- HANA-Firewall
-
- HANA-Firewall creates insufficient configuration.
(bsc#1221231)
- SAPHanaSR
-
- Version bump to 0.162.4
* unify global.ini examples
* add demo script SAPHanaSR-upgrade-to-angi-demo
* update man pages:
SAPHanaSR_basic_cluster.7
SAPHanaSR_maintenance_examples.7
SAPHanaSR_upgrade_to_angi.7
SAPHanaSR-manageProvider.8
SAPHanaSR-upgrade-to-angi-demo.8
SAPHanaSR.py.7
- 000release-packages:SLES_SAP-release
-
n/a
- aaa_base
-
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to also fix the typo to set JAVA_BINDIR in the csh variant
of the alljava profile script (bsc#1221361)
- autofs
-
- autofs-5.1.6-remove-intr-hosts-map-mount-option.patch
Don't use the intr option on NFS mounts by default, it's been
ignored by the kernel for a long time now. (bsc#1225130)
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-regionsrv-client
-
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- kernel-default
-
- usb: typec: ucsi: Limit read size on v1.2 (CVE-2024-35924
bsc#1224657).
- commit 578815c
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
(bsc#1224575 CVE-2024-35976).
- commit bc0a82d
- bpf, skmsg: Fix NULL pointer dereference in
sk_psock_skb_ingress_enqueue (bsc#1225761 CVE-2024-36938).
- commit 38f788d
- inet: inet_defrag: prevent sk release while still in use
(CVE-2024-26921 bsc#1223138).
- commit fb20c1d
- Update references
- commit 006ab15
- kABI: bpf: struct bpf_insn_aux_data kABI workaround
(bsc#1225756).
- commit b5b7cd0
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- commit 1edb341
- vhost-vdpa: fix use after free in vhost_vdpa_probe()
(CVE-2023-52795 bsc#1225085).
- commit 423f910
- smb3: fix lock ordering potential deadlock in
cifs_sync_mid_result (bsc#1224020, bsc#1224549, CVE-2024-35998).
- commit fbb4c17
- smb: client: fix potential deadlock when releasing mids
(bsc#1224020, bsc#1225548, CVE-2023-52757).
- commit edc36f8
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array (bsc#1225506 CVE-2021-47548)
- commit b006eef
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355).
Adding the CVE references.
- commit 2df316d
- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
CVE-2024-26828).
- commit cade548
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- bpf: mostly decouple jump history management from
is_state_visited() (bsc#1225756).
- bpf: decouple prune and jump points (bsc#1225756).
- commit 574a67d
- Refresh patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
This fixes following build warning:
Changed build warnings:
* **** 1 warnings *****
* comparison of distinct pointer types lacks a cast in ../kernel/dma/swiotlb.c in swiotlb_do_find_slots (from ../include/linux/minmax.h)
In file included from ../include/linux/kernel.h:17:0,
../kernel/dma/swiotlb.c: In function 'swiotlb_do_find_slots':
../include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
../include/linux/minmax.h:26:4: note: in expansion of macro '__typecheck'
../include/linux/minmax.h:36:24: note: in expansion of macro '__safe_cmp'
../include/linux/minmax.h:52:19: note: in expansion of macro '__careful_cmp'
../kernel/dma/swiotlb.c:648:12: note: in expansion of macro 'max'
- commit a52b0ca
- blacklist.conf: add d380ce70058a4ccddc3e5f5c2063165dc07672c6
netrom: Fix data-races around sysctl_net_busy_read
(CVE-2024-27419 bsc#1224759)
- commit b538410
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- commit 7a7f193
- blacklist.conf: added fix that needs code not present
- commit 9671fd4
- smb: client: set correct id, uid and cruid for multiuser
automounts (bsc#1223011, CVE-2024-26822).
- commit 04cc660
- smb3: missing lock when picking channel (bsc#1224020,
bsc#1224550, CVE-2024-35999).
- commit dfca6b0
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224020, bsc#1224766,
CVE-2024-35861).
- commit 40c4ccf
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224020, bsc#1224764, CVE-2024-35862).
- commit 464e649
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224763, CVE-2024-35863).
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224020, bsc#1224763, CVE-2024-35863).
- commit bfa9e6b
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
(bsc#1224020, bsc#1224668, CVE-2024-35865).
- commit 08baf42
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224020, bsc#1224765, CVE-2024-35864).
- commit b0dc4df
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224664, CVE-2024-35867).
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224020, bsc#1224664, CVE-2024-35867).
- commit 45bad5a
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224678, CVE-2024-35868).
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224020, bsc#1224678, CVE-2024-35868).
- commit 3ae3416
- smb: client: fix potential UAF in cifs_dump_full_key()
(bsc#1224020, bsc#1224667, CVE-2024-35866).
- commit f99c74f
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1223532, CVE-2024-26928).
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1224020, bsc#1223532, CVE-2024-26928).
- commit e95e3a6
- smb: client: guarantee refcounted children from parent session
(bsc#1224020, bsc#1224679, CVE-2024-35869).
- commit 6773173
- smb: client: fix UAF in smb2_reconnect_server() (bsc#1224020,
bsc#1224672, CVE-2024-35870).
- commit 69f157e
- cifs: failure to add channel on iface should bump up weight
(git-fixes, bsc#1224020).
- commit f21b7f9
- Revert "cifs: reconnect work should have reference on server
struct" (git-fixes, bsc#1224020).
- commit 04d1a0e
- cifs: fix leak of iface for primary channel (git-fixes,
bsc#1224020).
- commit 0af0c46
- smb: client: fix mount when dns_resolver key is not available
(git-fixes, bsc#1224020).
- commit 751b43e
- cifs: handle cases where multiple sessions share connection
(bsc#1224020).
- commit caf101a
- smb3: show beginning time for per share stats (bsc#1224020).
- commit 9120f21
- cifs: cifs_chan_is_iface_active should be called with chan_lock
held (bsc#1224020).
- commit 8eaf345
- cifs: do not pass cifs_sb when trying to add channels
(bsc#1224020).
- commit 0be08c0
- smb: client: remove extra @chan_count check in
__cifs_put_smb_ses() (bsc#1224020).
- commit 48869a9
- cifs: reconnect work should have reference on server struct
(bsc#1224020).
- commit 4099f48
- cifs: handle cases where a channel is closed (bsc#1224020).
- commit 856c9d4
- smb: client: reduce stack usage in cifs_try_adding_channels()
(bsc#1224020).
- commit 664baaf
- smb: client: get rid of dfs code dep in namespace.c
(bsc#1224020).
- commit fd4a262
- smb: client: get rid of dfs naming in automount code
(bsc#1224020).
- commit ffae390
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- commit 28e987f
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit af0feb9
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- commit ba31c72
- cifs: fix charset issue in reconnection (bsc#1224020).
- commit 18aa95e
- cifs: account for primary channel in the interface list
(bsc#1224020).
- commit a4889d1
- smb: Fix regression in writes when non-standard maximum write
size negotiated (bsc#1222464, CVE-2024-26692).
- commit 3c009aa
- cifs: distribute channels across interfaces based on speed
(bsc#1224020).
- commit 607d036
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes CVE-2024-26894 bsc#1223043).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes CVE-2024-27436 bsc#1224803).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes CVE-2024-36906 bsc#1225715).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes CVE-2024-26801 bsc#1222413).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes CVE-2024-35978 bsc#1224571).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes CVE-2024-35965 bsc#1224579).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes CVE-2024-35966 bsc#1224576).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes CVE-2024-35967 bsc#1224587).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes CVE-2024-35933 bsc#1224640).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes CVE-2024-27416 bsc#1224723).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes CVE-2024-35963 bsc#1224582).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes CVE-2024-27399 bsc#1224177).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes CVE-2024-36012 bsc#1225502).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes CVE-2024-36880 bsc#1225722).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes CVE-2024-35851 bsc#1224509).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes CVE-2024-36032 bsc#1225720).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes CVE-2024-26839 bsc#1222975).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes CVE-2024-26870 bsc#1223113).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes CVE-2024-35809 bsc#1224738).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes CVE-2024-26838 bsc#1222974).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes CVE-2024-26907 bsc#1223203).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes CVE-2024-26916 bsc#1223137).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes CVE-2024-27388 bsc#1223744).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes CVE-2024-36896 bsc#1225734).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes CVE-2024-26934 bsc#1223671).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes CVE-2024-26989 bsc#1223748).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes CVE-2024-35887 bsc#1224663).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes CVE-2024-35982 bsc#1224566).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 CVE-2024-36918 bsc#1225766).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes CVE-2024-35849 bsc#1224733).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes CVE-2024-27004 bsc#1223762).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes CVE-2024-27037 bsc#1223717).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes CVE-2024-27001 bsc#1223698).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes CVE-2024-27051 bsc#1223769).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes CVE-2024-26974 bsc#1223638).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes CVE-2024-26880 bsc#1223188).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes CVE-2024-35990 bsc#1224559).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes CVE-2024-35833 bsc#1224632).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes CVE-2024-26788 bsc#1222783).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes CVE-2024-35989 bsc#1224558).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes CVE-2024-36897 bsc#1225735).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes CVE-2024-27045 bsc#1223826).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes CVE-2024-36026 bsc#1225705).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes CVE-2024-27400 bsc#1224180).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes CVE-2024-26922 bsc#1223315).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes CVE-2024-36014 bsc#1225593).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
CVE-2024-35952 bsc#1224705).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes CVE-2024-35950 bsc#1224703).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes CVE-2024-26938 bsc#1223678).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes CVE-2024-26937 bsc#1223677).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes CVE-2024-35829 bsc#1224707).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes CVE-2024-26874 bsc#1223048).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes CVE-2024-27008 bsc#1223802).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes CVE-2024-35932 bsc#1224650).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes CVE-2024-26940 bsc#1223718).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes CVE-2024-35947 bsc#1224647).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26778 bsc#1222770).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26777 bsc#1222765).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes CVE-2024-35922 bsc#1224660).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes CVE-2024-35984 bsc#1224567).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes CVE-2024-26988 bsc#1223747).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes CVE-2024-35847 bsc#1224697).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes CVE-2024-35955 bsc#1224676).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes CVE-2024-27075 bsc#1223842).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes CVE-2024-27074 bsc#1223844).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes CVE-2024-27076 bsc#1223779).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes CVE-2024-26829 bsc#1223027).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes CVE-2024-27073 bsc#1223843).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes CVE-2024-27072 bsc#1223837).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes CVE-2024-27077 bsc#1223780).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes CVE-2024-27078 bsc#1223781).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes CVE-2024-35813 bsc#1224618).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes CVE-2024-36029 bsc#1225708).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes CVE-2024-26698 bsc#1222374).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes CVE-2024-35901 bsc#1224495).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 CVE-2024-26859 bsc#1223049).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes CVE-2024-35796 bsc#1224615).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes CVE-2024-27047 bsc#1223828).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes CVE-2024-26597 bsc#1220363).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes CVE-2024-35915 bsc#1224479).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes CVE-2024-26984 bsc#1223633).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes CVE-2024-26846 bsc#1223023).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes CVE-2024-27435 bsc#1224717).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes CVE-2024-26977 bsc#1223631).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes CVE-2024-27412 bsc#1224437).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes CVE-2024-36015 bsc#1225640).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes CVE-2024-35940 bsc#1224537).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes CVE-2024-27054 bsc#1223819).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 CVE-2024-36931 bsc#1225747).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 CVE-2024-36928 bsc#1225775).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 CVE-2024-26957 bsc#1223666).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 CVE-2024-35930 bsc#1224651).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 CVE-2024-26931 bsc#1223627).
- Update patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch
(bsc1221816 CVE-2024-26929 bsc#1223715).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 CVE-2024-26930 bsc#1223626).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes CVE-2024-27000 bsc#1223757).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes CVE-2024-26999 bsc#1223754).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes CVE-2024-35806 bsc#1224699).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes CVE-2024-26994 bsc#1223750).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes CVE-2024-27028 bsc#1223788).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes CVE-2024-36016 bsc#1225642).
- Update
patches.suse/ubifs-Set-page-uptodate-in-the-correct-place.patch
(git-fixes CVE-2024-35821 bsc#1224629).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes CVE-2024-35812 bsc#1224624).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes CVE-2024-26748 bsc#1222513).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes CVE-2024-26997 bsc#1223741).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes CVE-2024-26996 bsc#1223752).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes CVE-2024-27405 bsc#1224423).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes CVE-2024-35825 bsc#1224681).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes CVE-2024-36893 bsc#1225748).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes CVE-2024-35822 bsc#1224739).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes CVE-2024-26964 bsc#1223650).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes CVE-2024-35823 bsc#1224692).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 CVE-2024-35938 bsc#1224643).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes CVE-2024-35845 bsc#1224731).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes CVE-2024-35912 bsc#1224487).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes CVE-2024-35828 bsc#1224622).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes CVE-2024-35789 bsc#1224749).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes CVE-2024-27410 bsc#1224432).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes CVE-2024-27052 bsc#1223829).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes CVE-2024-27053 bsc#1223737).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes CVE-2024-35801 bsc#1224732).
- commit aea06f9
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes CVE-2023-52683 bsc#1224627).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes CVE-2023-52693 bsc#1224686).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes CVE-2023-52851 bsc#1225587).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes CVE-2023-52657 bsc#1224722).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes CVE-2023-52803 bsc#1225008).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 CVE-2023-52653 bsc#1223712).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 CVE-2023-52732 bsc#1225222).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes CVE-2023-52669 bsc#1224637).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2023-52773 bsc#1225041).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes CVE-2023-52691 bsc#1224607).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes CVE-2023-52815 bsc#1225568).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes CVE-2023-52678 bsc#1224617).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes CVE-2023-52861 bsc#1224941).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes CVE-2023-52694 bsc#1224598).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes CVE-2023-52650 bsc#1223770).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes CVE-2023-52661 bsc#1224445).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes CVE-2023-52662 bsc#1224449).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 CVE-2023-52731 bsc#1224929).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes CVE-2023-52643 bsc#1222960).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes CVE-2023-52642 bsc#1223031).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes CVE-2023-52705 bsc#1225480).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes CVE-2023-52679 bsc#1224508).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes CVE-2023-52696 bsc#1224601).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes CVE-2023-52685 bsc#1224728).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes CVE-2023-52808 bsc#1225555).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 CVE-2023-52811 bsc#1225559).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes CVE-2023-52809 bsc#1225556).
- Update
patches.suse/sysv-don-t-call-sb_bread-with-pointers_lock-held.patch
(git-fixes CVE-2023-52699 bsc#1224659).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes CVE-2023-52777 bsc#1224992).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes CVE-2023-52644 bsc#1222961).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes CVE-2023-52659 bsc#1224442).
- commit c90a371
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48633 bsc#1223489).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes CVE-2022-48669
bsc#1223756).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 CVE-2022-48705 bsc#1223895).
- commit 5061b21
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47532 bsc#1225444).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47531 bsc#1225443).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47530 bsc#1225442).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 CVE-2021-47552 bsc#1225513).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes CVE-2021-47508 bsc#1225408).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 CVE-2021-47504 bsc#1225382).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 CVE-2021-47569 bsc#1225515).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 CVE-2021-47512 bsc#1225424).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 CVE-2021-47557 bsc#1225468).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes CVE-2021-47555 bsc#1225467).
- commit 89b5f8b
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes CVE-2023-52736 bsc#1225486).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes CVE-2023-52806 bsc#1225554).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes CVE-2023-52833 bsc#1225595).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes CVE-2023-52745 bsc#1225032).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes CVE-2023-52747 bsc#1224931).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes CVE-2023-52840 bsc#1224928).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes CVE-2023-52744 bsc#1225121).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes CVE-2023-52834 bsc#1225599).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes CVE-2023-52878 bsc#1225000).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes CVE-2023-52741 bsc#1225479).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52875 bsc#1225096).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52870 bsc#1224937).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52873 bsc#1225589).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52865 bsc#1225086).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52858 bsc#1225566).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes CVE-2023-52876 bsc#1225036).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes CVE-2023-52819 bsc#1225532).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes CVE-2023-52818 bsc#1225530).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes CVE-2023-52753 bsc#1225478).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes CVE-2023-52817 bsc#1225569).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes CVE-2023-52814 bsc#1225565).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes CVE-2023-52738 bsc#1225005).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes CVE-2023-52825 bsc#1225076).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2023-52816 bsc#1225529).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes CVE-2023-52856 bsc#1224932).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2023-52821 bsc#1225022).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes CVE-2023-52867 bsc#1225009).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes CVE-2023-52838 bsc#1225031).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes CVE-2023-52810 bsc#1225557).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes CVE-2023-52759 bsc#1225560).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes CVE-2023-52853 bsc#1224988).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes CVE-2023-52791 bsc#1225108).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes CVE-2023-52763 bsc#1225570).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes CVE-2023-52788 bsc#1225106).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes CVE-2023-52743 bsc#1225003).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes CVE-2023-52799 bsc#1225472).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes CVE-2023-52805 bsc#1225553).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes CVE-2023-52847 bsc#1225588).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes CVE-2023-52764 bsc#1225571).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes CVE-2023-52754 bsc#1225490).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-52844 bsc#1225590).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes CVE-2023-52708 bsc#1225483).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes CVE-2023-52730 bsc#1224956).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes CVE-2023-52742 bsc#1225482).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes CVE-2023-52702 bsc#1224945).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes CVE-2023-52703 bsc#1225549).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes CVE-2023-52854 bsc#1225584).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes CVE-2023-52864 bsc#1225132).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
CVE-2023-52756 bsc#1225461).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes CVE-2023-52871 bsc#1225534).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes CVE-2023-52868 bsc#1225044).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes CVE-2023-52872 bsc#1225591).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes CVE-2023-52789 bsc#1225180).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes CVE-2023-52781 bsc#1225092).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes CVE-2023-52855 bsc#1225583).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes CVE-2023-52877 bsc#1224944).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes CVE-2023-52798 bsc#1224947).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2022-48710 bsc#1225230).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes CVE-2022-48709 bsc#1225095).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes CVE-2021-47511 bsc#1225411).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes CVE-2021-47509 bsc#1225409).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes CVE-2021-47502 bsc#1225369).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes CVE-2021-47522 bsc#1225437).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes CVE-2021-47521 bsc#1225435).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes CVE-2021-47514 bsc#1225425).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes CVE-2021-47550 bsc#1225379).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes CVE-2021-47551 bsc#1225510).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes CVE-2021-47535 bsc#1225446).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes CVE-2021-47533 bsc#1225445).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes CVE-2021-47499 bsc#1225358).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes CVE-2021-47500 bsc#1225360).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes CVE-2021-47529 bsc#1225373).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes CVE-2021-47560 bsc#1225495).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes CVE-2021-47513 bsc#1225380).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes CVE-2021-47564 bsc#1225501).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-47542 bsc#1225455).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes CVE-2021-47559 bsc#1225396).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes CVE-2021-47536 bsc#1225447).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes CVE-2021-47518 bsc#1225372).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes CVE-2021-47507 bsc#1225405).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes CVE-2021-47506 bsc#1225404).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes CVE-2021-47537 bsc#1225375).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes CVE-2021-47549 bsc#1225508).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes CVE-2021-47553 bsc#1225464).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes CVE-2021-47565 bsc#1225384).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes CVE-2021-47503 bsc#1225374).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes CVE-2021-47527 bsc#1194288).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes CVE-2021-47526 bsc#1225376).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes CVE-2021-47524 bsc#1225377).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes CVE-2021-47525 bsc#1225441).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes CVE-2021-47544 bsc#1225463).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes CVE-2021-47528 bsc#1225368).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes CVE-2021-47554 bsc#1225466).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b
- blacklist.conf: add fix that requires absent infrastruucture
- commit dbb8058
- scsi: lpfc: Copyright updates for 14.4.0.2 patches
(bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask
(bsc#1225842).
Refresh:
- patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list
(bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver
is unloading (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O
(bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT
MIB commands (bsc#1225842).
- commit 5e95ee6
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225444
CVE-2021-47532).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225443
CVE-2021-47531).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225442
CVE-2021-47530).
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
bsc#1223489 CVE-2022-48633).
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes bsc#1224627 CVE-2023-52683).
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes bsc#1223043 CVE-2024-26894).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes bsc#1224686 CVE-2023-52693).
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes bsc#1225486 CVE-2023-52736).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes bsc#1225554 CVE-2023-52806).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955).
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes bsc#1225411 CVE-2021-47511).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes bsc#1225409 CVE-2021-47509).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes bsc#1224803 CVE-2024-27436).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes bsc#1225715 CVE-2024-36906).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes bsc#1225369 CVE-2021-47502).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes bsc#1222413 CVE-2024-26801).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes bsc#1224571 CVE-2024-35978).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes bsc#1224579 CVE-2024-35965).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes bsc#1224576 CVE-2024-35966).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes bsc#1224587 CVE-2024-35967).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes bsc#1224640 CVE-2024-35933).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes bsc#1225595 CVE-2023-52833).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes bsc#1224723 CVE-2024-27416).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes bsc#1224582 CVE-2024-35963).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes bsc#1224177 CVE-2024-27399).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes bsc#1225502 CVE-2024-36012).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes bsc#1225722 CVE-2024-36880).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes bsc#1224509 CVE-2024-35851).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes bsc#1225720 CVE-2024-36032).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes bsc#1225437 CVE-2021-47522).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes bsc#1225032 CVE-2023-52745).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes bsc#1222975 CVE-2024-26839).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes bsc#1224931 CVE-2023-52747).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes bsc#1225587 CVE-2023-52851).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes bsc#1224928 CVE-2023-52840).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes bsc#1223113 CVE-2024-26870).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes bsc#1224738 CVE-2024-35809).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes bsc#1222974 CVE-2024-26838).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes bsc#1225121 CVE-2023-52744).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes bsc#1223203 CVE-2024-26907).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes bsc#1223137 CVE-2024-26916).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes bsc#1224722 CVE-2023-52657).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes bsc#1225008 CVE-2023-52803).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 bsc#1223712 CVE-2023-52653).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes bsc#1223744 CVE-2024-27388).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes bsc#1225734 CVE-2024-36896).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes bsc#1223671 CVE-2024-26934).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes bsc#1223748 CVE-2024-26989).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes bsc#1225599 CVE-2023-52834).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes bsc#1224663 CVE-2024-35887).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes bsc#1224566 CVE-2024-35982).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 bsc#1225513 CVE-2021-47552).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 bsc#1225766 CVE-2024-36918).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes bsc#1224733 CVE-2024-35849).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes bsc#1225408 CVE-2021-47508).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes bsc#1225000 CVE-2023-52878).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes bsc#1225435 CVE-2021-47521).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 bsc#1225222 CVE-2023-52732).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes bsc#1225479 CVE-2023-52741).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes bsc#1223762 CVE-2024-27004).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225096 CVE-2023-52875).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1224937 CVE-2023-52870).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225589 CVE-2023-52873).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225086 CVE-2023-52865).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225566 CVE-2023-52858).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes bsc#1225036 CVE-2023-52876).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes bsc#1223717 CVE-2024-27037).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes bsc#1223698 CVE-2024-27001).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes bsc#1223769 CVE-2024-27051).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes bsc#1223638 CVE-2024-26974).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes bsc#1224637 CVE-2023-52669).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes bsc#1225425 CVE-2021-47514).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes bsc#1223188 CVE-2024-26880).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes bsc#1224559 CVE-2024-35990).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes bsc#1224632 CVE-2024-35833).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes bsc#1222783 CVE-2024-26788).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes bsc#1224558 CVE-2024-35989).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes bsc#1225532 CVE-2023-52819).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225379
CVE-2021-47550).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225510
CVE-2021-47551).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes bsc#1225735 CVE-2024-36897).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes bsc#1225478 CVE-2023-52753).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes bsc#1223826 CVE-2024-27045).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes bsc#1225041 CVE-2023-52773).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225153
CVE-2021-47362).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes bsc#1224607 CVE-2023-52691).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes bsc#1225705 CVE-2024-36026).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes bsc#1225569 CVE-2023-52817).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes bsc#1225565 CVE-2023-52814).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225353
CVE-2021-47421).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes bsc#1224180 CVE-2024-27400).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes bsc#1223315 CVE-2024-26922).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes bsc#1225568 CVE-2023-52815).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes bsc#1224617 CVE-2023-52678).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes bsc#1225076 CVE-2023-52825).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes bsc#1225529 CVE-2023-52816).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225339
CVE-2021-47420).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes bsc#1225593 CVE-2024-36014).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
bsc#1224705 CVE-2024-35952).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes bsc#1224941 CVE-2023-52861).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes bsc#1224932 CVE-2023-52856).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes bsc#1224598 CVE-2023-52694).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes bsc#1224703 CVE-2024-35950).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225243
CVE-2021-47444).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes bsc#1223678 CVE-2024-26938).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes bsc#1223677 CVE-2024-26937).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes bsc#1224707 CVE-2024-35829).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes bsc#1223048 CVE-2024-26874).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225261
CVE-2021-47445).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225260
CVE-2021-47447).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225240
CVE-2021-47446).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225446
CVE-2021-47535).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225187
CVE-2021-47471).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225366
CVE-2021-47423).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225233
CVE-2021-47422).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes bsc#1223802 CVE-2024-27008).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225022 CVE-2023-52821).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes bsc#1225077 CVE-2023-52826).
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225230
CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes bsc#1225009 CVE-2023-52867).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes bsc#1223770 CVE-2023-52650).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes bsc#1224445 CVE-2023-52661).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225436
CVE-2021-47490).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes bsc#1224650 CVE-2024-35932).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47534).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225445
CVE-2021-47533).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes bsc#1223718 CVE-2024-26940).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes bsc#1224449 CVE-2023-52662).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes bsc#1224647 CVE-2024-35947).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 bsc#1224929 CVE-2023-52731).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes bsc#1225031 CVE-2023-52838).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222770 CVE-2024-26778).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222765 CVE-2024-26777).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes bsc#1224660 CVE-2024-35922).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes bsc#1225557 CVE-2023-52810).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes bsc#1225560 CVE-2023-52759).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes bsc#1224988 CVE-2023-52853).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes bsc#1225108 CVE-2023-52791).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes bsc#1224567 CVE-2024-35984).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes bsc#1225570 CVE-2023-52763).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes bsc#1225106 CVE-2023-52788).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(jsc#PED-376 bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(jsc#PED-376 bsc#1225095 CVE-2022-48709).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes bsc#1225358 CVE-2021-47499).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes bsc#1222960 CVE-2023-52643).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes bsc#1225360 CVE-2021-47500).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes bsc#1223747 CVE-2024-26988).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 bsc#1225382 CVE-2021-47504).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 bsc#1225515 CVE-2021-47569).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes bsc#1224697 CVE-2024-35847).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes bsc#1225373 CVE-2021-47529).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes bsc#1225472 CVE-2023-52799).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes bsc#1225553 CVE-2023-52805).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes bsc#1224676 CVE-2024-35955).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
patches.suse/md-Don-t-ignore-suspended-array-in-md_check_recovery-1baa.patch
(git-fixes CVE-2024-26758).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes bsc#1225588 CVE-2023-52847).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes bsc#1223842 CVE-2024-27075).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes bsc#1223844 CVE-2024-27074).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes bsc#1225571 CVE-2023-52764).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes bsc#1225490 CVE-2023-52754).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes bsc#1223779 CVE-2024-27076).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes bsc#1223027 CVE-2024-26829).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes bsc#1223031 CVE-2023-52642).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes bsc#1223843 CVE-2024-27073).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes bsc#1223837 CVE-2024-27072).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes bsc#1223780 CVE-2024-27077).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes bsc#1223781 CVE-2024-27078).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes bsc#1225590 CVE-2023-52844).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes bsc#1225495 CVE-2021-47560).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes bsc#1224618 CVE-2024-35813).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes bsc#1225483 CVE-2023-52708).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes bsc#1225708 CVE-2024-36029).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes bsc#1224956 CVE-2023-52730).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes bsc#1222374 CVE-2024-26698).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes bsc#1224495 CVE-2024-35901).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes bsc#1225386 CVE-2021-47540).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 bsc#1223049 CVE-2024-26859).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes bsc#1225380 CVE-2021-47513).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes bsc#1224615 CVE-2024-35796).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes bsc#1225501 CVE-2021-47564).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes bsc#1224945 CVE-2023-52702).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes bsc#1223828 CVE-2024-27047).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes bsc#1225455 CVE-2021-47542).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes bsc#1220363 CVE-2024-26597).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 bsc#1225424 CVE-2021-47512).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 bsc#1225468 CVE-2021-47557).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes bsc#1225396 CVE-2021-47559).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes bsc#1225447 CVE-2021-47536).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes bsc#1225549 CVE-2023-52703).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes bsc#1225467 CVE-2021-47555).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes bsc#1225372 CVE-2021-47518).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes bsc#1224479 CVE-2024-35915).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes bsc#1225405 CVE-2021-47507).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes bsc#1225404 CVE-2021-47506).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes bsc#1225480 CVE-2023-52705).
- Update
patches.suse/nouveau-dmem-handle-kcalloc-allocation-failure.patch
(git-fixes CVE-2024-26943).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes bsc#1223633 CVE-2024-26984).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes bsc#1223023 CVE-2024-26846).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes bsc#1224717 CVE-2024-27435).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes bsc#1225375 CVE-2021-47537).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes bsc#1224508 CVE-2023-52679).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes bsc#1223631 CVE-2024-26977).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
patches.suse/pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch
(git-fixes CVE-2024-36940).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes bsc#1224942 CVE-2022-48708).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes bsc#1225132 CVE-2023-52864).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes bsc#1224437 CVE-2024-27412).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes bsc#1224601 CVE-2023-52696).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes bsc#1223756
CVE-2022-48669).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes bsc#1225640 CVE-2024-36015).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes bsc#1224728 CVE-2023-52685).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes bsc#1224537 CVE-2024-35940).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
bsc#1225461 CVE-2023-52756).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes bsc#1223819 CVE-2024-27054).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 bsc#1225747 CVE-2024-36931).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 bsc#1225775 CVE-2024-36928).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 bsc#1223666 CVE-2024-26957).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes bsc#1225508 CVE-2021-47549).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes bsc#1225464 CVE-2021-47553).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes bsc#1225555 CVE-2023-52808).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes bsc#1225556 CVE-2023-52809).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 bsc#1224651 CVE-2024-35930).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes bsc#1225384 CVE-2021-47565).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes bsc#1225374 CVE-2021-47503).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 bsc#1223627 CVE-2024-26931).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 bsc#1223626 CVE-2024-26930).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes bsc#1194288 CVE-2021-47527).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes bsc#1225376 CVE-2021-47526).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes bsc#1225377 CVE-2021-47524).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes bsc#1225441 CVE-2021-47525).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes bsc#1223757 CVE-2024-27000).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes bsc#1223754 CVE-2024-26999).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes bsc#1224699 CVE-2024-35806).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes bsc#1225534 CVE-2023-52871).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes bsc#1223750 CVE-2024-26994).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes bsc#1223788 CVE-2024-27028).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes bsc#1225463 CVE-2021-47544).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes bsc#1225044 CVE-2023-52868).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes bsc#1225642 CVE-2024-36016).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes bsc#1225591 CVE-2023-52872).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes bsc#1225180 CVE-2023-52789).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes bsc#1224624 CVE-2024-35812).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes bsc#1222513 CVE-2024-26748).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes bsc#1225368 CVE-2021-47528).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes bsc#1225092 CVE-2023-52781).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes bsc#1225583 CVE-2023-52855).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes bsc#1223741 CVE-2024-26997).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes bsc#1223752 CVE-2024-26996).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes bsc#1224423 CVE-2024-27405).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes bsc#1224681 CVE-2024-35825).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes bsc#1225748 CVE-2024-36893).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes bsc#1224944 CVE-2023-52877).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes bsc#1224739 CVE-2024-35822).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes bsc#1223650 CVE-2024-26964).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes bsc#1225466 CVE-2021-47554).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes bsc#1224692 CVE-2024-35823).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 bsc#1224643 CVE-2024-35938).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes bsc#1224947 CVE-2023-52798).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes bsc#1224992 CVE-2023-52777).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes bsc#1222961 CVE-2023-52644).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes bsc#1224731 CVE-2024-35845).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes bsc#1224487 CVE-2024-35912).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes bsc#1224622 CVE-2024-35828).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes bsc#1224749 CVE-2024-35789).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes bsc#1225577 CVE-2023-52832).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 bsc#1223895 CVE-2022-48705).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes bsc#1224432 CVE-2024-27410).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes bsc#1223829 CVE-2024-27052).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes bsc#1223737 CVE-2024-27053).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes bsc#1224732 CVE-2024-35801).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes bsc#1224442 CVE-2023-52659).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit 7e29329
- powerpc/pseries/lparcfg: drop error message from guest name
lookup (bsc#1187716 ltc#193451 git-fixes).
- commit 1d8f6b6
- blacklist.conf: PPC fsl_msi is not used
- commit 346d509
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- powerpc/uaccess: Fix build errors seen with GCC 13/14
(bsc#1194869).
- commit 0f3f8d5
- nvmet: fix ns enable/disable possible hang (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- commit dd54933
- netfilter: nf_tables: release mutex after nft_gc_seq_end from
abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f
- cls_rsvp: check user supplied offsets (CVE-2023-42755
bsc#1215702).
- commit b6c6fb3
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
(git-fixes).
- commit 53d4b05
- bpf: fix precision backtracking instruction iteration
(bsc#1225756).
- commit 5aec043
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- nvme: fix miss command type check (git-fixes).
- commit b122221
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- commit e08ce4d
- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 65a74c5
- Bluetooth: ISO: Fix not validating setsockopt user input
(bsc#1224581 CVE-2024-35964).
- commit cf9835d
- printk: Update @console_may_schedule in
console_trylock_spinning() (bsc#1225616).
- commit 9f61f12
- Bluetooth: ISO: Add support for BT_PKT_STATUS (bsc#1224581
CVE-2024-35964).
- commit 9488226
- Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic (bsc#1224581
CVE-2024-35964).
- Refresh
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch.
- commit 07d66e7
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
Update patches.kabi/kABI-Work-around-kABI-changes-after-20347fca71a3-swi.patch (jsc#PED-3259, bsc#1224331).
- commit 861d481
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- commit 00a5ac9
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- commit be23e64
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- commit ec1f4ec
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- commit cdb0386
- calipso: fix memory leak in netlbl_calipso_add_pass()
(CVE-2023-52698 bsc#1224621)
- commit 77eb4f6
- blacklist.conf: add commit for config change not needed
- commit 938b50b
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
(git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in
sd_probe() (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
(git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: mpt3sas: Prevent sending diag_reset when the controller
is ready (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching
page (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
(git-fixes).
- scsi: libfc: Don't schedule abort twice (git-fixes).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886
(git-fixes).
- commit f4328c2
- net: atlantic: eliminate double free in error handling logic
(CVE-2023-52664 bsc#1224747).
- Refresh
patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch.
- commit 3161f6b
- blacklist.conf: arm: kernel does not support folios
- commit 44a14d2
- Delete BT and WiFi cleanup patches for netif_rx()
Drop two cleanup patches that are likely broken: SLE15-SP5 kernel has
no prerequisite commit baebdf48c3600 backported (yet):
patches.suse/bluetooth-Use-netif_rx-d33d0dc9.patch
patches.suse/wireless-Atheros-Use-netif_rx.patch
- commit d16d77f
- net: hns3: fix out-of-bounds access may occur when coalesce
info is read via debugfs (CVE-2023-52807 bsc#1225097).
- commit 2628336
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- commit 58a5216
- blacklist.conf: Add c5b0a7eefc70 sched/fair: Remove sysctl_sched_migration_cost condition
- commit 251d591
- cpumap: Zero-initialise xdp_rxq_info struct before running
XDP program (bsc#1224718 CVE-2024-27431).
- commit 1d6e754
- blacklist.conf: optimization, not a fix
- commit 6b6d3e6
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- commit 60a3fbf
- PCI: dwc: ep: Fix DBI access failure for drivers requiring
refclk from host (git-fixes).
- PCI: dwc: Detect iATU settings after getting "addr_space"
resource (git-fixes).
- commit a26d4db
- kABI: bpf: struct bpf_link and bpf_link_ops kABI workaround
(bsc#1224531 CVE-2024-35860).
- commit 35186ef
- ppdev: Add an error check in register_device (git-fixes).
- commit cd9959b
- bpf: support deferring bpf_link dealloc to after RCU grace
period (bsc#1224531 CVE-2024-35860).
- commit 5cff30d
- blacklist.conf: kABI
- commit f83467b
- tpm_tis_spi: Account for SPI header when allocating TPM SPI
xfer buffer (git-fixes).
- commit 65639af
- drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 (CVE-2023-52671 bsc#1224729).
- commit d5b1287
- blacklist.conf: Ignore all devicetree schemes changes
We do not use them, so lets silence all git-fixes for them.
- commit c94d164
- drm/amd/display: Prevent crash when disable stream (CVE-2024-35799 bsc#1224740).
- commit 7764a6b
- drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (CVE-2024-35951 bsc#1224701).
- commit c3405cd
- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
CVE-2024-27413).
- commit bcbd0b7
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893).
- commit 7df29b0
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a
- x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1224525
CVE-2024-35877).
- commit b573b7a
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
(CVE-2024-35969 bsc#1224580)
- commit 217a49b
- Refresh patches.suse/x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch.
Remove defined but unused variable warning.
- commit 2a387cc
- xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
(CVE-2023-52746 bsc#1225114)
- commit 1a99ba9
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
(CVE-2024-35872 bsc#1224530).
- commit 1a7a850
- Update CVE references (CVE-2024-35935 bsc#1224645)
Update patches.suse/btrfs-send-handle-path-ref-underflow-in-header-itera.patch
(CVE-2024-35935 bsc#1224645).
- commit 1afc656
- Update CVE references (CVE-2024-35936 bsc#1224644)
- Update patches.suse/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys.patch
(CVE-2024-35936 bsc#1224644).
- Update patches.suse/btrfs-handle-chunk-tree-lookup-error-in-btrfs_reloca.patch
(CVE-2024-35936 bsc#1224644).
- commit 46ae3a6
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- Update config files.
- commit 99579af
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- Update config files.
- commit 6a0eda0
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash
work (CVE-2024-35852 bsc#1224502).
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
(CVE-2024-36006 bsc#1224541).
- mlxsw: spectrum_acl_tcam: Fix warning during rehash
(CVE-2024-36007 bsc#1224543).
- mlxbf_gige: stop interface during shutdown (CVE-2024-35885
bsc#1224519).
- mlxbf_gige: call request_irq() after NAPI initialized
(CVE-2024-35907 bsc#1224492).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- ipvlan: add ipvlan_route_v6_outbound() helper (CVE-2023-52796
bsc#1224930).
- commit de506c4
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
(git-fixes).
- commit 9feb6d7
- ring-buffer: Fix a race between readers and resize checks
(git-fixes).
- commit 1627912
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- commit 8692851
- blacklist.conf: add a not-relevant tracing commit
- commit 784f511
- dma-direct: Leak pages on dma_set_decrypted() failure (bsc#1224535 CVE-2024-35939).
- commit 7213b4b
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665 CVE-2024-35875).
- Refresh patches.suse/suse-hv-cc_attr_cpu_hotplug_disabled.patch.
- commit 234fdb1
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- commit 450733a
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- commit bab84b2
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- commit caf6529
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- commit 085895e
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- commit 76ca8ec
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- commit 20c646a
- x86/lib: Fix overflow when counting digits (git-fixes).
- commit 5eb97ad
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- commit f16b82f
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- commit 22da5da
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- commit f63acb6
- blacklist.conf: Blacklist broken patch that gets reverted subsequently
- commit 5a2bbf2
- KVM: x86: Mark target gfn of emulated atomic instruction as
dirty (bsc#1224638, CVE-2024-35804).
- commit e14475b
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- commit ead7031
- KVM: SVM: Flush pages under kvm->lock to fix UAF in
svm_register_enc_region() (bsc#1224725, CVE-2024-35791).
- commit 5b89286
- selinux: avoid dereference of garbage after mount failure
(bsc#1224494 CVE-2024-35904).
- commit dad5bc3
- nilfs2: fix unexpected freezing of nilfs_segctor_sync()
(git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread
(git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client
IBI handler (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during
start frame (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
(stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config
(stable-fixes).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin() (stable-fixes).
- commit 062f495
- media: rkisp1: Fix IRQ handling due to shared interrupts
(CVE-2023-52660 bsc#1224443).
- commit aadfd1f
- Input: cyapa - add missing input core locking to suspend/resume
functions (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
(git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
(git-fixes).
- ALSA: core: Fix NULL module pointer assignment at card init
(git-fixes).
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using
prescaler (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible
(git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch
(git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
(git-fixes).
- commit 1d7ff63
- kABI workaround for drivers/of/dynamic.c (CVE-2024-35879
bsc#1224524).
- commit 2e9ad08
- pmdomain: ti: Add a null pointer check to the
omap_prm_domain_init (CVE-2024-35943 bsc#1224649).
- commit aa89394
- of: module: prevent NULL pointer dereference in vsnprintf()
(CVE-2024-35878 bsc#1224671).
- commit 715f7d4
- of: dynamic: Synchronize of_changeset_destroy() with the
devlink removals (CVE-2024-35879 bsc#1224524).
- driver core: Introduce device_link_wait_removal()
(CVE-2024-35879 bsc#1224524).
- commit fe69cd8
- drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls()
for hisi_hns3_pmu uninit process (CVE-2023-52860 bsc#1224936).
- commit 1703104
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- commit f0643dd
- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (CVE-2024-35959
bsc#1224666).
- Refresh
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch.
- Refresh
patches.suse/powerpc-eeh-Permanently-disable-the-removed-device.patch.
- commit 2088b29
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
rehash (CVE-2024-35854 bsc#1224636).
- commit 0674818
- geneve: fix header validation in geneve[6]_xmit_skb
(CVE-2024-35973 bsc#1224586).
- commit ef0dd47
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
(CVE-2024-27417 bsc#1224721)
- commit 9d4dafd
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1223384).
- Refresh
patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c
- Update patch reference for media fix (CVE-2024-35830 bsc#1224680)
- commit aae637c
- regulator: bd71828: Don't overwrite runtime voltages
(git-fixes).
- nfc: nci: Fix handling of zero-length payload packets in
nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns
(git-fixes).
- commit 6c22f99
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- bpf: Check bloom filter map value size (bsc#1224488
CVE-2024-35905).
- commit c3a457f
- io_uring: drop any code related to SCM_RIGHTS (git-fixes
CVE-2023-52656 bsc#1224187).
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- commit 2c7c0cc
- autofs: use wake_up() instead of wake_up_interruptible(()
(bsc#1224166).
- commit 63af67f
- Update patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099)
This commit was merged twice, through the net and io_uring maintainer
trees. Add an Alt-commit entry to document that.
- commit 8d7b4ed
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- commit c7be571
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- commit c17c3b1
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- commit f8c347d
- s390/ipl: Fix incorrect initialization of len fields in nvme
reipl block (git-fixes bsc#1225139).
- commit fa2a3c7
- s390/ipl: Fix incorrect initialization of nvme dump block
(git-fixes bsc#1225138).
- commit 99842eb
- ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
(CVE-2023-52674 bsc#1224727).
- ALSA: scarlett2: Add missing error checks to *_ctl_get()
(CVE-2023-52680 bsc#1224608).
- ALSA: scarlett2: Add missing error check to
scarlett2_usb_set_config() (CVE-2023-52692 bsc#1224628).
- commit 76e573a
- spmi: hisi-spmi-controller: Do not override device identifier
(git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it
(git-fixes).
- vmci: prevent speculation leaks by sanitizing event in
event_deliver() (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device()
(git-fixes).
- iio: pressure: dps310: support negative temperature values
(git-fixes).
- iio: core: Leave private pointer NULL when no private data
supplied (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown
(git-fixes).
- serial: sc16is7xx: add proper sched.h include for
sched_set_fifo() (git-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal
(git-fixes).
- serial: max3100: Lock port->lock when calling
uart_handle_cts_change() (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock
(git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in
vmci_datagram_invoke_guest_handler() (stable-fixes).
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
(stable-fixes CVE-2024-35944 bsc#1224648).
- spmi: Add a check for remove callback when removing a SPMI
driver (git-fixes).
- commit d71c003
- containerd
-
- Revert noarch for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- crmsh
-
- Update to version 4.5.1+20240719.bda4d1e:
* Dev: prun: add more possible libexec PATH for sftp-server
* Fix: qdevice: config "tls" should accept value "required" (bsc#1227649)
* Fix: bootstrap: refine the wording in the question asking TLS config for qdevice (bsc#1227649)
* Fix: qdevice: TLS certs should always be generated for qnetd (bsc#1227649)
* Fix: upgradeutil: refine error handling (bsc#1226147, bsc#1223371)
- Update to version 4.5.1+20240531.f62a43e:
* Fix: cmd_status: call crm_mon without shell (#1429)
* Dev: utils: Add info when property is newly added
* Fix: healthcheck: KeyError when local nodename not found in cib (bsc#1223438)
- cups
-
- Require the exact matching version-release of all libcups*
sub-packages (bsc#1226192)
- cups-2.2.7-CVE-2024-35235.patch is derived
from the upstream patch against master (CUPS 2.5)
to behave backward compatible for CUPS 2.2.7
in SLE15 and openSUSE Leap 15 to fix CVE-2024-35235
"cupsd Listen port arbitrary chmod 0140777"
without the more secure but backward-incompatible behaviour
of the upstream patch for CUPS 2.5
that ignores domain sockets specified in 'Listen' entries
in /etc/cups/cupsd.conf when cupsd is lauched via systemd
(in particular when launched on-demand by systemd)
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
bsc#1225365
- cups-2.2.7-web-ui-kerberos-authentication.patch, update
patch to handle local 'Negotiate' authentication response
for cli clients. (bsc#1223179).
- desktop-data-SLE
-
- Fix typo in the desktop files for some of the wallpapers
(bsc#1222146).
- docker
-
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
- dracut
-
- Update to version 055+suse.388.g70c21afa:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
- fdupes
-
- Do not use sqlite, as this pulls sqlite into Ring0 at no real
benefit performance wise: the cache is not reused between runs.
+ Drop sqlite-devel BuildRequires
+ Pass --without-sqlite to configure
- Update to 2.3.0:
* Add --cache option to speed up file comparisons.
* Use nanosecond precision for file times, if available.
* Fix compilation issue on OpenBSD.
* Other changes like fixing typos, wording, etc.
- update to 2.2.1:
* Fix bug in code meant to skip over the current log file when --log option is given.
* Updates to copyright notices in source code.
* Add --deferconfirmation option.
* Check that files marked as duplicates haven't changed during program execution before deleting them.
* Update documentation to indicate units for SIZE in command-line options.
* Move some configuration settings to configure.ac file.
- Fixes for the new wrapper:
* Order duplicates by name, to get a reproducible file set
(boo#1197484).
* Remove redundant order parameter from fdupes invocation.
* Modernize code, significantly reduce allocations.
* Exit immediately when mandatory parameters are missing.
* Remove obsolete buildroot parameter
* Add some tests for the wrapper
- A more correct approach to creating symlinks (old bug actually):
Do not link the files as given by fdupes, but turn them into
relative links (it works by chance if given a buildroot, but
fails if running on a subdirectory)
- Support multiple directories given (as glob to the macro)
- Handle symlinks (-s argument) correctly
- Simplify macros.fdupes with a call to a C++ program that does
the same within a fraction of a second what the shell loop did
in many seconds (bsc#1195709)
- fence-agents
-
- Azure native fencing does not start due to Python version.
(bsc#1224797) (jsc#PED-8887)
Put fence_azure_arm into a separate package to be able to provide
the own requirements.
o Add upstream patch:
0001-fence_azure_arm-add-stack-cloud-support.patch
0001-azure_fence-use-correct-credential_scope-and-profile.patch
0001-lib-all-agents-use-r-for-all-regular-expressions-to-.patch
0001-fence_azure-fix-pinning-client-api-versions-for-comp.patch
o Add modified upstream patch:
0001-fence_azure_arm-fix-get-virtual-machines-call.patch
- gdk-pixbuf
-
- Enable test suite on x86_64 (other arches seem too flaky for now):
+ Add %check section and call %meson_test
+ Add gdk-pixbuf-jpeg-slow.patch: allow pixbuf-jpeg to run for
more than 30s, by marking it as a slow test
(glgo#GNOME/gdk-pixbuf!174).
- Migrate package to a regular obs_scm service, no longer password
protecting a zip file. The originally reported bsc#1159337 seems
no longer be applicable and we prefer the easier route.
- Drop unzip BuildRequires and pre_checkin.sh script.
- Update to version 2.42.12:
+ Fix a build failure,
+ Fix occasional build failures,
+ ani: Reject files with multiple INA or IART chunks,
+ ani: Reject files with multiple anih chunks (CVE-2022-48622),
+ ani: validate chunk size,
+ Updated translations.
- Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed
upstream.
- Pass -Dothers=enabled to meson: enable other image loaders (most
notably beeded seems xpm,xbm). This is in line with upstreams
recommendation for now, but won't be working past version 2.43.x.
The loaders will likely be split out into a separate repo.
(boo#1223903, glgo#GNOME/gdk-pixbuf!169).
- Add 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: Fix test
suite with other loaders enabled.
- Update to version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Fix path to gdk-pixbuf-query-loader in pkg-config file: we rename
the loader to be multi-arch compatible and thus also need to
adjust the .pc file to have build-systems find it.
- Update to version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Drop patch fixed upstream (with different limit):
+ 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch
- glib2
-
- Add patches to fix CVE-2024-34397 (boo#1224044):
glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
- glibc
-
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
for _start routine (bsc#1221940)
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
nscd: Stack-based buffer overflow in netgroup cache
(CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
nscd: Do not send missing not-found response in addgetnetgrentX
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
CVE-2024-33602, bsc#1223425, BZ #31680)
- google-cloud-sap-agent
-
- Update to version 3.4 (bsc#1227134, bsc#1227135)
* Adding project to exclusion list
* Add machine type to configure instance proto for WLM metric collection.
* Add test channel for Guest Actions. Make default channel the registered channel.
* Set backup object's customTime field as part of backint backups
* Add workload discovery to configure command
* Add multiple workers support in parallelreader for parallel downloading during restore.
* `configureinstance` with `overrideVersion` set should log a warning and continue.
* Minor log change in balanceirq
* Add common function to parse parameters for guest action handlers
* BalanceIRQ OTE added to Agent for SAP
* Remove output from stdout for DIAGNOSE
* Small hyperThreading change for configureinstance
* Add initial steps to initialize the SystemDiscovery OTE in IIOTE and command mode.
* Adding single worker support in parallelreader for download.
* Read encryption key from file if specified in parameters file
* Run configureinstance OTE only on supported instances during WLM metric collection.
* Add instance ID to user agent string for SAP Agent.
* Return `UsageError` as exit status instead of `Failure` in case of invalid parameters
* Bumping up the agent version
* Use json marshalling instead of manually parsing from map in configure handler
* Move metric override modules to metricoverrides.go for general use
* Updating the gcbdr proto
* Updating param names to make it more clear in performance diagnostics
* Add DiskSizeGb to Disk for disk creation.
* Add Demo Metrics for Process Metrics
* Add warning message for configureinstance overrideVersion
* Add 3.3 to configureinstance versioning
* Fix log message in configureinstance
* Rename scope and param file to type and backint-param-file to avoid confusion
* Add new OTE structure for SystemDiscovery.
* Allows SAP system data to be read from an override file instead
of discovered from the system. Useful for testing.
* Refactor buildSupportBundleCommand by marshalling command parameters
* Remove cluster member check for cluster collection
* Add connectParameters as a function parameter in restoreFile function to have
multiple bucket handles in parallelreader for parallel downloading.
* Enable auto discovery of disks and make datadiskname and zone optional parameters
* Add support for performancediagnostics OTE guest action handler
* Add override version flag to configureinstance
* Rename LVM volume group of restored disk to that of the target disk.
* Sleep during TestCommunicateWithUAP to only execute intended
code path once instead of many times.
* Update grub configuration for X4 configureinstance
* Extend result-bucket support to support bundle guest action
* Add provisioned-iops and provisioned-throughput labels
to snapshots and extract them during restore.
* Configureinstance updates for SAP ECS
* Add sequential in parallel download functionality for restore to SAP Agent.
* Implement hanadiskbackup guest action handler
* Add operation_id to UAP status labels.
* Add user agent overrides for cloud monitoring
* Updating generated protobufs
* Update sanity check for fast collector metric
* Reliability Metrics - Use the usage metrics instead of
internal cloud monitoring metrics
* Fix restoreFromGroupSnapshot and restoreFromSingleSnapshot logic
* Implement support bundle handler. This CL follows a pattern for
implementing handler which was developed in cl/636640791
* Move timeseries.go and cloudmonitoring.go to shared/
* Only stop HANA monitoring if successive errors are auth related
* Use flag names for command parameters in configureHandler
* Add check and apply finished metrics to configureinstance
* Add snapshot / group backup name to success log message
* Better handling of experimental flag in hanamonitoring
* Return error if physical device is empty
* Added an experiemntal flag to control role based awareness in hana monitoring
* Adding role based awareness logic in HANA Monitoring
* Add upload feature to support bundle
* Add context to onetime logging functions
* Fix logging and make confirm-data-snapshot-after-create true by default
* Add debug logs for hanabackup to help troubleshoot issues.
* Remove HDB User requirement when HDBUserstore key is passed for hanadiskbackup
* Append labels to detached disk in hanadiskrestore
* Add placeholder for parallel reader in Backint
* Modify restore handlers to be able to restore from either
source snapshot or group snapshot.
* Modify checking preconditions and adding fakes for group snapshot restore.
* Add initial support for restoring from group snapshot.
* Add UAP Communication to startdaemon (gated by a configuration).
* Fixing the commands in perfdiag
* Refactor handleAgentCommand with guestActionsHandlers map
* Add replication sites to system component proto
* Build updated to use -mod=vendor during build
* Updated go.mod and go.sum with dependencies for safetext,
using go mod vendor for github action
* Adding changes for target based config in hana monitoring
* Overriding the user agent for Cloud Logging API calls
* Fix typo in guestactions.proto
* WLM Hana Full Backup Validation Metric collection
* Add configure command to guest actions. Establish how the new proto
format will be used in message handling.
* Add ping check to HANA monitoring
* [commandlineexecutor] Add the ability to directly pass data into Stdin, avoiding
the need for intermediary piping commands, such as "echo 'data' | my_app".
- Update to version 3.3 (bsc#1225166, bsc#1225558)
* Build updated to use -mod=vendor during build
* Updated go.mod and go.sum with dependencies for safetext,
using go mod vendor for github action
* Add actual values and comments to usagemetrics.go to ensure that
error and action codes are only appended to the end of the list.
* Remove usage metrics from configureinstance.go
* Add a hard Disable for reliability metrics collection
until the namespace is created and tested.
* Adding metrics for time taken by each query
* Add SHA224 of labels as a new label.
* Remove collect_reliability_metrics from configuration.json
* Small tweaks to backint log and inquire path generation
* Fix for unmarshalling backint configuration.
* Implementation of instant snapshot group backup workflow
* Backint changes around shorten_folder_path
* Rename max_diagnose_size_gb to diagnose_file_max_size_gb
* Adding start and finish logs in performance diagnostics
* Validate that all disks mapped to /hana/data belong to the same consistency group.
* Rename backint monitoring metrics parameter
* Trim folder prefix for Backint INQUIRE output.
* Add the ability to test the database connection
* Reduce log level of some storage messages to debug.
* Finalize guest action request and response format.
* Backint dashboard fix logs
* Add scorecards to backint dashboard
* Making proto changes for HANA Monitoring support
for multiple tennats and ha setup
* Add total upload/download time to log.
* Add HANA indexserver.ini metrics to WLM metric collection.
* Add Netweaver role metrics as part of process metrics
* Rotate old support bundles.
* Update the default value of confirm-data-snapshot-after-create
to false. and add to usage()
* Add option to confirm HANA snapshot as successful before disk snapshot is uploaded.
* Change log level from warn to info for non-critical messages.
* Add diagnose_folder parameter to Backint
* Add a 1 GB buffer to needed bytes for diagnostic
* Add labels to group snapshot backup.
* Enable the show status and restart agent functions for Windows.
* Add WLM metric collection for num_completion_queues and num_submit_queues.
* Collect support bundle on Backint errors.
* Adding usage metrics to performance diagnostics
* Collect agent-only support bundle on failure of backint and hanadiskbackup.
* Minor Backint improvements
* Add ability collect only agent logs using agent-logs-only flag to supportbundle
* Bump version to 3.3
* Add Backint metrics dashboard
* DO NOT remove log files on uninstall
* Adding more unit tests
* Changing location of zipped file to within the
final folder identified by unique timestamp.
* Minor refactorings and improvements with increasing code coverage
* Make sure DB instance number is recorded in System data.
* Change configuration.json to 0664 to ensure world cannot write.
* Add Netweaver Java discovery to SAP Agent.
* Add a new version of functions to read cloud properties from metadata server.
* Updating generated protos to proc-gen-go v1.34.1
* Updating runConfigureInstance method and adding unit tests
for covering configure instance ote invocation
* Zip the final bundle and add upload functionality
* Record database SID alongside tenant DB SIDs
* Reduce log severity in discovery
* Add HANA version to product version data
* Fix race condition in tests
* Read disk mapping from instance info if source disk
is not provided to hanadiskbackup
* Add option to shorten the folder path in the bucket.
* Add SSL support for cmdline-based querying and some bugfixes
* Move recovery package to shared directory.
* Update protoc-gen-go version to v1.34.0 in multiple protos
* Adding FIO commands to performance diagnostics
* Remove error logs when errors are being returned
* Adding perfdiag to performance diagnostics
* Add AppInstance data to discovery data uploads.
* Introduce protos for guestactions messages and responses.
Support multiple commands per message.
* Update wording for HANA Insights rules.
* Configureinstance updates.
* Adding a check for retention policy before performing backup operation.
* Remove the unused loglevel flag from logusage OTE
* Change the language around the default parameters being
optimized for performance in backint
* Add instance role to SAP System properties
* Increase wait time for index server to stop.
* Integrating backint OTE into performancediagnostics
* Update wording around configureinstance unsupported machine type.
* Pass the right disk name to check if disk is attached
* Integrating new DB Handle and hdbuserstore key support
with remaining HANA DB dependant workflows
* Refactor HANA and filesystems specific code to a common hanabackup package
* Bumps x/net dependency to v0.23
* Append HANA Insights rule to WLM fake metrics file in script to generate WLM rule.
* Integrating configure instance ote in performance diagnostics
* Update disk backup OTE to parse paths even with /dev/mapper
in the middle of path, not necessarily as a prefix
* Adding a few missing labels to wlm-fake-metrics.yaml
* Changing loglevel for onetime.Init() calls
* Refactor change - Move PD related functions to gce.go
* Fix agentcommunication import replace statements
* Update replace functions for new open source dependencies.
* Set up scaffolding for guest actions handling in SAP Agent along with UAP library code
* Backint upload/download metrics sent to cloud monitoring.
* Cleaning up the performance diagntics file wth recent changes
* Fixes to usage strings in OTEs for optional params
* Integrating new database connector with HANA Monitoring
and adding support for HDBUserstore Key
* Implement hdbsql commandline result parsing
* SAP Discovery - Add SAP Instance Numbers to instance properties
* Updating OTEs to include params for when OTE is invoked internally
* Modifying flags to follow design changes
* Create fake WLM metric overrides for testing
* Implement constructors and query functions for querying
HANA DB via hdbuserstore using cmdline
* Skeleton for querying HANA DB via hdbuserstore using cmdline
* Parameterize Backint Diagnose max file size.
* Metadata parameter added to Backint.
* Adding initial layout for performance diagnostics OTE
* Create a new API CreateClient() in shared logging which
returns an error in case of failures
* Backint no longer writes ERROR if temporary chunk failed to delete.
* Create onetime.Init() to condense reused code.
* Fixing a typo in a process metrics retry logic comment
* Rename workload_validation param with workload_evaluation in configure OTE
* Send agent version in Write Insight requests
* Ensuring /sap/cluster/resources covers all the nodes.
- gtk2
-
- Add CVE-2024-6655.patch: CVE-2024-6655 Stop looking for modules
in cwd (bsc#1228120).
- iputils
-
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
- Backport upstream fix for bsc#1224877
4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
- krb5
-
- Fix vulnerabilities in GSS message token handling, add patch
0011-Fix-vulnerabilities-in-GSS-message-token-handling.patch
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
- resource-agents
-
- Azure-lb fails if IPv6 disabled (bsc#1223554)
Add upstream patch
Add a new parameter: listen
This parameter can have following walues:
default: Neither -4 nor -6 will be used. The default behavior of socat and nc will be used.
socat: Listen only on IPv4 addresses
nc: If net.ipv6.bindv6only = 0 => Listen on both IPv4 and IP6 addresses
If net.ipv6.bindv6only = 1 => Listen only on IPv4 addresses
ipv4only: Listen only on IPv4 addresses.
ipv6enable: Enable TCP6 support.
nc: Listen only on IPv6 adresses independent of net.ipv6.bindv6only
socat: If net.ipv6.bindv6only = 0 => Listen on both IPv4 and IP6 addresses.
If net.ipv6.bindv6only = 1 => Listen only on IPv6 adresses.
Add patch:
0001-Azure-lb-fails-if-IPv6-disabled.patch
- llvm15
-
- Manage clang-cpp with update-alternatives like other binaries.
Solves upgrade issues from Leap 15.5 to 15.6. [boo#1221183]
- libqt5-qtbase
-
- Add patch from upstream to fix a regression in the ODBC driver
(bsc#1227513, QTBUG-112375):
* 0001-QSQL-ODBC-fix-regression-trailing-NUL.patch
* 0002-SQL-ODBC-Pass-correct-length-to-SQLColAttribute.patch
- abseil-cpp
-
- SLE-only: import upstream patch to fix build with gcc7 in C++17
mode: hash-fix-gcc7-cpp17-build.patch (bsc#1222261)
+ Upstream commit bb83aceacb554e79e7cd2404856f0be30bd00303
- update to 20240116.1:
* Add absl::NoDestructor<T> to simplify defining static types
that do not need to be destructed upon program exit.
* Add configurable verbose logging (also known as VLOG).
* Added absl::Overload(), which returns a functor that provides
overloads based on the functors passed to it. Note that this
functionality requires C++17 or newer.
* Breaking Change: AbslHashValue() no longer accepts C-style
arrays as a parameter, caller need to wrap C-string literals in
absl::string_view.
* Breaking Change: absl::weak_equality and absl::strong_equality
have been removed. The corresponding std types were removed
before C++20 was finalized
- gcc13
-
- Update to GCC 13.3 release
- Update to gcc-13 branch head, b7a2697733d19a093cbdd0e200, git8761
- Removed gcc13-pr111731.patch now included upstream
- Add gcc13-amdgcn-remove-fiji.patch removing Fiji support from
the GCN offload compiler as that is requiring Code Object version 3
which is no longer supported by llvm18.
- Add gcc13-pr101523.patch to avoid combine spending too much
compile-time and memory doing nothing on s390x. [boo#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
- util-linux
-
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- mozilla-nss
-
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- Added nss-fips-safe-memset.patch, fixing bsc#1222811.
- Removed some dead code from nss-fips-constructor-self-tests.patch.
- Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
- Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
- Updated nss-fips-approved-crypto-non-ec.patch and
nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
bsc#1222828, bsc#1222834.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.
- update to NSS 3.101.1
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
* bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
* bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
* bmo#1899883 - fix formatting issues.
* bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
* bmo#1899593 - remove invalid acvp fuzz test vectors.
* bmo#1898830 - pad short P-384 and P-521 signatures gtests.
* bmo#1898627 - remove unused FreeBL ECC code.
* bmo#1898830 - pad short P-384 and P-521 signatures.
* bmo#1898825 - be less strict about ECDSA private key length.
* bmo#1854439 - Integrate HACL* P-521.
* bmo#1854438 - Integrate HACL* P-384.
* bmo#1898074 - memory leak in create_objects_from_handles.
* bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1748105 - clean up escape handling
* bmo#1896353 - Use lib::pkix as default validator instead of the old-one
* bmo#1827444 - Need to add high level support for PQ signing.
* bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
* bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
* bmo#1793811 - Implement support for PBMAC1 in PKCS#12
* bmo#1897487 - disable VLA warnings for fuzz builds.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
* bmo#215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
* bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
* bmo#1830415 - Switch to the mozillareleases/image_builder image
- Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
- Remove part of nss-fips-zeroization.patch that got removed upstream
- update to NSS 3.100
- bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
faster Xyber operations.
- bmo#1893752 - remove ckcapi.
- bmo#1893162 - avoid a potential PK11GenericObject memory leak.
- bmo#671060 - Remove incomplete ESDH code.
- bmo#215997 - Decrypt RSA OAEP encrypted messages.
- bmo#1887996 - Fix certutil CRLDP URI code.
- bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH.
- bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c.
- bmo#1548723 - Moving the decodedCert allocation to NSS.
- bmo#1885404 - Allow developers to speed up repeated local execution
of NSS tests that depend on certificates.
- update to NSS 3.99
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
- update to NSS 3.98
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
in TLS
* bmo#1879513 - Certificate Compression: enabling the check that
the compression was advertised
* bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
* bmo#1879945 - Remove Email trust bit from OISTE WISeKey
Global Root GC CA
* bmo#1877344 - Replace `distutils.spawn.find_executable` with
`shutil.which` within `mach` in `nss`
* bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
support Certificate compression
* bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
* bmo#1875356 - Add valgrind annotations to freebl kyber operations
for constant-time execution tests
* bmo#1870673 - Set nssckbi version number to 2.66
* bmo#1874017 - Add Telekom Security roots
* bmo#1873095 - Add D-Trust 2022 S/MIME roots
* bmo#1865450 - Remove expired Security Communication RootCA1 root
* bmo#1876179 - move keys to a slot that supports concatenation in
PK11_ConcatSymKeys
* bmo#1876800 - remove unmaintained tls-interop tests
* bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
flags
* bmo#1874937 - bogo: add support for the -curves shim flag and
update Kyber expectations
* bmo#1874937 - bogo: adjust expectation for a key usage bit test
* bmo#1757758 - mozpkix: add option to ignore invalid subject
alternative names
* bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
* bmo#1876390 - take ownership of ecckilla shims
* bmo#1874458 - add valgrind annotations to freebl/ec.c
* bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* bmo#1875965 - Update zlib to 1.3.1
- Use %patch -P N instead of deprecated %patchN.
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
* bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
* bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
* bmo#1867408 - add a defensive check for large ssl_DefSend return values
* bmo#1869378 - Add dependency to the taskcluster script for Darwin
* bmo#1869378 - Upgrade version of the MacOS worker for the CI
- add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
explicit default trust flags" test needs longer than the allowed
6 seconds on s390x
- update to NSS 3.95
* bmo#1842932 - Bump builtins version number.
* bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
* bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
* bmo#1850982 - Remove Camerfirma root certificates from NSS.
* bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
* bmo#1860670 - Add four Commscope root certificates to NSS.
* bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
* bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
* bmo#1861728 - Include P-256 Scalar Validation from HACL*.
* bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
256 ECC without DER wrapping at the softoken level
* bmo#1837987 - Add means to provide library parameters to C_Initialize
* bmo#1573097 - clang format
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
* bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
* bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
* bmo#1573097 - Fix Invalid casts in instance.c
- update to NSS 3.94
* bmo#1853737 - Updated code and commit ID for HACL*
* bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
current NSS
* bmo#1827303 - Softoken C_ calls should use system FIPS setting
to select NSC_ or FC_ variants
* bmo#1774659 - NSS needs a database tool that can dump the low level
representation of the database
* bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
* bmo#1852179 - avoid implicit conversion for ByteString
* bmo#1818766 - update rust version for acvp docker
* bmo#1852011 - Moving the init function of the mpi_ints before
clean-up in ec.c
* bmo#1615555 - P-256 ECDH and ECDSA from HACL*
* bmo#1840510 - Add ACVP test vectors to the repository
* bmo#1849077 - Stop relying on std::basic_string<uint8_t>
* bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
- rebased patches
- added nss-fips-test.patch to fix broken test
- Update to NSS 3.93:
* bmo#1849471 - Update zlib in NSS to 1.3.
* bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
* bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
- Rebase nss-fips-pct-pubkeys.patch.
- update to NSS 3.92
* bmo#1822935 - Set nssckbi version number to 2.62
* bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
* bmo#1839992 - Add 4 SSL.com Root CA certificates
* bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
* bmo#1840437 - Add LAWtrust Root CA2 (4096)
* bmo#1822936 - Remove E-Tugra Certification Authority root
* bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
* bmo#1840505 - Remove Hongkong Post Root CA 1
* bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
* bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
* bmo#1837431 - Implementation of the HW support check for ADX instruction
* bmo#1836925 - Removing the support of Curve25519
* bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
* bmo#1839327 - Adding args to enable-legacy-db build
* bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
default trust flags"
* bmo#1837617 - Initialize flags in slot structures
* bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
* bmo#1829112 - Followup Fixes
* bmo#1784253 - avoid processing unexpected inputs by checking for
m_exptmod base sign
* bmo#1826652 - add a limit check on order_k to avoid infinite loop
* bmo#1834851 - Update HACL* to commit 5f6051d2
* bmo#1753026 - add SHA3 to cryptohi and softoken
* bmo#1753026 - HACL SHA3
* bmo#1836781 - Disabling ASM C25519 for A but X86_64
- removed upstreamed patch nss-fix-bmo1836925.patch
- update to NSS 3.90.3
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1748105 - clean up escape handling.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1836925 - Disable ASM support for Curve25519.
* bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
- remove upstreamed nss-fix-bmo1836925.patch
- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
when using FIPS-mode (bsc#1223724).
- Added "Provides: nss" so other RPMs that require 'nss' can
be installed (jira PED-6358).
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- oniguruma
-
- Added oniguruma-6.8.2-CVE-2019-13225-fix.patch (boo#1141157 CVE-2019-13225)
oniguruma: null-pointer dereference in match_at() in regexec.c
- openssl-1_1
-
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- libqb
-
- ipc: Retry receiving credentials if the the message is short (gh#ClusterLabs/libqb#476, rh#2111711, bsc#1224183)
* bsc#1224183-0001-ipc-Retry-receiving-credentials-if-the-the-message-i.patch
- libsolv
-
- add a conflict to older libsolv-tools to libsolv-tools-base
- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
cases
- added experimental lua bindings
- bump version to 0.7.29
- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- suseconnect-ng
-
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- tiff
-
- security update:
* CVE-2023-3164 [bsc#1212233]
Fix heap buffer overflow in tiffcrop
+ tiff-CVE-2023-3164.patch
- libvirt
-
- rpc: Don't warn about "max_client_requests" in single-threaded
daemons
boo#1224327
- security: Ensure file exists before attempting to restore label
bsc#1220714
- libxml2
-
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
xmlHTMLPrintFileContext in xmllint.c
* Added libxml2-CVE-2024-34459.patch
- libzypp
-
- zypp-tui: Make sure translated texts use the correct textdomain
(fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)
- don't require libproxy1 on tumbleweed, it is optional now
- version 17.34.0 (34)
- Fix versioning scheme
- version 17.33.4 (35)
- add one more missing export for libyui-qt-pkg
- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)
- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2
- version 17.33.1 (33)
- switch to reduced size libsolv-tools-base (jsc#PED-8153)
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- Add ZYPP_API for exported functions and switch to
visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)
- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)
- shadow
-
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- ocfs2-tools
-
- OCFS2 writes delay on large volumes - slow la window lookup from global_bitmap (bsc#1219224)
* bsc1219224-debugfs.ocfs2-support-recording-gd-bg_contig_free_bi.patch
- pacemaker
-
- tools: CIB clients retry signon upon an EAGAIN error (gh#ClusterLabs/pacemaker#3567, bsc#1224183)
* bsc#1224183-0002-Fix-tools-CIB-clients-retry-signon-upon-an-EAGAIN-er.patch
- libcib: new function cib__signon_attempts() (gh#ClusterLabs/pacemaker#3567, bsc#1224183)
* bsc#1224183-0001-Refactor-libcib-new-function-cib__signon_attempts.patch
- libcrmcommon: reject ISO 8601 duration without any values (gh#ClusterLabs/pacemaker#3517)
* pacemaker#3517-0002-Low-libcrmcommon-reject-ISO-8601-duration-without-an.patch
- libstonithd: prevent to free 'op_reply' repeatedly in 'stonith_send_command' (gh#ClusterLabs/pacemaker#3517)
* pacemaker#3517-0001-prevent-to-free-op_reply-repeatedly-in-stonith_send_.patch
- libpacemaker: correctly retrieve any existing fail-count for increment (gh#ClusterLabs/pacemaker#3513)
* pacemaker#3513-0001-Fix-libpacemaker-correctly-retrieve-any-existing-fai.patch
- tools: make crm_mon exit upon loss of the attached pseudo-terminal (bsc#1220229, gh#ClusterLabs/pacemaker#3430)
* bsc#1220229-0001-Fix-tools-make-crm_mon-exit-upon-loss-of-the-attache.patch
- libcib: Don't incorrectly expand "++" and "+=" in XML attr values (gh#ClusterLabs/pacemaker#3413)
* pacemaker#3413-0003-Fix-libcib-Don-t-incorrectly-expand-and-in-XML-attr-.patch
- cts-cli: Update for pcmk__inject_failcount() setting integer value (gh#ClusterLabs/pacemaker#3413)
* pacemaker#3413-0002-Test-cts-cli-Update-for-pcmk__inject_failcount-setti.patch
- libpacemaker: pcmk__inject_failcount should set an integer value (gh#ClusterLabs/pacemaker#3413)
* pacemaker#3413-0001-Low-libpacemaker-pcmk__inject_failcount-should-set-a.patch
- scheduler: log unknown nodes in location constraints (gh#ClusterLabs/pacemaker#3409, CLBZ#5415)
* pacemaker#3409-0007-Log-scheduler-log-unknown-nodes-in-location-constrai.patch
- scheduler: correct lifetime deprecation warning (gh#ClusterLabs/pacemaker#3409)
* pacemaker#3409-0006-Log-scheduler-correct-lifetime-deprecation-warning.patch
- tools: honor rules when getting utilization attributes with crm_resource (gh#ClusterLabs/pacemaker#3409)
* pacemaker#3409-0005-Fix-tools-honor-rules-when-getting-utilization-attri.patch
- scheduler: deprecate support for default instance attributes (gh#ClusterLabs/pacemaker#3409)
* pacemaker#3409-0004-Low-scheduler-deprecate-support-for-default-instance.patch
- scheduler: use default timeout (20s) if user configures 0 (gh#ClusterLabs/pacemaker#3409)
* pacemaker#3409-0003-Fix-scheduler-use-default-timeout-20s-if-user-config.patch
- tools: crm_resource should ignore resource meta-attribute node expressions (gh#ClusterLabs/pacemaker#3409)
* pacemaker#3409-0001-Fix-tools-crm_resource-should-ignore-resource-meta-a.patch
- fencer: always format time_t values as long long (gh#ClusterLabs/pacemaker#3407)
* pacemaker#3407-0001-Log-fencer-always-format-time_t-values-as-long-long.patch
- libcrmcommon: NULL-check strdup() in pcmk__register_message() (gh#ClusterLabs/pacemaker#3394)
* pacemaker#3394-0004-Low-libcrmcommon-NULL-check-strdup-in-pcmk__register.patch
- libcrmcommon: NULL-check strdup() in pcmk__register_format() (gh#ClusterLabs/pacemaker#3394)
* pacemaker#3394-0003-Low-libcrmcommon-NULL-check-strdup-in-pcmk__register.patch
- libpacemaker: Correctly free graphs and synapses (gh#ClusterLabs/pacemaker#3394)
* pacemaker#3394-0002-Low-libpacemaker-Correctly-free-graphs-and-synapses.patch
- libcrmcommon: Initialize some variables (gh#ClusterLabs/pacemaker#3394)
* pacemaker#3394-0001-Low-libcrmcommon-Initialize-some-variables.patch
- HealthSMART:fix the description of temp_lower_limit (gh#ClusterLabs/pacemaker#3392)
* pacemaker#3392-0001-Doc-HealthSMART-fix-the-description-of-temp_lower_li.patch
- cibsecret: Use 'ps axww' to avoid truncating issue (gh#ClusterLabs/pacemaker#3384)
* pacemaker#3384-0001-Fix-cibsecret-Use-ps-axww-to-avoid-truncating-issue.patch
- libcrmcommon: Don't try to parse XML from bad .bz2 file (gh#ClusterLabs/pacemaker#3361)
* pacemaker#3361-0001-Low-libcrmcommon-Don-t-try-to-parse-XML-from-bad-.bz.patch
- libcrmcommon: use uint32_t for 32-bit magic numbers (gh#ClusterLabs/pacemaker#3381)
* pacemaker#3381-0001-Fix-libcrmcommon-use-uint32_t-for-32-bit-magic-numbe.patch
- libcrmcommon: Use free_xml in html_free_priv. (gh#ClusterLabs/pacemaker#3380)
* pacemaker#3380-0003-Low-libcrmcommon-Use-free_xml-in-html_free_priv.patch
- libcrmcommon: Free error strings in html/xml outputters. (gh#ClusterLabs/pacemaker#3380)
* pacemaker#3380-0002-Low-libcrmcommon-Free-error-strings-in-html-xml-outp.patch
- libcrmcommon: Free text/curses private list data. (gh#ClusterLabs/pacemaker#3380)
* pacemaker#3380-0001-Low-libcrmcommon-Free-text-curses-private-list-data.patch
- tools: Fix argument validation for crm_attribute update. (gh#ClusterLabs/pacemaker#3379)
* pacemaker#3379-0001-Low-tools-Fix-argument-validation-for-crm_attribute-.patch
- patterns-base
-
- Added a fips-certified pattern matching the exact certified
FIPS versions
- python-Jinja2
-
- Add CVE-2024-34064.patch upstream patch
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
Also fixes (CVE-2024-22195, bsc#1218722)
- python3-lxml
-
- Add libexpat-2.6.0-backport.patch to fix compatibility with system
libexpat in tests (bsc#1222075, CVE-2023-52425).
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
- salt
-
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Added:
* skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
* make-reactor-engine-less-blocking-the-eventpublisher.patch
* remove-unused-import-causing-delays-on-starting-salt.patch
* make-logging-calls-lighter.patch
* remove-redundant-_file_find-call-to-the-master.patch
* prevent-possible-exception-in-tornado.concurrent.fut.patch
* do-not-call-the-async-wrapper-calls-with-the-separat.patch
* add-missing-contextvars-dependency-in-salt.version.patch
* prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
* speed-up-salt.matcher.confirm_top-by-using-__context.patch
* improve-broken-events-catching-and-reporting.patch
* make-salt-master-self-recoverable-on-killing-eventpu.patch
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- rubygem-sass
-
- updated to version 3.7.4
no changelog found
- updated to version 3.7.3
no changelog found
- updated to version 3.7.2
no changelog found
- updated to version 3.6.0
no changelog found
- updated to version 3.5.7
no changelog found
- updated to version 3.5.6
no changelog found
- updated to version 3.5.5
no changelog found
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by system getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- 000release-packages:sle-ha-release
-
n/a
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-sap-applications-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- socat
-
- Update to 1.8.0.0:
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
- Drop socat-common-fixes.patch (no longer necessary)
- Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
- Add socat-test-dhparam fixture (reduce build load and time)
- Add socat-test-without-tty.patch for testing without tty.
- Note: This version introduces "socat1", linking to "socat"
- Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
- Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on "socat /tmp/x\"x/x -"
- Drop socat-fix-asan-error.patch
- Use autosetup
- Add socat-fix-asan-error.patch that is offered to upstream
and that fixes an ASAN error seen for 'test 313 NESTEDOVFL'.
- update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
- Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
- update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
- Update to version 1.7.3.4:
* bugfix release, see the CHANGES file for all changes
- Refresh patches:
* socat-common-fixes.patch
* socat-ignore-tests-failure-boo1078346.patch
- socat-common-fixes.patch: include tcpd.h where needed to fix
- fno-common bsc#1160293
- Update to version 1.7.3.3:
* bugfix release, see the CHANGES file for all changes
- Drop patch:
* socat-openssl-1.1-tests.patch (not longer needed)
- Run spec-cleaner
- Replace old variables by modern counterparts.
- We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.
- supportutils
-
- Changes in version 3.1.30
+ Added -V key:value pair option (bsc#1222021, PED-8211)
+ Avoid getting duplicate kernel verifications in boot.text (pr#193)
+ Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
+ Includes container log timestamps (pr#197)
- suse-build-key
-
- added missing ; in shell script (bsc#1227681)
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them. (bsc#1227429)
gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.
- suse-module-tools
-
- Update to version 15.5.5:
* Include unblacklist in initramfs (bsc#1224320)
* regenerate-initrd-posttrans: run update-bootloader --refresh for XEN
(bsc#1223278)
* 60-io-scheduler.rules: test for "scheduler" sysfs attribute (boo#1216717)
- util-linux-systemd
-
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- wget
-
- Fix mishandled semicolons in the userinfo subcomponent could lead to an
insecure behavior in which data that was supposed to be in the userinfo
subcomponent is misinterpreted to be part of the host subcomponent.
[bsc#1226419, CVE-2024-38428, properly-re-implement-userinfo-parsing.patch]
- wicked
-
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- arp: increase arp-send retry value to avoid address configuration
failure due to ENOBUF reported by kernel while duplicate address
detection with underlying bonding in 802.3ad mode reporting link
"up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020,
gh#openSUSE/wicked#1022).
[+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- client: fix ifreload to pull UP ports/links again when the config
of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
[+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
[- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
[- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
[- 0003-move-all-attribute-definitions-to-compiler-h.patch]
[- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
[- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- xen
-
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
- xfsprogs
-
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
- Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch
- xkbcomp
-
- U_Ignore-xkb_keycodes.maximum-of-255.patch
* fix keyboard layouts in XWayland applications when having
several keyboard layouts enabled (boo#1219505)
- yast2-country
-
- Rename Europe/Kiev to Europe/Kyiv as per 2022b release of
tz code and data by ICANN (bsc#1224387)
- 4.5.6
- yast2-iscsi-client
-
- Don't leak passwords to the log (bsc#1225432)
- 4.5.9
- yast2-registration
-
- Ensure add_on_others in autoyast profile are added (bsc#1223301)
- 4.5.10
- zypper
-
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)