f
- Refresh
patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch.
gcc pointed out to me a porting error in this patch
- commit 00a42ee
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFS: swap-out must always use STABLE writes (git-fixes).
- NFS: swap IO handling is slightly different for O_DIRECT IO
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- NFS: Correct size calculation for create reply length
(git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- sunrpc: fix crash when cache_head become valid before update
(git-fixes).
- fs: nfs: Fix possible null-pointer dereferences in
encode_attrs() (git-fixes).
- NFSv2: Fix write regression (git-fixes).
- NFSv2: Fix eof handling (git-fixes).
- NFS: Fix initialisation of I/O result struct in
nfs_pgio_rpcsetup (git-fixes).
- NFSv4: Fix return value in nfs_finish_open() (git-fixes).
- NFSv4: Fix return values for nfs4_file_open() (git-fixes).
- svcrdma: Ignore source port when computing DRC hash (git-fixes).
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
(git-fixes).
- nfsd: allow fh_want_write to be called twice (git-fixes).
- sunrpc: don't mark uninitialised items as VALID (git-fixes).
- nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
- nfs: Fix NULL pointer dereference of dev_name (git-fixes).
- NFS: nfs_compare_mount_options always compare auth flavors
(git-fixes).
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
(git-fixes).
- sunrpc: fix cache_head leak due to queued request (git-fixes).
- nfsd: fix a warning in __cld_pipe_upcall() (git-fixes).
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
(git-fixes).
- lockd: fix decoding of TEST results (git-fixes).
- SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
- flexfiles: enforce per-mirror stateid only for v4 DSes
(git-fixes).
- flexfiles: use per-mirror specified stateid for IO (git-fixes).
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
(git-fixes).
- SUNRPC: drop pointless static qualifier in
xdr_get_next_encode_buffer() (git-fixes).
- sunrpc: Fix connect metrics (git-fixes).
- SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
- NFSv4.x: fix lock recovery during delegation recall (git-fixes).
- SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
(git-fixes).
- NFSv4: Fix open create exclusive when the server reboots
(git-fixes).
- commit 25159f5
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit d06e561
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 3cb5d2f
- move new members of struct usbnet to end (git-fixes).
- commit 727de32
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- commit 22cc214
- media: Don't let tvp5150_get_vbi() go out of vbi_ram_default
array (git-fixes).
- commit 09471ab
- media: i2c: tvp5150: remove useless variable assignment in
tvp5150_set_vbi() (git-fixes).
- commit 0f3eff0
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit d5fc0df
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6849123
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- commit b2fe9de
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bcc09f1
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 7632b5d
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit b040831
- net: kalmia: fix memory leaks (git-fixes).
- commit c76568f
- net/usb/kalmia: use ARRAY_SIZE for various array sizing
calculations (git-fixes).
- commit fefbe90
- net: kalmia: clean up bind error path (git-fixes).
- commit ba39d56
- net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
- commit a8619f3
- net: usb: asix: init MAC address buffers (git-fixes).
- commit b22ad3e
- net: usb: asix: ax88772_bind return error when hw_reset fail
(git-fixes).
- Refresh
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch.
- commit 65076ad
- blacklist.conf: duplicate
- commit 5f7f532
- net: usb: rtl8150: demote allmulti message to dev_dbg()
(git-fixes).
- commit 117cf2b
- kABI: mitigate new ufs_stats field (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
(git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
(git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(git-fixes).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
PT2PT topology (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: megaraid: Fix error check return value of
register_chrdev() (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
(git-fixes).
- scsi: libiscsi: Fix UAF in
iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
(git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
"/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
(git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sr: Return correct event when media event code is 3
(git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
(git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
state (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in failfast state
(git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
(git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is
runtime ACTIVE (git-fixes).
- scsi: libiscsi: Fix NOP race condition (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
(git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
(git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
(git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
ufs_qcom_testbus_config() (git-fixes).
- scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
(git-fixes).
- commit 8407432
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit ad34c09
- scsi: ufs: Clean up completed request without interrupt
notification (git-fixes).
- Refresh
patches.suse/scsi-ufs-properly-release-resources-if-a-task-is-aborted-successfully.
- commit 47def13
- scsi: ufs: Improve interrupt handling for shared interrupts
(git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
(git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
(git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
(git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
(git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
(git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
(git-fixes).
- scsi: mpt3sas: Fix double free warnings (git-fixes).
- scsi: qedi: Fix termination timeouts in session logout
(git-fixes).
- scsi: qedi: Do not flush offload work if ARP not resolved
(git-fixes).
- scsi: iscsi: Report unbind session event when the target has
been removed (git-fixes).
- scsi: aacraid: Disabling TM path and only processing IOP reset
(git-fixes).
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
(git-fixes).
- scsi: Revert "/target: iscsi: Wait for all commands to finish
before freeing a session"/ (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
connections (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
(git-fixes).
- scsi: ufs: Complete pending requests in host reset and restore
path (git-fixes).
- scsi: libcxgbi: fix NULL pointer dereference in
cxgbi_device_destroy() (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: target: iscsi: Wait for all commands to finish before
freeing a session (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: pm80xx: Fix for SATA device discovery (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
(git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
(git-fixes).
- scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
(git-fixes).
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
(git-fixes).
- scsi: sni_53c710: fix compilation error (git-fixes).
- scsi: scsi_dh_alua: handle RTPG sense code correctly during
state transitions (git-fixes).
- scsi: megaraid: disable device when probe failed after enabled
device (git-fixes).
- scsi: ufs: skip shutdown if hba is not powered (git-fixes).
- scsi: core: Reduce memory required for SCSI logging (git-fixes).
- scsi: hpsa: correct scsi command status issue after reset
(git-fixes).
- commit 01813b3
- scsi: scsi_dh_alua: always use a 2 second delay before retrying
RTPG (git-fixes).
- Refresh
patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch.
- commit 37a1f9a
- scsi: megaraid_sas: fix panic on loading firmware crashdump
(git-fixes).
- scsi: libcxgbi: add a check for NULL pointer in
cxgbi_check_route() (git-fixes).
- scsi: qedi: Abort ep termination if offload not scheduled
(git-fixes).
- scsi: ufs: Fix regulator load and icc-level configuration
(git-fixes).
- scsi: ufs: Avoid configuring regulator with undefined voltage
range (git-fixes).
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
(git-fixes).
- scsi: qla4xxx: fix a potential NULL pointer dereference
(git-fixes).
- scsi: iscsi: flush running unbind operations when removing a
session (git-fixes).
- scsi: megaraid_sas: reduce module load time (git-fixes).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
(git-fixes).
- scsi: libsas: Check SMP PHY control function result (git-fixes).
- scsi: 53c700: pass correct "/dev"/ to dma_alloc_attrs()
(git-fixes).
- scsi: ufs: Fix system suspend status (git-fixes).
- scsi: qla4xxx: check return code of
qla4xxx_copy_from_fwddb_param (git-fixes).
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
free_irq during unload (git-fixes).
- scsi: libiscsi: Fix NULL pointer dereference in
iscsi_eh_session_reset (git-fixes).
- scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
- scsi: dc395x: fix dma API usage in srb_done (git-fixes).
- scsi: iscsi_tcp: Explicitly cast param in
iscsi_sw_tcp_host_get_param (git-fixes).
- scsi: isci: Change sci_controller_start_task's return type to
sci_status (git-fixes).
- scsi: isci: Use proper enumerated type in
atapi_d2h_reg_frame_handler (git-fixes).
- scsi: ips: fix missing break in switch (git-fixes).
- scsi: NCR5380: Check for bus reset (git-fixes).
- scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
- scsi: NCR5380: Don't call dsprintk() following reselection
interrupt (git-fixes).
- scsi: NCR5380: Don't clear busy flag when abort fails
(git-fixes).
- scsi: NCR5380: Check for invalid reselection target (git-fixes).
- scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
(git-fixes).
- scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
(git-fixes).
- scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
- scsi: NCR5380: Clear all unissued commands on host reset
(git-fixes).
- scsi: pm80xx: Fixed system hang issue during kexec boot
(git-fixes).
- scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
- scsi: sd: don't crash the host on invalid commands (git-fixes).
- scsi: ibmvscsis: Ensure partition name is properly NUL
terminated (git-fixes).
- scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
- scsi: 3ware: fix return 0 on the error path of probe
(git-fixes).
- scsi: vmw_pvscsi: Return DID_RESET for status
SAM_STAT_COMMAND_TERMINATED (git-fixes).
- scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
- scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
(git-fixes).
- commit 629211b
- blacklist.conf: add git-fix commits to black list
- commit 77cd26b
- drm/amdkfd: Check for null pointer after calling kmemdup
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit d5c766f
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit 060c52f
- blacklist.conf: Risky, requires reworking of mempolicies
- commit f553475
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit d2abfa4
- blacklist.conf: fixes for old ftrace bugs, too intrusive
- commit 16e8a4b
- blacklist.conf: afs fixes which is not compiled
- commit e4c8294
- tracing: Fix code comments in trace.c (git-fixes).
- commit ec2222c
- blacklist.conf: code style cleanup for kernel/module
- commit 4ec89b1
- blacklist.conf: cosmetic fix
- commit 69fb632
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- commit d54a6b7
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit 2e65110
- blacklist.conf: removes an API
- commit e61353f
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- commit f421241
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- s390/qeth: fix deadlock during failing recovery (bsc#1206213
LTC#200742).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1206213
LTC#200742).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
(git-fixes).
- s390: appldata depends on PROC_SYSCTL (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static
build (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390/qeth: remove driver-wide workqueue (bsc#1206213
LTC#200742).
- s390/qeth: don't defer close_dev work during recovery
(bsc#1206213 LTC#200742).
- commit 1acccf5
- Delete and blacklist
patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch.
- commit 26d92fb
- blacklist.conf: add 6f390916c4fb KVM: s390: Ensure
kvm_arch_no_poll() is read once when blocking vCPU
- commit d8badd9
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 014ac33
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 4f96478
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- commit 0f3ab2f
- Delete
patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch
and add it to blacklist.conf instead, as the patch breaks shadow page
tables for KVM guests without any real other gain (bsc#1205234).
- commit afc147a
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
Fix up after merge from cve/4.12. The patch can be closer to upstream in
12sp5 as we have more than in the cve branch.
- commit c316a9f
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit 54d8403
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 0a9d163
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 1430849
- cuse: prevent clone (bsc#1206120).
- fuse: don't check refcount after stealing page (bsc#1206119).
- fuse: retrieve: cap requested size to negotiated max_write
(bsc#1206118).
- fuse: use READ_ONCE on congestion_threshold and max_background
(bsc#1206117).
- commit 04cffe1
- blacklist.conf: added 4a6f278d4827 ("/fuse: add file_modified() to fallocate"/)
- commit 02645f1
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit 1051f51
- blacklist.conf: add hamradio
- commit 099ae10
- net: hns3: fix kernel crash when unload VF while it is being
reset (git-fixes).
- commit ae4bc46
- net: smsc911x: Fix unload crash when link is up (git-fixes).
- commit 5d0ae5f
- i40e: Fix kernel crash during module removal (git-fixes).
- commit 5410efd
- i40e: Fix reset path while removing the driver (git-fixes).
- commit a60eb44
- net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
- commit 9864107
- net: aquantia: Fix actual speed capabilities reporting
(git-fixes).
- Refresh
patches.suse/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch.
- commit 4b16854
- gianfar: Disable EEE autoneg by default (git-fixes).
- commit e3da720
- net: ethernet: arc: fix error handling in emac_rockchip_probe
(git-fixes).
- commit a60d1e6
- sfp: fix RX_LOS signal handling (git-fixes).
- commit e49032c
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(git-fixes).
- commit 1a4980e
- xen-netfront: remove warning when unloading module (git-fixes).
- commit 8066ddd
- macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
- commit fdbdae5
- macsec: check return value of skb_to_sgvec always (git-fixes).
- commit 958f55b
- blacklist.conf: Add 51bee5abeab2 cgroup/pids: turn cgroup_subsys->free()
into cgroup_subsys->release() to fix the accounting
- commit 5bcd4d4
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 6514e10
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 9837fc7
- blacklist.conf: Add 45e1ba40837a cgroup: disable controllers at parse
time
- commit ccb9bf4
- blacklist.conf: Add threaded cgroups related patches
The come from stable-4.14, thus not relevant for us.
(One more cgroup patch added that's unneeded too.)
- commit dbc5a4e
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- Refresh
patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit e452934
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit cf52a0b
- add missing bug reference to a hv_netvsc patch file (bsc#1204850).
- commit e38a906
- blacklist.conf: add 72791ac854fea3
- commit f0edb3e
- blacklist.conf: add 5c13a4a0291b3019
- commit 2149313
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit 4bead56
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 3e8dd4e
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit 392a5ef
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit df41542
- blacklist.conf: add e8240addd0a3919e
- commit 5c7763d
- blacklist.conf: add 0f4558ae91870692c
- commit 480f3db
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit b478418
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit d9798f7
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit 05697f5
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit d643b77
- xen/blkback: fix memory leaks (git-fixes).
- commit 0f8219d
- blacklist.conf: add bce5963bcb4f
- commit 898778b
- Revert "/xen/balloon: Mark unallocated host memory as UNUSABLE"/
(git-fixes).
- blacklist.conf: remove added patch
- Refresh
patches.suse/0001-Revert-xen-balloon-Fix-crash-when-ballooning-on-x86-.patch.
- commit e16cca1
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL
usage (git-fixes).
- Refresh
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch.
- commit 51c6261
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- rename patch file and move it to the sorted section.
- commit a55d114
- xen/balloon: fix balloon initialization for PVH Dom0
(git-fixes).
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack-take-two.patch.
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack.patch.
- commit 5ba6e04
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit b8c3c6e
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit bfe3d11
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 7a7fe44
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 0d3422a
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit 0c5b296
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit 99af98d
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc567fb
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit c08cb70
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit 0cbe5b2
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit c25f15f
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit c306d38
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit a0adbc7
- xen-blkback: prevent premature module unload (git-fixes).
- commit cf8ca9e
- x86/xen: Return from panic notifier (git-fixes).
- commit 79e25ba
- xen/efi: Set nonblocking callbacks (git-fixes).
- commit c90ddf2
- xen/pciback: remove set but not used variable 'old_state'
(git-fixes).
- commit 9bb95c7
- always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
- commit 0e5993e
- xen/pciback: Check dev_data before using it (git-fixes).
- commit 1cda86e
- kprobes/x86/xen: blacklist non-attachable xen interrupt
functions (git-fixes).
- commit c21b175
- net: xen-netback: fix return type of ndo_start_xmit function
(git-fixes).
- commit 7ad3ae2
- xen/scsiback: add error handling for xenbus_printf (git-fixes).
- commit 7517554
- xen: add error handling for xenbus_printf (git-fixes).
- commit e858168
- xen: xenbus: use put_device() instead of kfree() (git-fixes).
- commit fe0b840
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205908).
- ceph: fix fscache invalidation (bsc#1205907).
- ceph: fix potential race in ceph_check_caps (bsc#1205906).
- ceph: don't skip updating wanted caps when cap is stale
(bsc#1205905).
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
(bsc#1205904).
- ceph: check availability of mds cluster on mount after wait
timeout (bsc#1205903).
- ceph: return -EINVAL if given fsc mount option on kernel w/o
support (bsc#1205902).
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
(bsc#1205901).
- commit 24952fe
- mm, swap, frontswap: fix THP swap if frontswap enabled
(git-fixes).
- commit 61f5d01
- blacklist.conf: added xen/pvcalls related patches, as driver not in 4.12
- commit f9877af
- xen/grant-table: Use put_page instead of free_page (git-fixes).
- Refresh
patches.suse/xen-gnttab-fix-gnttab_end_foreign_access-without-pag.patch.
- Refresh
patches.suse/xen-grant-table-add-gnttab_try_end_foreign_access.patch.
- commit 5a79925
- xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
- commit e0b8207
- xen/gntdev: Fix off-by-one error when unmapping with holes
(git-fixes).
- commit 309e553
- xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
- commit c11ca0a
- Refresh
patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
Update upstream status and move to sorted section.
- commit f034897
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit 3d8bb62
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 1a498e7
- usb: dwc3: gadget: only unmap requests from DMA if mapped
(git-fixes).
- Refresh
patches.suse/0001-usb-dwc3-gadget-Clear-req-needs_extra_trb-flag-on-cl.patch.
- Refresh
patches.suse/usb-dwc3-gadget-never-call-complete-from-ep_queue.patch.
- commit 5538962
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- commit 8363ff1
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit dd1508b
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit bc92371
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 20328af
- blacklist.conf: Do not backport an intrusive KVM/S390 fix.
- commit dc91df6
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- KVM: s390: fix memory slot handling for
KVM_SET_USER_MEMORY_REGION (git-fixes).
- commit 91dd7c2
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit 2d196d4
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit 502b5e0
- blacklist.conf: not enabled
- commit 62afe05
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit e6e2ec1
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit ed9d761
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- Documentation: dm writecache: Render status list as list
(git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- PM: hibernate: fix sparse warnings (git-fixes).
- dm mpath: remove harmful bio-based optimization (git-fixes).
- blk-mq: add callback of .cleanup_rq (git-fixes).
- commit a1e0c0c
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit b1b4277
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit dc177c9
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 86c9eae
- media: mceusb: do not read data parameters unless required
(git-fixes).
- commit a5b2d37
- [media] mceusb: TX -EPIPE (urb status = -32) lockup fix
(git-fixes).
- commit 4fa96ff
- [media] mceusb: RX -EPIPE (urb status = -32) lockup failure fix
(git-fixes).
- commit 4ed839f
- [media] mceusb: fix inaccurate debug buffer dumps, and
misleading debug messages (git-fixes).
- Refresh
patches.suse/media-mceusb-fix-memory-leaks-in-error-path.patch.
- commit dec0bf7
- [media] mceusb: sporadic RX truncation corruption fix
(git-fixes).
- commit e1eba54
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 90f5154
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 9d86fe0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit c275921
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 92ed14c
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 18f5fc2
- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv,
send}msg() (bsc#1204414 CVE-2022-3567).
- commit ed98ad2
- ipv6: provide and use ipv6 specific version for {recv, send}msg
(bsc#1204414 CVE-2022-3567).
- commit f8fc818
- inet: factor out inet_send_prepare() (bsc#1204414
CVE-2022-3567).
- commit 2f26c25
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1065729).
- commit 4db02b2
- blacklist.conf: Add fixes for unsupported platforms
- commit 05248b6
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit 9676102
- blacklist.conf: Add bd31ecf44b8e KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
- commit ec74f0b
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (git-fixes).
- commit c7f58f1
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- Refresh patches.suse/do-not-default-to-ibrs-on-skl.patch.
- commit ca7c19a
- media: ite-cir: IR receiver stop working after receive overflow
(git-fixes).
- commit 0a8d27b
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(git-fixes).
- commit 069a7c2
- Update metadata references
- commit 61da8f0
- blacklist.conf: build fix
- commit 42d485b
- media: mceusb: sanity check for prescaler value (git-fixes).
- commit ba3bebc
- blacklist.conf: duplicate
- commit d529ebe
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
- EAGAIN for nowait (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- bfq: Update cgroup information before merging bio (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- nbd: don't update block size after device is started
(git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
(git-fixes).
- block: respect queue limit of max discard segment (git-fixes).
- null_blk: Fix the null_add_dev() error path (git-fixes).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
- block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
- commit a6dd16c
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
- commit 8b26e24
- blacklist.conf: add 2 pervasive git-fixes
- commit 0bf3c41
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 52db277
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 2ee27a4
- hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
- x86/hyperv: Set pv_info.name to "/Hyper-V"/ (git-fixes).
- hv_netvsc: Sync offloading features to VF NIC (git-fixes).
- commit 4a8a7a9
- net: ethernet: ti: ale: fix seeing unreg mcast packets with
promisc and allmulti disabled (git-fixes).
- commit 940ee30
- net/mlx5: E-Switch, Hold mutex when querying drop counter in
legacy mode (git-fixes).
- commit 2e07a05
- bnxt_en: Free context memory after disabling PCI in probe
error path (git-fixes).
- commit 720cc36
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
(git-fixes).
- commit 9d7339e
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- commit 20e8907
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
Refresh patches.suse/0018-KVM-arm64-Add-templates-for-BHB-mitigation-sequences.patch
Refresh patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
- commit 043a003
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(git-fixes).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
- s390/qeth: vnicc Fix init to default (git-fixes).
- s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
- s390/qeth: fix false reporting of VNIC CHAR config failure
(git-fixes).
- s390/qeth: Fix initialization of vnicc cmd masks during set
online (git-fixes).
- s390/qeth: Fix error handling during VNICC initialization
(git-fixes).
- commit 6e472df
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
(git-fixes).
- vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
- commit 76839b9
- Refresh
patches.suse/Fix-releasing-of-old-bundles-in-xfrm_bundle_lookup-b.patch.
- commit 374b5d5
- blacklist.conf: cleanup intended to break kABI
- commit c84e993
- usb: chipidea: udc: check request status before setting device
address (git-fixes).
- commit cb47b3a
- usb: musb: Fix suspend with devices connected for a64
(git-fixes).
- commit f48dc12
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
- commit b1650a6
- net: hns3: disable sriov before unload hclge layer (git-fixes).
- commit d345db6
- net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
- commit 48b09a8
- net: hns3: reset DWRR of unused tc to zero (git-fixes).
- commit 8875465
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- commit 0db1cd8
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- commit aefa3aa
- can: rcar_can: fix suspend/resume (git-fixes).
- commit 132b32d
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- commit a0a50ea
- i40e: fix endless loop under rtnl (git-fixes).
- commit 0544181
- phy: mdio: fix memory leak (git-fixes).
- commit a953b17
- Revert "/net: mdiobus: Fix memory leak in __mdiobus_register"/ (git-fixes).
- commit 8056426
- net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
- commit 97ee07d
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- commit 4f15909
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- commit cc79b14
- net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
- commit 09955f8
- net: hns3: check vlan id before using it (git-fixes).
- commit bfc3c2e
- net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
- commit c549aee
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 5162019
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 4db2648
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- commit d145d85
- ptp: dp83640: don't define PAGE0 (git-fixes).
- commit ba826c9
- natsemi: sonic: stop calling netdev_boot_setup_check
(git-fixes).
- commit 3ddf5c6
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- commit 590981e
- blacklist.conf: update blacklist
- commit e42313e
- blacklist.conf: update blacklist for git-fixes commits
- commit 3de45db
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit aefe870
- bnxt_en: Clean up completion ring page arrays completely
(git-fixes).
- commit 39641b0
- bnxt_en: Don't use static arrays for completion ring pages
(git-fixes).
- commit 7ae4ad6
- bnxt_en: Increase maximum RX ring size if jumbo ring is not used
(git-fixes).
- commit 8ab9e71
- net: natsemi: Fix missing pci_disable_device() in probe and
remove (git-fixes).
- commit b1e1228
- sis900: Fix missing pci_disable_device() in probe and remove
(git-fixes).
- commit 9b32829
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (git-fixes).
- commit 1916370
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- commit 91f7e82
- net/mlx5: Fix flow table chaining (git-fixes).
- commit 50c9e7c
- NIU: fix incorrect error return, missed in previous revert
(git-fixes).
- commit 697aa31
- ixgbe: Fix packet corruption due to missing DMA sync
(git-fixes).
- commit 523784f
- net: ti: fix UAF in tlan_remove_one (git-fixes).
- commit 0aebd34
- net: qcom/emac: fix UAF in emac_remove (git-fixes).
- commit 5b6315c
- net: moxa: fix UAF in moxart_mac_probe (git-fixes).
- commit cf3a72b
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
(git-fixes).
- commit 9d4ba6f
- igb: Fix position of assignment to *ring (git-fixes).
- commit 3c1202a
- igc: change default return of igc_read_phy_reg() (git-fixes).
- commit df2e2f4
- igc: Fix use-after-free error during reset (git-fixes).
- commit 251ef5a
- virtio_net: move tx vq operation under tx queue lock
(git-fixes).
- commit 90eec50
- vxlan: add missing rcu_read_lock() in neigh_reduce()
(git-fixes).
- commit 156a458
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 8b83e49
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 2da1970
- ice: Increase control queue timeout (git-fixes).
- commit 5d9b03d
- blacklist.conf: update blacklist
- commit e370582
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729).
- commit 3b44e8a
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- commit cdf529c
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit 7c13cdf
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit da95687
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 10722c0
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 924938c
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: define get_cycles macro for arch-override (git-fixes).
- commit f757324
- blacklist.conf: s390: No need to fix VSIE.
- commit 0194543
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
guests (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
- commit 63379a7
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 28012b2
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit 284cbb1
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit fa89806
- blacklist.conf: livepatch: 32-bit only
- commit 4273e1d
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit 2506784
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit 6135eb4
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit b8d4061
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 9169c2c
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit da87a2f
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 56e3837
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit f6b96f7
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 3e65661
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit d91da96
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit a0bbb4b
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit 2dbafe6
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit fda3a5b
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 2778e59
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 3e162e8
- i40e: improve locking of mac_filter_hash (git-fixes).
- commit 143807c
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- commit a0ef80c
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- commit 3f4f3ee
- ppp: Fix generating ppp unit id when ifname is not specified
(git-fixes).
- commit 8e47822
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
(git-fixes).
- commit 8d0bcb7
- net: dsa: mt7530: add the missing RxUnicast MIB counter
(git-fixes).
- commit 57a9699
- net: vxge: fix use-after-free in vxge_device_unregister
(git-fixes).
- commit 1d9b679
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit 13c92ff
- net: mvpp2: Put fwnode in error case during ->probe()
(git-fixes).
- commit ec00850
- net/mlx5e: Remove dependency in IPsec initialization flows
(git-fixes).
- commit e587509
- net/mlx4: Fix EEPROM dump support (git-fixes).
- commit ebb3264
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit 24bcdc7
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit 021da5e
- bnxt_en: Fix RX consumer index logic in the error path
(git-fixes).
- commit f39a791
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 4bee41d
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit e0d8a19
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit cc02dbe
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 8a11cdd
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- commit 5965441
- i40e: Fix overwriting flow control settings during driver
loading (git-fixes).
- commit a33b4c7
- i40e: Fix flow for IPv6 next header (extension header)
(git-fixes).
- commit b64f750
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- commit b2e387c
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 366a419
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit 50da091
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit b7ab28e
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 183da9c
- bnxt_en: reverse order of TX disable and carrier off
(git-fixes).
- commit d1661a3
- blacklist.conf: update blacklist
- commit 379051a
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 9910802
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- commit a1cf7e6
- Input: gscps2 - check return value of ioremap() in
gscps2_probe() (git-fixes).
- commit 2ec370b
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 0ac14cd
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- commit 3f2ce02
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 8a8ede5
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit 2edb1f4
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 0ea44f9
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit be1109d
- USB: serial: ch341: fix lockup of devices with limited prescaler
(git-fixes).
- Refresh
patches.suse/Revert-USB-serial-ch341-add-new-Product-ID-for-CH341.patch.
- Refresh
patches.suse/USB-serial-ch341-sort-device-id-entries.patch.
- commit 4dd7140
- USB: serial: ch341: fix receiver regression (git-fixes).
- commit c932590
- USB: serial: ch341: reimplement line-speed handling (git-fixes).
- commit b324632
- USB: serial: ch341: add basis for quirk detection (git-fixes).
- commit 113d16b
- blacklist.conf: duplicate of b4a64ed6e7b857317070fcb9d87ff5d4a73be3e8
- commit ff064ba
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit ee0dc75
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit ece443c
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- commit d234200
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit cf0c998
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit 16163cf
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit d20af40
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 5b67fc6
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit d14e803
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit 92746cd
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ffa0698
- Update metadata references
- commit 090bf0c
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit baac8bc
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit a6ab2c6
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- commit f308a7a
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- commit 1416c1e
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- Refresh patches.suse/USB-serial-option-add-Quectel-RM520N.patch.
- commit 891a8cf
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- commit a94c0a4
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- commit b4e5f08
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 0f4a423
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 07bccdc
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit ef2b928
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit a313609
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit baac9c4
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8a3b61b
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
(bsc#1200788 CVE-2022-2153).
- commit 661c2ce
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 3a9cc04
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit c6701d7
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 0d160b3
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit b4f4125
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit 95457fb
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203142 LTC#199883).
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (bsc#1203198 LTC#199898).
- commit 8606330
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit 73e670f
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 6bd6b60
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 729cf0b
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 95fbcd2
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit 61ed64b
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 469e1ea
- blacklist.conf: ignore unwanted nfs/md patches
- commit 968a253
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
(bnc#1203802).
- commit 51d1632
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit 9735897
- s390: fix double free of GS and RI CBs on fork() failure
(bsc#1203254 LTC#199911).
- s390/guarded storage: simplify task exit handling (bsc#1203254
LTC#199911).
- commit 33e512e
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit dd58489
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit e991b90
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 0516b01
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(bsc#1203322 CVE-2022-40307).
- commit 8166d5e
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit b440061
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit d6070f7
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e024e1e
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 88f61a5
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 510678c
- xfs: enable big timestamps (bsc#1203387).
- commit f5ecebd
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit a71ecee
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit de56df3
- xfs: preserve default grace interval during quotacheck
(bsc#1203387).
- commit 32fdbbb
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit ea13b52
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit 31e0e71
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit 852ad51
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit 0ca10b2
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit fdfb081
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 480b158
- xfs: account finobt blocks properly in perag reservation
(bsc#1203387).
- commit 2390201
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- commit da5fa15
- module: change to print useful messages from
elf_validity_check() (git-fixes).
- commit aa3765e
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit 99976e2
- module: harden ELF info handling (git-fixes).
- Refresh
patches.suse/0001-module-warn-if-module-init-probe-takes-long.patch.
- Delete
patches.suse/0005-modsign-print-module-name-along-with-error-message.patch
(info->mod->name is no longer available in module_sig_check() due to
the backported patch).
- commit 6bb95a5
- krb5
-
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bsc#1205126);
- Added patches:
* 0126-Fix-integer-overflows-in-PAC-parsing.patch
- libX11
-
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- liblogging
-
- Use %license instead of %doc [bsc#1082318]
- fix SLE 12 build
- Use python3 version of rst2man when available
- Run spec-cleaner
- liblogging 1.0.6:
* fix small memory leaks in libstdlog
* enhancement: sigsafe_printf now recognizes the "/j"/ length
modifier
* fix: build_file_line and build_syslog_frame call the
__stdlog_print_* functions incorrectly
* Implement a STDLOG_PID option
* bugfix: potentialSEGV in the stdlog_sigsafe_string formatter
if NULL pointer was passed in
* bugfix: stdlog_sigsafe_printf mis-handles an int or unsigned
int
* build system: auto-detect presence of journal libraries
- When building with systemd-journal support, only buildrequire
pkgconfig(libsystemd-journal) on openSUSE 13.1. On newer
versions, buildrequrie pkgconfig(libsystemd). The sublibaries have
been merged in version 209 (13.2 shipped systemd 210).
- make the suse_version portable
- fix broken conditional with sles_version macro
- Remove redundant ldconfig requires
- liblogging 1.0.5:
+ cleanup for systemd-journal >= 209
+ bugfix: date stamp was incorrectly formatted
- libxslt
-
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- libzypp
-
- properly reset range requests (bsc#1204548)
- version 16.22.5 (0)
- Fix package signature check (bsc#1184501)
- mozilla-nspr
-
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- mozilla-nss
-
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
(bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
* Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
(CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- nfs-utils
-
- Add 0202-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Allow server scope to be set - removes the need to run nfsd
inside a private UTS namespace for fail-over applications
(bsc#1203746)
- 0201-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- openldap2
-
- bsc#1203320 - Resolve broken symlinks in documentation
- openssh
-
- Add -Y option (jsc#SLE-24949)
+ openssh-More-BSD-compat-functions-recallocarray-getpagesize-.patch
+ openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch
+ openssh-New-option-parsing-functions.patch
+ openssh-ssh-keygen-ssh-agent-intergration.patch
+ openssh-test-updates.patch
+ openssh-test-fixups.patch
+ openssh-Add-ssh-keygen-Y-option-sshsig.patch
- Ship added protocol file as documentation.
- Refresh openssh-7.2p2-gssapi_key_exchange.patch: fix up tests broken by gssapi
- Run tests during build
- cycle patches through git, use autopatch.
- openssl-1_0_0
-
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- openssl-1_1
-
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- python
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-base
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python3
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-base
-
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-lxml
-
- Add patch CVE-2021-28957-prevent-formaction.patch:
* Sanitize HTML5 formaction attributes to prevent an XSS
(bsc#1184177, CVE-2021-28957)
- python36
-
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- release-notes-sles
-
- 12.5.20220930 (tracked in bsc#933411)
- Added note about /var/run volatility (jsc#SLE-5601)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Updated LibreOffice note (jsc#SLE-24441)
- Updated Java 1.7 lifecycle (jsc#PED-2073)
- 12.5.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-2073)
- rpm
-
- backport pgp hardening changes from upstream [bsc#1185299]
new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try to acquire the
database lock [bsc#1183659]
new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
[CVE-2021-20271] [CVE-2021-20266]
[bsc#1183543] [bsc#1183545] [bsc#1183632]
new patch: headerchk3.diff
- backport fixes for various format handling bugs [bsc#996280]
new patch: formatbugs.diff
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- runc
-
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
bsc#1202021
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "/permission denied"/ error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
- samba
-
- CVE-2022-38023: Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- sg3_utils
-
- Update to version 1.43+48.63a5696:
* sg_turs: do not report error for standby or unavailable ports
(bsc#1186628)
* drop 55-scsi-sg3_id.rules-fix-SCSI_IDENT_LUN_NAA_EXT-case.patch
(now included in git tarball)
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- sudo
-
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Modified sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Fixes crash while using sssd plugin caused by regression
introduced by this patch
* bsc#1206170
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- supportutils
-
- Changes to supportconfig version 3.0.11
+ Added _sanitize_file and applied it as needed (bsc#1203818)
- systemd
-
- Import commit 284594087815b5a621c9cbdfd7fde382c3fa110e
408bdd5b5c units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
c9d71f32e9 vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode)
36cea26f87 vconsole-setup: add more log messages
ed5157ad87 units: restore Before dependencies for systemd-vconsole-setup.service
e9ae2bacc4 vconsole-setup: add lots of debug messages
40b348e753 Add enable_disable() helper
33ac2fa67a vconsole: correct kernel command line namespace
41e28b24d6 vconsole: Don't do static installation under sysinit.target
d5a5e14c0b vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636)
4e62cab082 vconsole: updates of keyboard/font loading functions
8fd6316be5 vconsole: Add generic is_*() functions
a755ea98ec vconsole: add two new toggle functions, remove old enable/disable ones
9ca3cfe2aa vconsole: copy font to 63 consoles instead of 15
7ddfcaab83 vconsole: add log_oom() where appropriate
8d61f5bde5 vconsole-setup: Store fonts on heap (#3268)
6efe43abe2 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
1f09db3094 errno-util: add new errno_or_else() helper
- Drop 5000-errno-util-add-new-errno_or_else-helper.patch
5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
They have been integrated in SUSE/v228, see above.
- Disable coredump support when building the mini flavor to avoid pulling in
elfutils as some elf macro definitions are now needed by coredump.c
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-errno-util-add-new-errno_or_else-helper.patch
Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
- Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234
e4ba341080 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
20743c1a44 logind: fix crash in logind on user-specified message string
b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
4b56c3540a parse-util: introduce pid_is_valid()
aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)
- Rebase 0001-logind-unmount-runtime-path-in-a-dedicated-process.patch
- tar
-
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-fix-no-overwrite-dir.patch
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- timezone
-
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- util-linux
-
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- util-linux-systemd
-
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- vim
-
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0814...v9.0.1234
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- missing-vim-client: removed
- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch)
- source correct suse.vimrc file (boo#1182324)
- stop owning /etc/vimrc so the old, distro provided config actually
gets removed. Leaving it around leads to a duplicated autocmd for
* .spec, leading to spec file template inserted twice.
- own some dirs in vim-data-common so installation of vim-small
doesn't leave not owned directories (boo#1173256).
- Add vi as slave to update-alternatives so that every package
has a matching "/vi"/ symlink (bsc#1174564, boo#1176549).
- Removed patches:
* disable-unreliable-tests-arch.patch
* CVE-2016-1248.patch
* CVE-2017-5953.patch
* CVE-2017-6349.patch
* CVE-2017-6350.patch
* restrict-shell-commands.patch
* source-check-sandbox.patch
* vim-8.0.1568-CVE-2021-3778.patch
* vim-8.0.1568-CVE-2021-3796.patch
* vim-8.0.1568-CVE-2021-3872.patch
* vim-8.0.1568-CVE-2021-3927.patch
* vim-8.0.1568-CVE-2021-3928.patch
* vim-8.0.1568-CVE-2021-3984.patch
* vim-8.0.1568-CVE-2021-4019.patch
* vim-8.0.1568-CVE-2021-4193.patch
* vim-8.0.1568-CVE-2021-46059.patch
* vim-8.0.1568-CVE-2022-0319.patch
* vim-8.0.1568-CVE-2022-0351.patch
* vim-8.0.1568-CVE-2022-0361.patch
* vim-8.0.1568-CVE-2022-0413.patch
* vim-8.0.1568-globalvimrc.patch
* vim-7.1.314-CVE-2009-0316-debian.patch
* vim-7.3-diff_check.patch
* vim-python35.patch
* vim-speedup-yaml.patch
- Updated patches:
* vim-7.3-filetype_changes.patch
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-gvimrc_fontset.patch
* vim-7.3-help_tags.patch
* vim-7.3-mktemp_tutor.patch
* vim-7.3-name_vimrc.patch
* vim-7.3-sh_is_bash.patch
* vim-7.3-use_awk.patch
* vim-7.4-disable_lang_no.patch
* vim-7.4-filetype_apparmor.patch
* vim-7.4-filetype_mine.patch
* vim-7.4-highlight_fstab.patch
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim73-no-static-libpython.patch
* vim-7.4-rpmlintrc
* vim73-no-static-libpython.patch
- Added patches:
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim-8.1.0297-dump3.patch
* vim-8.2.2411-globalvimrc.patch
* disable-unreliable-tests.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v7.4.326...v9.0.0814
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
correctly OR grouped lease status (bnc#896188)
netlink attribute if provided by the kernel (bnc#885007).
do not detect persistence but set if requested only (bnc#876845).
- client: do not mix shared with exclusive references (bnc#877776)
- extensions: disabled writing of wickedd.log (debug) file
- addrconf: initial lease writing/parsing helpers / disarmed
- several lldp fixes, mostly for parsing / formatting
- yast2-printer
-
- Try to connect with SMB3 protocol when testing SMB printers
(bsc#1084277)
- 3.2.1
- yast2-registration
-
- fix crash of autoyast config dialog (bsc#1152913)
- 3.3.1
- zlib
-
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch