- aaa_base
-
- Add patch git-50-845b509c9a005340a0455cb8a7fe084d1b8f1946.patch
* Add mc helpers for both tcsh and bash resources (boo#1203617)
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- binutils
-
- Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
- Adjusted binutils-2.43-branch.diff.gz.
- Disable zstd-by-default again (needs adjustments in at least
golang,llvm15,llvm17 first)
- Add binutils-fix-branch.diff.
- Check non-changing of flex/bison inputs only after applying
branch and fix-branch diffs.
- drop ld-relro.diff (relro is the default for some time)
and it warns on avr spuriously (bsc#1233520)
- Add loongarch64 as new target
- Enable zstd compression algorithm (instead of zlib)
for debug info sections by default.
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- lvm2
-
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
+ bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch
- docker
-
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
bsc#1232999
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- dracut
-
- Update to version 055+suse.396.g701c6212:
* fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)
- Update to version 055+suse.394.ga838b0c7:
* fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- google-guest-agent
-
- Update to version 20241011.01 (bsc#1231775, bsc#1231776)
* SUSE no overwrite bug fix, Ubuntu 18.04 exception (#451)
- from version 20241011.00
* Skip MDS setup by default for this release (#450)
- from version 20241010.01
* Revert "network/netplan: Adjust link-local accordingly (#443)" (#448)
* Set enable regardless of previous check failed or not (#447)
- from version 20241009.03
* Avoid unnecessary reloads, check before overwriting configs (#446)
- from version 20241009.02
* network/netplan: Do generate instead of apply (#445)
- from version 20241009.01
* Skip SetupInterfaces if configs are already applied (#444)
* network/netplan: Adjust link-local accordingly (#443)
* Repeated logging could be mistaken for a recurring issue,
log mds mtls endpoint error only once (#439)
* Retry MDS PUT operation, reload netplan/networkctl
only if configs are changed (#438)
* Log interface state after setting up network (#437)
* network: Debian 12 rollback only if default netplan is ok (#436)
- from version 20240930.01
* Change mtls mds defaults, update log message to assure error is harmless (#434)
- from version 20240930.00
* network: Restore Debian 12 netplan configuration. (#433)
* network: Remove primary NIC left over configs. (#432)
* Update VLAN interfaces format to match with MDS (#431)
* Fix panics in agent when setting up VLAN with netplan (#430)
* Add VLAN NIC support for NetworkManager (#429)
* Fix debian12 netplan config issue, use ptr receiver (#428)
* Update README to reflect new network manager changes (#427)
* Introduce a configuration toggle for enabling/disabling cloud logging (#413)
* Adapt and update config key to be consistent with MDS (#426)
* Allow users to enable/disable the mds mtls via metadata key (#423)
* Make primary nic management config consistent across all network managers (#422)
* Document disabling account manager on AD (#421)
* Update README with MDS MTLS docs (#418)
* Avoid writing configuration files when they already exist on wicked and (#410)
* Update golang.org/x/net dependencies to catch up on CVEs (#412)
* Get rid of deperecated dependencies in snapshot service generate code (#411)
* Fix where agent panics on nil event (#409)
* Configure primary nic if only set in cfg file (#408)
* Update NIC management strategy (#402)
* Only release dhclient leases for an interface if the
respective dhclient is still running (#407)
* Disable OS Login without pruning off any extra suffix. (#400)
* Skip root cert rotation if installed once (#405)
* Add ipv6 support to guest agent (#404)
* Update Accounts documentation (#403)
* Update google-startup-scripts.service to enable logging (#399)
* Network subsystem remove os rules (#396)
* oslogin: Don't remove sshca watcher when oslogin is disabled (#398)
* Update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* Update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* windows account: Ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* Change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: Support Debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: Only set secondary interfaces as up (#378)
* address manager: Make sure we check for oldMetadata (#375)
* network: Early setup network (#374)
* NetworkManager: Fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: Make sure we clean up ifcfg files (#371)
* metadata script runner: Fix script download (#370)
* oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: Remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* Ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- Update to version 20240816.00
* Add configuration toggle to enable/disable use
of OS native certificate stores (#419)
* Fix dependencies in stable branch #412 (#415)
* Update dep: golang.org/x/crypto to v0.17.0
* Update dep: google.golang.org/protobuf to 1.33.0
* Update dep: golang.org/x/net to 0.17.0
* Update dep: google.golang.org/grpc to v1.57.1
- from version 20240813.00
* Update README with MDS MTLS docs (#418)
- from version 20240808.01
* Avoid writing configuration files when they already
exist on wicked and NetworkManager (#410)
- from version 20240808.00
* Update golang.org/x/net dependencies
to catch up on CVEs (#412)
- from version 20240805.00
* Get rid of deperecated dependencies in
snapshot service generate code (#411)
- Drop dont_overwrite_ifcfg.patch, fixed upstream
- Update to version 20240802.00
* Fix where agent panics on nil event (#409)
- from version 20240801.00
* Configure primary nic if only set in cfg file (#408)
* Update NIC management strategy (#402)
* Only release dhclient leases for an interface if the respective dhclient is still running (#407)
* Disable OS Login without pruning off any extra suffix. (#400)
* Skip root cert rotation if installed once (#405)
* Add ipv6 support to guest agent (#404)
* Update Accounts documentation (#403)
* Update google-startup-scripts.service to enable logging (#399)
* Network subsystem remove os rules (#396)
* oslogin: don't remove sshca watcher when oslogin is disabled (#398)
* Update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* Update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* Windows account: ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* Change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: support debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: only set secondary interfaces as up (#378)
* address manager: make sure we check for oldMetadata (#375)
* network: early setup network (#374)
* NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: make sure we clean up ifcfg files (#371)
* metadata script runner: fix script download (#370)
* oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* Ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- from version 20240716.00
* Update dep: golang.org/x/crypto to v0.17.0
* Update dep: google.golang.org/protobuf to 1.33.0
* Update dep: golang.org/x/net to 0.17.0
* Update dep: google.golang.org/grpc to v1.57.1
- Update to version 20240701.00
* Update google-startup-scripts.service to enable logging (#399)
- Update to version 20240611.01
* Network subsystem remove os rules (#396)
* oslogin: don't remove sshca watcher when oslogin is disabled (#398)
* update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* windows account: ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: support debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: only set secondary interfaces as up (#378)
* address manager: make sure we check for oldMetadata (#375)
* network: early setup network (#374)
* NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: make sure we clean up ifcfg files (#371)
* metadata script runner: fix script download (#370)
* oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- from version 20240528.00
* update dep: golang.org/x/crypto to v0.17.0
* update dep: google.golang.org/protobuf to 1.33.0
* update dep: golang.org/x/net to 0.17.0
* update dep: google.golang.org/grpc to v1.57.1
- google-guest-configs
-
- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
* Temporarily revert google_set_multiqueue changes for release (#92)
- from version 20241115.00
* Remove IDPF devices from renaming rules (#91)
- from version 20241112.00
* Revert "Revert 3 commits:" (#89)
- from version 20241108.00
* Revert 3 commits: (#87)
- from version 20241107.00
* gce-nic-naming: Exit 1 so that udev ignores the rule on error (#86)
- from version 20241106.00
* Remove Apt IPv4 only config for Debian and Ubuntu (#85)
- from version 20241031.00
* Add GCE intent based NIC naming tools (#84)
- from version 20241025.00
* Update google_set_multiqueue to skip set_irq
if NIC is not a gvnic device (#83)
- Add new binary gce-nic-naming to %{_bindir} in %files section
- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
* Add GCE-specific config for systemd-resolved (#82)
- from version 20241015.00
* Update google_set_multiqueue to enable on A3Ultra family (#79)
- from version 20241013.00
* Update OWNERS (#81)
- from version 20241010.00
* Depend on jq in enterprise linux (#80)
- from version 20241008.00
* Always use IP from primary NIC in the
networkd-dispatcher routable hook (#78)
- Update to version 20240925.00
* Call google_set_hostname on openSUSE and when the agent
is configured to manage hostname and FQDN, let it (#75)
- from version 20240924.00
* Include systemd-networkd hook in Ubuntu packaging (#77)
- from version 20240905.00
* Update packaging as of Ubuntu devel packaging (#65)
- from version 20240830.00
* Fix the name for A3 Edge VMs (#76)
- Update to version 20240725.00
* Fix: hostnamectl command (#74)
- Update to version 20240607.00
* Update is_a3_platform to include A3-edge shape (#73)
- Update to version 20240514.00
* Add systemd-networkd hostname hook (#71)
- from version 20240501.00
* Add hostname hook for NetworkManager without
dhclient compat script (#70)
- google-osconfig-agent
-
- Update to version 20240926.03 (bsc#1231775, bsc#1231776)
* Revert "Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)" (#684)
- from version 20240926.02
* Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)
* another batch of depencies upgrade (#683)
- from version 20240926.01
* aggregate dependabot changes to go.mod (#677)
* Revert back Source package info delivery to control-plane (#673)
- from version 20240926.00
* Update OWNERS (#676)
- from version 20240924.02
* Upgrade grpc and it's dependencies to latest version (#672)
- from version 20240924.01
* Implement keepalive config (#671)
- from version 20240924.00
* Set new version of gRPC for test (#669)
- from version 20240920.00
* Revert "bump version of the gRPC" (#667)
- from version 20240919.00
* bump version of the gRPC (#666)
- from version 20240917.00
* Merge pull request #665 from GoogleCloudPlatform/revert-664-update_grpc_dependency
* Revert "Update grpc library and other dependencies. (#664)"
- from version 20240916.00
* Update grpc library and other dependencies. (#664)
- from version 20240913.00
* Move packagebuild presubmit to osconfig (#662)
- from version 20240912.00
* Revert "update osconfig api to v1.13.0 & indirect dependency update" (#659)
- from version 20240822.00
* Revert "Source package info delivery to control-plane (#639)" (#656)
- from version 20240821.00
* Fix golang version format to fix builds. (#655)
- from version 20240814.01
* Use gcsfuse pkg in guest-policies e2e in pkg
update tests instead of old pkgs (#653)
* Replace osconfig-agent-test pkg by gcsfuse in ospolicies
tests and inventory-report tests (#652)
- from version 20240806.00
* Disable Repository Resource test for SLES-12 (#650)
- Update to version 20240801.00
* Fix Debian-12 failing test by using gcsfuse pkg
* Fix fetching gpg key unit tests (#649)
- from version 20240729.00
* Fix for old state file on Windows (#648)
- from version 20240723.00
* Add debugging logs for repository resource config (#646)
- from version 20240718.00
* Fix SLES-12 SP5 RPM package-resource e2e test (#645)
- from version 20240715.01
* Fix OSPolicies e2e tests for SLES-15 SP5 by removing
zypper update from VMs startup script (#644)
- from version 20240715.00
* Fix GuestPolicies e2e tests for SLES-15 SP5 by removing
zypper update from VMs startup script (#643)
- from version 20240709.01
* Source package info delivery to control-plane (#639)
- from version 20240709.00
* Enable gpgcheck flag for RPM e2e tests (#638)
- from version 20240708.00
* Update osconfig api to v1.13.0
* Indirect dependency update (#637)
- from version 20240705.01
* Updating Windows & Linux Chrome packages
to fix failing e2e tests (#636)
- from version 20240705.00
* Merge pull request #635 from Gulio/patch-1
* Update OWNERS
- from version 20240702.02
* Remove RHEL-7 and CentOS-7 images from e2e tests (#634)
- Update to version 20240702.01
* Use Debian-11 img in googet pkg build workflow (#632)
- from version 20240702.00
* Pipeline testing 00 (#631)
- from version 20240701.00
* update readme file (#628)
- from version 20240625.01
* Updating yum install to support multi architecture based packages
* Revert "Adding Architecture to the packages being installed/updated in yum repo"
- from version 20240625.00
* Update old SLES images urls (#627)
- from version 20240620.00
* Merge pull request #626 from GoogleCloudPlatform/yum-multiarch-fix
* Adding Architecture to the packages being installed/updated in yum repo
- from version 20240618.01
* Extract source_name(source_rpm) for rpm packages (#624)
- from version 20240618.00
* update README.md file (#625)
- from version 20240615.00
* Fix(dpkg) return onlt installed items as inventory (#623)
* Extract source name and version for dpkg packages. (#622)
- Update to version 20240607.00
* Update e2e tests to use VMM team's GCP project for pkgs testing version (#621)
- from version 20240606.00
* Disable SUSE tests to run with testing agent repo (#619)
- from version 20240604.00
* Fix the logic of pick region for Artifact Registry function (#618)
- from version 20240603.00
* Disable centos-stream-8 tests as it reached EOL in May 31 (#617)
- from version 20240529.00
* Merge pull request #610 from savijatv/patch-3
* Update cis-level1-once-a-day-policy.yaml
- from version 20240528.00
* Merge pull request #616 from MahmoudOuka/allow-windows-e2e-tests-to-\
install-testing-version-of-agent-from-private-artifact-registry-repos
* Allow Windows e2e tests to pull osconfig-agent pkg from testing (private)
repos from Artifact registry
- from version 20240527.01
* Merge pull request #615 from MahmoudOuka/fix-SUSE-e2e-tests
* fix SUSE e2e tests
- from version 20240527.00
* Merge pull request #614 from MahmoudOuka/allow-apt-and-yum-\
e2e-tests-to-pull-osconfig-agent-pkg-from-testing-repos
* fix golint comments
* Allow Apt & Yum e2e tests to pull osconfig-agent pkg from testing repos
- from version 20240524.03
* Merge pull request #611 from savijatv/patch-ospolicy-samples
* Update to the CIS OS policy samples
- from version 20240524.00
* Merge pull request #612 from MahmoudOuka/update-apt-e2e-tests-\
to-pull-osconfig-agent-pkg-from-new-ar-repos
* fix golint comment
* Update Apt e2e tests to pull osconfig-agent pkg from new AR repos instead of rapture
- from version 20240523.02
* bump golang.org/x/crypto version (#613)
- from version 20240523.00
* update go-cmp dependency (#604)
- from version 20240522.00
* rollback masive dependency update (#603)
* Bump google.golang.org/api from 0.180.0 to 0.181.0 (#596)
- Update to version 20240517.00
* Bump cloud.google.com/go/auth from 0.4.1 to 0.4.2 (#597)
- from version 20240516.01
* Bump cloud.google.com/go/logging from 1.9.0 to 1.10.0 (#595)
* Bump cloud.google.com/go/storage from 1.40.0 to 1.41.0 (#594)
- from version 20240516.00
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#593)
- Update to version 20240513.02
* E2e tests: allow passing spesific EL version
number to InstallOSConfigEL func (#592)
- from version 20240513.01
* Bump google.golang.org/api from 0.179.0 to 0.180.0 (#591)
- from version 20240513.00
* E2e tests: Fix EL version detection logic in E2E tests (#590)
* Bump google.golang.org/api from 0.178.0 to 0.179.0 (#589)
- from version 20240510.02
* Bump cloud.google.com/go/auth from 0.4.0 to 0.4.1 (#588)
- from version 20240510.01
* E2e tests: use family url format instead of specific
version URL for head test images (#587)
- from version 20240510.00
* Fix for lock location (#586)
- from version 20240509.03
* Bump cloud.google.com/go from 0.112.2 to 0.113.0 (#584)
- from version 20240509.02
* Remove dependabot not needed label (#576)
- from version 20240509.01
* Write inventory to attributes only if enabled (#486)
- from version 20240509.00
* E2e tests: install gnupg2 and run apt update in VMs startup-scripts (#583)
* Add a temporary e2e test image for Ubuntu to test
the latest osconfig-agent stable version (#582)
* Bump google.golang.org/api from 0.177.0 to 0.178.0 (#578)
* Bump github.com/googleapis/gax-go/v2 from 2.12.3 to 2.12.4 (#579)
* Bump cloud.google.com/go/iam from 1.1.7 to 1.1.8 (#577)
* Bump cloud.google.com/go/auth from 0.3.0 to 0.4.0 (#580)
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#581)
* Bump golang.org/x/net from 0.24.0 to 0.25.0 (#575)
* Bump cloud.google.com/go/osconfig from 1.12.6 to 1.12.7 (#573)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#574)
* Bump cloud.google.com/go/longrunning from 0.5.6 to 0.5.7 (#571)
- from version 20240508.08
* Bump github.com/golang/glog from 1.2.0 to 1.2.1 (#572)
- from version 20240508.07
* Bump golang.org/x/text from 0.14.0 to 0.15.0 (#565)
- from version 20240508.06
* Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#566)
* Bump golang.org/x/sys from 0.19.0 to 0.20.0 (#564)
- from version 20240508.05
* Bump go.opentelemetry.io/otel/trace from 1.24.0 to 1.26.0 (#563)
- from version 20240508.04
* Bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#567)
* Using the default reviewer set for PR approvals (#570)
- from version 20240508.03
* Adding advanced CodeQL settings to scan on PRs (#569)
- from version 20240508.02
* Update Debian-12 package build workflow to use debian-cloud project (#568)
- from version 20240508.01
* Dependabot dependency updates (#562)
- from version 20240508.00
* Revert "Initial configuration of the dependabot
for the direct and indirect d…" (#561)
* Initial configuration of the dependabot for the
direct and indirect dependency scanning (#560)
- from version 20240507.00
* Fix Debian-12 package build workflow typo (#559)
- from version 20240506.00
* Use signed-by keyring approach for apt repos in Debian 12+ and Ubuntu 24+ (#558)
- from version 20240501.03
* Logrus dependency update (#557)
- from version 20240501.02
* Updating dependencies and respective checksums (#556)
- from version 20240501.01
* Update go.mod (#554)
- from version 20240501.00
* Bump golang.org/x/net from 0.17.0 to 0.23.0 (#542)
- from version 20240430.01
* Remove SBOM generation logic from package build workflows (#553)
- from version 20240425.00
* Fix e2e tests for exec-output size limit (#552)
- from version 20240424.00
* Disabled some images which are either past EoL or broken (#549)
- from version 20240423.01
* Copy packagebuild folder from guest-test-infra repo to osconfig repo (#545)
* OS Config windows state file location changed (#544)
- from version 20240423.00
* Removed debian-10 from e2e tests (#548)
- from version 20240422.00
* Merge pull request #541 from GoogleCloudPlatform/michaljankowiak-patch-1
* Update OWNERS
- from version 20240409.00
* Bump output size limit to 500KB (#538)
- grub2
-
- Fix xen package contains debug_info files with the .module suffix by moving
them to a separate xen-debug subpackage (bsc#1232573)
- Fix not a directory error from the minix filesystem, as leftover data on disk
may contain its magic header so it gets misdetected (bsc#1231604)
* grub2-install-fix-not-a-directory-error.patch
- Fix OOM error in loading loopback file (bsc#1230840)
* 0001-tpm-Skip-loopback-image-measurement.patch
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- kernel-default
-
- sch/netem: fix use after free in netem_dequeue (CVE-2024-46800
bsc#1230827).
- commit 4fa3f93
- vp_vdpa: fix id_table array not null terminated error
(CVE-2024-53110 bsc#1234085).
- commit d161a67
- idpf: fix UAFs when destroying the queues (CVE-2024-44932
bsc#1229808).
- idpf: fix memory leaks and crashes while performing a soft reset
(CVE-2024-44964 bsc#1230220).
- commit 4316b61
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit 1c41c2f
- can: j1939: j1939_session_new(): fix skb reference counting
(git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state()
even if cf is NULL (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb
allocation fails (git-fixes).
- HID: wacom: fix when get product name maybe null pointer
(git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart() (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
(git-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed
values (git-fixes).
- commit 6f2f0c6
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (git-fixes)
Refresh patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch.
- commit 8fb43aa
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- commit c8e82c2
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5a7c927
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- commit ce86139
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- commit 11b60ab
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- commit 834680b
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- commit 49b56be
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- commit e8b197c
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- commit 019ef42
- powerpc/kexec: Fix return of uninitialized variable
(bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling
hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
(bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init()
(bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions
(bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal
(bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- commit 2d82b73
- net/mlx5: Unregister notifier on eswitch init failure
(git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter
(git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer used by representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver
(git-fixes).
- commit c073e57
- net: ena: Fix potential sign extension issue (git-fixes).
- Refresh
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch.
- commit f3d6416
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- Refresh patches.suse/0001-idpf-extend-tx-watchdog-timeout.patch.
- commit 3fa63a5
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- Refresh patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch.
- commit dbac474
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- Refresh
patches.suse/net-mlx5-Register-devlink-first-under-devlink-lock.patch.
- commit fa0f96d
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- Refresh
patches.suse/iavf-fix-a-deadlock-caused-by-rtnl-and-driver-s-lock.patch.
- commit 39965fe
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- Refresh
patches.suse/net-mlx5-Fix-missing-lock-on-sync-reset-reload.patch.
- commit 0f9e3d5
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface
is down (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
(git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- ice: change q_index variable type to s16 to store -1 value
(git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock
(git-fixes).
- ice: fix accounting for filters shared by multiple VSIs
(git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling
elements (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type
(git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows
(git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset
(git-fixes).
- net/mlx5e: Add a check for the return value from
mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5: Lag, don't use the hardcoded value of the first port
(git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's
(git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow
(git-fixes).
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is
disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver
(git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in
mlx5e_priv_cleanup() (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
(git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO
headers (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP
(non-VXLAN) packets (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- idpf: don't enable NAPI and interrupts prior to allocating Rx
buffers (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for
reporting buffer exhaustion (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check
(git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state
(git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- Revert "ixgbe: Manual AN-37 for troublesome link partners for
X550 SFI" (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld()
function (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec
(git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config
(git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll
(git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash
LAG deactivation (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
(git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset
(git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
(git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or
registers (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets
(git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not
supported (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling
xsk_pool (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
(git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings
(git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled
(git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct
(git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled
(git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period
mode for ASO (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action
(git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
(git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid
values (git-fixes).
- ice: Shut down VSI with "link-down-on-close" enabled
(git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key
struct (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode
(git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups
(git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in
mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- iavf: Introduce new state machines for flow director
(git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work
(git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is
zero (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer for representors (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages
(git-fixes).
- iavf: initialize waitqueues before starting watchdog_task
(git-fixes).
- tun: prevent negative ifindex (git-fixes).
- net/mlx5e: Don't offload internal port if filter device is
out device (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC
(git-fixes).
- net/mlx5: E-switch, register event handler before arming the
event (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
(git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK
is set (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- ice: avoid executing commands on other ports when driving sync
(git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling
buffer (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa
(git-fixes).
- sfc: don't unregister flow_indr if it was never registered
(git-fixes).
- net/mlx5: Skip clock update work when device is in error state
(git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG
(git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet
size limit (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
(git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple
offload is set (git-fixes).
- net/mlx5e: fix return value check in
mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
(git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
(git-fixes).
- net/mlx5e: fix double free in
macsec_fs_tx_create_crypto_table_groups (git-fixes).
- commit 8552b15
- tcp: Fix use-after-free of nreq in reqsk_timer_handler()
(CVE-2024-50154 bsc#1233070).
- commit 9c54dc2
- netdevsim: Add trailing zero to terminate the string
in nsim_nexthop_bucket_activity_write() (CVE-2024-50259
bsc#1233214).
- commit 3b589d0
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 624f722
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/KVM-arm64-vgic-v2-Check-for-non-NULL-vCPU-in-vgic_v2.patch
(git-fixes CVE-2024-36953 bsc#1225812).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update patches.suse/arm64-tlb-Fix-TLBI-RANGE-operand.patch
(bsc#1229585 CVE-2024-35980 bsc#1224574).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/erofs-fix-pcluster-use-after-free-on-UP-platforms.patch
(git-fixes CVE-2022-48674 bsc#1223942).
- Update
patches.suse/filelock-fix-potential-use-after-free-in-posix_lock_inode.patch
(git-fixes CVE-2024-41049 bsc#1228486).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-dvb-usb-v2-af9035-Fix-null-ptr-deref-in-af9035.patch
(stable-fixes CVE-2023-52915 bsc#1230270).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/net-drop-bad-gso-csum_start-and-offset-in-virtio_net.patch
(git-fixes CVE-2024-43897 bsc#1229752).
- Update patches.suse/net-missing-check-virtio.patch (git-fixes
CVE-2024-43817 bsc#1229312).
- Update
patches.suse/net-relax-socket-state-check-at-accept-time.patch
(git-fixes CVE-2024-36484 bsc#1226872).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/rcu-tasks-Fix-show_rcu_tasks_trace_gp_kthread-buffer-overflow.patch
(bsc#1226631 CVE-2024-38577).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/tpm-Lock-TPM-chip-in-tpm_pm_suspend-first.patch
(bsc#1082555 git-fixes CVE-2024-53085 bsc#1233577).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 5ad850f
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- Refresh
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch.
Revert Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch to the upstream
version of the patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit 965f18d
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
(bsc#1234108).
- Revert "cgroup: Fix memory leak caused by missing
cgroup_bpf_offline" (bsc#1234108).
- commit bb8ec61
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- commit 67db122
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit b8c1415
- signal: restore the override_rlimit logic (CVE-2024-50271
bsc#1233460).
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
(bsc#1233460).
- commit 180784c
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- commit 47836ea
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
(bsc#1234098).
+KABI restoration patch
- commit e4b780d
- signal: Replace BUG_ON()s (bsc#1234093).
- commit 2e26a2c
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit c59cd01
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit 6c88f14
- nvme-fabrics: fix kernel crash while shutting down controller
(git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and
nvme_dev_disable() (git-fixes bsc#1232888 CVE-2024-50135).
- commit 9354fff
- mm/hugetlb: fix nodes huge page allocation when there are
surplus pages (bsc#1234012).
- commit 57caf06
- Update config files.
Enabled IDPF for ARM64 (bsc#1221309)
- commit 5ae56f6
- btrfs: fix a NULL pointer dereference when failed to start a
new trasacntion (CVE-2024-49868 bsc#1232272).
- commit d310176
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie"
compatible (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS
milliseconds (git-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in
pci_epc_remove_epf() (git-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- commit ae00716
- mm/thp: fix deferred split unqueue naming and locking
(CVE-2024-53079 bsc#1233570).
- commit 12f4be0
- scsi: lpfc: Copyright updates for 14.4.0.6 patches
(bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask
(bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure
(bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in
dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset
(bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting
follow up FDMI (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE
before BSG flag (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod
paths (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale
NDLP ptrs (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on
EDC response (bsc#1233241).
- commit b4b5aa0
- net: esp: fix bad handling of pages from page_pool
(CVE-2024-26953 bsc#1223656).
Back-port by using `page_pool_return_skb_page()`.
Original patch uses `napi_pp_put_page()` which was only introduced later
and is a renamed and slightly extended version of
`page_pool_return_skb_page()`.
- commit 533a05f
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 086ff16
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit 008fbbf
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042
quirk table (git-fixes).
- commit afbd0bc
- Input: i8042 - add another board name for TUXEDO Stellaris
Gen5 AMD line (git-fixes).
- commit 5a2b5e0
- btrfs: reinitialize delayed ref list after deleting it from
the list (bsc#1233462 CVE-2024-50273).
- commit b55957a
- net: arc: fix the device for dma_map_single/dma_unmap_single
(CVE-2024-50295 bsc#1233484).
- net: enetc: allocate vf_state during PF probes (CVE-2024-50298
bsc#1233487).
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
SKB data (CVE-2024-53058 bsc#1233552).
- commit 56d9e2a
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit 9dd8cd5
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk
table (git-fixes).
- commit d68dfa0
- Update
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch
(CVE-2024-50124 bsc#1232926).
Revert to upstream version of patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit f3fab2d
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(git-fixes).
- commit 0792816
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- commit 64769ef
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit f9d799e
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- commit 8c6ab5e
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 2084c99
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 82c5a0a
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- rtc: ab-eoz9: don't fail temperature reads on undervoltage
notification (git-fixes).
- rtc: check if __rtc_read_time was successful in
rtc_timer_do_work() (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register
(git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- commit 1d73f32
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- commit 8c1d928
- arm64: Force position-independent veneers (git-fixes).
- commit 037de2c
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
(git-fixes).
- commit 8a46fef
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
(git-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- =?UTF-8?q?iio:=20accel:=20kxcjk-1013:=20Remove=20redundan?=
=?UTF-8?q?t=20I=C2=B2C=20ID?= (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
(git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match'
(git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe()
(git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left
(git-fixes).
- Revert "usb: gadget: composite: fix OS descriptors w_value
logic" (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines
(git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in
get_serial_info() (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in
TxFIFO resizing logic (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
(git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible
(git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in
iowarrior_read() (git-fixes).
- commit 75ee7d4
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(bsc#1233548 CVE-2024-53052).
- commit db98042
- pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558
CVE-2024-46681).
- commit 79a3f5c
- Bluetooth: MGMT: Fix slab-use-after-free Read in
set_powered_sync (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid
WoL configuration (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing
PHY device (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging
function (git-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from
power_supply_put() (git-fixes).
- commit 01635d8
- Refresh
patches.suse/initramfs-avoid-filename-buffer-overrun.patch.
- commit 145c949
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 290f973
- media: av7110: fix a spectre vulnerability (CVE-2024-50289
bsc#1233478).
- commit 79acfeb
- net: relax socket state check at accept time (git-fixes).
- commit 75020f0
- Drop OCFS2 patch causing a regression (bsc#1233255)
Deleted:
patches.suse/ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch
- commit 751a2bd
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
(CVE-2024-36905 bsc#1225742).
- commit f693405
- net: fix out-of-bounds access in ops_init (CVE-2024-36883
bsc#1225725).
- commit eb0ac08
- efi/memattr: Ignore table if the size is clearly bogus
(bsc#1231465).
- commit ee06f84
- idpf: avoid vport access in idpf_get_link_ksettings
(CVE-2024-50274 bsc#1233463).
- commit 8971b65
- i40e: fix race condition by adding filter's intermediate sync
state (CVE-2024-53088 bsc#1233580).
- i40e: fix i40e_count_filters() to count only active/new filters
(CVE-2024-53088 bsc#1233580).
- commit 2251801
- hwmon: (tps23861) Fix reporting of negative temperatures
(git-fixes).
- i3c: master: Fix miss free init_dyn_addr at
i3c_master_put_i3c_addrs() (git-fixes).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming
(git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
(git-fixes).
- commit eb819fb
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(bsc#1232187 CVE-2024-47757).
- commit d813a1d
- net: hns3: fix a deadlock problem when config TC during
resetting (CVE-2024-44995 bsc#1230231).
- commit 8f3de3e
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- commit 7022fa5
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 52a90e5
- netrom: fix possible dead-lock in nr_rt_ioctl() (CVE-2024-38589
bsc#1226748).
- commit bee9469
- mptcp: never allow the PM to close a listener subflow
(CVE-2021-47594 bsc#1226560).
- commit 639c494
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555
git-fixes).
- commit 478dbbb
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
(git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current
state (git-fixes).
- commit 502ca69
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit aef5475
- firmware: arm_scmi: Fix slab-use-after-free in
scmi_bus_notifier() (CVE-2024-53068 bsc#1233561).
- commit e507b37
- tipc: fix UAF in error path (CVE-2024-36886 bsc#1225730).
- commit 295f12e
- ibmvnic: Ensure login failure recovery is safe from other resets
(bsc#1233150).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release
functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail
(bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response
(bsc#1233150).
- commit 10ef085
- tipc: fix a possible memleak in tipc_buf_append (CVE-2024-36954
bsc#1225764).
- commit c051ffd
- erspan: make sure erspan_base_hdr is present in skb->head
(CVE-2024-35888 bsc#1224518).
- commit a36710a
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- commit 6e3e371
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- commit 4fc8465
- RDMA/hns: Use macro instead of magic number (git-fixes)
- commit e4ebf0e
- RDMA/hns: Add mutex_destroy() (git-fixes)
- commit cb1de76
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- commit b00cfa9
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- commit 69e0eee
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- commit a102dfe
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- commit 1c672f5
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- commit 0d8596e
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- commit e895eca
- RDMA/hns: Remove unnecessary QP type checks (git-fixes)
- commit 5a2c4d9
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- commit 1c5f525
- RDMA/hns: Add clear_hem return value to log (git-fixes)
- commit ff0016c
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- commit e774e20
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- commit e2ba602
- drm/amd: Fix initialization mistake for NBIO 7.7.0
(stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook
645 G10 (stable-fixes).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
(stable-fixes).
- commit 46d58c4
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
(git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model
(git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off
(git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/sti: avoid potential dereference of error pointers
(git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
function (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry
pointer (git-fixes).
- drm/vc4: hvs: Don't write gamma luts on 2711 (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with
__maybe_unused (git-fixes).
- ASoC: codecs: Fix atomicity violation in
snd_soc_component_get_drvdata() (git-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- commit 4ce629c
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- commit 332e968
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- thermal: core: Initialize thermal zones before registering them
(git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode
performance gov (git-fixes).
- crypto: cavium - Fix an error handling path in
cpt_ucode_load_fw() (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function
(git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form
(git-fixes).
- crypto: inside-secure - Fix the return value of
safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout
(git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
(git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
(git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference
decrement (git-fixes).
- commit 5f244c5
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit 9c28790
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning
(git-fixes).
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger
than 4K" (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
(stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
(stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/
Casa touchpad (stable-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
(stable-fixes).
- HID: multitouch: Add support for B2402FVA track point
(stable-fixes).
- commit 8da6f10
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (CVE-2024-50124
bsc#1232926).
- commit a1432ce
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 8efc3a7
- bpf: Use raw_spinlock_t in ringbuf (CVE-2024-50138 bsc#1232935)
- commit 6bb77e6
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (CVE-2024-50171 bsc#1233057)
- commit b70ca2e
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073 bsc#1232520)
- commit 3e72b22
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
(stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition
(stable-fixes).
- drm/amdgpu: add missing size check in
amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
(stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not
supported (git-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
(stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (stable-fixes).
- commit 8316036
- add bugreference to a hv_netvsc patch (bsc#1232413).
- commit c98c418
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (CVE-2024-50205 bsc#1233293).
- commit d31c5c9
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
(CVE-2024-50153 bsc#1233061).
- commit 3b8c091
- net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128
bsc#1232905).
- commit e39a4e6
- xfrm: fix one more kernel-infoleak in algo dumping
(CVE-2024-50110 bsc#1232885).
- commit 0993db8
- scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
(CVE-2024-50098 bsc#1232881).
- commit f8c4b7b
- thermal: intel: int340x: processor: Fix warning during module
unload (CVE-2024-50093 bsc#1232877).
- commit ef3b2be
- net: phy: dp83869: fix memory corruption when enabling fiber
(CVE-2024-50188 bsc#1233107).
- commit a27c339
- net: explicitly clear the sk pointer, when pf->create fails
(CVE-2024-50186 bsc#1233110).
- commit 3fff4c4
- secretmem: disable memfd_secret() if arch cannot set direct map
(CVE-2024-50182 bsc#1233129).
- commit 729f64d
- Update
patches.suse/0001-PCI-keystone-Fix-if-statement-expression-in-ks_pcie_.patch
(git-fixes CVE-2024-47756 bsc#1232185).
- Update
patches.suse/0002-x86-mm-ident_map-Use-gbpages-only-where-full-GB-page.patch
(bsc#1220382 CVE-2024-50017 bsc#1232312).
- Update
patches.suse/0544-drm-amdgpu-fix-use-after-free-during-gpu-recovery.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48990 bsc#1232028).
- Update
patches.suse/0551-drm-amd-display-fix-array-index-out-of-bound-error-i.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48979 bsc#1232293).
- Update patches.suse/ACPI-PAD-fix-crash-in-exit_round_robin.patch
(stable-fixes CVE-2024-49935 bsc#1232370).
- Update
patches.suse/ACPI-PRM-Find-EFI_MEMORY_RUNTIME-block-for-PRM-handl.patch
(git-fixes CVE-2024-50141 bsc#1233065).
- Update
patches.suse/ALSA-asihpi-Fix-potential-OOB-array-access.patch
(stable-fixes CVE-2024-50007 bsc#1232394).
- Update
patches.suse/ALSA-firewire-lib-Avoid-division-by-zero-in-apply_co.patch
(git-fixes CVE-2024-50205 bsc#1233293).
- Update
patches.suse/ALSA-hda-cs8409-Fix-possible-NULL-dereference.patch
(git-fixes CVE-2024-50160 bsc#1233074).
- Update
patches.suse/ASoC-qcom-Fix-NULL-Dereference-in-asoc_qcom_lpass_cp.patch
(git-fixes CVE-2024-50103 bsc#1232878).
- Update
patches.suse/Bluetooth-Call-iso_exit-on-module-unload.patch
(git-fixes CVE-2024-50078 bsc#1232503).
- Update
patches.suse/Bluetooth-Fix-crash-when-replugging-CSR-fake-control.patch
(git-fixes CVE-2022-48982 bsc#1231978).
- Update
patches.suse/Bluetooth-ISO-Fix-multiple-init-when-debugfs-is-disa.patch
(git-fixes CVE-2024-50077 bsc#1232504).
- Update
patches.suse/Bluetooth-RFCOMM-FIX-possible-deadlock-in-rfcomm_sk_.patch
(git-fixes CVE-2024-50044 bsc#1231904).
- Update
patches.suse/Bluetooth-bnep-fix-wild-memory-access-in-proto_unreg.patch
(git-fixes CVE-2024-50148 bsc#1233063).
- Update
patches.suse/HID-amd_sfh-Switch-to-device-managed-dmam_alloc_cohe.patch
(git-fixes CVE-2024-50189 bsc#1233105).
- Update
patches.suse/IB-core-Fix-ib_cache_setup_one-error-flow-cleanup.patch
(git-fixes CVE-2024-47693 bsc#1232013).
- Update
patches.suse/Input-adp5589-keys-fix-NULL-pointer-dereference.patch
(git-fixes CVE-2024-49871 bsc#1232287).
- Update
patches.suse/PCI-keystone-Add-workaround-for-Errata-i2037-AM65x-S.patch
(stable-fixes CVE-2024-47667 bsc#1231481).
- Update
patches.suse/RDMA-bnxt_re-Add-a-check-for-memory-allocation.patch
(git-fixes CVE-2024-50209 bsc#1233114).
- Update
patches.suse/RDMA-cxgb4-Added-NULL-check-for-lookup_atid.patch
(git-fixes CVE-2024-47749 bsc#1232180).
- Update
patches.suse/RDMA-hns-Fix-spin_unlock_irqrestore-called-with-IRQs.patch
(git-fixes CVE-2024-47735 bsc#1232111).
- Update
patches.suse/RDMA-iwcm-Fix-WARNING-at_kernel-workqueue.c-check_fl.patch
(git-fixes CVE-2024-47696 bsc#1231864).
- Update
patches.suse/RDMA-mad-Improve-handling-of-timed-out-WRs-of-mad-ag.patch
(git-fixes CVE-2024-50095 bsc#1232873).
- Update
patches.suse/RDMA-rtrs-clt-Reset-cid-to-con_num-1-to-stay-in-boun.patch
(git-fixes CVE-2024-47695 bsc#1231931).
- Update
patches.suse/RDMA-rtrs-srv-Avoid-null-pointer-deref-during-path-e.patch
(git-fixes CVE-2024-50062 bsc#1232232).
- Update patches.suse/USB-usbtmc-prevent-kernel-usb-infoleak.patch
(git-fixes CVE-2024-47671 bsc#1231541).
- Update
patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch
(git-fixes CVE-2024-50194 bsc#1233111).
- Update
patches.suse/arm64-probes-Remove-broken-LDR-literal-uprobe-support.patch
(git-fixes CVE-2024-50099 bsc#1232887).
- Update
patches.suse/bpf-Fix-helper-writes-to-read-only-maps.patch
(git-fixes CVE-2024-49861 bsc#1232254).
- Update
patches.suse/bpf-Zero-former-ARG_PTR_TO_-LONG-INT-args-in-case-of.patch
(git-fixes CVE-2024-47728 bsc#1232076).
- Update
patches.suse/bpf-correctly-handle-malformed-BPF_CORE_TYPE_ID_LOCA.patch
(git-fixes CVE-2024-49850 bsc#1232189).
- Update
patches.suse/cachefiles-fix-dentry-leak-in-cachefiles_open_file.patch
(bsc#1231181 CVE-2024-49870 bsc#1232279).
- Update
patches.suse/can-bcm-Clear-bo-bcm_proc_read-after-remove_proc_ent.patch
(git-fixes CVE-2024-47709 bsc#1232048).
- Update
patches.suse/ceph-remove-the-incorrect-Fw-reference-check-when-dir.patch
(bsc#1231180 CVE-2024-50179 bsc#1233123).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2830-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47697 bsc#1231858).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2832-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47698 bsc#1231859).
- Update
patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch
(git-fixes CVE-2024-50117 bsc#1232897).
- Update
patches.suse/drm-amd-amdgpu-Check-tbo-resource-pointer.patch
(stable-fixes CVE-2024-46807 bsc#1231138).
- Update
patches.suse/drm-amd-display-Add-array-index-check-for-hdcp-ddc-a.patch
(stable-fixes CVE-2024-46804 bsc#1231132).
- Update
patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch
(stable-fixes bsc#1232335 CVE-2024-49908 CVE-2024-49905
bsc#1232357).
- Update
patches.suse/drm-amd-display-Check-null-pointers-before-using-dc-.patch
(stable-fixes CVE-2024-49907 bsc#1232334).
- Update
patches.suse/drm-amd-display-Correct-the-defined-value-for-AMDGPU.patch
(stable-fixes CVE-2024-46871 bsc#1231434).
- Update
patches.suse/drm-amd-display-Fix-system-hang-while-resume-with-TB.patch
(stable-fixes CVE-2024-50003 bsc#1232385).
- Update
patches.suse/drm-amd-display-Skip-inactive-planes-within-ModeSupp.patch
(stable-fixes CVE-2024-46812 bsc#1231187).
- Update
patches.suse/drm-amd-display-added-NULL-check-at-start-of-dc_vali.patch
(stable-fixes CVE-2024-46802 bsc#1231111).
- Update
patches.suse/drm-amd-pm-Fix-negative-array-index-read.patch
(stable-fixes CVE-2024-46821 bsc#1231169).
- Update
patches.suse/drm-amdgpu-Fix-smatch-static-checker-warning.patch
(stable-fixes CVE-2024-46835 bsc#1231098).
- Update
patches.suse/drm-amdgpu-fix-the-waring-dereferencing-hive.patch
(stable-fixes CVE-2024-46805 bsc#1231135).
- Update
patches.suse/drm-amdgpu-the-warning-dereferencing-obj-for-nbio_v7.patch
(stable-fixes CVE-2024-46819 bsc#1231202).
- Update
patches.suse/drm-bridge-tc358767-Check-if-fully-initialized-befor.patch
(stable-fixes CVE-2024-46810 bsc#1231178).
- Update
patches.suse/drm-msm-Avoid-NULL-dereference-in-msm_disp_state_pri.patch
(git-fixes CVE-2024-50156 bsc#1233073).
- Update
patches.suse/drm-omapdrm-Add-missing-check-for-alloc_ordered_work.patch
(git-fixes CVE-2024-49879 bsc#1232349).
- Update patches.suse/drm-radeon-Fix-encoder-possible_clones.patch
(git-fixes CVE-2024-50201 bsc#1233104).
- Update
patches.suse/drm-v3d-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50031 bsc#1231947).
- Update
patches.suse/drm-vc4-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50187 bsc#1233108).
- Update
patches.suse/exfat-fix-memory-leak-in-exfat_load_bitmap.patch
(git-fixes CVE-2024-50013 bsc#1232080).
- Update
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update patches.suse/fbdev-sisfb-Fix-strbuf-array-overflow.patch
(stable-fixes CVE-2024-50180 bsc#1233125).
- Update patches.suse/firmware_loader-Block-path-traversal.patch
(git-fixes CVE-2024-47742 bsc#1232126).
- Update
patches.suse/fscache-Fix-oops-due-to-race-with-cookie_lru-and-use_cookie.patch
(jsc#SES-1880 CVE-2022-48989 bsc#1232027).
- Update
patches.suse/i2c-stm32f7-Do-not-prepare-unprepare-clock-during-ru.patch
(git-fixes CVE-2024-49985 bsc#1232094).
- Update
patches.suse/i3c-mipi-i3c-hci-Error-out-instead-on-BUG_ON-in-IBI-.patch
(stable-fixes CVE-2024-47665 bsc#1231452).
- Update
patches.suse/iio-light-veml6030-fix-IIO-device-retrieval-from-emb.patch
(git-fixes CVE-2024-50198 bsc#1233100).
- Update patches.suse/jfs-Fix-uaf-in-dbFreeBits.patch (git-fixes
CVE-2024-49903 bsc#1232362).
- Update
patches.suse/jfs-Fix-uninit-value-access-of-new_ea-in-ea_buffer.patch
(git-fixes CVE-2024-49900 bsc#1232359).
- Update
patches.suse/jfs-check-if-leafidx-greater-than-num-leaves-per-dmap-tree.patch
(git-fixes CVE-2024-49902 bsc#1232378).
- Update
patches.suse/jfs-fix-out-of-bounds-in-dbNextAG-and-diAlloc.patch
(git-fixes CVE-2024-47723 bsc#1232050).
- Update
patches.suse/mailbox-bcm2835-Fix-timeout-during-suspend-mode.patch
(git-fixes CVE-2024-49963 bsc#1232147).
- Update
patches.suse/media-venus-fix-use-after-free-bug-in-venus_remove-d.patch
(git-fixes CVE-2024-49981 bsc#1232098).
- Update
patches.suse/msft-hv-3054-x86-hyperv-fix-kexec-crash-due-to-VP-assist-page-cor.patch
(git-fixes CVE-2024-46864 bsc#1231108).
- Update
patches.suse/nbd-fix-race-between-timeout-and-normal-completion.patch
(bsc#1230918 CVE-2024-49855 bsc#1232195).
- Update
patches.suse/net-test-for-not-too-small-csum_start-in-virtio_net_.patch
(git-fixes CVE-2024-49947 bsc#1232162).
- Update
patches.suse/netdevsim-use-cond_resched-in-nsim_dev_trap_report_w.patch
(git-fixes CVE-2024-50155 bsc#1233035).
- Update
patches.suse/nfsd-call-cache_put-if-xdr_reserve_space-returns-NULL.patch
(git-fixes CVE-2024-47737 bsc#1232056).
- Update
patches.suse/nfsd-map-the-EBADMSG-to-nfserr_io-to-avoid-warning.patch
(git-fixes CVE-2024-49875 bsc#1232333).
- Update
patches.suse/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch
(git-fixes CVE-2024-50116 bsc#1232892).
- Update
patches.suse/nilfs2-fix-potential-null-ptr-deref-in-nilfs_btree_insert.patch
(git-fixes CVE-2024-47699 bsc#1231916).
- Update
patches.suse/nilfs2-fix-potential-oob-read-in-nilfs_btree_check_delete.patch
(git-fixes CVE-2024-47757 bsc#1232187).
- Update
patches.suse/nilfs2-fix-state-management-in-error-path-of-log-writing-function.patch
(git-fixes CVE-2024-47669 bsc#1231474).
- Update
patches.suse/nouveau-dmem-Fix-vulnerability-in-migrate_to_ram-upo.patch
(git-fixes CVE-2024-50096 bsc#1232870).
- Update
patches.suse/ntb-intel-Fix-the-NULL-vs-IS_ERR-bug-for-debugfs_cre.patch
(git-fixes CVE-2023-52917 bsc#1231849).
- Update
patches.suse/nvmet-auth-assign-dh_key-to-NULL-after-kfree_sensiti.patch
(git-fixes CVE-2024-50215 bsc#1233189).
- Update
patches.suse/ocfs2-add-bounds-checking-to-ocfs2_xattr_find_entry.patch
(bsc#1228410 CVE-2024-41016 CVE-2024-47670 bsc#1231537).
- Update
patches.suse/ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch
(git-fixes CVE-2024-49966 bsc#1232141).
- Update
patches.suse/ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
(git-fixes CVE-2024-49957 bsc#1232152).
- Update
patches.suse/ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
(git-fixes CVE-2024-49877 bsc#1232339).
- Update
patches.suse/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overflow.patch
(git-fixes CVE-2024-50218 bsc#1233191).
- Update
patches.suse/ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
(git-fixes CVE-2024-49965 bsc#1232142).
- Update
patches.suse/parport-Proper-fix-for-array-out-of-bounds-access.patch
(git-fixes CVE-2024-50074 bsc#1232507).
- Update
patches.suse/platform-x86-panasonic-laptop-Fix-SINF-array-out-of-.patch
(git-fixes CVE-2024-46859 bsc#1231089).
- Update
patches.suse/scsi-elx-libefc-Fix-potential-use-after-free-in-efc_nport_vport_del.patch
(git-fixes CVE-2024-49852 bsc#1232819).
- Update
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch
(bsc#1230055 CVE-2024-50025 bsc#1231953).
- Update
patches.suse/scsi-lpfc-Ensure-DA_ID-handling-completion-before-de.patch
(bsc#1232757 CVE-2024-50183 bsc#1233130).
- Update
patches.suse/scsi-lpfc-Handle-mailbox-timeouts-in-lpfc_get_sfp_in.patch
(bsc#1228857 CVE-2024-46842 bsc#1231101).
- Update
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch
(bsc#1229429 CVE-2024-49891 bsc#1232218).
- Update
patches.suse/scsi-sd-Fix-off-by-one-error-in-sd_read_block_charac.patch
(bsc#1223848 CVE-2024-47682 bsc#1231856).
- Update
patches.suse/scsi-wd33c93-Don-t-use-stale-scsi_pointer-value.patch
(git-fixes CVE-2024-50026 bsc#1231952).
- Update
patches.suse/spi-nxp-fspi-fix-the-KASAN-report-out-of-bounds-bug.patch
(git-fixes CVE-2024-46853 bsc#1231083).
- Update
patches.suse/staging-iio-frequency-ad9834-Validate-frequency-para.patch
(git-fixes CVE-2024-47663 bsc#1231441).
- Update
patches.suse/tpm-Clean-up-TPM-space-after-command-failure.patch
(git-fixes CVE-2024-49851 bsc#1232134).
- Update
patches.suse/tracing-Consider-the-NULL-character-when-validating-the-event-length.patch
(git-fixes CVE-2024-50131 bsc#1232896).
- Update
patches.suse/uprobe-avoid-out-of-bounds-memory-access-of-fetching-args.patch
(git-fixes CVE-2024-50067 bsc#1232416).
- Update
patches.suse/usb-typec-altmode-should-keep-reference-to-parent.patch
(git-fixes CVE-2024-50150 bsc#1233051).
- Update
patches.suse/vhost-scsi-null-ptr-dereference-in-vhost_scsi_get_re.patch
(git-fixes CVE-2024-49863 bsc#1232255).
- Update
patches.suse/wifi-ath9k_htc-Use-__skb_set_length-for-resetting-ur.patch
(stable-fixes CVE-2024-49938 bsc#1232552).
- Update
patches.suse/wifi-mac80211-use-two-phase-skb-reclamation-in-ieee8.patch
(git-fixes CVE-2024-47713 bsc#1232016).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(stable-fixes CVE-2024-50008 bsc#1232317).
- Update
patches.suse/wifi-rtw88-always-wait-for-both-firmware-loading-att.patch
(git-fixes CVE-2024-47718 bsc#1232015).
- Update
patches.suse/wifi-wilc1000-fix-potential-RCU-dereference-issue-in.patch
(git-fixes CVE-2024-47712 bsc#1232017).
- commit e33d75f
- virtio_pmem: Check device status before requesting flush
(CVE-2024-50184 bsc#1233135).
- commit 82ce64b
- Update tags in
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- commit ad996bf
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
- commit 2430e1b
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch (bsc#1233350)
- add commit message for the kABI patch
- adapt same struct naming as similar kABI workaround in SLE15-SP6
(prefixed with "suse_" to make it more obvious its a downstream thing.
- commit b6821d4
- unicode: Don't special case ignorable code points
(CVE-2024-50089 bsc#1232860).
- commit ba47e72
- mm/memory: add non-anonymous page check in the
copy_present_page() (bsc#1231646).
- commit 9f5cb06
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on
GIC v4.1 (git-fixes).
- commit 1fa30cf
- irqchip/gic-v4: Correctly deal with set_affinity on
lazily-mapped VPEs (CVE-2024-50192 bsc#1233106).
- commit 6b39f7a
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
(CVE-2024-50192 bsc#1233106).
- kABI: Don't allow a VMOVP on a dying VPE (kabi CVE-2024-50192
bsc#1233106).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack
(git-fixes).
- commit 1772267
- README.BRANCH: drop explicit maintainers
kbuild already recognizes all downstream branch maintainers an
merge their PRs so we do not need explicit maintainers for the cve
branch itself.
- commit cd6f8fb
- macsec: Fix use-after-free while sending the offloading packet
(CVE-2024-50261 bsc#1233253).
- commit 918342c
- io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
(CVE-2022-48983 bsc#1231959).
- commit cb16389
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 4c6b1da
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
(cherry picked from commit 03ac3f085c702ef308481c09b021887b5a01d52b)
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
- commit 7f40404
- drm/amd/display: Check null pointers before used (bsc#1232371 CVE-2024-49921)
- commit 956721a
- nilfs2: fix kernel bug due to missing clearing of checked flag
(bsc#1233206 CVE-2024-50230).
- commit e84e612
- nilfs2: fix potential deadlock with newly created symlinks
(bsc#1233205 CVE-2024-50229).
- commit 22257d1
- Update
patches.suse/iio-adc-ad7124-fix-division-by-zero-in-ad7124_set_ch.patch
(CVE-2024-50232 bsc#1233209 git-fixes).
- commit c0912d0
- Update patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch (git-fixes bsc#1232897 CVE-2024-50117).
- commit 4fc44d0
- Update
patches.suse/wifi-ath10k-Fix-memory-leak-in-management-tx.patch
(CVE-2024-50236 bsc#1233212 git-fixes).
- Update
patches.suse/wifi-iwlegacy-Clear-stale-interrupts-before-resuming.patch
(CVE-2024-50234 bsc#1233211 stable-fixes).
- Update
patches.suse/wifi-mac80211-do-not-pass-a-stopped-vif-to-the-drive.patch
(CVE-2024-50237 bsc#1233216 git-fixes).
- commit bb693c7
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890 CVE-2024-50134)
- commit f5103e7
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit a2d88b4
- net: sched: fix use-after-free in taprio_change()
(CVE-2024-50127 bsc#1232907).
- commit 88b0d06
- Fix regression on AMDGPU driver (bsc#1233134)
Drop a hunk in an AMDGPU fix patch that caused the missing VT console
and possibly other side-effects.
Refreshed:
patches.suse/drm-amd-display-Check-null-pointers-before-using-the.patch.
- commit c4d3cf0
- Update tags
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-42131 bsc#1228650).
- commit 42963b8
- USB: serial: io_edgeport: fix use after free in debug printk
(git-fixes).
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove (git-fixes).
- ALSA: firewire-lib: fix return value on fail in
amdtp_tscm_init() (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup()
(git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: adv7604: prevent underflow condition when reporting
colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: don't play tricks with underflow values
(git-fixes).
- media: dvbdev: prevent the risk of out of memory access
(git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero
(git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
(git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission
(git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
(git-fixes).
- usb: typec: fix unreleased fwnode_handle in
typec_port_register_altmodes() (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event
(git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
(git-fixes).
- usbip: tools: Fix detach_port() invalid port error path
(git-fixes).
- iio: adc: ad7124: fix division by zero in
ad7124_set_channel_odr() (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg() (git-fixes).
- iio: light: veml6030: fix microlux value calculation
(git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc()
(git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
(git-fixes).
- wifi: iwlwifi: mvm: Fix response handling in
iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode
(git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
(git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
(git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in
.get_txpower (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
(git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device
(stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6
mb1 (stable-fixes).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
(git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform
(stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications
(stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix
initial lid detection issue (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
(stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
(stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module
unload (git-fixes).
- platform/x86: dell-sysman: add support for alienware products
(stable-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
(stable-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
(stable-fixes).
- ASoC: codecs: lpass-rx-macro: add missing
CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- drm/vboxvideo: Replace fake VLA at end of
vbva_mouse_pointer_shape with real VLA (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is
destroyed in probe (git-fixes).
- HID: wacom: Defer calculation of resolution until
resolution_code is known (git-fixes).
- XHCI: Separate PORT and CAPs macros into dedicated file
(stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return
(stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
(stable-fixes).
- commit 4f83ccb
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- commit f7bbf8d
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (git-fixes).
- commit ebda297
- pinctrl: ocelot: fix system hang on level based interrupts
(CVE-2024-50196 bsc#1233113).
- commit 722d7d5
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return
value (CVE-2024-50009 bsc#1232318).
- commit e472c58
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a
- cpufreq: exit() callback is optional (CVE-2024-38615
bsc#1226592).
- commit de52ec2
- cpufreq: Rearrange locking in cpufreq_remove_dev()
(CVE-2024-38615 bsc#1226592).
- commit f83b7ff
- cpufreq: Split cpufreq_offline() (CVE-2024-38615 bsc#1226592).
- commit 71730ce
- cpufreq: Reorganize checks in cpufreq_offline() (CVE-2024-38615
bsc#1226592).
- commit c8f486b
- cpufreq: amd-pstate: fix memory leak on CPU EPP exit
(CVE-2024-40997 bsc#1227853).
- commit bd37b8f
- ext4: fix error message when rejecting the default hash
(bsc#1232264 CVE-2024-49968).
- commit 4678448
- sched/deadline: Fix task_struct reference leak (CVE-2024-41023
bsc#1228430).
- commit 65da526
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167
bsc#1233049).
- net/mlx5e: Don't call cleanup on profile rollback failure
(CVE-2024-50146 bsc#1233056).
- net/mlx5: Fix command bitmask initialization (CVE-2024-50147
bsc#1233067).
- commit 30967e3
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- commit ef49fc2
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082 bsc#1232500)
- commit 0de9297
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (CVE-2024-50108 bsc#1232884)
- commit e6eb1e9
- drm/amd/display: fix double free issue during amdgpu module unload (CVE-2024-49989 bsc#1232483)
- commit 6aee3e2
- Refresh
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch.
- commit c3feb06
- ext4: explicitly exit when ext4_find_inline_entry returns an
error (bsc#1231920 CVE-2024-47701).
- commit dbc663c
- ext4: return error on ext4_find_inline_entry (bsc#1231920
CVE-2024-47701).
- commit 9f6ca1a
- ext4: ext4_search_dir should return a proper error (bsc#1231920
CVE-2024-47701).
- commit 92b7975
- fs/inode: Prevent dump_mapping() accessing invalid
dentry.d_name.name (bsc#1232387 CVE-2024-49934).
- commit 93af37f
- ext4: filesystems without casefold feature cannot be mounted
with siphash (bsc#1232264 CVE-2024-49968).
- commit 84a2529
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid
double-free (bsc#1232096 CVE-2024-49983).
- commit 8cb0c2e
- vfs: fix race between evice_inodes() and find_inode()&iput()
(bsc#1231930 CVE-2024-47679).
- commit 479d388
- ext4: avoid OOB when system.data xattr changes underneath the
filesystem (bsc#1231920 CVE-2024-47701).
- commit 9e7d0c7
- wifi: cfg80211: check A-MSDU format more carefully (stable-fixes
CVE-2024-35937 bsc#1224526).
- blacklist.conf: remove the entry that we're just adding
- commit 81bb44e
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (bsc#1223202 CVE-2024-26906).
- commit 35585b4
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (bsc#1223202 CVE-2024-26906).
- commit fd679d8
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
- Removed the duplicated check of
static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- commit d99887e
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
Ensure that the free_after_mult_rcu_gp field fits into struct hole on
all architecture by cloning struct bpf_map then use static_assert() to
check.
- commit 9056822
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit ed25954
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055 bsc#1232329).
- commit 90fa355
- blk-mq: setup queue ->tag_set before initializing hctx
(CVE-2024-50081 bsc#1232501).
- commit 47f15a1
- block: Avoid leaking hctx->nr_active counter on batched
completion (bsc#1231923).
- commit 06a9b00
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit c192a62
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit 6ba5342
- vhost_vdpa: assign irq bypass producer token correctly
(bsc#1232174 CVE-2024-47748).
- commit 51b6257
- octeontx2-af: avoid off-by-one read from userspace
(CVE-2024-36957 bsc#1225762).
- commit 82a42a7
- Update
patches.suse/scsi-lpfc-Restrict-support-for-32-byte-CDBs-to-specific-HBAs.patch
(git-fixes bsc#1232757 bsc#1228119).
- commit ba604a8
- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit 7dec126
- Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- commit 147923a
- uprobes: fix kernel info leak via "[uprobes]" vma (bsc#1232104
CVE-2024-49975).
- commit 98e2376
- module: abort module loading when sysfs setup suffer errors
(git-fixes).
- Refresh patches.suse/add-suse-supported-flag.patch.
- commit 38f1b15
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 05a71d8
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled
(bsc#1232757).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR
to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting
an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo
handler (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending
CMF_SYNC_WQE (bsc#1232757).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline
(bsc#1232757).
- commit acff620
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
(git-fixes).
- commit 23dff14
- tracing: Consider the NULL character when validating the event
length (git-fixes).
- commit a6be5ae
- uprobe: avoid out-of-bounds memory access of fetching args
(git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer
(git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper
(git-fixes).
- commit c9bed4e
- fgraph: Change the name of cpuhp state to "fgraph:online"
(git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph()
(git-fixes).
- commit 25b5fcd
- fgraph: Use CPU hotplug mechanism to initialize idle shadow
stacks (git-fixes).
- commit 7b587c7
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- commit da4b9b4
- sched: sch_cake: fix bulk flow accounting logic for host
fairness (bsc#1231114 CVE-2024-46828).
- commit 2eff83f
- static_call: Replace pointless WARN_ON() in
static_call_module_notify() (bsc#1232155 CVE-2024-49954).
- commit b3b712c
- static_call: Handle module init failure correctly in
static_call_del_module() (bsc#1232083 CVE-2024-50002).
- commit 14d0312
- static_call: Don't make __static_call_return0 static
(git-fixes).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit e74c3f0
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit bb02e87
- nvmet-auth: assign dh_key to NULL after kfree_sensitive
(git-fixes).
- nvme-multipath: system fails to create generic nvme device
(git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- commit 50acd8c
- mm: split critical region in remap_file_pages() and invoke
LSMs in between (CVE-2024-47745 bsc#1232135 git-fix).
- commit 1436986
- PCI: Fix pci_enable_acs() support for the ACS quirks
(bsc#1229019).
- commit d675594
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- commit 9122478
- NFSv3: only use NFS timeout for MOUNT when protocols are
compatible (bsc#1231016).
- commit 9522cfb
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766 bsc#1230620).
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(git-fixes CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80
- Update
patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
(bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
(git-fixes CVE-2022-48994 bsc#1232119).
- Update
patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
(git-fixes CVE-2022-48951 bsc#1231929).
- Update
patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
(git-fixes CVE-2022-49005 bsc#1232150).
- Update
patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
(git-fixes CVE-2022-48992 bsc#1232071).
- Update
patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
(git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
(CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
(git-fixes CVE-2022-48978 bsc#1232038).
- Update
patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
(git-fixes CVE-2022-48995 bsc#1232120).
- Update
patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
(git-fixes CVE-2022-48967 bsc#1232304).
- Update
patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
(git-fixes CVE-2022-49012 bsc#1232005).
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
(bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
(git-fixes CVE-2022-49024 bsc#1232001).
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(git-fixes CVE-2022-48997 bsc#1232035).
- Update
patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
(git-fixes CVE-2022-48981 bsc#1232229).
- Update
patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
(git-fixes CVE-2022-49026 bsc#1231997).
- Update
patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
(git-fixes CVE-2022-48973 bsc#1232039).
- Update
patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
(git-fixes CVE-2022-48975 bsc#1231885).
- Update
patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
(git-fixes CVE-2022-49010 bsc#1232172).
- Update
patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
(git-fixes CVE-2022-49011 bsc#1232006).
- Update
patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
(git-fixes CVE-2022-49029 bsc#1231995).
- Update
patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
(jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
(git-fixes CVE-2022-49031 bsc#1231992).
- Update
patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
(git-fixes CVE-2022-49032 bsc#1231991).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
(git-fixes CVE-2022-49002 bsc#1232133).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
(git-fixes CVE-2022-49000 bsc#1232123).
- Update
patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
(git-fixes CVE-2022-49028 bsc#1231996).
- Update
patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
(git-fixes CVE-2022-48972 bsc#1232025).
- Update
patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
(git-fixes CVE-2022-48987 bsc#1232067).
- Update
patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
(git-fixes CVE-2022-49019 bsc#1231940).
- Update
patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
(git-fixes CVE-2022-48961 bsc#1232108).
- Update
patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
(git-fixes CVE-2022-49016 bsc#1231937).
- Update
patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
(jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
(git-fixes CVE-2022-49021 bsc#1231939).
- Update
patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
(git-fixes CVE-2022-48955 bsc#1231892).
- Update
patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
(git-fixes CVE-2022-49014 bsc#1231890).
- Update
patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
(git-fixes CVE-2022-49007 bsc#1232170).
- Update
patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
(git-fixes CVE-2022-49003 bsc#1232136).
- Update
patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
(jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
(git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
(bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
(git-fixes CVE-2022-49006 bsc#1232163).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
(git-fixes CVE-2022-48948 bsc#1231896).
- Update
patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
(git-fixes CVE-2022-49023 bsc#1231961).
- Update
patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
(git-fixes CVE-2022-49022 bsc#1231962).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
(CVE-2024-49974 bsc#1232383).
- commit e488dd4
- drm/amd/display: Check null pointers before using them (CVE-2024-49922 bsc#1232374)
- commit 0fa5eef
- Update references in patches.suse/drm-amd-display-Handle-null-stream_status-in-planes_.patch (CVE-2024-49912 bsc#1232367 stable-fixes)
- commit 82ff3c5
- drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (CVE-2024-49911 bsc#1232366)
- commit 647f0fb
- drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (CVE-2024-49923 bsc#1232361)
- commit cd7d6eb
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-DCN30-deg.patch (CVE-2024-49895 bsc#1232352 stable-fixes)
- commit 30b332b
- drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899 bsc#1232358)
- commit debe055
- drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897 bsc#1232355)
- commit 6e6c48e
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-degamma-h.patch (CVE-2024-49894 bsc#1232354 stable-fixes)
- commit 31682a2
- drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (CVE-2024-49909 bsc#1232337)
- commit 40ccde2
- Update references for patches.suse/drm-amd-display-Add-null-check-for-top_pipe_to_progr.patch (CVE-2024-49913 bsc#1232307 stable-fixes)
- commit 809100c
- drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (CVE-2024-49901 bsc#1232305)
- commit 28f4c23
- Update references in patches.suse/drm-amd-display-Check-null-pointer-before-dereferenc.patch (CVE-2024-50049 bsc#1232309 stable-fixes)
- commit dbbbdf6
- Rename to
patches.suse/scsi-pm8001-Do-not-overwrite-PCI-queue-mapping.patch.
An upstream git-fix replaces an existing SUSE-only patch. The
contents are essentially the same, but the meta-data and patch
filename have changed.
- commit 658b404
- Update patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch (stable-fixes bsc#1232335 CVE-2024-49908).
- commit d6e1a21
- drm/amd/display: Check null pointer before try to access it (bsc#1232332 CVE-2024-49906)
- commit afdfd36
- drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369 CVE-2024-49914)
- commit 3d890ab
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- commit a6a7d8b
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- commit 122bc1e
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- commit e1d0f0a
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- commit 9ec5789
- scsi: wd33c93: Don't use stale scsi_pointer value (git-fixes).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs
(git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: elx: libefc: Fix potential use after free in
efc_nport_vport_del() (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup
(git-fixes).
- scsi: mac_scsi: Disallow bus errors during PDMA send
(git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
(git-fixes).
- scsi: smartpqi: revert
propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit
(git-fixes).
- drbd: Add NULL check for net_conf to prevent dereference in
state validation (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count()
(git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure
scanned in again after probe failed (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: core: Handle devices which return an unusually large
VPD page count (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use
(git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions
(git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data
(git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address
to port (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- commit 2156f82
- ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014 bsc#1232446)
- commit a229d89
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006 bsc#1232442)
- commit 5cc362b
- iommu/vt-d: Fix potential lockup if qi_submit_sync called
with 0 count (bsc#1232316 CVE-2024-49993).
- commit add20c9
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959 bsc#1232149)
- commit 6f60278
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881 bsc#1232201)
- commit 0088c10
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- commit 070f449
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit 1bb3615
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info()
in walk_down_proc() (CVE-2024-46841 bsc#1231094).
- commit bf46df8
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883 bsc#1232199)
- commit 2b05f4c
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (git-fixes).
- commit cf1f6ea
- blk_iocost: fix more out of bound shifts (CVE-2024-49933 bsc#1232368)
- commit c639728
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929 bsc#1232253)
- commit 58431d9
- Update references in patches.suse/efistub-tpm-Use-ACPI-reclaim-memory-for-event-log-to.patch (CVE-2024-49858 bsc#1232251 stable-fixes)
- commit 643a630
- tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866 bsc#1232259)
- commit 5a5e6bb
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (CVE-2024-50048 bsc#1232310)
- commit 58eb9a7
- ACPI: PRM: Clean up guid type in struct prm_handler_info
(git-fixes).
- commit 3b24754
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and
context (git-fixes).
- ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (git-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method
(git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions
(stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL
(stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on
HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
(stable-fixes).
- commit 738bedb
- Revert PM changes that caused a regression on S4 resume (bsc#1231578)
The recent PM fixes seem causing a regression and broke the resume from
suspend-to-disk. Revert those temporarily as a workaround.
- commit 214736e
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
(git-fixes bsc#1232632).
- commit c1f0a53
- KVM: s390: Change virtual to physical address access in diag
0x258 handler (git-fixes bsc#1232631).
- commit ff68f2a
- KVM: s390: gaccess: Check if guest address is in memslot
(git-fixes bsc#1232630).
- commit 31c3558
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
(git-fixes).
- commit d909d0d
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- commit cd82099
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058 bsc#1232285).
- commit 34995da
- smb: client: fix UAF in async decryption (bsc#1232418
CVE-2024-50047).
- commit dcba7ec
- Update references in patches.suse/ACPICA-check-null-return-of-ACPI_ALLOCATE_ZEROED-in-.patch (CVE-2024-49962 bsc#1232314 stable-fixes)
- commit f0fdf4d
- Update references in patches.suse/drm-amd-display-Check-stream-before-comparing-them.patch (CVE-2024-49896 bsc#1232221 stable-fixes).
- commit 0424fac
- Update references in patches.suse/drm-amd-pm-ensure-the-fw_info-is-not-null-before-usi.patch (CVE-2024-49890 bsc#1232217 stable-fixes)
- commit 10dd27d
- Update references in patches.suse/drm-amd-display-Initialize-get_bytes_per_element-s-d.patch (CVE-2024-49892 bsc#1232220 stable-fixes)
- commit 53b7a11
- ACPI: battery: Fix possible crash when unregistering a battery hook (CVE-2024-49955 bsc#1232154)
- commit 9b71864
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- commit fe3f1c8
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- commit 3384bbc
- padata: use integer wrap around to prevent deadlock on seq_nr overflow (CVE-2024-47739 bsc#1232124)
- commit d49e07a
- drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (CVE-2024-47720 bsc#1232043)
- commit c17fe2d
- iommu/vt-d: Always reserve a domain ID for identity setup
(git-fixes).
- commit b9c8f77
- btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840 bsc#1231105)
- commit 82b0718
- drm/amd/display: Check null pointers before multiple uses (bsc#1232313 CVE-2024-49920)
- commit 5963a7b
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- commit 28c98ef
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944 CVE-2024-47704)
- commit a3d6750
- selftests/bpf: Add test for lsm tail call (CVE-2024-50063
bsc#1232435).
- bpf: Prevent tail call between progs attached to different hooks
(CVE-2024-50063 bsc#1232435).
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch
- selftests/bpf: Add a test for using a cpumap from an
freplace-to-XDP program (CVE-2024-50063 bsc#1232435).
- bpf: Resolve fext program type when checking map compatibility
(CVE-2024-50063 bsc#1232435).
- Refresh patches.suse/bpf-Fix-null-pointer-dereference-in-resolve_prog_typ.patch
- Refresh patches.suse/bpf-Fix-updating-attached-freplace-prog-in-prog_arra.patch
- commit 0f72f86
- net: mvneta: Fix an out of bounds check (CVE-2022-48966
bsc#1232191).
- commit 8b86532
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit 0f23f49
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035
bsc#1232392).
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949 bsc#1232160).
- net: dsa: sja1105: avoid out of bounds access in
sja1105_init_l2_policing() (CVE-2022-48980 bsc#1232233).
- net: mvneta: Prevent out of bounds read in mvneta_config_rss()
(CVE-2022-48966 bsc#1232191).
- net/9p: Fix a potential socket leak in p9_socket_open
(CVE-2022-49020 bsc#1232175).
- commit f80d8c6
- wifi: rtw89: avoid to add interface to list twice when SER
(CVE-2024-49939 bsc#1232381).
- commit 11b12a3
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- Makefile.compiler: replace cc-ifversion with compiler-specific
macros (bsc#1230414 bsc#1229450).
- commit 333c031
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- commit 18e56f7
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- commit 5011da4
- filelock: fix potential use-after-free in posix_lock_inode
(git-fixes).
- commit a756cfc
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
(git-fixes).
- commit 2d51bab
- debugfs: fix automount d_fsdata usage (git-fixes).
- commit f411859
- erofs: avoid infinite loop in z_erofs_do_read_page() when
reading beyond EOF (git-fixes).
- commit 974bef0
- erofs: fix potential overflow calculating xattr_isize
(git-fixes).
- commit 4298ffd
- erofs: stop parsing non-compact HEAD index if clusterofs is
invalid (git-fixes).
- commit 7d6a607
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- Refresh
patches.suse/mount-warn-only-once-about-timestamp-range-expiratio.patch.
- commit eb6d674
- exportfs: use pr_debug for unreachable debug statements
(git-fixes).
- commit 6f07ce6
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- commit bc3c731
- erofs: avoid consecutive detection for Highmem memory
(git-fixes).
- commit 1f8a3b1
- afs: Revert "afs: Hide silly-rename files from userspace"
(git-fixes).
- commit 514f9ab
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- commit d46e58b
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- commit d50701c
- Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- commit 9eb10ce
- Update patch reference for NTB fix (CVE-2024-50059 bsc#1232345)
- commit 7e7191a
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
(CVE-2024-47745 bsc#1232135).
- commit 20b76bc
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
(CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit 3ab8533
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525
- mm/khugepaged: take the right locks for page table retraction
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4
- mm: gup: fix the fast GUP race against THP collapse
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e
- Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950
bsc#1232159).
- commit 640a739
- net: seeq: Fix use after free vulnerability in ether3 Driver
Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1
- ext4: fix double brelse() the buffer of the extents path
(bsc#1232200 CVE-2024-49882).
- ext4: no need to continue when the number of entries is 1
(bsc#1232140 CVE-2024-49967).
- commit 52da641
- ppp: do not assume bh is held in ppp_channel_bridge_input()
(CVE-2024-49946 bsc#1232164).
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
(CVE-2024-50000 bsc#1232085).
- net/mlx5: Fix error path in multi-packet WQE transmit
(CVE-2024-50001 bsc#1232084).
- ethernet: aeroflex: fix potential skb leak in greth_init_rings()
(CVE-2022-48958 bsc#1231889).
- commit 25ee2f4
- jfs: Fix sanity check in dbMount (git-fixes).
- commit 35da5b4
- drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (CVE-2024-46811 bsc#1231179).
- commit 1bc47f7
- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2
- i3c: master: cdns: Fix use after free vulnerability in
cdns_i3c_master Driver Due to Race Condition (CVE-2024-50061
bsc#1232263).
- commit 6ed9c96
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973 bsc#1232105)
- commit 4e4fc3c
- crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730 bsc#1232075)
- commit 9699bc1
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- commit 368c724
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- commit 0b80db6
- sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710 bsc#1232049)
- commit 5cc4002
- cifs: Fix buffer overflow when parsing NFS reparse points
(bsc#1232089, CVE-2024-49996).
- commit 629d06c
- tipc: re-fetch skb cb after tipc_msg_validate (CVE-2022-49017 bsc#1232004)
- commit b9d33e0
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685 bsc#1231998)
- commit d7fe249
- net: Fix an unsafe loop on the list (CVE-2024-50024 bsc#1231954)
- commit f700b14
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707 bsc#1231935)
- commit 64e3b6a
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045 bsc#1231903)
- commit 727e945
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- commit 3e74daa
- wifi: ath11k: fix array out-of-bound access in SoC stats
(CVE-2024-49930 bsc#1232260).
- commit e11de4c
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
(CVE-2024-49886 bsc#1232196).
- commit b27a545
- Refresh
patches.suse/gpio-pca953x-fix-pca953x_irq_bus_sync_unlock-race.patch.
The gpio-pca953x driver wasn't yet converted to guard-style locking
in kernel v5.14, so use traditional locking directives.
- commit 3464b98
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- commit 105bb8d
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- commit d94196b
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- commit eda3a0b
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- commit 1391273
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- commit 4aef76b
- drm/amd/display: Add null check for head_pipe in
dcn32_acquire_idle_pipe_for_head_pipe_in_layer (CVE-2024-49918
bsc#1231967).
- commit a445095
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- commit b215a2f
- arm64: Add Cortex-715 CPU part definition (git-fixes)
Refresh patches.suse/arm64-Add-Cortex-A520-CPU-part-definition.patch.
Refresh patches.suse/arm64-cputype-Add-Cortex-X4-definitions.patch.
- commit 5d98446
- wifi: mac80211: don't use rate mask for offchannel TX either
(CVE-2024-47738 bsc#1232114).
- wifi: mac80211: don't use rate mask for scanning (CVE-2024-47738
bsc#1232114).
- commit 67fbe82
- drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs
in dcn30_init_hw (bsc#1231965 CVE-2024-49917).
- commit c6bb88b
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (CVE-2024-39476 bsc#1227437).
- commit ee734c0
- ocfs2: reserve space for inline xattr before attaching reflink
tree (bsc#1232151 CVE-2024-49958).
- commit 8a206c2
- kthread: unpark only parked kthread (git-fixes, bsc#1231990,
CVE-2024-50019).
- commit ad67452
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- commit 6a38280
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- commit d16b07d
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- commit 6ee6f75
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- commit 783b4c0
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- commit f222561
- x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116 CVE-2024-47727).
- commit c381359
- fat: fix uninitialized variable (git-fixes).
- commit 457698b
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8
- drm/amd/display: Add null check for head_pipe in
dcn201_acquire_free_pipe_for_layer (CVE-2024-49919 bsc#1231968).
- commit afcb4c9
- dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add()
and dpaa2_switch_acl_entry_remove() (CVE-2022-48957
bsc#1231973).
- commit b3f573c
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033 bsc#1231914).
- i40e: Fix macvlan leak by synchronizing access to
mac_filter_hash (CVE-2024-50041 bsc#1231907).
- commit bf7bdd1
- net: dsa: sja1105: fix memory leak in
sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- commit 0e442b9
- thermal: core: Reference count the zone in
thermal_zone_get_by_id() (CVE-2024-50028 bsc#1231950).
- commit cae3a79
- kabi fix for NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 2c3b231
- NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 8c78cbf
- drm/amdgpu: prevent BO_HANDLES error from being overwritten
(git-fixes).
- commit 33d2548
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- Revert "usb: yurex: Replace snprintf() with the safer
scnprintf() variant" (stable-fixes).
- usb: xhci: Fix problem with xhci resume from suspend
(stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB
sound chip (stable-fixes).
- USB: misc: yurex: fix race between read and write
(stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer
(stable-fixes).
- USB: appledisplay: close race between probe and completion
handler (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020
(stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt
Registration in the Crashkernel Scenario (stable-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset
(stable-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
(git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk
(stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset
fails (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
(git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb
before resubmit (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries
(git-fixes).
- wifi: ath9k: fix possible integer overflow in
ath9k_get_et_stats() (stable-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats
(stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01
(git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error
(stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
(stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination
(stable-fixes).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read()
(git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf()
variant (stable-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug()
(stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe
(stable-fixes).
- commit f956c13
- parport: Proper fix for array out-of-bounds access (git-fixes).
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency() (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in
Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: proximity: mb1232: add missing select
IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: opt3001: add missing full-scale range value
(git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work()
(git-fixes).
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put() (stable-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (stable-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for
debugfs_create_dir() (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
(stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(stable-fixes).
- Input: ads7846 - ratelimit the spi_sync error message
(stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper
(stable-fixes).
- commit dcfb1af
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- Refresh
patches.kabi/restore-renamed-device-IDs-for-USB-HID-devices.patch.
- commit 3c7db56
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- Refresh patches.suse/i2c-xiic-Make-bus-names-unique.patch.
- commit a465fd8
- Bluetooth: btusb: Fix regression with fake CSR controllers
0a12:0001 (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
(git-fixes).
- Bluetooth: Remove debugfs directory on module init failure
(git-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded
device (git-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory
systems (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
(git-fixes).
- drm/msm/dpu: don't always program merge_3d block (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
(git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
(git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized
(git-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume
key (stable-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime
suspend/resume (git-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor
(stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- drm/amd/display: Allow backlight to go below
`AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Validate backlight caps are sane
(stable-fixes).
- drm/amd/display: Check null pointer before dereferencing se
(stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store
invalid bus attribute (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid
corruption (stable-fixes).
- comedi: ni_routing: tools: Check when the file could not be
opened (stable-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters
(stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout
(git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue
(stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC
Determination (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer
(stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it
(stable-fixes).
- drm/amd/display: Add null check for 'afb' in
amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr
(stable-fixes).
- drm/radeon/r100: Handle unknown family in
r100_cp_init_microcode() (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
(stable-fixes).
- drm/amd/display: Handle null 'stream_status' in
'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware
format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma
hardware format translation (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
(stable-fixes).
- drm/amd/display: Check stream before comparing them
(stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd
Portfolio (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
(git-fixes).
- i2c: xiic: improve error message when transfer fails to start
(stable-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
(git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member
(stable-fixes).
- drm/radeon: Replace one-element array with flexible-array member
(stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- commit 9daeadb
- Bluetooth: ISO: Fix multiple init when debugfs is disabled
(git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[] (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X
(stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u
(stable-fixes).
- ALSA: core: add isascii() check to card ID generator
(stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
(stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
(stable-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer
the error (git-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk
(stable-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros
(stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries
(stable-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard
types (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
(stable-fixes).
- ACPI: EC: Do not release locks during operation region accesses
(stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
(stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
(stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package() (stable-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids
(stable-fixes).
- commit f59a49f
- block: fix potential invalid pointer dereference in
blk_add_partition (bsc#1231872 CVE-2024-47705).
- block: print symbolic error name instead of error code
(bsc#1231872).
- commit 629456f
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692
bsc#1231857).
- commit 3ec0b50
- nilfs2: fix kernel bug due to missing clearing of buffer delay
flag (git-fixes).
- commit fa778cc
- Refresh
patches.suse/KVM-Reject-overly-excessive-IDs-in-KVM_CREATE_VCPU.patch
(fix build warning).
- commit 4509600
- ethtool: fail closed if we can't get max channel used in
indirection tables (CVE-2024-46834 bsc#1231096).
- commit 92f1041
- vmxnet3: update to version 9 (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads
(bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3
(bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- commit 11f0889
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes CVE-2024-44931
bsc#1229837).
- commit fd874e3
- gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
(stable-fixes CVE-2024-42253 bsc#1229005).
- commit 1b7d3e6
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- commit e96d6b6
- NFSD: Mark filecache "down" if init fails (git-fixes).
- commit 2bc13b1
- nfs: fix memory leak in error path of nfs4_do_reclaim
(git-fixes).
- commit 78b8702
- nfsd: fix delegation_blocked() to block correctly for at least
30 seconds (git-fixes).
- commit a755d72
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- commit c0a4772
- nfsd: call cache_put if xdr_reserve_space returns NULL
(git-fixes).
- commit bea413a
- nfsd: fix refcount leak when file is unhashed after being found
(git-fixes).
- commit a3bda73
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
(git-fixes).
- commit 1bee667
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (git-fixes).
- commit 5a9ecaa
- NFSv4: Fix clearing of layout segments in layoutreturn
(git-fixes).
- commit 21968b2
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
(git-fixes).
- commit 2bcef50
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- commit 894e3e9
- jfs: check if leafidx greater than num leaves per dmap tree
(git-fixes).
- commit 2a190ef
- jfs: Fix uaf in dbFreeBits (git-fixes).
- commit 77fee8f
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- commit bdbc194
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- commit 06d0a1f
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- commit a59c1e5
- RDMA/hns: Refactor the abnormal interrupt handler function (git-fixes)
Refresh patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- commit 16f4f98
- RDMA/hns: Fix the wrong type of return value of the interrupt handler (git-fixes)
Refresh:
- patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
- commit 10cd6d3
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- commit 05afe22
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit 9910e8f
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- commit bc97910
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- commit d91cca2
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- commit 530c748
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- commit 04af073
- RDMA/srpt: Make slab cache names unique (git-fixes)
- commit d1c01aa
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- commit 5a68e97
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- commit e2cb15f
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- commit a888491
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- commit 21e34e7
- udf: Avoid excessive partition lengths (bsc#1230773
CVE-2024-46777).
- commit 43cca3d
- fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439
CVE-2024-47660).
- commit 66d4cf0
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- commit 2e9108a
- net: test for not too small csum_start in
virtio_net_hdr_to_skb() (git-fixes).
- commit 78a3945
- KVM: fix memoryleak in kvm_init() (git-fixes).
- commit 066c2d8
- kabi: fix after KVM: arm64: mixed-width check should be skipped
for uninitialized vCPUs (git-fixes).
- commit bbf2daf
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff()
(git-fixes).
- commit baf8de4
- kab: fix after net: add more sanity check in
virtio_net_hdr_to_skb() (git-fixes).
- commit e85c3fa
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- commit 880c9eb
- nbd: fix race between timeout and normal completion
(bsc#1230918).
- commit 3f6c035
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
(git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller
is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- commit 27bf420
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C
(git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C
(git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source
(git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete
(git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy
error (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed
(git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed
(git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in
rfcomm_sk_state_change (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
(git-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace
if SND=m (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
(git-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257
(git-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
(git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched
(git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
(git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos
(stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
(stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
(stable-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
(git-fixes).
- commit 05e9a52
- perf/x86/intel: Limit the period on Haswell (bsc#1231072,
CVE-2024-46848).
- commit f8c2996
- sched/smt: Fix unbalance sched_smt_present dec/inc
(CVE-2024-44958 bsc#1230179).
- commit 2c63e21
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(CVE-2024-47673 bsc#1231539).
- commit 775f803
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672 bsc#1231540).
- commit 01e4e8b
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- commit 56416b7
- spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (CVE-2024-47664 bsc#1231442)
- commit c0024fd
- drm/amd/display: Avoid overflow from uint32_t to uint8_t (CVE-2024-47661 bsc#1231496)
- commit 8f65382
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3
- dn_route: set rt neigh to blackhole_netdev instead of
loopback_dev in ifdown (bsc#1216813).
- commit 44138e3
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
in ifdown (bsc#1216813).
- commit 89c7a24
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit faf59f1
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 13cc498
- selftests/bpf: Add a test case to write mtu result into .rodata
(git-fixes).
- commit c1c2650
- selftests/bpf: Add a test case to write strtol result into
.rodata (git-fixes).
- commit 1de69ac
- selftests/bpf: Rename ARG_PTR_TO_LONG test description
(git-fixes).
- commit 6cf4336
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test
(git-fixes).
- commit fd06ef1
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
(git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
(git-fixes).
- commit 6b5690f
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul
helpers (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
(git-fixes).
- bpf: Allow helpers to accept pointers with a fixed size
(git-fixes).
- Refresh patches.suse/bpf-Tidy-up-verifier-check_func_arg.patch
- commit b017693
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL
relocation (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
(git-fixes).
- commit 262d8c3
- KVM: x86: Use a stable condition around all VT-d PI paths
(git-fixes).
- Refresh
patches.suse/KVM-VMX-Don-t-unblock-vCPU-w-Posted-IRQ-if-IRQs-are-.patch.
- commit d33f58c
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- commit fe7fa3e
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k
(git-fixes).
- Refresh
patches.suse/KVM-x86-mmu-Remove-spurious-TLB-flushes-in-TDP-MMU-z.patch.
- commit 6e463a6
- bpf, net: Fix a potential race in do_sock_getsockopt()
(git-fixes).
- net: socket: suppress unused warning (git-fixes).
- commit 62fee56
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- commit 9bc72d6
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
(CVE-2024-45025 bsc#1230456).
- commit 19343d1
- Update kabi files.
Based on October maintenance update:
kernel-64kb-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.ppc64le.rpm
kernel-default-devel-5.14.21-150500.55.83.1.s390x.rpm
kernel-default-devel-5.14.21-150500.55.83.1.x86_64.rpm
so that we can track newly added symbols.
- commit 8427d2e
- KVM: SVM: Disallow guest from changing userspace's
MSR_AMD64_DE_CFG value (git-fixes).
- commit 0b0882c
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM
support is missing (git-fixes).
- commit 26a295a
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE
and MSR_GS_BASE (git-fixes).
- commit 4b12471
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while
single-step is enabled (git-fixes).
- commit 29756fe
- RDMA/mana_ib: use the correct page size for mapping user-mode
doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware
page size (git-fixes).
- commit 4a96266
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- commit ab13605
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step
is enabled (git-fixes).
- commit 9b95067
- add bug reference for a mana change (bsc#1229769).
- commit 279dcec
- KVM: arm64: mixed-width check should be skipped for
uninitialized vCPUs (git-fixes).
- commit 39f0f9f
- bpf, verifier: Correct tail_call_reachable for bpf prog
(git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- commit 41df3fb
- usb: xhci: prevent potential failure in handle_tx_event()
for Transfer events without TRB (CVE-2024-42226 bsc#1228709).
- commit e76988e
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- commit 96c07ae
- bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801
CVE-2024-46754).
- commit 8b4a412
- kvm/arm64: rework guest entry logic (git-fixes).
- Refresh
patches.suse/KVM-arm64-Treat-PMCR_EL1.LC-as-RES1-on-asymmetric-systems.patch.
- commit dfd24e5
- KVM: Pre-allocate cpumasks for
kvm_make_all_cpus_request_except() (git-fixes).
- Refresh
patches.suse/Revert-KVM-set-owner-of-cpu-and-vm-file-operations.patch.
- commit 83b6823
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- commit 709720b
- KVM: Write the per-page "segment" when clearing (part of)
a guest page (git-fixes).
- commit 9811c1e
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace
exit (git-fixes).
- commit 5a089f5
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags
hits ZONE_DEVICE (git-fixes).
- commit a55326d
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe
hyp init (git-fixes).
- commit 2e75c88
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- commit b54be89
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
(git-fixes).
- commit 7476735
- KVM: arm64: Fix AArch32 register narrowing on userspace write
(git-fixes).
- commit 517e742
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in
vgic_v2_parse_attr() (git-fixes).
- commit 9f76023
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
(git-fixes).
- commit 8fff566
- KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table() (git-fixes).
- commit b695d86
- KVM: arm64: Add missing memory barriers when switching to
pKVM's hyp pgd (git-fixes).
- commit 606dda9
- KVM: arm64: vgic-v4: Restore pending state on host userspace
write (git-fixes).
- commit c4e4df2
- Revert "KVM: Prevent module exit until all VMs are freed"
(git-fixes).
- commit 5f68725
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI
(git-fixes).
- commit 1f3e21a
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
(git-fixes).
- commit 89273cb
- KVM: Grab a reference to KVM for VM and vCPU stats file
descriptors (git-fixes).
- commit d99dedf
- kvm: Add support for arch compat vm ioctls (git-fixes).
- commit c1d9461
- KVM: Unconditionally get a ref to /dev/kvm module when creating
a VM (git-fixes).
- commit 7df3401
- KVM: Fix lockdep false negative during host resume (git-fixes).
- commit 72fbff6
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- commit a76a2b9
- net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244 bsc#1226797)
- commit 39420f6
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- commit ddff31f
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
(git-fixes).
- commit 46f17cb
- bpf: Add --skip_encoding_btf_inconsistent_proto,
- -btf_gen_optimized to pahole flags for v1.25 (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- Update config files.
- commit 536f189
- virtio_console: fix misc probe bugs (git-fixes).
- commit 2cea93c
- vhost_vdpa: assign irq bypass producer token correctly
(git-fixes).
- commit e82b017
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- commit aa85f12
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit e949a45
- virtio_net: fixing XDP for fully checksummed packets handling
(git-fixes).
- commit f3d52ed
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- commit 50a25ba
- kbuild,bpf: Add module-specific pahole flags for distilled
base BTF (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414
bsc#1229450).
- kbuild, bpf: Use test-ge check for v1.25-only pahole
(bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26
and later (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: avoid too many execution of scripts/pahole-flags.sh
(bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- commit 05f7b0b
- Use pahole -j1 option for reproducible builds (bsc#1230414
bsc#1229450).
- commit 486aef8
- net: add more sanity check in virtio_net_hdr_to_skb()
(git-fixes).
- commit c9cb665
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- commit 61990ab
- Update
patches.suse/usb-typec-ucsi-Fix-null-pointer-dereference-in-trace.patch
(CVE-2024-46719 bsc#1230722).
Added CVE
- commit 04ed2dd
- efi: fix NULL-deref in init error path (bsc#1229556
CVE-2022-48879).
- commit 41e1770
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit fd93435
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86
- ice: Unbind the workqueue (bsc#1231344).
- commit fa8a96c
- drm/amd/display: Validate function returns (bsc#1230774 CVE-2024-46775)
- commit a72450c
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356
- Delete some more obsolete scripts
- commit 0d4cf12
- char: tpm: Fix possible memory leak in
tpm_bios_measurements_open() (git-fixes).
- commit e53c1af
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- commit a3438e4
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- commit 670f96b
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
(bsc#1226631).
- commit 2c24b8c
- scsi: fnic: Move flush_work initialization out of if block
(bsc#1230055).
- commit 3f71444
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- commit 2a22cf9
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- commit ab862e0
- net: mana: Improve mana_set_channels() in low mem conditions
(bsc#1230289).
- net: mana: Implement get_ringparam/set_ringparam for mana
(bsc#1229891).
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- bonding: change ipsec_lock from spin lock to mutex
(CVE-2024-46678 bsc#1230550).
- bonding: extract the use of real_device into local variable
(CVE-2024-46678 bsc#1230550).
- bonding: implement xdo_dev_state_free and call it after deletion
(CVE-2024-46678 bsc#1230550).
- commit 057bf3f
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- KVM: s390: Fix SORTL and DFLTCC instruction format error in
__insn32_query (git-fixes bsc#1231277).
- commit cce5574
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
(bsc#1228747).
- commit 41a09b7
- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d
- ELF: fix kernel.randomize_va_space double read (CVE-2024-46826 bsc#1231115)
- commit d14eaf0
- powerpc: Allow clearing and restoring registers independent
of saved breakpoint state (bsc#1194869).
- commit fab6193
- powerpc/tlb: Add local flush for page given mm_struct and psize
(bsc#1194869).
- commit 819e69d
- net/mlx5: Fix bridge mode operations when there are no VFs (CVE-2024-46857 bsc#1231087)
- commit b275110
- netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855 bsc#1231085)
- commit b9b2afb
- powerpc/imc-pmu: Use the correct spinlock initializer
(bsc#1054914 fate#322448 git-fixes).
- commit 1a80d47
- powerpc/code-patching: introduce patch_instructions()
(bsc#1194869).
- commit ce19d55
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX
(bsc#1194869).
- commit 347af82
- powerpc/code-patching: Fix oops with DEBUG_VM enabled
(bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching
context (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU
(bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init
(bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping
(bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init()
is done (bsc#1194869).
- powerpc/code-patching: Don't call is_vmalloc_or_module_addr()
without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction()
to ease error handling (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling
(bsc#1194869).
- powerpc/code-patching: Fix error handling in
do_patch_instruction() (bsc#1194869).
- commit 630a906
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages
and fix check() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions
(bsc#1194869).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- commit d1c574c
- powerpc/code-patching: Add generic memory patching
(bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction()
in case of failure (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly
(bsc#1194869).
- commit 358e581
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 1cf5de8
- Refresh sorted patches.
- commit c7484f7
- powerpc/64: Convert patch_instruction() to patch_u32()
(bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc()
(bsc#1194869).
- powerpc/xics: Check return value of kasprintf in
icp_native_map_one_cpu (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root
time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory
(bsc#1194869).
- Refresh patches.suse/powerpc-vdso-Remove-cvdso_call_time-macro.patch
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object
files (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build
(bsc#1194869).
- commit 319aee2
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
(bsc#1054914 fate#322448 git-fixes).
- commit 3f22c10
- cachefiles: fix dentry leak in cachefiles_open_file()
(bsc#1231181).
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231180).
- commit 47c22dc
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
(CVE-2024-46830 bsc#1231116).
- commit 5d5e02e
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- commit 1b1ffa2
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- commit 901f16d
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- commit 0627e93
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- commit e8a76c0
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809 bsc#1231148).
- commit 8c8b606
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- tomoyo: fallback to realpath if symlink's pathname does not
exist (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
(git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
(git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
(git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
(git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
(git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
(stable-fixes).
- commit b15f073
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
(git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
mutexes (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: ilitek_ts_i2c - add report id message validation
(git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
(git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
(git-fixes).
- media: venus: fix use after free bug in venus_remove due to
race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (stable-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
(git-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- commit 0120ced
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/nvme-auth-retry-command-if-DNR-bit-is-not-set.patch
- commit 4effcb1
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit 2398294
- Refresh
patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit ba454fb
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 1959490
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 867d207
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit ec589da
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit fb3eb08
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
(bsc#1199769).
- commit 8283ab9
- scsi: sd: Fix off-by-one error in
sd_read_block_characteristics() (bsc#1223848).
- commit 04f7eb0
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit b81ed11
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b544cf
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
PWM frequency (git-fixes).
- commit 3f7057a
- arm64: dts: rockchip: Correct the Pinebook Pro battery design
capacity (git-fixes).
- commit 7f351fe
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- commit 3d80de5
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (git-fixes).
- commit 293aaa9
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
(bsc#1227885 CVE-2024-40965).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
(bsc#1227885).
- clk: Add a devm variant of clk_rate_exclusive_get()
(bsc#1227885).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk doesn't
work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- commit f4066a3
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 24cf4b5
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
Move patch into the sorted section.
- commit 790aa5a
- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
(stable-fixes CVE-2024-44954 bsc#1230176).
- Update
patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
(git-fixes CVE-2024-46798 bsc#1230830).
- Update
patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
(stable-fixes CVE-2024-46746 bsc#1230751).
- Update
patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
(stable-fixes CVE-2024-46747 bsc#1230752).
- Update
patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
(stable-fixes CVE-2024-46745 bsc#1230748).
- Update
patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
(git-fixes CVE-2024-46744 bsc#1230747).
- Update
patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
(git-fixes CVE-2024-46738 bsc#1230731).
- Update
patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
(bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
(git-fixes CVE-2024-46771 bsc#1230766).
- Update
patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
(git-fixes CVE-2024-46791 bsc#1230821).
- Update
patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
(git-fixes CVE-2024-45011 bsc#1230440).
- Update
patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
(stable-fixes CVE-2024-46732 bsc#1230711).
- Update
patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
(stable-fixes CVE-2024-46773 bsc#1230791).
- Update
patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
(stable-fixes CVE-2024-46726 bsc#1230706).
- Update
patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
(stable-fixes CVE-2024-46714 bsc#1230699).
- Update
patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
(git-fixes CVE-2024-46694 bsc#1230511).
- Update
patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46731 bsc#1230709).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
(stable-fixes CVE-2024-46724 bsc#1230725).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
(stable-fixes CVE-2024-46725 bsc#1230705).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
(stable-fixes CVE-2024-44977 bsc#1230217).
- Update
patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
(stable-fixes CVE-2024-46720 bsc#1230724).
- Update
patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46722 bsc#1230712).
- Update
patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46723 bsc#1230702).
- Update
patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
(git-fixes CVE-2024-44967 bsc#1230224).
- Update
patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
(git-fixes CVE-2024-44982 bsc#1230204).
- Update
patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
(bsc#1229453 CVE-2024-45000 bsc#1230170).
- Update
patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
(bsc#1230592 CVE-2024-46786 bsc#1230813).
- Update
patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
(stable-fixes CVE-2024-46759 bsc#1230814).
- Update
patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
(stable-fixes CVE-2024-46758 bsc#1230812).
- Update
patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
(stable-fixes CVE-2024-46756 bsc#1230806).
- Update
patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
(git-fixes CVE-2024-45028 bsc#1230450).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
(bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
(git-fixes CVE-2024-46676 bsc#1230535).
- Update
patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
(git-fixes CVE-2024-46781 bsc#1230768).
- Update
patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
(git-fixes CVE-2024-46780 bsc#1230808).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
(stable-fixes CVE-2024-46761 bsc#1230761).
- Update
patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
(git-fixes bsc#1229573 CVE-2024-45026 bsc#1230454).
- Update
patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
(git-fixes bsc#1229572 CVE-2024-44969 bsc#1230200).
- Update
patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
(git-fixes CVE-2024-46675 bsc#1230533).
- Update
patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
(git-fixes CVE-2024-46674 bsc#1230507).
- Update
patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
(stable-fixes CVE-2024-46755 bsc#1230802).
- Update
patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
(git-fixes CVE-2024-44948 bsc#1230174).
- Update
patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
(git-fixes CVE-2024-45006 bsc#1230247).
- commit 3ab4fc7
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit 731ca61
- cachefiles: Fix non-taking of sb_writers around set/removexattr
(bsc#1231013).
- commit 8d75b42
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- commit afe0b92
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
(git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
(git-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe
(git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- Refresh
patches.suse/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch.
- commit 1275322
- Update
patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
(stable-fixes CVE-2024-46750 bsc#1230783).
- commit c259807
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit bfe7fd1
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(git-fixes).
- commit 644bf81
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- net: tunnels: annotate lockless accesses to dev->needed_headroom
(CVE-2024-26804 bsc#1222629).
- commit 319c5b5
- kabi: add __nf_queue_get_refs() for kabi compliance.
(bsc#1229633, CVE-2022-48911)
(cherry picked from commit 09526c9424a7fbc2a4d656f79c4ad7878f435ecb)
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
(cherry picked from commit 758c6b1299c09ef730f452c74ec7f72a9327354f)
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 0bf9c36
- drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703 CVE-2024-46728)
- commit 6a51cab
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit e49b867
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 50d4a10
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 813af9f
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit 2bb823b
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit f6fcd8c
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 328d52f
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 33ac85f
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 01729dd
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit 68948b5
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit 65bf6d4
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit dfdb2f8
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 97307dd
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 65fd2b1
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- net: tighten bad gso csum offset check in virtio_net_hdr
(git-fixes).
- commit 34aa4c1
- udp: fix receiving fraglist GSO packets (git-fixes).
- commit fa1c6cd
- xen/swiotlb: fix allocated size (git-fixes).
- commit 6131ead
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit eee6dcc
- xen: tolerate ACPI NVS memory overlapping with Xen allocated
memory (bsc#1226003).
- commit c0747b9
- xen: allow mapping ACPI data using a different physical address
(bsc#1226003).
- commit c94b5d0
- xen: add capability to remap non-RAM pages to different PFNs
(bsc#1226003).
- commit 489b422
- xen: move max_pfn in xen_memory_setup() out of function scope
(bsc#1226003).
- commit 88edee6
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 6843c76
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- commit 262114a
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (git-fixes).
- commit 1d6cee4
- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 305f805
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- commit 8a8aa4d
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit de593a5
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- commit 28bc636
- xen: introduce generic helper checking for memory map conflicts
(bsc#1226003).
- commit b5a62b0
- xen: use correct end address of kernel for conflict checking
(bsc#1226003).
- commit 864cea2
- x86/xen: Convert comma to semicolon (git-fixes).
- commit aea0e48
- net: drop bad gso csum_start and offset in virtio_net_hdr
(git-fixes).
- commit 89b9f35
- crypto: virtio - Wait for tasklet to complete on device remove
(git-fixes).
- commit 3c716ae
- x86/kaslr: Expose and use the end of the physical memory
address space (bsc#1230405).
- commit 3201b4e
- Update references for patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch (CVE-2024-46761 bsc#1230761)
- commit dcc7841
- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit c8c34cc
- Update references for patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch (CVE-2024-46759 bsc#1230814)
- commit 246b51d
- Update references for patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch (CVE-2024-46747 bsc#1230752)
- commit d22b00d
- Update references for patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch (CVE-2024-46745 bsc#1230748)
- commit 584f3d0
- Update references for patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch (CVE-2024-46746 bsc#1230751)
- commit 20864a7
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit 72de3c2
- Update references for patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch (CVE-2024-46786 bsc#1230592 bsc#1230813)
- commit b23da3a
- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit a2b9776
- scsi: lpfc: Copyright updates for 14.4.0.4 patches
(bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology
(bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
attached topology (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
(bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building
an abort request (bsc#1229429).
- scsi: lpfc: Change diagnostic log flag during receipt of
unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- commit 6dfc9ed
- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit dcc83f4
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
(bsc#1230794 CVE-2024-46752).
- btrfs: sink parameter is_data to btrfs_set_disk_extent_flags
(bsc#1230794 CVE-2024-46752).
- commit c2d0eaf
- kABI, crypto: virtio - Handle dataq logic with tasklet
(git-fixes).
- commit 7b17b1c
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl()
(git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps
(git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 14b1d67
- drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701 CVE-2024-46730)
- commit 45e46f9
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd2cc38
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(git-fixes).
- commit 157099e
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 657f164
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(git-fixes).
- commit 24419a8
- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit d0ab63e
- btrfs: do not start relocation until in progress drops are done
(bsc#1229607 CVE-2022-48901).
- Refresh
patches.suse/btrfs-sysfs-update-fs-features-directory-asynchronou.patch.
- commit a5756e7
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 2dc0a89
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit f3e346f
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 2d8f102
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit e09cbac
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 25c83fa
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit 2205648
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit 44ce0f3
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
(git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
occurs (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
(git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
(git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
(git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
(git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
(git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
(git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
(git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
radeon_add_common_modes (git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
(git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
(git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
(git-fixes).
- commit a7fb7f8
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 3bf0292
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit 25632eb
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit 16fd035
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 0a04e5e
- soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689 bsc#1230524)
- commit d574d3c
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit eecf85c
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 23b1681
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 02a056d
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit e4c4047
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 12d1e30
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
(git-fixes).
- commit a4cc5f2
- net: missing check virtio (git-fixes).
- commit 5c4c37d
- virtio_net: checksum offloading handling fix (git-fixes).
- commit d5e193e
- virtio: delete vq in vp_find_vqs_msix() when request_irq()
fails (CVE-2024-37353 bsc#1226875).
- commit 7853f36
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- commit 1d51d93
- virtio: reenable config if freezing device failed (git-fixes).
- commit 92899fb
- virtio-blk: Ensure no requests in virtqueues before deleting
vqs (git-fixes).
- commit 5677525
- virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into
a region of size 10" warnings (git-fixes).
- commit c6eef4e
- virtio/vsock: fix logic which reduces credit update messages
(git-fixes).
- commit ba4fb58
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- commit a7e32aa
- vsock/virtio: remove socket from connected/bound list on
shutdown (git-fixes).
- commit 0f347cf
- virtio_net: use u64_stats_t infra to avoid data-races
(git-fixes).
- commit 463733f
- vsock/virtio: initialize the_virtio_vsock before using VQs
(git-fixes).
- commit 1fec77b
- tools/virtio: fix build (git-fixes).
- commit e7f47cc
- xfs: don't include bnobt blocks when reserving free block pool
(git-fixes).
- commit 3c9db4e
- vsock/virtio: add support for device suspend/resume (git-fixes).
- commit 010c69d
- vsock/virtio: factor our the code to initialize and delete VQs
(git-fixes).
- commit 21a4d2a
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
(git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
(git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
(git-fixes).
- mtd: slram: insert break after errors in parsing the map
(git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
(git-fixes).
- power: supply: Drop use_cnt check from
power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
voltage (git-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
(stable-fixes).
- commit 392a8e2
- Update patches.suse/NFS-never-reuse-a-NFSv4-0-lock-owner.patch
(bsc#1227726 bsc#1230733).
- commit c293534
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit 0e4e6bb
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- Refresh
patches.suse/0001-drm-amdgpu-don-t-use-BACO-for-reset-in-S3.patch.
Add alternative commit ID.
- commit c139057
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- commit daa2cc5
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- commit 1a96576
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- commit 99a4208
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- commit 9dc3dba
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
bcm2835_rng_init (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
(git-fixes).
- Bluetooth: hci_sync: Ignore errors from
HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
(git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
(git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
(git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
measurements (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
(git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit b2930fe
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit bb45424
- x86/xen: Convert comma to semicolon (git-fixes).
- commit f308bb3
- Refresh
patches.suse/virtio-blk-scsi-use-block-layer-helpers-to-calculate.patch.
The compiler is unhappy with the types. Add a cast to tell what the
compiler should do.
- commit aba9465
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(git-fixes).
- commit b3f5137
- usb: uas: set host status byte on data completion error
(git-fixes).
- commit 842e02d
- fscache: delete fscache_cookie_lru_timer when fscache exits
to avoid UAF (bsc#1230592).
- virtiofs: forbid newlines in tags (bsc#1230591).
- commit 03e6dba
- x86/hyperv: fix kexec crash due to VP assist page corruption
(git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
(git-fixes).
- commit f7a5c89
- NFSv4: Add missing rescheduling points in
nfs_client_return_marked_delegations (git-fixes).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
(git-fixes).
- commit 6327192
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- commit 3824ded
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
(git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
(stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145
(stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers
on Sirius devices (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc()
(git-fixes).
- Input: uinput - reject requests with unreasonable number of
slots (stable-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- HID: amd_sfh: free driver_data after destroying hid device
(stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
(stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
(git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
(stable-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA
setup (stable-fixes).
- devres: Initialize an uninitialized struct member
(stable-fixes).
- pcmcia: Use resource_size function on resource object
(stable-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
(stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
(stable-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- usb: uas: set host status byte on data completion error
(stable-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace
(stable-fixes).
- usbip: Don't submit special requests twice (stable-fixes).
- ASoC: topology: Properly initialize soc_enum values
(stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map
controls (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails
(stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in
check_tiling_flags_gfx6 (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used
(stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
(stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
(stable-fixes).
- media: vivid: don't set HDMI TX controls if there are no HDMI
outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane
(stable-fixes).
- media: uvcvideo: Enforce alignment of frame and interval
(stable-fixes).
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (stable-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
(stable-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit
attributes (stable-fixes).
- ACPI: processor: Fix memory leaks in error paths of
processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info()
fails in processor_add() (stable-fixes).
- commit c0216a0
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 5ac8578
- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 12f7852
- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 25df9d1
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- commit 4fb379d
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- usbnet: ipheth: race between ipheth_close and error handling
(git-fixes).
- commit 7ee6be8
- Refresh
patches.suse/USB-serial-option-add-MeiG-Smart-SRM825L.patch.
- commit 7c21712
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit d21e438
- Squashfs: sanity check symbolic link size (git-fixes).
- commit 38be121
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444 CVE-2024-45015)
- commit baea6a3
- media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269 CVE-2023-52916)
- commit 1c1f90d
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- commit 63b4ff1
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- commit 9995679
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (CVE-2024-44971 bsc#1230211)
- commit 6f30d53
- bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989 bsc#1230193)
- commit 656ad24
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 9c6f084
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
(CVE-2024-44970 bsc#1230209).
- commit 204a351
- bonding: fix null pointer deref in bond_ipsec_offload_ok
(CVE-2024-44990 bsc#1230194).
- commit caaca9d
- blk-mq: issue warning when offlining hctx with online isolcpus
(bsc#1229034).
- commit c169848
- Refresh
patches.suse/net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch.
- commit 0ae4275
- media: Revert "media: dvb-usb: Fix unexpected infinite loop
in dvb_usb_read_remote_control()" (git-fixes).
- commit 69c4bbe
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- commit 5094611
- drm/amd/display: fixed integer types and null check locations
(CVE-2024-26767 bsc#1230339).
- commit 91909ca
- Fix KABI for
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- Update
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- commit cbecb11
- net: dsa: mv88e6xxx: Fix out-of-bound access (CVE-2024-44988 bsc#1230192)
- commit e74f32c
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit fd19d1b
- ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986 bsc#1230230)
- commit 6ffd49a
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit e1f3131
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- commit fac58ad
- mm/swap: fix race when skipping swapcache (CVE-2024-26759
bsc#1230340).
- commit 8d9f1de
- filemap: remove use of wait bookmarks (bsc#1224085).
- commit a120011
- VMCI: Fix use-after-free when removing resource in
vmci_resource_remove() (git-fixes).
- iio: fix scale application in
iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error
(git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter
value (git-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
(stable-fixes).
- drm/amd/display: Correct the defined value for
AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream
(stable-fixes).
- drm/bridge: tc358767: Check if fully initialized before
signalling HPD event via IRQ (stable-fixes).
- commit fae29ce
- ALSA: hda/conexant: Mute speakers at suspend / shutdown
(stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at
suspend/shutdown (stable-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions
(stable-fixes).
- drm/amd/pm: check negtive return for table entries
(stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4
(stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode
setting on legacy SOCs (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in
struct kfd_topology_device (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning
(stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
(stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
(stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
(stable-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow
(stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
dal_gpio_service_create (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation
(stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing
reader_wm_sets[] (stable-fixes).
- drm/amd/display: Add array index check for hdcp ddc access
(stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums
greater than 6 (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index
(stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
(stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of
max_vid_step (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
(stable-fixes).
- drm/amdgpu: fix overflowed array index read warning
(stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
amdgpu_afmt_acr (stable-fixes).
- commit 22196ae
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- commit 392d522
- usb: dwc3: st: add missing depopulate in probe error path
(git-fixes).
- commit 5abd1b6
- usb: dwc3: st: fix probed platform device ref count on probe
error path (git-fixes).
- commit 7faef21
- usb: dwc3: omap: add missing depopulate in probe error path
(git-fixes).
- commit 50650b1
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL
is disabled (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate
API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
(git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload
(git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
(git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
(git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with
__maybe_unused (git-fixes).
- commit 3d813e4
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 58d7754
- Restore dropped fields for bluetooth MGMT/SMP structs
(git-fixes).
- commit 697b5de
- usbnet: modern method to get random MAC (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type
(git-fixes).
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP
over BREDR/LE" (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during
mcp251x_open (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered
(git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
(git-fixes).
- commit 2df245a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 85db03a
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- char: xillybus: Check USB endpoints when probing device
(git-fixes).
- char: xillybus: Refine workqueue handling (CVE-2024-45007
bsc#1230175).
- char: xillybus: Don't destroy workqueue from work item running
on it (CVE-2024-45007 bsc#1230175).
- commit 47704bc
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit 6ff419f
- ACPI: SBS: manage alarm sysfs attribute through psy core
(git-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
(git-fixes).
- commit 272cbf0
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- commit 9dc4a6f
- driver core: Add missing parameter description to
__fwnode_link_add() (git-fixes).
- commit b36a347
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit 5e594a9
- ext4: fix infinite loop when replaying fast_commit (bsc#1229394
CVE-2024-43828).
- commit c02cd83
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit 461fe08
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 1129dda
- ext4: make sure the first directory block is not a hole
(bsc#1229364 CVE-2024-42304).
- commit 26f77f8
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit 0d8efe8
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- commit ea6216f
- tcp: add sanity checks to rx zerocopy (CVE-2024-26640
bsc#1221650).
- commit 57d4108
- driver core: fw_devlink: Consolidate device link flag
computation (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being
part of a cycle (git-fixes).
- driver core: fw_devlink: Don't purge child fwnode's consumer
links (git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add wait_for_init_devices_probe helper function
(git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add debug logs when fwnode links are added/deleted
(git-fixes).
- driver core: Create __fwnode_link_del() helper function
(git-fixes).
- driver core: Set deferred probe reason when deferred by driver
core (git-fixes).
- commit 164932e
- net: bridge: switchdev: Skip MDB replays of deferred events
on offload (CVE-2024-26837 bsc#1222973).
- commit 3cf54c6
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- commit 7b935d7
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
(git-fixes).
- commit 2395491
- usb: dwc3: core: Prevent USB core invalid event buffer address
access (git-fixes).
- commit 55d4338
- usb: dwc3: core: Skip setting event buffers for host only
controllers (git-fixes).
- commit 352e074
- nilfs2: fix state management in error path of log writing
function (git-fixes).
- commit d45c3fc
- nilfs2: fix missing cleanup on rollforward recovery error
(git-fixes).
- commit 819efb5
- nilfs2: protect references to superblock parameters exposed
in sysfs (git-fixes).
- commit 85cfeab
- nilfs2: Constify struct kobj_type (git-fixes).
- commit 157952f
- nilfs2: use default_groups in kobj_type (git-fixes).
- commit 9ed2d62
- nilfs2: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 137f088
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 3d57dce
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- commit a8ffc3d
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- commit 264a15d
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- commit e2ccb4d
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- commit 0534ffe
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- commit 21c5e59
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- commit a1743f6
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- commit 823cdf8
- net/sched: act_ct: fix skb leak and crash on ooo frags
(CVE-2023-52610 bsc#1221610).
- commit 57db46f
- netfilter: ctnetlink: use helper function to calculate expect ID
(CVE-2024-44944 bsc#1229899).
- commit 744b379
- sctp: Fix null-ptr-deref in reuseport_add_sock()
(CVE-2024-44935 bsc#1229810).
- commit d4709fe
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: update stats for pages in dropped aux writeback list
(bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230129).
- commit 32e32b0
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 6d0732e
- efi/unaccepted: touch soft lockup during memory accept
(bsc#1225773 CVE-2024-36936).
- commit 29d2eb8
- vdpa: ifcvf: Do proper cleanup if IFCVF init fails (bsc#1225524
CVE-2022-48706).
- commit 023b108
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 717d839
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit b02e597
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 07bd1e3
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- ocfs2: use coarse time for new created files (git-fixes).
- commit 82dc1eb
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit acc20fb
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit c1bc9ca
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit f65ae14
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 3005438
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit b060763
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 264a4ea
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ALSA-usb-audio-Fix-possible-NULL-pointer-dereference.patch
(git-fixes CVE-2023-52904 bsc#1229529).
- Update
patches.suse/ASoC-Intel-sof-nau8825-fix-module-alias-overflow.patch
(git-fixes CVE-2022-48889 bsc#1229545).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update patches.suse/bpf-Add-schedule-points-in-batch-ops.patch
(jsc#PED-1377 CVE-2022-48939 bsc#1229616).
- Update
patches.suse/bpf-Fix-crash-due-to-incorrect-copy_map_value.patch
(jsc#PED-1377 CVE-2022-48940 bsc#1229615).
- Update
patches.suse/btrfs-prevent-copying-too-big-compressed-lzo-segment.patch
(git-fixes CVE-2022-48923 bsc#1229662).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch
(bsc#1206843 CVE-2023-52908 bsc#1229525).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-Fixed-bug-on-error-when-unloading-amdgpu.patch
(bsc#1206843 CVE-2023-52912 bsc#1229588).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update patches.suse/drm-i915-Fix-potential-context-UAFs.patch
(git-fixes CVE-2023-52913 bsc#1229521).
- Update
patches.suse/drm-i915-gt-Cleanup-partial-engine-discovery-failure.patch
(git-fixes CVE-2022-48893 bsc#1229576).
- Update
patches.suse/drm-msm-dpu-Fix-memory-leak-in-msm_mdss_parse_data_b.patch
(git-fixes CVE-2022-48888 bsc#1229546).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
(bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457
bsc#1213632 CVE-2022-48887 bsc#1229547).
- Update
patches.suse/drop_monitor-replace-spin_lock-by-raw_spin_lock.patch
(References: CVE-2021-47546 bsc#1227937 CVE-2024-40980).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update patches.suse/ice-Add-check-for-kzalloc.patch (jsc#PED-376
CVE-2022-48886 bsc#1229548).
- Update
patches.suse/ice-Fix-potential-memory-leak-in-ice_gnss_tty_write.patch
(jsc#PED-376 CVE-2022-48885 bsc#1229564).
- Update
patches.suse/iommu-iova-Fix-alloc-iova-overflows-issue.patch
(git-fixes CVE-2023-52910 bsc#1229523).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-ipv6-ensure-we-call-ipv6_mc_down-at-most-once.patch
(git-fixes CVE-2022-48910 bsc#1229632).
- Update
patches.suse/net-ks8851-Fix-deadlock-with-the-SPI-chip-variant.patch
(git-fixes CVE-2024-41036 bsc#1228496).
- Update
patches.suse/net-ks8851-Queue-RX-packets-in-IRQ-handler-instead-o.patch
(CVE-2024-35971 bsc#1224578 CVE-2024-36962 bsc#1225827).
- Update
patches.suse/net-mlx5-Fix-command-stats-access-after-free.patch
(jsc#PED-1549 CVE-2022-48884 bsc#1229562).
- Update
patches.suse/net-mlx5e-Fix-macsec-possible-null-dereference-when-.patch
(jsc#PED-1549 CVE-2022-48882 bsc#1229558).
- Update
patches.suse/net-mlx5e-IPoIB-Block-PKEY-interfaces-with-less-rx-q.patch
(jsc#PED-1549 CVE-2022-48883 bsc#1229560).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfsd-fix-handling-of-cached-open-files-in-nfsd4_open.patch
(git-fixes CVE-2023-52909 bsc#1229524).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/platform-x86-amd-Fix-refcount-leak-in-amd_pmc_probe.patch
(bsc#1210644 CVE-2022-48881 bsc#1229559).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229190 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- commit 777a4e3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 7d81a29
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit f13afd4
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- Revert "drm/amd/display: Validate hw_points_num before using it"
(stable-fixes).
- drm/amd/display: Validate hw_points_num before using it
(stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all
possible values can be stored (stable-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings
(stable-fixes).
- commit 91b4876
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit d3f6894
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit e13b213
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit 427ff01
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 6961c54
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit 9927afc
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit ff5617f
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit c954239
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- jfs: fix null ptr deref in dtInsertEntry (bsc#1229820
CVE-2024-44939).
- commit 02ccaa1
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit a4daba4
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit d450d98
- drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904 bsc#1229768)
- commit c2331c0
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- commit 2e1b5f5
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ca65d0a
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 32a510a
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 13ec104
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit a558155
- net/sched: act_mpls: Fix warning during failed attribute
validation (CVE-2023-52906 bsc#1229527).
- commit 5be67dc
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit f5f318d
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 5a53e2c
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 31be414
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 9d86cff
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 4342cf9
- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large (CVE-2022-48906 bsc#1229605)
- commit a7a3da6
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit af12745
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 78df5c8
- Reapply "drm/vc4: hdmi: Enforce the minimum rate at
This reverts commit 048f829d4b52520058c31bae2ef1ec08563c460a.
- commit 5126762
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- commit b3fe404
- Add exception protection processing for vd in
axi_chan_handle_err function (CVE-2023-52899 bsc#1229569).
- commit 510675c
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit ccfe5a9
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit 297df1b
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit f41507c
- vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873 bsc#1229488)
- commit d4e35ee
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 91482e3
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9ac27bb
- netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (CVE-2021-47106 bsc#1220962)
- commit e6e6065
- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
is set via ethtool (CVE-2021-47517 bsc#1225428).
- commit f131073
- ethtool: do not perform operations on net devices being
unregistered (CVE-2021-47517 bsc#1225428).
- ethtool: return error from ethnl_ops_begin if dev is NULL
(CVE-2021-47517 bsc#1225428).
- ethtool: runtime-resume netdev parent in ethnl_ops_begin
(CVE-2021-47517 bsc#1225428).
- ethtool: move netif_device_present check from
ethnl_parse_header_dev_get to ethnl_ops_begin (CVE-2021-47517
bsc#1225428).
- ethtool: move implementation of ethnl_ops_begin/complete to
netlink.c (CVE-2021-47517 bsc#1225428).
- commit 2e58867
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 134cc98
- exfat: fix potential deadlock on __exfat_get_dentry_set
(git-fixes).
- commit 2294924
- afs: Don't cross .backup mountpoint from backup volume
(git-fixes).
- commit b94ac2d
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- commit c10d9f9
- ubifs: dbg_orphan_check: Fix missed key type checking
(git-fixes).
- commit aca23b0
- ubifs: Fix adding orphan entry twice for the same inode
(git-fixes).
- commit e42f9e0
- ubifs: Fix unattached xattr inode if powercut happens after
deleting (git-fixes).
- commit ed1af4c
- exfat: fix inode->i_blocks for non-512 byte sector size device
(git-fixes).
- commit a3a46dd
- exfat: redefine DIR_DELETED as the bad cluster number
(git-fixes).
- commit 52b33f6
- exfat: support dynamic allocate bh for exfat_entry_set_cache
(git-fixes).
- commit dd685aa
- nilfs2: Remove check for PageError (git-fixes).
- commit cd97d8f
- drop_monitor: replace spin_lock by raw_spin_lock (References:
CVE-2021-47546 bsc#1227937).
- commit dd4f366
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- commit b7df97b
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- commit 0a0202d
- supported.conf: Sort with tool
No functional change intended
- commit 4d22f17
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 31787dd
- supported.conf: Fix comment placement.
We have a script for automated sorting of this file.
However, it can only work with comments that are placed together with
the module name on the same line, not with comments on their own line.
- commit d1c37d4
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- commit 6daa607
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: disable toggling dormant table state
more than once (CVE-2024-35897 bsc#1224510).
- commit c138803
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit 15b1876
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 081f6b0
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit 4e175b8
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit 4b042b0
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 7074520
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 5731bf5
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 3f2b4eb
- kabi: hide include of ppp files from genksyms (CVE-2024-27016
bsc#1223807).
- commit db3abd4
- net: phy: phy_device: Prevent nullptr exceptions on ISR
(CVE-2024-35945 bsc#1224639).
- net: phy: allow a phy to opt-out of interrupt handling
(CVE-2024-35945 bsc#1224639).
- net: phy: Deduplicate interrupt disablement on PHY attach
(CVE-2024-35945 bsc#1224639).
- commit 2a46e5f
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit f901f47
- netfilter: flowtable: validate pppoe header (CVE-2024-27016
bsc#1223807).
- commit ad249c6
- netfilter: flowtable: Fix QinQ and pppoe support for inet table
(CVE-2024-27016 bsc#1223807).
- commit 0b940a3
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 11d3282
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit 886bbe9
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit 99e9416
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 230ddc2
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 4c196fd
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 52bf670
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 3e4f173
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit ff5170b
- s390/pkey: Wipe sensitive data on failure (bsc#1228727
CVE-2024-42157 git-fixes).
- commit bfb03ba
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229573).
- commit 5bbca6e
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229572).
- commit de7864e
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit 256d260
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit aa78187
- ceph: periodically flush the cap releases (bsc#1225162).
- ceph: issue a cap release immediately if no cap exists
(bsc#1225162).
- commit 3fe7ed5
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- commit 03a8502
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- commit af4907d
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- commit 7de02e0
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- commit 7da24f6
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit 82fce1f
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 7943dda
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit 2f1fd70
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 3e19d8c
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 51cef10
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- commit 87f8b26
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit fa634c1
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit c8788c0
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0f7f361
- arm64: cpufeature: Always specify and use a field width for capabilities (git-fixes)
Refresh patches.suse/arm64-cpufeature-Fix-field-sign-for-DIT-hwcap-detection.patch.
Refresh patches.suse/arm64-cpufeature-Force-HWCAP-to-be-based-on-the-sysreg-visible-to-user-space.patch.
- commit 8d157b0
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- commit 817012e
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit 8e189b9
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit a85e801
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- commit a7d20d9
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 9ffdd2d
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 828e8df
- net: enetc: move enetc_set_psfp() out of the common
enetc_set_features() (CVE-2022-48645 bsc#1223508).
- commit 995bd04
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 7e08cca
- net: tcp: fix unexcepted socket die when snd_wnd is 0
(CVE-2024-41007 bsc#1227863).
- commit 226da79
- net: nsh: Use correct mac_offset to unwind gso skb in
nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit a887eae
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 765d56f
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit ac167d3
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit 245f980
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit eabaf05
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit a2d18fc
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit dabff04
- arm64: errata: Unify speculative SSBS errata logic (git-fixes)
Also update default configuration.
- commit c115971
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 9e86d7f
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit cca3066
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit b5d9595
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh capability reservation patch and enable workarounds.
- commit f1638b8
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 5592cab
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit e63daa2
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 525b096
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 9d204de
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- commit ed48e5e
- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
devm_pm_runtime_enable() (CVE-2024-42319 bsc#1229350).
- commit 7de6296
- remoteproc: imx_rproc: Skip over memory region when node value
is NULL (CVE-2024-43860 bsc#1229319).
- commit eb0027b
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit bb0530e
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 5fa7be4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 0be5a80
- soc: qcom: pdr: protect locator_addr with the main mutex
(CVE-2024-43849 bsc#1229307).
- commit 2a0434d
- wifi: virt_wifi: don't use strlen() in const context
(CVE-2024-43841 bsc#1229304).
- wifi: virt_wifi: avoid reporting connection success with wrong
SSID (CVE-2024-43841 bsc#1229304).
- commit 4c3129e
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 681a377
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- can: mcp251xfd: fix infinite loop when xmit fails
(CVE-2024-41088 bsc#1228469).
- can: mcp251xfd: move TX handling into separate file
(CVE-2024-41088 bsc#1228469).
- commit 11bb8df
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 9abb2d6
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229453).
- commit 803fe7f
- Refresh patches.suse/drm-amd-display-Fix-vs-typos.patch (git-fixes)
Alt-commit
- commit c32dc85
- drm/amd/display: Fix && vs || typos (git-fixes).
- commit e43afc5
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/platform-x86-intel-uncore-freq-Prevent-driver-loading-in-guests.patch.
- commit 90be679
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch.
- commit 7b2122f
- Refresh patches.suse/drm-amd-display-fix-cursor-offset-on-rotation-180.patch (git-fixes)
Alt-commit
- commit 9bfc3c1
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 050ccc2
- Refresh patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch (git-fixes)
Alt-commit
- commit b9a2ae1
- Refresh patches.suse/drm-amd-Flush-GFXOFF-requests-in-prepare-stage.patch (git-fixes)
Alt-commit
- commit 5d001ff
- Refresh patches.suse/drm-amd-display-Preserve-original-aspect-ratio-in-cr.patch (git-fixes)
Alt-commit
- commit 7a0957e
- Refresh patches.suse/0001-drm-amd-display-Implement-bounds-check-for-stream-en.patch (git-fixes)
Alt-commit
- commit 83a8df8
- Refresh patches.suse/0001-drm-amd-display-Add-NULL-test-for-timing-generator-i.patch (git-fixes)
Alt-commit
- commit 96ead93
- Refresh patches.suse/drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch (git-fixes)
Alt-commit
- commit c97f053
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 6eeb5fc
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229418).
- commit e9340b2
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit f56b67a
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit 66923e5
- net/rds: fix possible cp null dereference (git-fixes).
- commit 266afb9
- Refresh
patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git commit and move to sorted section.
- commit 89d3015
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- commit 06d3b72
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- commit fdf3d9e
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- commit 582ab23
- Subject: RDMA/rxe: Handle zero length rdma (git-fixes)
- commit d8ea1d2
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit 6cb46c4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 6a10c09
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 3d017fc
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit 587e4e9
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- commit 1158708
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 79ff759
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit 3aa0f11
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc: Fail build if using recordmcount with binutils v2.37
(bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed()
(bsc#1194869).
- Refresh patches.suse/powerpc-vmlinux.lds-Add-an-explicit-symbol-for-the-S.patch
- powerpc: Mark .opd section read-only (bsc#1194869).
- commit 2160944
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229190).
- commit 8da5fb8
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229188).
- commit f8287f7
- s390/cpacf: Make use of invalid opcode produce a link error
(git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes
bsc#1229187).
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079
bsc#1229187).
- commit ef080ed
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
(stable-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam
Deck revisions (stable-fixes).
- commit e806b26
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab
3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
(stable-fixes).
- commit f4c5b8f
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit e5ad6b1
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void
(git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c
(git-fixes).
- commit d462b94
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit d553d97
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit 1be5f1f
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 06e9d31
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 5b03027
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 1a47b84
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 3ebff38
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 3876087
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 1c4efdd
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit f11ea1a
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit ec733e8
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit dfa3da1
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit c01d7b5
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit 7ba0b5e
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit e8c18c1
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit 4c817e3
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 2c5d7b8
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 430794a
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 9456b6b
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- commit 64f81fd
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 04f92b6
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit aac2b6a
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- commit 7560f66
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- commit 8b41557
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 358a165
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 082b3ea
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit ae18577
- genirq: Take the proposed affinity at face value if force==true
(git-fixes).
- commit 01fe9f9
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit 3bff740
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- net: ks8851: Fix potential TX stall after interface reopen
(git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag
handling (git-fixes).
- commit 7cb23d2
- net: ks8851: Queue RX packets in IRQ handler instead of
disabling BHs (CVE-2024-35971 bsc#1224578).
- net: ks8851: Handle softirqs at the end of IRQ thread to fix
hang (CVE-2024-35971 bsc#1224578).
- net: ks8851: Inline ks8851_rx_skb() (CVE-2024-35971
bsc#1224578).
- net: ks8851: Fix TX stall caused by TX buffer overrun
(gix-fixes).
- commit a0911e3
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled
(bsc#1229034).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs
(bsc#1229034).
- virtio: blk/scsi: use block layer helpers to calculate num of
queues (bsc#1229034).
- scsi: use block layer helpers to calculate num of queues
(bsc#1229034).
- nvme-pci: use block layer helpers to calculate num of queues
(bsc#1229034).
- blk-mq: add number of queue calc helper (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with
blk_mq_dev_map_queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- commit 8efabbc
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC
(git-fixes).
- commit dc74872
- ACPI: bus: Indicate support for the Generic Event Device thru
_OSC (git-fixes).
- Refresh
patches.suse/ACPI-Fix-Generic-Initiator-Affinity-_OSC-bit.patch.
- commit 5e88627
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in
group_cpus_evenly (bsc#1229031).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP
kernels (bsc#1229031).
- blk-mq: Build default queue map via group_cpus_evenly()
(bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/
(bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as
group_cpus_evenly (bsc#1229031).
- genirq/affinity: Don't pass irq_affinity_desc array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty()
where appropriate (bsc#1229031).
- commit 614293b
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
(git-fixes).
- commit 39678ad
- ACPI: x86: s2idle: Post-increment variables when getting
constraints (git-fixes).
- Refresh
patches.suse/ACPI-x86-s2idle-Fix-a-logic-error-parsing-AMD-constr.patch.
- commit f30def6
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/block-add-check-that-partition-length-needs-to-be-aligned-with-block-size.patch
(bsc#1227867 CVE-2024-41000 CVE-2023-52458 bsc#1220428).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
(git-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 05086b1
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- commit 5de370b
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 9250a1e
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- commit 29bbfef
- ACPI: bus: Rework system-level device notification handling
(git-fixes).
- Refresh
patches.suse/ACPI-bus-Ensure-that-notify-handlers-are-not-running.patch.
- commit 7dcab46
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- kernel/irq/irqdomain.c: fix memory leak with using
debugfs_lookup() (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- genirq: Don't return error on missing optional
irq_request_resources() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable
affinities (git-fixes).
- commit 2fd5320
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- commit 096fa1d
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 9870725
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit 2f9875a
- PM: sleep: Fix possible deadlocks in core system-wide PM code
(bsc#1221269 CVE-2023-52498).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- commit 14accb2
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit 77769f2
- net: dsa: fix panic when DSA master device unbinds on shutdown
(CVE-2022-48808 bsc#1227958).
- commit 1e672d7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 082abd5
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit f99b96f
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit ddec32c
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 0d8cf49
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit db1c6e2
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit 13bca15
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- block: add check that partition length needs to be aligned
with block size (bsc#1227867 CVE-2024-41000).
- commit f6a3a4f
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 52582b0
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3fdab8d
- netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042
bsc#1228526).
- Refresh
patches.kabi/netfilter-KABI-workaround-for-CVE-2023-3610-bsc-1213.patch.
- commit 05a5b4a
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit 8a881f9
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit a738a53
- tipc: force a dst refcount before doing decryption (CVE-2024-40983 bsc#1227819).
- commit af53498
- avahi
-
- prerequire avahi in avahi-autipd as we user "user avahi"
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- python3
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- fix replaces_installed_package using the wrong solvable id
when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd
-
- Import commit cba472567893618e15b4ab95a3cb0a762ad3ed10
0e8c003e1f core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
621e16c0b8 core/unit: add get_timeout_start_usec in UnitVTable and define it for service
b4140d888a sd-bus: make bus_add_match_full accept timeout
81cb3a4fb5 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
533e98fc6b sd-device: add helper to read a unsigned int attribute
- libuv
-
- Fixed CVE-2024-24806: libuv: Improper Domain Lookup that potentially
leads to SSRF attacks (bsc#1219724)
Added:
0001-fix-always-zero-terminate-idna-output.patch
0002-fix-reject-zero-length-idna-inputs.patch
0003-test-empty-strings-are-not-valid-IDNA.patch
- libzypp
-
- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)
- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- Fix typo (fixes #592)
- cmake: check location of fcgi header and adjust include
accordingly. On Debian and derivatives the fcgi headers
are not stored in a fastcgi/ subdirectory.(#590)
- version 17.35.15 (35)
- The 20MB download limit must not apply to non-metadata files like
package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)
- BuildCache: Don't try to retrieve missing raw metadata if no
permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- python-Jinja2
-
- Add security patch CVE-2024-56326.patch (bsc#1234809)
- salt
-
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
- Added:
* revert-the-change-making-reactor-less-blocking-bsc-1.patch
* fix-x509-test-fails-on-old-openssl-systems-682.patch
* prevent-using-syncwrapper-with-no-reason.patch
* avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
* allow-namedloadercontexts-to-be-returned-from-loader.patch
* fix-deprecated-code-677.patch
* fix-test_debian-to-work-in-our-infrastructure-676.patch
* fix-the-selinux-context-for-salt-minion-service-bsc-.patch
* use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
* fix-test_system-flaky-setup_teardown-fn.patch
* join-masters-if-it-is-a-list-671.patch
* replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
* remove-redundant-run_func-from-salt.master.mworker._.patch
* make-tests-compatible-with-venv-bundle.patch
* avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
* skip-more-tests-related-to-old-openssl-algorithms.patch
* improve-error-handling-with-different-openssl-versio.patch
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
- release-notes-sles
-
- 15.6.20240926 (tracked in bsc#933411)
- Corrected a wrong entry regarding 389 and OpenLDAP
* OpenLDAP will be replaced by 389 in future SLE versions
* OpenLDAP has been re-added to SLE 15 SP5 and SP6 to prolong
the migration time window
- 15.5.20240924 (tracked in bsc#933411)
- updated max user space limit (bsc#1227524)
- Added note about OpenLDAP deprecation (jsc#PED-8118)
- Added warning about changing system Python (bsc#1222226)
- Updated product names and abbrevs (jsc#DOCTEAM-1133)
- Added note about systemd effective limit properties (jsc#PED-7978)
- Added note about FRR (jsc#PED-7549)
- Added note about FRR (jsc#PED-754)
- aarch64: Added warning about NVIDIA JetPack 6.0 for Orin
(jsc#PED-7863 / bsc#1212541)
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- restart daemon after update at the end of the transaction
(bsc#1230984)
- rubygem-nokogiri
-
- added only-complain-about-version-diff-if-it-is-older.patch:
make nokogiri only complain about mismatching libxml2 version
if the runtime version is older than the build version as we
assume newer versions should be ABI compatible (boo#1213999)
- samba
-
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
- Regression DFS not working with widelinks = true, updated to
fix DFS link enumeration; (bso#15435); (bsc#1213607);
- use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE; (bsc#1223345);
(bso#15423).
- Reduce winbind error msg to debug for a PDC/NT4 domain
(bsc#1221168).
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- vim
-
- Fix for bsc#1231373 / CVE-2024-47814.
- Fix for bsc#1229238 / CVE-2024-43374.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- wget
-
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xen
-
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop the following patches
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- yast2-network
-
- Try to assign default global routes to an specific connection
when possible (bsc#1232531).
- 4.5.25
- zypper
-
- Don't try to download missing raw metadata if cache is not
writable (bsc#1225451)
- man: Update 'search' command description.
Hint to "se -v" showing the matches within the packages metadata.
Explain that search strings starting with a "/" will implicitly
look into the filelist as well. Otherfise an explicit "-f" is
needed.
- version 1.14.78
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77