- aaa_base
-
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
allow ICMP ping
- added patches
+ git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
current version which includes a rename of patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
the 8 bit escape sequence which interfere with UTF-8 multi byte
characters as well as support the vi mode of readline library.
This is done with the patches
* git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
* git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
before the changed patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
rename it to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
and also add the patches
* git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
* git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- apache2
-
- modified patches
% apache2-CVE-2022-23943.patch (refreshed)
- security update
- added patches
fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed
+ apache2-CVE-2022-23943.patch
fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling
+ apache2-CVE-2022-22720.patch
fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua
+ apache2-CVE-2022-22719.patch
fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody
+ apache2-CVE-2022-22721.patch
- security update
- apparmor
-
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
- add add-samba-bgqd.diff: add profile for samba-bgqd;
(bsc#1191532).
- augeas
-
- support new chrony 4.1 options (jsc#SLE-17334)
augeas-new_options_for_chrony.patch
- autofs
-
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
Fix problem with quote handling
(bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
Fix locking problem that causes deadlock when sss used.
(bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
- autoyast2
-
- Properly handle the "/dopackages"/ option in the openFile
method of the AyastSetup module (bsc#1196566).
- 4.3.100
- Avoid login while running AutoYaST init-scripts (bsc#1196594 and
related to bsc#1195059).
- 4.3.99
- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910)
- 4.3.98
- Modified init-scripts service dependencies fixing a root login
systemd timeout when installing with ssh (bsc#1195059)
- 4.3.97
- Fix handling of add-on signature settings, introduced when fixing
bsc#1192437 (bsc#1194881).
- 4.3.96
- Properly merge the autoupgrade workflow when using the online
medium (bsc#1192437, bsc#1194440).
- 4.3.95
- avahi
-
- Downgrade python3-Twisted to a Recommends. It is not available
on SLED or PackageHub, and it is only needed by avahi-bookmarks
(bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
- bind
-
- When using forwarders, bogus NS records supplied by, or via, those
forwarders may be cached and used by named if it needs to recurse
for any reason, causing it to obtain and pass on potentially
incorrect answers.
[CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- blog
-
- Update to version 2.26
* On s390/x and PPC64 gcc misses unused arg0
- Remove patch fcb9e0c2.patch as now part of tar ball
- Add upstream patch fcb9e0c2.patch
* On s390/x and PPC64 gcc misses unused arg0
- Update to version 2.24
* Avoid install errror due missed directory
- Update to version 2.22
* Avoid KillMode=none for newer systemd version as well as rework
the systemd unit files of blog (boo#1186506)
- Move to /usr for UsrMerge (boo#1191057)
- Update to version 2.21
* Merge pull request #4 from samueldr/fix/makefile
Fixup Makefile for better build system support
* Silent new gcc compiler
- c3p0
-
- update to version c3p0 0.9.5.5 and
mchange-commons-java 0.2.19
* Address CVE-2018-20433
* Address CVE-2019-5427 - XML-config parsing related attacks
(bsc#1133198)
* Properly implement the JDBC 4.1 abort method
Removed:
* fix-CVE-2018-20433.patch included upstream
- build with log4j mapper
- Change:
* c3p0-embed-mchange-common.patch
- chrony
-
- Fix config file handling in the spec file and remove "/ntsdumpdir"/
from default config, because augeas-lenses cannot parse it during
installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- boo#1187906: Consolidate all references to the helper script.
- Add now working CONFIG parameter to sysusers generator
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
can do all the other required crypto via nettle+gnutls. no need
for another crypto library.
- Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and "/reload sources"/ command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get "/maxsources"/
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add "/add pool"/ command
- Add "/reset sources"/ command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option "/version 3"/)
- Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
enable the new features)
- drop patches which are included in the update:
chrony-test-update-processing-of-packet-log.patch
chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
osc build --without=testsuite
testsuite still runs by default
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
- Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
not actually live below libexecdir.
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
- Fix incorrect download link for package signature
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
- fix chrony-service-helper.patch
- Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Update testsuite to version 58c5e8b
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
- Update clknetsim to revision 8b48422
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
- Update the keyring and uncomment it in the spec file
- Comment out bad signature
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
- Update clknetsim to revision 42b693b
* Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
- Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- cloud-regionsrv-client
-
- Update to version 10.0.3 (bsc#1198389)
- Descend into the extension tree even if top level module is recommended
- Cache license state for AHB support to detect type switch
- Properly clean suse.com credentials when switching from SCC to update
infrastructure
- New log message to indicate base product registration success
- Update to version 10.0.2
+ Fix name of logfile in error message
+ Fix variable scoping to properly detect registration error
+ Cleanup any artifacts on registration failure
+ Fix latent bug with /etc/hosts population
+ Do not throw error when attemting to unregister a system that is not
registered
+ Skip extension registration if the extension is recommended by the
baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
+ Provide status feedback on registration, success or failure
+ Log warning message if data provider is configured but no data
can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
+ The repo enablement timer cannot depend on guestregister.service
- Update -addon-azure to 1.0.2 (bsc#1196305)
+ The is-registered() function expects a string of the update server FQDN.
The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
+ Lower case the region hint to reduce issues with Azure region name
case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
+ Refactor removes check_registration() function in utils implementation
+ Only start the registration service for PAYG images
- addon-azure sub-package to version 1.0.1
- cobbler
-
- Fix issues with installation module logging and validation (bsc#1195918)
- Added:
* v3-1-2-log-pollution-3.patch
- Move configuration files ownership to apache (bsc#1195906)
- Make configuration files only readable by root (bsc#1193671, CVE-2021-45083)
- Remove hardcoded test credentials (bsc#1193673)
- Prevent log pollution (bsc#1193675)
- Missing sanity check on MongoDB configuration file (bsc#1193676)
- Incomplete template sanatization (bsc#1193678, CVE-2021-45082)
- Added:
* v3-1-2-incomplete-template-sanatization.patch
* v3-1-2-log-pollution-1.patch
* v3-1-2-log-pollution-2.patch
* v3-1-2-mongodb-sanatiy-check.patch
* v3-1-2-remove-testing-auth.patch
- Modified (updated fuzz):
* fix-for-old-str.join-usage.diff
* remove-redundant-json-suffix.diff
* v3-1-2-arbitrary-file-read-write-plus-RCE.patch
- containerd
-
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- coreutils
-
- coreutils-df-fuse-portal-dummy.patch:
df: Add "/fuse.portal"/ as a dummy file system (used in flatpak
implementations). (bsc#1189152)
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
- cyrus-sasl-saslauthd
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- docker
-
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- dracut
-
- Update to version 049.1+suse.228.g07676562:
* fix(network): consistent use of "/$gw"/ for gateway (bsc#1192685)
* fix(install): handle builtin modules (bsc#1194716)
- e2fsprogs
-
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
for libreadline.so.7 for Leap 15.3 (bsc#1196939)
- expat
-
- Security fixes:
* (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
* Added expat-CVE-2022-22827.patch
- fence-agents
-
- (bsc#1196350) fence_gce updates pull from Clusterlabs repo
- Apply proposed upstream patch
0001-fence_gce-Add-timeouts-and-failure-options-458.patch
- filesystem
-
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- firewalld
-
- Add patch which fixes the zone configuration (bsc#1191837)
* 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch
- gcc11
-
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Add gcc11-D-dependence-fix.patch to fix memory corruption when
creating dependences with the D language frontend.
- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap
on aarch64 which is unresolvable.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
- glibc
-
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
(CVE-2021-3999, bsc#1194640, BZ #28769)
- 0001-powerpc-Optimized-strcpy-for-POWER9.patch,
0002-powerpc-Optimized-stpcpy-for-POWER9.patch,
0003-powerpc-Optimized-rawmemchr-for-POWER9.patch,
0004-powerpc64le-add-optimized-strlen-for-P9.patch,
0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch,
0006-powerpc-Add-optimized-strncpy-for-POWER9.patch,
0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch,
0008-powerpc-Add-optimized-ilogb-for-POWER9.patch,
0009-powerpc-Add-optimized-llogb-for-POWER9.patch,
0010-powerpc-Add-optimized-strlen-for-POWER10.patch,
0011-powerpc64le-Optimized-memmove-for-POWER10.patch,
0012-powerpc64le-Optimize-memcpy-for-POWER10.patch,
0013-powerpc64le-Optimize-memset-for-POWER10.patch,
0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch,
0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc
improvements (bsc#1194785, jsc#SLE-18195)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
(CVE-2022-23218, bsc#1194770, BZ #28768)
- Add support for livepatches (jsc#SLE-20049).
- Enable livepatching on x86_64.
- Generate ipa-clones tarball artifact when livepatching is enabled.
- gnutls
-
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- google-guest-agent
-
- Update to version 20211116.00 (bsc#1193257, bsc#1193258)
* dont duplicate logs (#146)
* Add WantedBy network dependencies to google-guest-agent service (#136)
* dont try dhcpv6 when not needed (#145)
* Integration tests: instance setup (#143)
* Integration test: test create and remove google user (#128)
* handle comm errors in script runner (#140)
* enforce script ordering (#138)
* enable ipv6 on secondary interfaces (#133)
- from version 20211103.00
* Integration tests: instance setup (#143)
- from version 20211027.00
* Integration test: test create and remove google user (#128)
- Update to version 20211019.00
* handle comm errors in script runner (#140)
- from version 20211015.00
* enforce script ordering (#138)
- from version 20211014.00
* enable ipv6 on secondary interfaces (#133)
- from version 20211013.00
* dont open ssh tempfile exclusively (#137)
- from version 20211011.00
* correct linux startup script order (#135)
* Emit sshable attribute (#123)
- from version 20210908.1
* restore line (#127)
- from version 20210908.00
* New integ test (#124)
- from version 20210901.00
* support enable-oslogin-sk key (#120)
* match script logging to guest agent (#125)
- from version 20210804.00
* Debug logging (#122)
- Refresh patches for new version
* dont_overwrite_ifcfg.patch
- Build with go1.15 for reproducible build results (boo#1102408)
- Update to version 20210707.00
* Use IP address for calling the metadata server. (#116)
- from version 20210629.00
* use IP for MDS (#115)
- Update to version 20210603.00
* systemd-notify in agentInit (#113)
* dont check status (#112)
- from version 20210524.00
* more granular service restarts (#111)
- from version 20210414.00
* (no functional changes)
- google-guest-configs
-
- Add missing pkg-config dependency to BuildRequires for SLE-12
- Install modprobe configuration files into /etc again on SLE-15-SP2 and
older since that's stil the default location on these distributions
- Probe udev directory using the "/udevdir"/ pkg-config variable on SLE-15-SP2
and older since the variable got renamed to "/udev_dir"/ in later versions
- Remove redundant pkgconfig(udev) from BuildRequires for SLE-12
- Update to version 20211116.00 (bsc#1193257, bsc#1193258)
* GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field
only looks for the last digit of the given string causing issues when there
are >= 10 local SSDs. Changed REGEX to get the last number of the string
instead to support the up to 24 local SSDs. (#30)
* chmod+x google_nvme_id on EL (#31)
- Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue
- Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653)
- Update to version 20210916.00
* Revert "/dont set IP in etc/hosts; remove rsyslog (#26)"/ (#28)
- from version 20210831.00
* restore rsyslog (#27)
- from version 20210830.00
* Fix NVMe partition names (#25)
- from version 20210824.00
* dont set IP in etc/hosts; remove rsyslog (#26)
* update OWNERS
- Use %_modprobedir for modprobe.d files (out of /etc)
- Use %_sysctldir for sysctl.d files (out of /etc)
- Update to version 20210702.00
* use grep for hostname check (#23)
- from version 20210629.00
* address set_hostname vuln (#22)
- from version 20210324.00
* dracut.conf wants spaces around values (#19)
- google-guest-oslogin
-
- Update to version 20211013.00 (bsc#1193257, bsc#1193258)
* remove deprecated binary (#79)
- from version 20211001.00
* no message if no groups (#78)
- from version 20210907.00
* use sigaction for signals (#76)
- from version 20210906.00
* include cstdlib for exit (#75)
* catch SIGPIPE in authorized_keys (#73)
- from version 20210805.00
* fix double free in ParseJsonToKey (#70)
- from version 20210804.00
* fix packaging for authorized_keys_sk (#68)
* add authorized_keys_sk (#66)
- Add google_authorized_keys_sk to %files section
- Remove google_oslogin_control from %files section
- google-osconfig-agent
-
- Update to version 20211117.00 (bsc#1193257, bsc#1193258)
* Add retry logic for RegisterAgent (#404)
- from version 20211111.01
* e2e_test: drop ubuntu 1604 image as its EOL (#403)
- from version 20211111.00
* e2e_test: move to V1 api for OSPolicies (#397)
- from version 20211102.00
* Fix context logging and fix label names (#400)
- from version 20211028.00
* Add cloudops example for gcloud (#399)
- Update to version 20211021.00
* Added patch report logging for Zypper. (#395)
- from version 20211012.00
* Replace deprecated instance filters with the new filters (#394)
- from version 20211006.00
* Added patch report log messages for Yum and Apt (#392)
- from version 20210930.00
* Config: Add package info caching (#391)
- from version 20210928.00
* Fixed the runWithPty function to set ctty to child's filedesc (#389)
- from version 20210927.00
* e2e_tests: fix a test output mismatch (#390)
- from version 20210924.00
* Fix some e2e test failures (#388)
- from version 20210923.02
* Correctly check for folder existance in package upgrade (#387)
- from version 20210923.01
* ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386)
- from version 20210923.00
* Deprecate old config directory in favor of new cache directory (#385)
- from version 20210922.02
* Fix rpm/deb package formating for inventory reporting (#384)
- from version 20210922.01
* Add centos stream rocky linux and available package tests (#383)
- from version 20210922.00
* Add more info logs, actually cleanup unmanaged repos (#382)
- from version 20210901.00
* Add E2E tests for Windows Application (#379)
* Return lower-case package name (#377)
* Update Terraform scripts for multi-project deployments tutorial. (#378)
- from version 20210811.00
* Support Windows Application Inventory (#371)
- from version 20210723.00
* Send basic inventory with RegisterAgent (#373)
- from version 20210722.1
* e2e_tests: move to manually generated osconfig library (#372)
- from version 20210722.00
* Create OWNERS file for examples directory (#368)
- from version 20210719.00
* Update Zypper patch info parsing (#370)
- Build with go1.15 for reproducible build results (boo#1102408)
- Update to version 20210712.1
* Skip getting patch info when no patches are found. (#369)
- from version 20210712.00
* Add Terraform scripts for multi-project deployments (#367)
- from version 20210709.00
* Add examples/Terraform directory. (#366)
- from version 20210707.00
* Fix bug in printing packages to update,
return error for zypper patch (#365)
- from version 20210629.00
* Add CloudOps examples for CentOS (#364)
- Update to version 20210621.00
* chore: Fixing a comment. (#363)
- from version 20210617.00
* Use exec.CommandContext so that canceling the context also
kills any running processes (#362)
- from version 20210608.1
* e2e_tests: point to official osconfig client library (#359)
- from version 20210608.00
* e2e_tests: deflake tests (#358)
- from version 20210607.00
* Fix build on some architectures (#357)
- from version 20210603.00
* Create win-validation-powershell.yaml (#356)
- from version 20210602.00
* Agent efficiency improvements/bugfixes/logging updates (#355)
* e2e_tests: add tests for ExecResource output (#354)
- from version 20210525.00
* Run fieldalignment on all structs (#353)
- from version 20210521.00
* Config Task: add error message and ExecResource output recording (#350)
* e2e_tests: remove Windows server 1909 and add server 20h2 (#352)
* Added a method for logging structured data (#349)
- grub2
-
- Fix grub-install error when efi system partition is created as mdadm software
raid1 device (bsc#1179981) (bsc#1195204)
* 0001-install-fix-software-raid1-on-esp.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix wrong default entry when booting snapshot (bsc#1159205)
* grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
- Improve support for SLE Micro 5.1 on s390x. (bsc#1190395)
* grub2-s390x-04-grub2-install.patch
- Patch refreshed
* grub2-s390x-11-secureboot.patch
- hibernate5
-
- Fix potential SQL injection CVE-2020-25638 (bsc#1193832)
- Added:
* 0001-HHH-14225-CVE-2020-25638-Potential-for-SQL-injection.patch
- hwdata
-
- Update to version 0.357 (bsc#1196332):
+ Updated pci, usb and vendor ids.
- Update to version 0.356:
+ Updated pci, usb and vendor ids.
- java-11-openjdk
-
- Update to upstream tag jdk-11.0.14.1+1
* Changes:
+ JDK-8280786: Build failure on Solaris after 8262392
+ JDK-8218546: Unable to connect to https://google.com using
java.net.HttpClient
+ JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
- Update to upstream tag jdk-11.0.14+9 (January 2022 CPU)
* New features
+ JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
* Security fixes
+ JDK-8217375: jarsigner breaks old signature with long lines
in manifest
+ JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if
zip has dir named "/."/ inside
+ JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization
+ JDK-8268488: More valuable DerValues
+ JDK-8268494: Better inlining of inlined interfaces
+ JDK-8268512: More content for ContentInfo
+ JDK-8268795: Enhance digests of Jar files
+ JDK-8268801: Improve PKCS attribute handling
+ JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching
+ JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ JDK-8269944: Better HTTP transport redux
+ JDK-8270386, CVE-2022-21291, bsc#1194925: Better verification
of scan methods
+ JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String
constructions
+ JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction
of Identity maps
+ JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of
URIs
+ JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser
configuration management
+ JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of
XML entities
+ JDK-8270952, CVE-2022-21277, bsc#1194930: Improve TIFF file
handling
+ JDK-8271962: Better TrueType font loading
+ JDK-8271968: Better canonical naming
+ JDK-8271987: Manifest improved manifest entries
+ JDK-8272014, CVE-2022-21305, bsc#1194939: Better array
indexing
+ JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar
Verification
+ JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms
for transport
+ JDK-8272272: Enhance jcmd communication
+ JDK-8272462: Enhance image handling
+ JDK-8273290: Enhance sound handling
+ JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image
support
+ JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP
processing
+ JDK-8274096, CVE-2022-21366, bsc#1194927: Improve decoding of
image files
+ JDK-8279541: Improve HarfBuzz
* Other changes
+ JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/
/ChoiceKeyEventReaction.html fails
+ JDK-7105119: [TEST_BUG] [macosx] In test
UIDefaults.toString() must be called with the invokeLater()
+ JDK-7151826: [TEST_BUG] [macosx] The test
javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
+ JDK-7179006: [macosx] Print-to-file doesn't work: printing to
the default printer instead
+ JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/
/bug4726194.java fails on MacOSX
+ JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong
number of thread end events
+ JDK-8039261: [TEST_BUG]: There is not a minimal security
level in Java Preferences and the TestApplet.html is blocked.
+ JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/
/AltTabCrashTest.java fails with exception
+ JDK-8075909: [TEST_BUG] The regression-swing case failed as
it does not have the 'Open' button when select 'subdir' folder
with NimbusLAF
+ JDK-8078219: Verify lack of @test tag in files in java/net
test directory
+ JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails
with "/RuntimeException: Process terminated prematurely"/
+ JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/
/ThreadMXBeanStateTest.java timed out intermittently
+ JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails
intermittently
+ JDK-8131745: java/lang/management/ThreadMXBean/
/AllThreadIds.java still fails intermittently
+ JDK-8136517: [macosx] Test java/awt/Focus/8073453/
/AWTFocusTransitionTest.java fails on MacOSX
+ JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/
/4251579/bug4251579.java failure due to timing
+ JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/
/Test6541987.java fails
+ JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/
/bug4760494.java leaves key pressed
+ JDK-8159904: [TEST_BUG] Failure on solaris of
java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
+ JDK-8163086: java/awt/Window/TranslucentJAppletTest/
/TranslucentJAppletTest.java fails
+ JDK-8165828: [TEST_BUG] The reg case: javax/swing/plaf/metal/
/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look
and Feel
+ JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not
fired! on Windows
+ JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException:
Default button is not pressed
+ JDK-8169959: javax/swing/JTable/6263446/bug6263446.java:
Table should be editing
+ JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/
/7156657/bug7156657.java fails on OS X
+ JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails
on Windows
+ JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java
fails intermittently
+ JDK-8179880: Refactor javax/security shell tests to plain
java tests
+ JDK-8180568: Refactor javax/crypto shell tests to plain java
tests
+ JDK-8180569: Refactor sun/security/krb5/ shell tests to plain
java tests
+ JDK-8180571: Refactor sun/security/pkcs11 shell tests to
plain java tests and fix failures
+ JDK-8180573: Refactor sun/security/tools shell tests to plain
java tests
+ JDK-8187649: ArrayIndexOutOfBoundsException in
java.util.JapaneseImperialCalendar
+ JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes)
leads to a negative initial size for ByteArrayOutputStream
+ JDK-8195703: BasicJDWPConnectionTest.java: 'App exited
unexpectedly with 2'
+ JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java
fails
+ JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java
fails
+ JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/
/NoEventsTest.java fails on Windows
+ JDK-8197811: Test java/awt/Choice/PopupPosTest/
/PopupPosTest.java fails on Windows
+ JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java
fails on mac
+ JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java
fails on mac
+ JDK-8198619: java/awt/Focus/FocusTraversalPolicy/
/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java
fails on mac
+ JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/
/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java
fails on mac
+ JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/
/SubMenuShowTest/SubMenuShowTest.html fails on mac
+ JDK-8199138: Add RISC-V support to Zero
+ JDK-8199529: javax/swing/text/Utilities/8142966/
/SwingFontMetricsTest.java fails on windows
+ JDK-8201224: Make string buffer size dynamic in
mlvmJvmtiUtils.c
+ JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/
/FollowReferences/followref003/TestDescription.java fails with
"/Location mismatch"/ errors
+ JDK-8204161: [TESTBUG] auto failed with the "/Applet thread
threw exception: java.lang.UnsupportedOperationException"/
exception
+ JDK-8206085: Refactor
langtools/tools/javac/versions/Versions.java
+ JDK-8207936: TestZipFile failed with java.lang.AssertionError
exception
+ JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
+ JDK-8209611: use C++ compiler for hotspot tests
+ JDK-8210182: Remove macros for C compilation from vmTestBase
but non jvmti
+ JDK-8210198: Clean up JNI_ENV_ARG for
vmTestbase/jvmti/Get[A-F] tests
+ JDK-8210205: build fails on AIX in hotspot cpp tests (for
example getstacktr001.cpp)
+ JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/
/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION
on windows-x86
+ JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java
back to tier1
+ JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[A-N] tests
+ JDK-8210392: assert(Compile::current()->live_nodes() <
Compile::current()->max_node_limit()) failed: Live Node limit
exceeded limit
+ JDK-8210395: Add doc to SecurityTools.java
+ JDK-8210429: Clean up JNI_ENV_ARG for
vmTestbase/jvmti/Get[G-Z] tests
+ JDK-8210481: Remove #ifdef cplusplus from vmTestbase
+ JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[N-R] tests
+ JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[R-U] tests
+ JDK-8210689: Remove the multi-line old C style for string
literals
+ JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti/unit tests
+ JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
+ JDK-8210920: Native C++ tests are not using CXXFLAGS
+ JDK-8210984: [TESTBUG] hs203t003 fails with "/# ERROR:
hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti,
thread)"/
+ JDK-8211036: Remove the NSK_STUB macros from vmTestbase for
non jvmti
+ JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[G-I]*
+ JDK-8211148: var in implicit lambdas shouldn't be accepted
for source < 11
+ JDK-8211171: move JarUtils to top-level testlibrary
+ JDK-8211227: Inconsistent TLS protocol version in debug output
+ JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[A-G]*
+ JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
+ JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[I-S]*
+ JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/scenarios/[A-E]
+ JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/scenarios/[E-M]
+ JDK-8211905: Remove multiple casts for EM06 file
+ JDK-8211999: Window positioning bugs due to overlapping
GraphicsDevice bounds (Windows/HiDPI)
+ JDK-8212082: Remove the NSK_CPP_STUB macros for remaining
vmTestbase/jvmti/[sS]*
+ JDK-8212083: Handle remaining gc/lock native code and fix two
strings
+ JDK-8212148: Remove remaining NSK_CPP_STUBs
+ JDK-8213110: Remove the use of applets in automatic tests
+ JDK-8213189: Make restricted headers in HTTP Client
configurable and remove Date by default
+ JDK-8213263: fix legal headers in test/langtools
+ JDK-8213296: Fix legal headers in test/jdk/java/net
+ JDK-8213301: Fix legal headers in jdk logging tests
+ JDK-8213305: Fix legal headers in test/java/math
+ JDK-8213306: Fix legal headers in test/java/nio
+ JDK-8213328: Update test copyrights in test/java/util/zip and
test/jdk/tools
+ JDK-8213330: Fix legal headers in i18n tests
+ JDK-8213707: [TEST] vmTestbase/nsk/stress/except/
/except011.java failed due to wrong class name
+ JDK-8214469: [macos] PIT: java/awt/Choice/
/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
+ JDK-8215410: Regression test for JDK-8214994
+ JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
+ JDK-8215624: Add parallel heap iteration for jmap u2013histo
+ JDK-8215889: assert(!_unloading) failed: This oop is not
available to unloading class loader data with ZGC
+ JDK-8216318: The usage of Disposer in the java.awt.Robot can
be deleted
+ JDK-8216417: cleanup of IPv6 scope-id handling
+ JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java
failed with UnsupportedOperation exception
+ JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
+ JDK-8217633: Configurable extensions with system properties
+ JDK-8217882: java/net/httpclient/MaxStreams.java failed once
+ JDK-8217903: java/net/httpclient/Response204.java fails with
404
+ JDK-8218483: Crash in
"/assert(_daemon_threads_count->get_value() > daemon_count)
failed: thread count mismatch 5 : 5"/
+ JDK-8219986: Change to Xcode 10.1 for building on Macosx at
Oracle
+ JDK-8220575: Correctly format test URI's that contain a
retrieved IPv6 address
+ JDK-8221259: New tests for java.net.Socket to exercise long
standing behavior
+ JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails
on MacOS + Solaris
+ JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/
/FocusTraversal.java fails on ubuntu
+ JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/
/IconifyTest.java fails on ubuntu18.04
+ JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed())
failed: Must invalidate if TypeFuncs differ
+ JDK-8223137: Rename predicate 'do_unroll_only()' to
'is_unroll_only()'.
+ JDK-8223138: Small clean-up in loop-tree support.
+ JDK-8223139: Rename mandatory policy-do routines.
+ JDK-8223140: Clean-up in 'ok_to_convert()'
+ JDK-8223141: Change (count) suffix _ct into _cnt.
+ JDK-8223400: Replace some enums with static const members in
hotspot/runtime
+ JDK-8223658: Performance regression of XML.validation in
13-b19
+ JDK-8223923: C2: Missing interference with mismatched unsafe
accesses
+ JDK-8224829: AsyncSSLSocketClose.java has timing issue
+ JDK-8225083: Remove Google certificate that is expiring in
December 2021
+ JDK-8226514: Replace wildcard address with loopback or local
host in tests - part 17
+ JDK-8226943: compile error in libfollowref003.cpp with XCode
10.2 on macosx
+ JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed
due to "/SSLException: An established connection was aborted by
the software in your host machine"/
+ JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java
fails on Windows7
+ JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently
positions text
+ JDK-8230019: [REDO] compiler/types/correctness/* tests fail
with "/assert(recv == __null || recv->is_klass()) failed: wrong
type"/
+ JDK-8230067: Add optional automatic retry when running jtreg
tests
+ JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests
may fail on some platforms
+ JDK-8231501: VM crash in
MethodData::clean_extra_data(CleanExtraDataClosure*):
fatal error: unexpected tag 99
+ JDK-8233403: Improve verbosity of some httpclient tests
+ JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
+ JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on
MacOS
+ JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on
MacOS
+ JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
+ JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
+ JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on
macos
+ JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is
failing on macos
+ JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails
on macos
+ JDK-8233562: [TESTBUG] Swing StyledEditorKit test
bug4506788.java fails on MacOS
+ JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
+ JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on
MacoS
+ JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
+ JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java
fails on macos
+ JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is
failing on macos
+ JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails
on macos
+ JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java
fails on macos
+ JDK-8233637: [TESTBUG] Swing
ActionListenerCalledTwiceTest.java fails on macos
+ JDK-8233638: [TESTBUG] Swing test
ScreenMenuBarInputTwice.java fails on macos
+ JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails
on macos
+ JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails
on macos
+ JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on
macos
+ JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is
failing on macos
+ JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is
failing on macos
+ JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture
Recognition in all the platforms
+ JDK-8234823: java/net/Socket/Timeouts.java testcase
testTimedConnect2() fails on Windows 10
+ JDK-8235784: java/lang/invoke/VarHandles/
/VarHandleTestByteArrayAsInt.java fails due to timeout with
fastdebug bits
+ JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java
fails with -Xcomp -XX:TieredStopAtLevel=1
+ JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60),
cond_wait
+ JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT,
when using proxy tunnel
+ JDK-8237354: Add option to jcmd to write a gzipped heap dump
+ JDK-8237589: Fix copyright header formatting
+ JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java
should not specify TLS version
+ JDK-8239334: Tab Size does not work correctly in JTextArea
with setLineWrap on
+ JDK-8239422: [TESTBUG]
compiler/c1/TestPrintIRDuringConstruction.java failed when C1
is disabled
+ JDK-8239827: The test OpenByUNCPathNameTest.java should be
changed to be manual
+ JDK-8240256: Better resource cleaning for SunPKCS11 Provider
+ JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test
Server
+ JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/
/bug8020708.java fails in mach5 ubuntu system
+ JDK-8242793: Incorrect copyright header in
ContinuousCallSiteTargetChange.java
+ JDK-8243543: jtreg test security/infra/java/security/cert/
/CertPathValidator/certification/BuypassCA.java fails
+ JDK-8244292: Headful clients failing with
- -illegal-access=deny
+ JDK-8245147: Refactor and improve utility of
test/langtools/tools/javac/versions/Versions.java
+ JDK-8245165: Update bug id for
javax/swing/text/StyledEditorKit/4506788/bug4506788.java in
ProblemList
+ JDK-8245665: Test WeakAlg.java should only make sure no
warning for weak signature algorithms by keytool on root CA
+ JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails
after 8241072 (multi-homed systems)
+ JDK-8246807: Incorrect copyright header in
TimeZoneDatePermissionCheck.sh
+ JDK-8247403: JShell: No custom input (e.g. from GUI) possible
with JavaShellToolBuilder
+ JDK-8247510: typo in IllegalHandshakeMessage
+ JDK-8248187: [TESTBUG] javax/swing/plaf/basic/
/BasicGraphicsUtils/8132119/bug8132119.java fails with String
is not properly drawn
+ JDK-8248341: ProblemList java/lang/management/ThreadMXBean/
/ThreadMXBeanStateTest.java
+ JDK-8248500: AArch64: Remove the r18 dependency on Windows
AArch64
+ JDK-8248899: security/infra/java/security/cert/
/CertPathValidator/certification/QuoVadisCA.java fails,
Certificate has been revoked
+ JDK-8249195: Change to Xcode 11.3.1 for building on Macos at
Oracle
+ JDK-8250521: Configure initial RTO to use minimal retry for
loopback connections on Windows
+ JDK-8250810: Push missing parts of JDK-8248817
+ JDK-8250839: Improve test template SSLEngineTemplate with
SSLContextTemplate
+ JDK-8250863: Build error with GCC 10 in NetworkInterface.c
and k_standard.c
+ JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/
/gf08t001/TestDriver.java fails
+ JDK-8251155: HostIdentifier fails to canonicalize hostnames
starting with digits
+ JDK-8251377: [macos11] JTabbedPane selected tab text is
barely legible
+ JDK-8251570: JDK-8215624 causes assert(worker_id <
_n_workers) failed: Invalid worker_id
+ JDK-8251930: AArch64: Native types mismatch in hotspot
+ JDK-8252049: Native memory leak in ciMethodData ctor
+ JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x
friendly
+ JDK-8252114: Windows-AArch64: Enable and test ZGC and
ShenandoahGC
+ JDK-8253015: Aarch64: Move linux code out from generic CPU
feature detection
+ JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java
fail on big screens
+ JDK-8253497: Core Libs Terminology Refresh
+ JDK-8253682: The AppletInitialFocusTest1.java is unstable
+ JDK-8253763: ParallelObjectIterator should have virtual
destructor
+ JDK-8253866: Security Libs Terminology Refresh
+ JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in
"/try throwing in GET_BODY"/
+ JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java
intermittently failing with TestServer: start exception:
java.io.IOException: Invalid preface
+ JDK-8255264: Support for identifying the full range of IPv4
localhost addresses on Windows
+ JDK-8255716: AArch64: Regression: JVM crashes if manually
offline a core
+ JDK-8255722: Create a new test for rotated blit
+ JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
+ JDK-8256066: Tests use deprecated TestNG API that is no
longer available in new versions
+ JDK-8256152: tests fail because of ambiguous method resolution
+ JDK-8256182: Update qemu-debootstrap cross-compilation recipe
+ JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/
/FullscreenWindowProps.java failed
+ JDK-8256202: Some tweaks for jarsigner tests
PosixPermissionsTest and SymLinkTest
+ JDK-8256372: [macos] Unexpected symbol was displayed on
JTextField with Monospaced font
+ JDK-8256956: RegisterImpl::max_slots_per_register is
incorrect on AMD64
+ JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with
InvalidPathException on windows
+ JDK-8258855: Two tests sun/security/krb5/auto/
/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java
failed on OL8.3
+ JDK-8259237: Demo selection changes with left/right arrow
key. No need to press space for selection.
+ JDK-8260571: Add PrintMetaspaceStatistics to print metaspace
statistics upon VM exit
+ JDK-8260690: JConsole User Guide Link from the Help menu is
not accessible by keyboard
+ JDK-8261036: Reduce classes loaded by CleanerFactory
initialization
+ JDK-8261071: AArch64: Refactor interpreter native wrappers
+ JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch
implementation
+ JDK-8261236: C2: ClhsdbJstackXcompStress test fails when
StressGCM is enabled
+ JDK-8261297: NMT: Final report should use scale 1
+ JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java
fails because Reserved memory size is too big
+ JDK-8261916: gtest/GTestWrapper.java
vmErrorTest.unimplemented1_vm_assert failed
+ JDK-8262438: sun/security/ssl/SSLLogger/
/LoggingFormatConsistency.java failed with "/SocketException:
Socket is closed"/
+ JDK-8262731: [macOS] Exception from "/Printable.print"/ is
swallowed during "/PrinterJob.print"/
+ JDK-8262844: (fs) FileStore.supportsFileAttributeView might
return false negative in case of ext3
+ JDK-8263059: security/infra/java/security/cert/
/CertPathValidator/certification/ComodoCA.java fails due to
revoked cert
+ JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
+ JDK-8263303: C2 compilation fails with assert(found_sfpt)
failed: no node in loop that's not input to safepoint
+ JDK-8263362: Avoid division by 0 in
java/awt/font/TextJustifier.java justify
+ JDK-8263773: Reenable German localization for builds at Oracle
+ JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java
failed with "/java.lang.RuntimeException: Wrong method"/
+ JDK-8264526: javax/swing/text/html/parser/Parser/8078268/
/bug8078268.java timeout
+ JDK-8264824: java/net/Inet6Address/B6206527.java doesn't
close ServerSocket properly
+ JDK-8265019: Update tests for additional TestNG test
permissions
+ JDK-8265173: [test] divert spurious log output away from
stream under test in ProcessBuilder Basic test
+ JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
+ JDK-8266182: Automate manual steps listed in the test
jdk/sun/security/pkcs12/ParamsTest.java
+ JDK-8266579: Update test/jdk/java/lang/ProcessHandle/
/PermissionTest.java & test/jdk/java/sql/testng/util/
/TestPolicy.java
+ JDK-8266949: Check possibility to disable OperationTimedOut
on Unix
+ JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg
tests on many-core machines
+ JDK-8267256: Extend minimal retry for loopback connections on
Windows to PlainSocketImpl
+ JDK-8267304: Bump global JTReg memory limit to 768m
+ JDK-8267652: c2 loop unrolling by 8 results in reading memory
past array
+ JDK-8268019: C2: assert(no_dead_loop) failed: dead loop
detected
+ JDK-8268093: Manual Testcase: "/sun/security/krb5/config/
/native/TestDynamicStore.java"/ Fails with NPE
+ JDK-8268555: Update HttpClient tests that use ITestContext to
jtreg 6+1
+ JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can
be in outer loop or out of both loops only
+ JDK-8269034: AccessControlException for SunPKCS11 daemon
threads
+ JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to
accessClassAndFindClass
+ JDK-8269574: C2: Avoid redundant uncommon traps in
GraphKit::builtin_throw() for JVMTI exception events
+ JDK-8269656: The test test/langtools/tools/javac/versions/
/Versions.java has duplicate test cycles
+ JDK-8269768: JFR Terminology Refresh
+ JDK-8269951: [macos] Focus not painted in JButton when
setBorderPainted(false) is invoked
+ JDK-8269984: [macos] JTabbedPane title looks like disabled
+ JDK-8269993: [Test]: java/net/httpclient/
/DigestEchoClientSSL.java contains redundant @run tags
+ JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to
run in all LaFs, including Aqua on macOS
+ JDK-8270216: [macOS] Update named used for Java run loop mode
+ JDK-8270280: security/infra/java/security/cert/
/CertPathValidator/certification/LetsEncryptCA.java OCSP
response error
+ JDK-8270290: NTLM authentication fails if HEAD request is used
+ JDK-8270317: Large Allocation in CipherSuite
+ JDK-8270344: Session resumption errors
+ JDK-8270517: Add Zero support for LoongArch
+ JDK-8270533: AArch64: size_fits_all_mem_uses should return
false if its output is a CAS
+ JDK-8270886: Crash in
PhaseIdealLoop::verify_strip_mined_scheduling
+ JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with
"/lists don't have the same size expected"/
+ JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
+ JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck)
|| outcnt() == 2 assert failure with Test7179138_1.java
+ JDK-8271459: C2: Missing NegativeArraySizeException when
creating StringBuilder with negative capacity
+ JDK-8271490: [ppc] [s390]: Crash in
JavaThread::pd_get_top_frame_for_profiling
+ JDK-8271560: sun/security/ssl/DHKeyExchange/
/LegacyDHEKeyExchange.java still fails due to "/An established
connection was aborted by the software in your host machine"/
+ JDK-8271567: AArch64: AES Galois CounterMode (GCM)
interleaved implementation using vector instructions
+ JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
+ JDK-8272181: Windows-AArch64:Backport fix of `Backtracing
broken on PAC enabled systems`
+ JDK-8272316: Wrong Boot JDK help message in 11
+ JDK-8272318: Improve performance of HeapDumpAllTest
+ JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/
/PageDialogMarginTest.java catches all exceptions
+ JDK-8272570: C2: crash in PhaseCFG::global_code_motion
+ JDK-8272574: C2: assert(false) failed: Bad graph detected in
build_loop_late
+ JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh
fails after JDK-8266182
+ JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/
/security/cert/CertPathValidator/certification/BuypassCA.java
no longer needs ocspEnabled
+ JDK-8272720: Fix the implementation of loop unrolling
heuristic with LoopPercentProfileLimit
+ JDK-8272783: Epsilon: Refactor tests to improve performance
+ JDK-8272806: [macOS] "/Apple AWT Internal Exception"/ when
input method is changed
+ JDK-8272828: Add correct licenses to jszip.md
+ JDK-8272836: Limit run time for java/lang/invoke/LFCaching
tests
+ JDK-8272850: Drop zapping values in the Zap* option
descriptions
+ JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
+ JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test
groups
+ JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java
fails by timeout
+ JDK-8273026: Slow LoginContext.login() on multi threading
application
+ JDK-8273229: Update OS detection code to recognize Windows
Server 2022
+ JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on
Windows 32bit
+ JDK-8273308: PatternMatchTest.java fails on CI
+ JDK-8273314: Add tier4 test groups
+ JDK-8273342: Null pointer dereference in
classFileParser.cpp:2817
+ JDK-8273358: macOS Monterey does not have the font Times
needed by Serif
+ JDK-8273373: Zero: Cannot invoke JVM in primordial threads on
Zero
+ JDK-8273498: compiler/c2/Test7179138_1.java timed out
+ JDK-8273541: Cleaner Thread creates with normal priority
instead of MAX_PRIORITY - 2
+ JDK-8273547: [11u] [JVMCI] Partial module-info.java backport
of JDK-8223332
+ JDK-8273606: Zero: SPARC64 build fails with si_band type
mismatch
+ JDK-8273646: Add openssl from path variable also in to
Default System Openssl Path in OpensslArtifactFetcher
+ JDK-8273671: Backport of 8260616 misses one JNF header
inclusion removal
+ JDK-8273790: Potential cyclic dependencies between Gregorian
and CalendarSystem
+ JDK-8273795: Zero SPARC64 debug builds fail due to missing
interpreter fields
+ JDK-8273826: Correct Manifest file name and NPE checks
+ JDK-8273894: ConcurrentModificationException raised every
time ReferralsCache drops referral
+ JDK-8273924: ArrayIndexOutOfBoundsException thrown in
java.util.JapaneseImperialCalendar.add()
+ JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file
path contains '+' character
+ JDK-8273968: JCK javax_xml tests fail in CI
+ JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
+ JDK-8274083: Update testing docs to mention tiered testing
+ JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork
is deprecated
+ JDK-8274326: [macos] Ensure initialisation of sun/lwawt/
/macosx/CAccessibility in JavaComponentAccessibility.m
+ JDK-8274329: Fix non-portable HotSpot code in
MethodMatcher::parse_method_pattern
+ JDK-8274381: missing CAccessibility definitions in JNI code
+ JDK-8274407: (tz) Update Timezone Data to 2021c
+ JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+ JDK-8274522: java/lang/management/ManagementFactory/
/MXBeanException.java test fails with Shenandoah
+ JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with
NoSuchElementException after JDK-8271287
+ JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently
fails on weak memory model platform
+ JDK-8274779: HttpURLConnection: HttpClient and HttpsClient
incorrectly check request method when set to POST
+ JDK-8274840: Update OS detection code to recognize Windows 11
+ JDK-8274860: gcc 10.2.1 produces an uninitialized warning in
sharedRuntimeTrig.cpp
+ JDK-8275051: Shenandoah: Correct ordering of requested gc
cause and gc request flag
+ JDK-8275131: Exceptions after a touchpad gesture on macOS
+ JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
+ JDK-8275766: (tz) Update Timezone Data to 2021e
+ JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ JDK-8276066: Reset LoopPercentProfileLimit for x86 due to
suboptimal performance
+ JDK-8276139: TestJpsHostName.java not reliable, better to
expand HostIdentifierCreate.java test
+ JDK-8276157: C2: Compiler stack overflow during escape
analysis on Linux x86_32
+ JDK-8276201: Shenandoah: Race results degenerated GC to enter
wrong entry point
+ JDK-8276536: Update TimeZoneNames files to follow the changes
made by JDK-8275766
+ JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
+ JDK-8276774: Cookie stored in CookieHandler not sent if user
headers contain cookie
+ JDK-8276854: Windows GHA builds fail due to broken Cygwin
+ JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify
output array sizes
+ JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString()
throws NPE
+ JDK-8277529: SIGSEGV in C2 CompilerThread
Node::rematerialize() compiling Packet::readUnsignedTrint
+ JDK-8277815: Fix mistakes in legal header backports
- Removed patch:
* riscv64-zero.patch
+ integrated upstream
- Modified patch:
* fips.patch
+ rediff to changed context
- kdump
-
- Update kdump-add-watchdog-modules.patch
Fix return code when no watchdog sysfs entry is found (bsc#1197069)
- kdump-add-watchdog-modules.patch
Add watchdog modules to kdump initrd (bsc#1189923)
- kernel-default
-
- drm: drm_file struct kABI compatibility workaround
(bsc#1197914).
- commit 7d8a3b5
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
(bsc#1197914).
- drm: add a locked version of drm_is_current_master
(bsc#1197914).
- commit 05fda16
- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
- commit 8d52c36
- Reinstate some of "/swiotlb: rework "/fix info leak with
DMA_FROM_DEVICE"/"/ (CVE-2022-0854 bsc#1196823).
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
bsc#1196823).
- commit ff554b5
- blacklist.conf: list unneeded commit
- commit 27adcc4
- NFSv4/pNFS: Fix another issue with a list iterator pointing
to the head (git-fixes).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
(git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent()
(git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors
(git-fixes).
- commit 0460a48
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016 bsc#1197227).
- commit 7111961
- Delete
patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
This was the original work-in-progress patch for CVE-2022-0435 /
bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
("/tipc: improve size validations for received domain records"/) was added as
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
this patch was left in place. As it adds the check a bit later than
upstream fix, it did not cause a conflict so nobody noticed the duplicity.
- commit ef08708
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit 2237578
- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028).
- commit 49e69cc
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027).
- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205
bsc#1198027).
- ax25: Fix NULL pointer dereferences in ax25 timers
(CVE-2022-1205 bsc#1198027).
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205
bsc#1198027).
- ax25: fix UAF bugs of net_device caused by rebinding operation
(CVE-2022-1205 bsc#1198027).
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205
bsc#1198027).
- commit cfa1c37
- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028)
- commit 1b5a483
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199
bsc#1198028).
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199
bsc#1198028).
- commit f30e94a
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(CVE-2022-1198 bsc#1198030).
- commit 6da2b7d
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195
bsc#1198029).
- commit fcd70e2
- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195
bsc#1198029).
- hamradio: defer 6pack kfree after unregister_netdev
(CVE-2022-1195 bsc#1198029).
- hamradio: defer ax25 kfree after unregister_netdev
(CVE-2022-1195 bsc#1198029).
- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195
bsc#1198029).
- commit d30e348
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28390 bsc#1198031).
- commit d6e6523
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time
(bsc#1180153).
- commit 96da58a
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit bd0a18b
- KVM: SVM: Don't flush cache if hardware enforces cache coherency
across encryption domains (bsc#1178134).
- commit 706a179
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit e2095ad
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
(bsc#1156395).
- commit 130da3b
- mm/page_alloc.c: do not warn allocation failure on zone DMA
if no managed pages (bsc#1197501).
- dma/pool: create dma atomic pool only if dma zone has managed
pages (bsc#1197501).
- mm_zone: add function to check if managed dma zone exists
(bsc#1197501).
- commit c0f79a1
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
(git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled
(git-fixes).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
(git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
(git-fixes).
- commit 972eb7f
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
(bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
(bsc#1197675 bsc#1196478).
- commit 6fc0429
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (git-fixes).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (git-fixes).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
pwmchip_add() (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in
adsp_alloc_memory_region (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
(git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
(git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: actions: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- commit 01f6f64
- printk: disable optimistic spin during panic (bsc#1197894).
- commit 0716386
- printk: Add panic_in_progress helper (bsc#1197894).
- commit f29520c
- blacklist.conf: printk: cosmetic problem
- commit eabafef
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- commit dcd324e
- btrfs: Remove unnecessary check from join_running_log_trans
(bsc#1194649).
- commit dc4697b
- btrfs: do not commit delayed inode when logging a file in full
sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name
exists (bsc#1194649).
- commit b03bb01
- Revert "/module, async: async_synchronize_full() on module init
iff async is used"/ (bsc#1197888).
- commit 2252be2
- btrfs: avoid unnecessary lock and leaf splits when updating
inode in the log (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing
log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
(bsc#1194649).
- commit c49b58c
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
(bsc#1194649).
- commit bcb58d4
- btrfs: check error value from btrfs_update_inode in tree log
(bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts
(bsc#1194649).
- commit 215b0a5
- btrfs: remove unnecessary directory inode item update when
deleting dir entry (bsc#1194649).
- commit ebbb134
- x86/mm/pat: Don't flush cache if hardware enforces cache
coherency across encryption domnains (bsc#1178134).
- commit ed78280
- btrfs: fix race leading to unnecessary transaction commit when
logging inode (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction
commit (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor
inodes (bsc#1194649).
- btrfs: fix race that results in logging old extents during a
fast fsync (bsc#1194649).
- commit 54994e0
- scsi: lpfc: Copyright updates for 14.2.0.0 patches
(bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the
FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to
native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
(bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
(bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call
(bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1197675).
- commit e642242
- btrfs: check if a log tree exists at inode_logged()
(bsc#1194649).
- commit 1fd0acd
- btrfs: remove no longer needed full sync flag check at
inode_logged() (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode
was logged (bsc#1194649).
- commit df30719
- btrfs: skip unnecessary searches for xattrs when logging an
inode (bsc#1194649).
- commit e2ffdf0
- btrfs: check if a log root exists before locking the log_mutex
on unlink (bsc#1194649).
- Refresh
patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
- commit 2097b4a
- ext2: correct max file size computing (bsc#1197820).
- commit f1d2053
- block/wbt: fix negative inflight counter when remove scsi device
(bsc#1197819).
- commit 6f18f30
- block: update io_ticks when io hang (bsc#1197817).
- commit 4ee5ce6
- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815).
- commit 0c58e0d
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- commit 18f264d
- ecryptfs: Fix typo in message (bsc#1197811).
- commit 9a64b6f
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 2d63590
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit db7647d
- bpf: Remove config check to enable bpf support for branch
records (git-fixes bsc#1177028).
- commit 5fff22c
- net: sched: fix use-after-free in tc_new_tfilter()
(CVE-2022-1055 bsc#1197702).
- commit 4c7dc78
- blacklist.conf: kABI
- commit 79d1df3
- blacklist.conf: cleanup, not a bugfix
- commit 3a5b1ab
- blacklist.conf: cleanup, not a bugfix
- commit a1c1b85
- Revert "/usb: dwc3: gadget: Use list_replace_init() before
traversing lists"/ (git-fixes).
- commit 978c488
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
(bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID
processing (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
(bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix crash during module load unload test
(bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
(bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management
failure (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state
(bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str
(bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- commit d7f7c48
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1065729).
- commit 14ca561
- usb: bdc: Fix a resource leak in the error handling path of
'bdc_probe()' (git-fixes).
- commit b8afee8
- usb: bdc: remove duplicated error message (git-fixes).
- commit 3971aef
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- commit 0a2966f
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- commit f4c7fea
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- commit 3293f5c
- usb: gadget: bdc: use readl_poll_timeout() to simplify code
(git-fixes).
- commit 686f431
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling
(git-fixes).
- serial: 8250_lpss: Balance reference count for PCI DMA device
(git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device
(git-fixes).
- serial: core: Fix the definition name in the comment of UPF_*
flags (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake
(git-fixes).
- misc: sgi-gru: Don't cast parameter in bit operations
(git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in
rockchip_pinctrl_probe (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
(git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
(git-fixes).
- pinctrl: mediatek: paris: Fix "/argument"/ argument type for
mtk_pinconf_get() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
(git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
ARRAY_SIZE() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- commit ed99607
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
- commit d8de3ca
- driver core: dd: fix return value of __setup handler
(git-fixes).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- iio: accel: mma8452: use the correct logic to get mma8452_data
(git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit
reversing (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations
(git-fixes).
- iio: inkern: make a best effort on offset calculation
(git-fixes).
- iio: inkern: apply consumer scale when no channel scale is
available (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
(git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97
codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
(git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
NT-USB (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
(git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface
Go 3 (git-fixes).
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
(git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- commit 34d0dc9
- blacklist.conf: Add 1e9d74660d4d "/bpf: Fix mount source show for bpffs"/
Missing required dependency
- commit 5a8e47e
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(git-fixes).
- commit 36f2c3d
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
(git-fixes).
- commit b94b06c
- x86/cpu: Add hardware-enforced cache coherency as a CPUID
feature (bsc#1178134).
- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature.
- commit 9b8fd9f
- Metadata update
- commit 20a72ea
- Revert "/Input: clear BTN_RIGHT/MIDDLE on buttonpads"/
(bsc#1197243).
- commit 1e324a1
- Drop HID multitouch fix patch (bsc#1197243)
Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
Replaced with another revert patch.
- commit 169cf98
- usb: dwc3: qcom: add IRQ check (git-fixes).
- commit 0f04f35
- usb: dwc3: gadget: Use list_replace_init() before traversing
lists (git-fixes).
- commit fa45b43
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
- commit 6c80c92
- Add CVE tags to
patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
(bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit f3cb08f
- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP
- commit ae70ffd
- drm/i915/gem: add missing boundary check in vm_access
(git-fixes).
- commit 99cd925
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- commit 9c986de
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
(git-fixes).
- commit 38ac9a8
- Refresh
patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch.
Alt-commit
- commit 81cf826
- Refresh
patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch.
Alt-commit
- commit 9f55faf
- Refresh
patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch.
Alt-commit
- commit eb12d1f
- drm/amd/display: Add affected crtcs to atomic state for dsc
mst unplug (git-fixes).
- commit 1b3e76b
- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don't offset by 2 in FRU EEPROM
- commit 6877985
- drm/amd/pm: return -ENOTSUPP if there is no
get_dpm_ultimate_freq function (git-fixes).
- commit fb7d1f2
- drm/nouveau/acr: Fix undefined behavior in
nvkm_acr_hsfw_load_bl() (git-fixes).
- commit 4a1a717
- drm/doc: overview before functions for drm_writeback.c
(git-fixes).
- commit 6d05b7f
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- commit 8027fb9
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
nwl_dsi_probe (git-fixes).
- commit c253ca8
- drm/meson: Fix error handling when afbcd.ops->init fails
(git-fixes).
- commit 42a3562
- drm/meson: osd_afbcd: Add an exit callback to struct
meson_afbcd_ops (git-fixes).
- commit f2138e4
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- commit 4765cfb
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- commit 047d2b7
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
as vbG200 to avoid black screen (git-fixes).
- commit 3094fd1
- drm/vc4: crtc: Make sure the HDMI controller is powered when
disabling (git-fixes).
- commit 0e082ec
- esp: Fix possible buffer overflow in ESP transformation
(bsc#1197131 CVE-2022-0886 CVE-2022-27666).
- commit 39a5891
- Update
patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch
(bsc#1194589 bsc#1197366 CVE-2021-45868).
- commit 1a6f8a7
- pinctrl: samsung: drop pin banks references on error paths
(git-fixes).
- memory: emif: check the pointer temp in get_device_details()
(git-fixes).
- memory: emif: Add check for setup_interrupts (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc
(git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
(git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe()
(git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (git-fixes).
- media: Revert "/media: em28xx: add missing
em28xx_close_extension"/ (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame
(git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: hantro: Fix overfill bottom register field name
(git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
(git-fixes).
- media: bttv: fix WARNING regression on tunerless devices
(git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
(git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
(git-fixes).
- video: fbdev: atmel_lcdfb: fix an error code in
atmel_lcdfb_probe() (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
(git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
as vbG200 to avoid black screen (git-fixes).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers
(git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and
suspend functions (git-fixes).
- commit 33bac97
- firmware: qcom: scm: Remove reassignment to desc following
initializer (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
(git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
wcd934x_codec_parse_data (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
in msm8916_wcd_digital_probe (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
(git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config()
callback (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: atmel: Add missing of_node_put() in
at91sam9g20ek_audio_probe (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp() (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
(git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
(git-fixes).
- ASoC: topology: Allow TLV control to be either read or write
(git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ASoC: codecs: wcd934x: fix return value of
wcd934x_rx_hph_mode_put (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
transaction (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
(git-fixes).
- commit 364280e
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit 0f1f53e
- cifs: use the correct max-length for dentry_path_raw()
(bsc1196196).
- commit d014f56
- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
- commit 2d7347b
- quota: check block number when reading the block in quota file
(bsc#1197366 CVE-2021-45868).
- commit a7d4915
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 8a9b87d
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 12628f8
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit aee063f
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- commit 8c138d0
- fuse: handle kABI change in struct fuse_args (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit 112493c
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
(git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
(git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings
(git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
(git-fixes).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels
(git-fixes).
- crypto: cavium/nitrox - don't cast parameter in bit operations
(git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes).
- crypto: qat - don't cast parameter in bit operations
(git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
(git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in
pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check
(git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source
scatterlist (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup()
(git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment
(git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource
documentation (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
(git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler
(git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no
more references (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap
in timer_of_base_init() (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting
udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in
rndis_set_response() (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to
connector (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT
(git-fixes).
- iwlwifi: don't advertise TWT support (git-fixes).
- mac80211: refuse aggregations sessions before authorized
(git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
device when fully ready (git-fixes).
- commit 240077f
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- commit 4fc5228
- blacklist.conf: Add 2ecedd756908 ("/membarrier: Add an actual barrier before rseq_preempt()"/)
- commit e7a5059
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- commit 3a3c855
- netfilter: conntrack: don't refresh sctp entries in closed state
(bsc#1197389).
- commit d30cf2f
- NFS: Do not report writeback errors in nfs_getattr()
(git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field
(git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Don't skip directory entries when doing uncached readdir
(git-fixes).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
client (git-fixes).
- NFS: Ensure the server has an up to date ctime before
hardlinking (git-fixes).
- commit 0dffa33
- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3
- commit 7de8046
- net: hns3: add a check for tqp_index in
hclge_get_ring_chain_from_mbx() (git-fixes).
- commit 197c612
- net: watchdog: hold device global xmit lock during tx disable
(git-fixes).
- commit 5f626af
- net: stmmac: set TxQ mode back to DCB after disabling CBS
(git-fixes).
- commit 64e0e15
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- commit 48628ab
- net: dsa: mv88e6xxx: override existent unicast portvec in
port_fdb_add (git-fixes).
- commit d733e4e
- team: protect features update by RCU to avoid deadlock
(git-fixes).
- commit 0917ada
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- commit e20b4bd
- Update config files.
- commit 5e3d4fd
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- commit 2e1e919
- drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check() (git-fixes).
- commit 37de9a5
- ibmvnic: fix race between xmit and reset (bsc#1197302
ltc#197259).
- commit 1372669
- Revert "/Revert "/build initrd without systemd"/ (bsc#1197300)"/
This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd.
- commit 72ed14f
- Update config files (bsc#1195926 bsc#1175667).
VIRTIO_PCI=m -> VIRTIO_PCI=y
- commit 3edad5c
- Revert "/Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/"/
This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15.
Which was propagated from my local local tree. Restore the commit
- commit ee9cedc
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1178134).
- Refresh
patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch.
- commit 8588aa6
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- commit 5c5db21
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1178134).
- commit a719566
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
(bsc#1197243).
- commit 53c2db3
- Sort in upstreamed BHB patches
- Refresh
patches.suse/documentation-hw-vuln-update-spectre-doc.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch.
- commit 4062a7a
- s390/mm: fix VMA and page table handling code in storage key
handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
(git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
(git-fixes).
- commit 808c094
- Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/
This reverts commit 1da843983718d4cfdd652a76e428abee98e37450.
- commit f349b81
- Revert "/build initrd without systemd"/ (bsc#1197300)
This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76.
It seems to be the cause of a stall in OBS build that resulted in
the failure with obs-build-qa (and possibly others).
- commit ff2b28e
- net/smc: Reset conn->lgr when link group registration fails
(git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early
(git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- commit 759dc2b
- blacklist.conf: net/smc cleanup with no functional change
- commit 5a33cbb
- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245)
- commit fd3b6e8
- s390/hypfs: include z/VM guests with access control group set
(bsc#1195640 LTC#196352).
- commit 598f26f
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- commit 1580ab2
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- commit 1cdc779
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 891ddc4
- sr9700: sanity check for packet length (bsc#1196836
CVE-2022-26966).
- commit edaafdd
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- commit bc1865f
- blacklist.conf: prerequisites break kABI
- commit d0b972b
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- s390/kexec_file: fix error handling when applying relocations
(git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- commit 2f0dd10
- s390/bpf: Perform r1 range checking before accessing
jit->seen_reg (git-fixes).
- commit 1cc7c78
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- commit 3863766
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- commit 9d7504f
- aio: fix use-after-free due to missing POLLFREE handling
(CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
(CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- commit 5ad82f7
- usb: dwc3: meson-g12a: Disable the regulator in the error
handling path of the probe (git-fixes).
- commit 6109544
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- commit 44ceec6
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- bpf, selftests: Add test case trying to taint map value pointer
(bsc#1196130,CVE-2021-45402).
- bpf: Make 32->64 bounds propagation slightly more robust
(bsc#1196130,CVE-2021-45402).
- bpf: Fix signed bounds propagation after mov32
(bsc#1196130,CVE-2021-45402).
- commit 63a6298
- net: phy: DP83822: clear MISR2 register to disable interrupts
(git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
(git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete
(git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
(git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx()
(git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit ea6e976
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1178134).
- commit c292d6b
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- EDAC/altera: Fix deferred probing (bsc#1178134).
- commit 13cc9b2
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (git-fixes).
- commit f4a5de3
- usb: host: xen-hcd: add missing unlock in error path
(git-fixes).
- commit daa9ea7
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- commit 8823060
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 504b440
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1176774).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1176447).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1181147).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case
(jsc#SLE-15176).
- net/mlx5e: TC, Reject rules with forward and drop actions
(git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (jsc#SLE-15172).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1176447).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(git-fixes).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (jsc#SLE-15172).
- bonding: force carrier update when releasing slave (git-fixes).
- RDMA/mlx4: Don't continue event handler after memory allocation
failure (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
(git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
empty entry (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty
entry (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for
private_data_len (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling
RCFW with pending cmd-bit"/ (git-fixes).
- RDMA/core: Don't infoleak GRH fields (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
(git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- commit 5d0d3c3
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 954cba8
- usb: hub: Fix usb enumeration issue due to address0 race
(git-fixes).
- commit 831632a
- USB: hub: Clean up use of port initialization schemes and
retries (git-fixes).
- commit 39e09e3
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433
ltc#196449).
- commit 5cf33af
- mask out added spinlock in rndis_params (git-fixes).
- commit cf77fd5
- usb: gadget: rndis: add spinlock for rndis response list
(git-fixes).
- commit 6500e0b
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(git-fixes).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound
(git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound
(git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- commit add4eb4
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
(git-fixes).
- scsi: ufs: Fix race conditions related to driver data
(git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(git-fixes).
- commit 2185cf5
- Add SCSI git-fix to blacklist: too pervasive
- commit 3f4a3f6
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 511f680
- cgroup/cpuset: Fix "/suspicious RCU usage"/ lockdep warning
(bsc#1196868).
- commit 30013c2
- cpuset: Fix the bug that subpart_cpus updated wrongly in
update_cpumask() (bsc#1196866).
- commit 8ee9c97
- blacklist.conf: prerequisites break kABI
- commit 88b00ea
- blacklist.conf: kABI
- commit 11980b2
- blacklist.conf: patch not applicable due to missing infrastructure
- commit be9f64f
- usb: dwc2: use well defined macros for power_down (git-fixes).
- commit 781db9c
- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 59d5e34
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- commit f6cf219
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit b360f79
- sched/core: Mitigate race (git-fixes)
- commit d6e526f
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- commit 3b82dc0
- blacklist.conf: Blacklist uclamp related fixes
- commit af69679
- sr9700: sanity check for packet length (bsc#1196836).
- commit 558034f
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 184ff86
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files
(git-fixes).
- commit f1e7b8d
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit fd10ace
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during
load (git-fixes).
- commit 8b4713c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- Update
patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch
(bsc#1195612 CVE-2022-24448).
- Update
patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
(bsc#1194888 CVE-2022-0644 bsc#1196155).
- commit 096ea36
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(git-fixes).
- commit 46ecf36
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- commit 0f3e3c7
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
Deleted:
patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
- vrf: Fix fast path output packet handling with async Netfilter
rules (git-fixes).
- commit 4dafe3d
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- commit 2d08f14
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
advertisement (git-fixes).
- commit 644c57f
- net: hns3: Clear the CMDQ registers before unmapping BAR region
(git-fixes).
- commit 09653f6
- netsec: ignore 'phy-mode' device property on ACPI systems
(git-fixes).
- commit b2241ca
- net: sfc: Replace in_interrupt() usage (git-fixes).
- commit 254377d
- gtp: remove useless rcu_read_lock() (git-fixes).
- commit 2588833
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
configuration (git-fixes).
- commit 28ecaea
- Refresh
patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch.
- Refresh
patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch.
- Refresh
patches.suse/ibmvnic-complete-init_done-on-transport-events.patch.
- Refresh
patches.suse/ibmvnic-define-flush_reset_queue-helper.patch.
- Refresh
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch.
- Refresh
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch.
- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch.
- Refresh
patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch.
- Refresh
patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch.
- Refresh
patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch.
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 25457d5
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1196299 CVE-2022-25636).
- commit 30b89a9
- batman-adv: Don't expect inter-netns unique iflink indices
(git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check
(git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection
(git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
(git-fixes).
- commit 1c8fa49
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1196723).
- commit 3d0b2e2
- blacklist.conf: Add 51e50fbd3efc psi: fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit 2727993
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set
(git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- USB: gadget: validate interface OS descriptor requests
(git-fixes).
- commit a54291e
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
(bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 59ca885
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 6dcfd65
- blk-mq: don't free tags if the tag_set is used by other device
in queue initialztion (bsc#1193787).
- commit 5b79ad2
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- powerpc/fadump: register for fadump as early as possible
(bsc#1179439 ltc#190038).
- commit 3f54d95
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/pseries/iommu: Fix window size for direct mapping with
pmem (bsc#1196472 ltc#192278).
- powerpc/dma: Fallback to dma_ops when persistent memory present
(bsc#1196472 ltc#192278).
Update config files.
- dma-mapping: Allow mixing bypass and mapped DMA operation
(bsc#1196472 ltc#192278).
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
ltc#192278).
- commit a04953d
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit b546cd9
- arm64: Mitigate spectre style branch history side channels
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Update config files.
- commit d035616
- KVM: arm64: Add templates for BHB mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 8c9b0c2
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit c3c4a06
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
CVE-2022-0002).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 284cd49
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 4f3bbf5
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
(git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(git-fixes).
- efivars: Respect "/block"/ flag in efivar_entry_set_safe()
(git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger
(git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (git-fixes).
- tty: n_gsm: fix proper link termination after failed open
(git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV
(git-fixes).
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
(git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- commit c381750
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- ibmvnic: Allow queueing resets during probe (bsc#1196516
ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
ltc#196391).
- commit 1cc99d0
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- commit 92ab7ec
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- commit a3c85e9
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (git-fixes).
- nvme: don't return an error from nvme_configure_metadata
(git-fixes).
- nvme: let namespace probing continue for unsupported features
(git-fixes).
- commit a5b2a87
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
(bsc#1193787 git-fixes).
- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
(bsc#1193787 git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue
(bsc#1193787).
- commit cc53802
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (git-fixes).
- commit 209cee8
- drm/i915: Correctly populate use_sagv_wm for all pipes
(git-fixes).
- commit 5d7b5fe
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
LTC#194674).
- KVM: remember position in kvm->vcpus array (bsc#1190972
LTC#194674).
- commit 81f3dbb
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
bit (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
(bsc#1195081 LTC#196088).
- commit 0ce3482
- s390/cio: verify the driver availability for path_event call
(bsc#1195928 LTC#196418).
- commit 4741f1a
- scsi: zfcp: Fix failed recovery on gone remote port with
non-NPIV FCP devices (bsc#1195378 LTC#196244).
- commit 6fb3d19
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
LTC#195540).
- commit 79f1350
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
LTC#196028).
- commit 512e596
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
LTC#195549).
- commit 6f84bff
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
ltc#196449).
- commit 72793cf
- block: do not send a rezise udev event for hidden block device
(bsc#1193096).
- commit c3addda
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- commit 542287e
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(git-fixes).
- commit 774f927
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
ltc#195815).
- commit 7099d61
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- commit 9b7f6a6
- ext4: check for inconsistent extents between index and leaf
block (bsc#1194163 bsc#1196339).
- commit 8a25180
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit b72afd9
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
(git-fixes).
- mtd: rawnand: gpmi: don't leak PM reference in error path
(git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(git-fixes).
- ASoC: Revert "/ASoC: mediatek: Check for error clk pointer"/
(git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw() (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
(git-fixes).
- ALSA: hda: Fix regression on forced probe mask option
(git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(git-fixes).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
(git-fixes).
- commit ea7f847
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- blk-tag: Hide spin_lock (bsc#1193787).
- commit 78741a7
- blk-mq: clearing flush request reference in tags->rqs
(bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one
request pool (bsc#1193787).
- blk-mq: grab rq->refcount before calling ->fn in
blk_mq_tagset_busy_iter (bsc#1193787).
- block: avoid double io accounting for flush request
(bsc#1193787).
- block: mark flush request as IDLE when it is really finished
(bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io()
(bsc#1193787).
- commit 2d33352
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- commit 445785b
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- commit 436acc9
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- commit a9ec6c0
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
- commit ace9b16
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- commit 4beb0b0
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
- commit 41c6188
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- commit b25996b
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- commit f36b423
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- commit ef6e83a
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- commit 718c631
- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
- commit 142c6ac
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
(git-fixes).
- iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping() (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown
(git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
(git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume
(git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
allocation failure (git-fixes).
- commit 50e60e3
- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
- commit b7dc18b
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- net/ibmvnic: Cleanup workaround doing an EOI after partition
migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit 0dfd4da
- drm/i915/opregion: check port number bounds for SWSCI display
power state (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
(git-fixes).
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
devices (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: Fix MDI-x polarity setting in
88e1118-compatible PHYs (git-fixes).
- usb: dwc2: gadget: don't try to disable ep0 in
dwc2_hsotg_suspend (git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
OneXPlayer (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118
(git-fixes).
- commit cc7a24c
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- commit 9af94a7
- USB: gadget: validate interface OS descriptor requests
(CVE-2022-25258 bsc#1196095).
- commit 4c69367
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
Also update blacklist
- commit 4f68062
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
(bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- commit 4a8e1e2
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
(bsc#1195506).
- commit c74c330
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- commit 8ef8f22
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- commit bcd3697
- powerpc/pseries: read the lpar name from the firmware
(bsc#1187716 ltc#193451).
- commit 181541b
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit c964381
- powerpc: add link stack flush mitigation status in debugfs
(bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- commit 5862a79
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit 11e3668
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1195012).
- commit 4d29ac4
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 73dbd5c
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
(bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
(bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
(bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
(bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
(bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
(bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit c358f38
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
(bsc#1176447).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF
(git-fixes).
- RDMA/cma: Use correct address when leaving multicast group
(bsc#1181147).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(git-fixes).
- commit 679175c
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(git-fixes).
- commit 546d043
- tracing: Don't inc err_log entry count if entry allocation fails
(git-fixes).
- commit 5c45742
- tracing: Propagate is_signed to expression (git-fixes).
- commit a834cba
- blacklist.conf: b59f2f2b865c ("/tracing: Fix smatch warning for do while check in event_hist_trigger_parse()"/)
Cosmetic only.
- commit f0fcec9
- tracing: Fix smatch warning for null glob in
event_hist_trigger_parse() (git-fixes).
- commit 329e4ac
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 877b9c1
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- misc: fastrpc: avoid double fput() on failed usercopy
(git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
(git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
(git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
transition (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields
(git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
Master (newer chipset) (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
X570 ALC1220 quirks (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- commit 033cee4
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- commit 7b9eed7
- blacklist.conf: misattributed upstream
- commit f62cf37
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- commit a103972
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit 96dda76
- scsi: target: iscsi: Fix cmd abort fabric stop race
(bsc#1195286).
- commit 52d26b6
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- commit 3d90f3c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- commit c0baca0
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- commit 9308a14
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- s390/protvirt: fix error return code in uv_info_init()
(jsc#SLE-22135).
- commit 7f8b088
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- commit 004f3c6
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1195516 CVE-2022-0516).
- commit d46602b
- ceph: set pool_ns in new inode layout for async creates
(bsc#1195799).
- ceph: properly put ceph_string reference after async create
attempt (bsc#1195798).
- commit 8f44ef0
- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
- commit 9acc804
- s390/uv: fix prot virt host indication compilation
(jsc#SLE-22135).
- s390/uv: add prot virt guest/host indication files
(jsc#SLE-22135).
- commit f479d35
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- commit ea4d32b
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed
(bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode
(bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup
(bsc#1195211).
- commit d7995a2
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
ltc#195811).
- commit 902d854
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit ccd41ed
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 413d689
- RDMA/ucma: Protect mc during concurrent multicast leaves
(bsc#1181147).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(jsc#SLE-15172).
- gve: fix the wrong AdminQ buffer queue index check
(bsc#1176940).
- gve: Fix GFP flags when allocing pages (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- commit 6aa87c4
- Update patch reference for HD-audio fix (bsc#1183872)
- commit 1e16eaa
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
- commit 2492c7d
- mmc: sdhci-of-esdhc: Check for error num after setting mask
(git-fixes).
- ima: Do not print policy rule with inactive LSM labels
(git-fixes).
- ima: Allow template selection with ima_template[_fmt]= after
ima_hash= (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: check the return value of audit_log_start()
(git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- commit a8bf0cb
- RDMA/core: Always release restrack object (git-fixes)
- commit a4c74f1
- RDMA/siw: Release xarray entry (git-fixes)
- commit cfa201c
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit 06f1504
- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
- commit 2bfec1b
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
(git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- commit 5e3ed1a
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
LTC#194816).
- commit 5aa085e
- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
- commit 5b20187
- powerpc/perf: Fix power_pmu_disable to call
clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
- commit a08ca77
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- commit 82ce09e
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- commit 4b56cb2
- RDMA/core: Don't access cm_id after its destruction (git-fixes)
- commit 4a117e6
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- commit 875e0ed
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- commit 07c8b4d
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- commit d84b45b
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- commit 8c226d5
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- commit a7eff62
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- commit 2db1c84
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- commit 591cdce
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- commit e5e3d6f
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- commit 76267d4
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- commit 270bb46
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- commit 05c0e16
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- commit d86d9cb
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- commit fa7abfc
- RDMA/addr: Be strict with gid size (git-fixes)
- commit 0b96850
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- commit 0f86491
- IB/mlx5: Add missing error code (git-fixes)
- commit 06919f0
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- commit 1cb9b27
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- commit 35656e8
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- commit 328cd44
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- commit ad066a1
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- commit 6a7743e
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- commit 671cb83
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- commit 2186e0a
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- commit ba2e4e5
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- commit 0fc8532
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- commit 1beb1a9
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- commit b747600
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- commit d209b75
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- commit 1bcb139
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- commit 000358b
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- commit a95b8b5
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- commit c125ce0
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes)
- commit 717d46c
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- commit e2b003d
- Input: wm97xx: Simplify resource management (git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe
(git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put()
(git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling
of_get_child_by_name (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple
of period bytes (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors
(git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling
(git-fixes).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking
(git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a
preconfigured line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- commit 78392e2
- nvme: fix use after free when disconnecting a reconnecting ctrl
(git-fixes).
- commit 6b18639
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(git-fixes).
- commit 64fba5e
- nvme-tcp: fix possible use-after-completion (git-fixes).
- commit 656adbf
- nvme-fabrics: avoid double completions in
nvmf_fail_nonready_command (git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for
nvme_init_ns_head (git-fixes).
- commit 35ee4c2
- Refresh patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch.
Update upstream info
- commit 7228799
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails
(git-fixes).
- NFS: Ensure the server has an up to date ctime before renaming
(git-fixes).
- commit 1b23644
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- commit af99987
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (bsc#1195481).
- commit 1d9f7ed
- ext4: fix an use-after-free issue about data=journal writeback
mode (bsc#1195482).
- commit dec4e3b
- ext4: make sure quota gets properly shutdown on error
(bsc#1195480).
- commit 37600f0
- blacklist.conf: blacklist 4013d47a5307
- commit 3d0f1d1
- fsnotify: fix fsnotify hooks in pseudo filesystems
(bsc#1195479).
- commit 3ed7ace
- fsnotify: invalidate dcache before IN_DELETE event
(bsc#1195478).
- commit 776f92d
- udf: Restore i_lenAlloc when inode expansion fails
(bsc#1195477).
- commit fa5618c
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1195476).
- commit 26d7db1
- blacklist.conf: Blacklist ee12595147ac
- commit 1e354ac
- USB: serial: mos7840: fix probe error handling (git-fixes).
- commit 3875819
- xhci-pci: Allow host runtime PM as default for Intel Alpine
Ridge LP (git-fixes).
- commit 7bdac2d
- Update patch reference for radeon regression fix (bsc#1195142)
- commit 3e139f1
- spi: mediatek: Avoid NULL pointer crash in interrupt
(git-fixes).
- spi: bcm-qspi: check for valid cs before applying chip select
(git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe
(git-fixes).
- tty: Add support for Brainboxes UC cards (git-fixes).
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(git-fixes).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
(git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks()
(git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
(git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and
cdev (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev
and cdev (git-fixes).
- Bluetooth: refactor malicious adv data check (git-fixes).
- commit 0420ac4
- Update
patches.suse/bonding-fix-null-dereference-in-bond_ipsec_add_sa.patch
(bsc#1176447 bsc#1195371 CVE-2022-0286).
Added CVE reference.
- commit e1eaedd
- net: bridge: vlan: fix memory leak in __allowed_ingress
(bsc#1176447).
- net: bridge: vlan: fix single net device option dumping
(bsc#1176447).
- net: sfp: fix high power modules without diagnostic monitoring
(bsc#1154353).
- net: bonding: fix bond_xmit_broadcast return value error bug
(bsc#1176447).
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- Revert "/net/mlx5e: Block offload of outer header csum for GRE
tunnel"/ (git-fixes).
- Revert "/net/mlx5e: Block offload of outer header csum for UDP
tunnels"/ (git-fixes).
- igc: Fix TX timestamp support for non-MSI-X platforms
(bsc#1160634).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW
steering (jsc#SLE-8464).
- vxlan: fix error return code in __vxlan_dev_create()
(bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- net/mlx5e: Protect encap route dev from concurrent release
(jsc#SLE-8464).
- mlxsw: Only advertise link modes supported by both driver and
device (bsc#1154488).
- commit 8d79e55
- Refresh patches.suse/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch.
Remove duplicated tag.
- commit 6c506e7
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of
overwriting (git-fixes).
- commit 644966c
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- drm/etnaviv: relax submit size limits (git-fixes).
- commit de0ae66
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for
USB_SPEED_SUPER_PLUS (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off
(git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue
(git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
(git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA
controller (git-fixes).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY
register (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links
transit to U0 (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files
(git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync
(git-fixes).
- serial: pl010: Drop CR register reset on set_termios
(git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice
(git-fixes).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
(git-fixes).
- regulator: qcom_smd: Align probe function with rpmh-regulator
(git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for
nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting
for i.MX6 (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
(git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling
(git-fixes).
- commit ceccaf4
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- i2c: i801: Don't silently correct invalid transfer size
(git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already
in use (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found
(git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values
(git-fixes).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- iwlwifi: fix leaks/bad data after failed firmware load
(git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
(git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands
(git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference
in hexium_attach() (git-fixes).
- media: igorplugusb: receiver overflow should be reported
(git-fixes).
- media: m920x: don't use stack on USB reads (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference
in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- commit a86fa77
- floppy: Add max size check for user space request (git-fixes).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
(git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
(git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before
registration (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga
Book X91F/L (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y &
CONFIG_DMA_API_DEBUG=y (git-fixes).
- commit d637736
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
(git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in
acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a
row (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers
(git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
(git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START
reply (git-fixes).
- commit b090e4d
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
(git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781
(git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
(git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
(git-fixes).
- ACPI: battery: Add the ThinkPad "/Not Charging"/ quirk
(git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
(git-fixes).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
(git-fixes).
- commit e06c812
- serial: stm32: fix software flow control transfer (git-fixes).
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset
property (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in
__pata_platform_probe() (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
(git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts
(git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- commit 34e1762
- Update patch reference for vgacon patch (CVE-2020-28097 bsc#1187723 jsc#SLE-23485)
- commit 589ca07
- video: hyperv_fb: Fix validation of screen resolution
(git-fixes).
- commit c92ca58
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 5e4e31e
- blacklist.conf: Add e1fbbd073137 prctl: allow to setup brk for et_dyn executables
- commit d38c68f
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- commit 2e27858
- RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes)
- commit 4f52905
- RDMA/core: Do not indicate device ready when device enablement fails (git-fixes)
- commit 8c078d4
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- commit b76b1bf
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- commit 6b9c3b4
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- commit 2d78782
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- commit 555e8b8
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- commit 6546545
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- commit 68f6d87
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- commit 64a081e
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- commit 1f8fac6
- RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (git-fixes)
- commit 09fe3b5
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes)
- commit e969537
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- commit 1d9fde7
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- commit 7b4149b
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- commit a2e5b72
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- commit 8117a96
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- commit 780f173
- update
- commit 8000467
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit 98c27cb
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- Delete
patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch.
which caused a regression (bsc#1194048).
- fix patches.kabi/revert-xfrm-xfrm_state_mtu-should-return-at-least-1280.patch
fixes the resulting KABI change
- Replace with an alternative fix for bsc#1185377
- commit ccdfbb9
- Refresh
patches.suse/ibmvnic-Allow-extra-failures-before-disabling.patch.
- Refresh patches.suse/ibmvnic-don-t-spin-in-tasklet.patch.
- Refresh patches.suse/ibmvnic-init-running_cap_crqs-early.patch.
- Refresh
patches.suse/ibmvnic-remove-unused-wait_capability.patch.
- commit 6439146
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1195267).
- commit 22e9600
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit b93c2a4
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- commit 552f664
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- commit bf95985
- net/packet: rx_owner_map depends on pg_vec (bsc#1195184
CVE-2021-22600).
- commit ef975a8
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a
debugfs entry (bsc#1195183 ltc#193865).
- commit a3b42d2
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 74b4241
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- commit e978276
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- commit 0d3c7d0
- Update
patches.suse/usb-gadget-configfs-Fix-use-after-free-issue-with-ud.patch
(bsc#1193861 CVE-2021-39648).
updated references for a CVE that became known after the fix
had been applied for other reasons
- commit f7fa182
- Update
patches.suse/USB-gadget-detect-too-big-endpoint-0-requests.patch
(bsc#1193802 CVE-2021-39685).
Updated references to a CVE that became known after the fix had
been applied for other reasons
- commit eeaa33a
- crypto: qat - fix undetected PFVF timeout in ACK loop
(git-fixes).
- commit 3cc9984
- asix: fix wrong return value in asix_check_host_enable()
(git-fixes).
- commit 9e94c23
- net: mana: Add RX fencing (bsc#1193506).
- commit aa896c0
- net: mana: Add XDP support (bsc#1193506).
- commit d5e53a9
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- commit f4f411e
- net, xdp: Introduce xdp_prepare_buff utility routine
(bsc#1193506).
- commit aca9d96
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- commit 9770783
- ibmvnic: remove unused ->wait_capability (bsc#1195073
ltc#195713).
- ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: Allow extra failures before disabling (bsc#1195073
ltc#195713).
- commit e820667
- sched/fair: Fix detection of per-CPU kthreads waking a task
(git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- commit 8f3f43a
- blacklist.conf: !SMP configs are not supported
- commit c80ad41
- scripts/dtc: dtx_diff: remove broken example from help text
(git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: wacom: Reset expected and received contact counts at the
same time (git-fixes).
- HID: uhid: Fix worker destroying device without any protection
(git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms
(git-fixes).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- nfc: llcp: fix NULL error pointer dereference on sendmsg()
after failed bind() (git-fixes).
- commit 8163787
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- commit dad9348
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- commit f9364fe
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- commit 58912c3
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- blacklist.conf: test_stackinit module is not built
- commit 79fa675
- blacklist.conf: bug: clean up; compiler likely does the same optimization
- commit 0f2e872
- workqueue: Fix unbind_workers() VS wq_worker_running() race
(bsc#1195062).
- commit 4a6e4c5
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 9eddfd3
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 34a8919
- kabi/severities: Add a kabi exception for drivers/tee/tee
According to the partner modules database, the structs of this driver
are not used by anything external so make a kABI exception for them.
Do that on purpose so that any external module using this fails to load
instead of causing a potential memory corruption due to a kabi
workaround which would use the same offset but for a different thing:
- struct dma_buf *dmabuf;
+ refcount_t refcount;
See upstream commit
dfd0743f1d9e ("/tee: handle lookup of shm with reference count 0"/)
- commit c1b7aec
- Update config files.
- commit eae3c71
- net: allow retransmitting a TCP packet if original is still
in queue (bsc#1188605 bsc#1187428).
- commit 372a9a4
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- tee: handle lookup of shm with reference count 0 (bsc#1193767
CVE-2021-44733).
- commit be75d82
- nvme-fabrics: ignore invalid fast_io_fail_tmo values
(git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-multipath: fix ANA state updates when a namespace is not
present (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in
nvmf_parse_options (git-fixes).
- commit 51e4a5d
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- commit 51a5c79
- tee: don't assign shm id for private shms (bsc#1193767
CVE-2021-44733).
- commit 9ab9ee2
- tee: remove linked list of struct tee_shm (bsc#1193767
CVE-2021-44733).
- commit a3c7739
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- commit 9a89323
- blacklist.conf: Add 7ee285395b21 cgroup: Make rebind_subsystems() disable v2 controllers all at once
- commit 11abfa4
- blacklist.conf: Add 6ba34d3c7367 cgroup/cpuset: Fix violation of cpuset locking rule
- commit a116f42
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
This reverts commit 3aa0c01fad38360cc9cd840d49bdfdc565e2e718.
With the backport of the upstream fix for bsc#1183405 race, this workaround
is no longer needed.
- commit 282cec9
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
lockless qdisc (bsc#1183405).
- commit 60ecee5
- Align s390 NVME target options with other architectures
(bsc#1188404, jsc#SLE-22494).
CONFIG_NVME_TARGET=m
CONFIG_NVME_TARGET_PASSTHRU=y
CONFIG_NVME_TARGET_LOOP=m
CONFIG_NVME_TARGET_RDMA=m
CONFIG_NVME_TARGET_FC=m
CONFIG_NVME_TARGET_FCLOOP=m
CONFIG_NVME_TARGET_TCP=m
- commit 5b2b9f6
- krb5
-
- Update to 1.19.2; (jsc#SLE-23329);
* Fix a denial of service attack against the KDC encrypted challenge
code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
- Changes from 1.19.1
* Fix a linking issue with Samba.
* Better support multiple pkinit_identities values by checking whether
certificates can be loaded for each value.
- Changes from 1.19
Administrator experience
* When a client keytab is present, the GSSAPI krb5 mech will refresh
credentials even if the current credentials were acquired manually.
* It is now harder to accidentally delete the K/M entry from a KDB.
Developer experience
* gss_acquire_cred_from() now supports the "/password"/ and "/verify"/
options, allowing credentials to be acquired via password and
verified using a keytab key.
* When an application accepts a GSS security context, the new
GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
both provided matching channel bindings.
* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
to identify the desired client principal by certificate.
* PKINIT certauth modules can now cause the hw-authent flag to be set
in issued tickets.
* The krb5_init_creds_step() API will now issue the same password
expiration warnings as krb5_get_init_creds_password().
Protocol evolution
* Added client and KDC support for Microsoft's Resource-Based Constrained
Delegation, which allows cross-realm S4U2Proxy requests. A third-party
database module is required for KDC support.
* kadmin/admin is now the preferred server principal name for kadmin
connections, and the host-based form is no longer created by default.
The client will still try the host-based form as a fallback.
* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
extension, which causes channel bindings to be required for the
initiator if the acceptor provided them. The client will send this
option if the client_aware_gss_bindings profile option is set.
User experience
* kinit will now issue a warning if the des3-cbc-sha1 encryption type is
used in the reply. This encryption type will be deprecated and removed
in future releases.
* Added kvno flags --out-cache, --no-store, and --cached-only
(inspired by Heimdal's kgetcred).
- Changes from 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
and unloaded while libkrb5support remains loaded.
- Changes from 1.18.2
* Fix a SPNEGO regression where an acceptor using the default credential
would improperly filter mechanisms, causing a negotiation failure.
* Fix a bug where the KDC would fail to issue tickets if the local krbtgt
principal's first key has a single-DES enctype.
* Add stub functions to allow old versions of OpenSSL libcrypto to link
against libkrb5.
* Fix a NegoEx bug where the client name and delegated credential might
not be reported.
- Changes from 1.18.1
* Fix a crash when qualifying short hostnames when the system has
no primary DNS domain.
* Fix a regression when an application imports "/service@"/ as a GSS
host-based name for its acceptor credential handle.
* Fix KDC enforcement of auth indicators when they are modified by
the KDB module.
* Fix removal of require_auth string attributes when the LDAP KDB
module is used.
* Fix a compile error when building with musl libc on Linux.
* Fix a compile error when building with gcc 4.x.
* Change the KDC constrained delegation precedence order for consistency
with Windows KDCs.
- Changes from 1.18
Administrator experience:
* Remove support for single-DES encryption types.
* Change the replay cache format to be more efficient and robust.
Replay cache filenames using the new format end with "/.rcache2"/
by default.
* setuid programs will automatically ignore environment variables
that normally affect krb5 API functions, even if the caller does
not use krb5_init_secure_context().
* Add an "/enforce_ok_as_delegate"/ krb5.conf relation to disable
credential forwarding during GSSAPI authentication unless the KDC
sets the ok-as-delegate bit in the service ticket.
* Use the permitted_enctypes krb5.conf setting as the default value
for default_tkt_enctypes and default_tgs_enctypes.
Developer experience:
* Implement krb5_cc_remove_cred() for all credential cache types.
* Add the krb5_pac_get_client_info() API to get the client account
name from a PAC.
Protocol evolution:
* Add KDC support for S4U2Self requests where the user is identified
by X.509 certificate. (Requires support for certificate lookup from
a third-party KDB module.)
* Remove support for an old ("/draft 9"/) variant of PKINIT.
* Add support for Microsoft NegoEx. (Requires one or more third-party
GSS modules implementing NegoEx mechanisms.)
User experience:
* Add support for "/dns_canonicalize_hostname=fallback"/, causing
host-based principal names to be tried first without DNS
canonicalization, and again with DNS canonicalization if the
un-canonicalized server is not found.
* Expand single-component hostnames in host-based principal names
when DNS canonicalization is not used, adding the system's first DNS
search path as a suffix. Add a "/qualify_shortname"/ krb5.conf relation
to override this suffix or disable expansion.
* Honor the transited-policy-checked ticket flag on application servers,
eliminating the requirement to configure capaths on servers in some
scenarios.
Code quality:
* The libkrb5 serialization code (used to export and import krb5 GSS
security contexts) has been simplified and made type-safe.
* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
messages has been revised to conform to current coding practices.
* The test suite has been modified to work with macOS System Integrity
Protection enabled.
* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support
can always be tested.
- Changes from 1.17.1
* Fix a bug preventing "/addprinc -randkey -kvno"/ from working in kadmin.
* Fix a bug preventing time skew correction from working when a KCM
credential cache is used.
- Changes from 1.17:
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "/kdb5_util dump"/ will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Code quality:
* Python test scripts now use Python 3.
* Python test scripts now display markers in verbose output, making it
easier to find where a failure occurred within the scripts.
* The Windows build system has been simplified and updated to work
with more recent versions of Visual Studio. A large volume of
unused Windows-specific code has been removed. Visual Studio 2013
or later is now required.
- Replace old $RPM_* shell vars
- Removal of SuSEfirewall2 service since SuSEfirewall2 has been replaced
by firewalld
- Remove cruft to support distributions older than SLE 12
- Use macros where applicable
- Switch to pkgconfig style dependencies
- Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d
notation: libexecdir is likely changing away from /usr/lib to
/usr/libexec
- Build with full Cyrus SASL support. Negotiating SASL credentials with
an EXTERNAL bind mechanism requires interaction. Kerberos provides its
own interaction function that skips all interaction, thus preventing the
mechanism from working.
- Removed patches:
* 0007-krb5-1.12-ksu-path.patch
* 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch
* 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch
- Renamed patches:
* 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch
* 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch
* 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch
* 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch
* 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch =>
0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- ldb
-
- Modify packaging to allow parallel installation with libldb1
(bsc#1192684):
+ Private libraries are installed in %{_libdir}/ldb2/
+ Modules are installed in %{_libdir}/ldb2/modules
- Update to version 2.4.1; (jsc#SLE-23329);
- Release 2.4.1
+ Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message; (bso#14845);
+ Fix memory handling in ldb.msg_diff; (bso#14836);
+ Corrected python docstrings
- Release 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
- Drop obsolete patch CVE-2020-25718-lib-Add-hex_byte-to-replace.h.patch
- Drop obsolete patch ldb-cve-2020-25718.patch
- libarchive
-
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
- libseccomp
-
- check if we have NR_openat2, avoid using its definition when not
(bsc#1196825)
Added seccomp-openat2.patch
- buildrequire python-rpm-macros
- reenable python bindings at least for the distro default python3
package:
- adds make-python-build.patch
- Update to release 2.5.3
* Update the syscall table for Linux v5.15
* Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
* Document that seccomp_rule_add() may return -EACCES
- Skip 11-basic-basic_errors test on qemu linux-user emulation
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
- update to 2.5.1:
* Fix a bug where seccomp_load() could only be called once
* Change the notification fd handling to only request a notification fd if
* the filter has a _NOTIFY action
* Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
* Clarify the maintainers' GPG keys
- remove testsuite-riscv64-missing-syscalls.patch
- Do not rely on gperf: pass GPERF=/bin/true to configure and
remove gperf BuildRequires. The syscalls.perf file it would
generate is part of the tarball already.
- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on
riscv64
- Ignore failure of tests/52-basic-load on qemu linux-user emulation
- Update to release 2.5.0
* Add support for the seccomp user notifications, see the
seccomp_notify_alloc(3), seccomp_notify_receive(3),
seccomp_notify_respond(3) manpages for more information
* Add support for new filter optimization approaches, including a balanced
tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
more information
* Add support for the 64-bit RISC-V architecture
* Performance improvements when adding new rules to a filter thanks to the
use of internal shadow transactions and improved syscall lookup tables
* Properly document the libseccomp API return values and include them in the
stable API promise
* Improvements to the s390 and s390x multiplexed syscall handling
* Multiple fixes and improvements to the libseccomp manpages
* Moved from manually maintained syscall tables to an automatically generated
syscall table in CSV format
* Update the syscall tables to Linux v5.8.0-rc5
* Python bindings and build now default to Python 3.x
* Improvements to the tests have boosted code coverage to over 93%
- libseccomp.keyring: replaced by Paul Moore <pmoore@redhat.com> key.
- Update to release 2.4.3
* Add list of authorized release signatures to README.md
* Fix multiplexing issue with s390/s390x shm* syscalls
* Remove the static flag from libseccomp tools compilation
* Add define for __SNR_ppoll
* Fix potential memory leak identified by clang in the
scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
SNR_ppoll.patch (merged)
- Add patch to fix ntpsec and others build (accidental drop of symbols):
* SNR_ppoll.patch
- Tests are passing on all architectures
- Backport patch to fix test on aarch64:
* libseccomp-fix_aarch64-test.patch
- Update to release 2.4.2
* Add support for io-uring related system calls
- libsolv
-
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
[bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
- libtirpc
-
- add option to enforce connection via protocol version 2 first
(bsc#1196647)
add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libzypp
-
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
- Public header files on older distros must use c++11
(bsc#1194597)
- Fix exception handling when reading or writing credentials
(bsc#1194898)
- version 17.29.3 (22)
- Fix Legacy include (bsc#1194597)
- version 17.29.2 (22)
- Fix broken install path for parser compat headers (fixes #372,
bsc#1194597)
- RepoManager: remember exec errors in exception history
(bsc#1193007)
- version 17.29.1 (22)
- Use the default zypp.conf settings if no zypp.conf exists
(bsc#1193488)
- Fix wrong encoding of iso: URL components (bsc#954813)
- Handle armv8l as armv7hl compatible userland.
- Introduce zypp-curl a sublibrary for CURL related code.
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set.
- Save all signatures associated with a public key in its
PublicKeyData.
- version 17.29.0 (22)
- log4j12
-
- Remove the chainsaw sub-package (bsc#1194844, CVE-2022-23307)
- Remove src/main/java/org/apache/log4j/jdbc/JDBCAppender.java from
the build to mitigate bsc#1194843, CVE-2022-23305
- Remove src/main/java/org/apache/log4j/net/JMSSink.java from the
build to mitigate bsc#1194842, CVE-2022-23302
- Obsolete chainsaw < 2.1 by the log4j12 package
- Added patch:
* log4j12-missingmodules.patch
+ do not package org.apache.log4j.chainsaw classes
+ package org.apache.log4j.pattern classes that will be needed
by apache-log4j-extras which is a dependency of chainsaw 2.x
- Fix 'chainsaw' package: [bsc#1193184 - Chainsaw does not start]
* Add missing dependency to log4j12 for 'chainsaw' package.
- Put GUI tools into separate packages
- lvm2
-
- udev: create symlinks and watch even in suspended state (bsc#1195231)
+ bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
- mgr-libmod
-
- version 4.2.7-1
* require python macros for building
- mgr-osad
-
- version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- version 4.2.7-1
* Do not build python 2 package for SLE15SP4 and higher
* require python macros for building
- mgr-push
-
- version 4.2.5-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- version 4.2.4-1
* Do not build python 2 package for SLE15SP4 and higher
- mozilla-nss
-
- Mozilla NSS 3.68.3 (bsc#1197903)
This release improves the stability of NSS when used in a multi-threaded
environment. In particular, it fixes memory safety violations that
can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
We presume that with enough effort these memory safety violations are exploitable.
* Remove token member from NSSSlot struct (bmo#1756271).
* Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
(bmo#1755555).
* Check return value of PK11Slot_GetNSSToken (bmo#1370866).
- net-snmp
-
- Decouple snmp-mibs from net-snmp version to allow major version
upgrade (bsc#1196955).
- nfs-utils
-
- Add 0023-cache.c-removed-a-couple-warning.patch
Fix compilation with new glibc (SLE15-SP4)
(bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
Ensure "/sloppy"/ is added correctly for newer kernels. Particularly
required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
(boo#1197297)
- Add 0020-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- open-iscsi
-
- Update to latest upstream, including test cleanup, minor
bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
bug fixes and cleanups. See the Changelog for more details.
- openldap2
-
- bsc#1191157 - Correct version specification in ppolicy to allow
submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
* 0239-ITS-9422-Update-for-TLS-v1.3.patch
* 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
* 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their
related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- openssl-1_1
-
- Security Fix: [bsc#1196877, CVE-2022-0778]
* Infinite loop in BN_mod_sqrt() reachable when parsing certificates
* Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
* PAC pointer authentication signs the return address against the
value of the stack pointer, to prevent stack overrun exploits
from corrupting the control flow. The Poly1305 armv8 code got
this wrong, resulting in crashes on PAC capable hardware.
* Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
* Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
- pam
-
- Between allocating the variable "/ai"/ and free'ing them, there are
two "/return NO"/ were we don't free this variable. This patch
inserts freaddrinfo() calls before the "/return NO;"/s.
[bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
The variable is needed by systemd and others.
[bsc#1196093, macros.pam]
- patterns-suse-manager
-
- golang-github-wrouesnel-postgres_exporter was renamed to
prometheus-postgres_exporter
- pciutils
-
- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
(bsc#1192862)
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- postgresql13
-
- bsc#1195680: Upgrade to 13.6:
* https://www.postgresql.org/docs/13/release-13-6.html
* Reindexing might be needed after applying this upgrade, so
please read the release notes carefully.
- boo#1190740: Add constraints file with 12GB of memory for s390x
as a workaround
- Add a llvmjit-devel subpackage to pull in the right versions
of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
implementation packages and their noarch counterpart.
- Update the BuildIgnore section.
- procps
-
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
- protobuf
-
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
bsc#1195258
* Add protobuf-CVE-2021-22570.patch
- psmisc
-
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- py26-compat-msgpack-python
-
- Adapted to build on OBS for Enterprise Linux.
- py27-compat-salt
-
- Fix inspector module export function (bsc#1097531)
- Fix possible traceback on ip6_interface grain (bsc#1193565)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
* fix-inspector-module-export-function-bsc-1097531-479.patch
* fix-possible-traceback-on-ip6_interface-grain-bsc-11.patch
* vendor-stateresult.patch
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Fix the regression with invalid syntax in test_parse_cpe_name_v23.
- Added:
* refactor-and-improvements-for-transactional-updates-.patch
* fix-the-regression-with-invalid-syntax-in-test_parse.patch
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
- Fix the regression of docker_container state module (bsc#1191285)
- python
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- python-base
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- python-libxml2-python
-
- Security fix: [bsc#1196490, CVE-2022-23308]
* Use-after-free of ID and IDREF attributes.
- Add libxml2-CVE-2022-23308.patch
- python-lxml
-
- With the new update to 4.7.1, the old Bugzilla entries are also
fixed:
- bsc#1118088 (related to CVE-2018-19787)
- bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
Features added
- Chunked Unicode string parsing via parser.feed() now encodes the input
data to the native UTF-8 encoding directly, instead of going through
Py_UNICODE / wchar_t encoding first, which previously required duplicate
recoding in most cases.
Bugs fixed
- The standard namespace prefixes were mishandled during "/C14N2"/
serialisation
on Python 3.
See
https://mail.python.org/archives/list/lxml@python.org/thread/
6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
- lxml.objectify previously accepted non-XML numbers with underscores
(like "/1_000"/) as integers or float values in Python 3.6 and later.
It now adheres to the number format of the XML spec again.
- LP#1939031: Static wheels of lxml now contain the header files of zlib
and libiconv (in addition to the already provided headers of
libxml2/libxslt/libexslt).
Other changes
- Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
- Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
Bugs fixed
- A vulnerability (GHSL-2021-1038) in the HTML cleaner
- allowed sneaking script content through SVG images
- (bnc#1193752, CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
- sneaking script content through CSS imports and other crafted
- constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
Features added
- GH#317: A new property system_url was added to DTD entities.
- Patch by Thirdegree.
- GH#314: The STATIC_* variables in setup.py can now be passed
- via env vars.
- Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
Bugs fixed
- A vulnerability (CVE-2021-28957) was discovered in the HTML
- Cleaner by Kevin Chung, which allowed JavaScript to pass through.
- The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
Bugs fixed
- A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
Cleaner
- by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
- now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
Bugs fixed
- A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
- which allowed JavaScript to pass through. The cleaner now removes
- more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
Features added
- GH#310: lxml.html.InputGetter supports __len__() to count the number
- of input fields. Patch by Aidan Woolley.
- lxml.html.InputGetter has a new .items() method to ease processing
- all input fields.
- lxml.html.InputGetter.keys() now returns the field names in document
- order.
- GH-309: The API documentation is now generated using sphinx-apidoc.
- Patch by Chris Mayo.
Bugs fixed
- LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
- when a default namespace was defined.
- TreeBuilder.close() raised AssertionError in some error cases where
- it should have raised XMLSyntaxError. It now raises a combined
- exception to keep up backwards compatibility, while switching to
- XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
Bugs fixed
- Cleaner() now validates that only known configuration options
- can be set.
- LP#1882606: Cleaner.clean_html() discarded comments and PIs
- regardless of the corresponding configuration option, if
- remove_unknown_tags was set.
- LP#1880251: Instead of globally overwriting the document loader
- in libxml2, lxml now sets it per parser run, which improves the
- interoperability with other users of libxml2 such as libxmlsec.
- LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
- The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
- were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
- in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
Bugs fixed
- LP#1570388: Fix failures when serialising documents larger than
- 2GB in some cases.
- LP#1865141, GH#298: QName values were not accepted by the
- el.iter() method. Patch by xmo-odoo.
- LP#1863413, GH#297: The build failed to detect libraries on Linux
- that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
Features added
- A new function indent() was added to insert tail whitespace for
- pretty-printing an XML tree.
Bugs fixed
- LP#1857794: Tail text of nodes that get removed from a document
using item deletion disappeared silently instead of sticking with
the node that was removed.
Other changes
- MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
explicitly to override it.
- Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
- LP#1840234: The package version number is now available as
lxml.__version__.
- Update 4.4.3 (2020-01-28)
Bugs fixed
- LP#1844674: itertext() was missing tail text of comments and PIs
since 4.4.0.
- python3
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
OpenSSL (bpo#9425).
- release-notes-sles
-
- 15.3.20220323 (tracked in bsc#933411)
- Move KubeVirt out of tech preview
- aarch64: Fixed GICv4.1 acronym (jsc#SLE-14763)
- 15.3.20220202 (tracked in bsc#933411)
- Added kernel parameter changes (bsc#1195107)
- Added note about IBM Power10 support (bsc#1192121)
- Added note about deprecating XFS V4 (jsc#SLE-22663)
- Updated note about unixODBC drivers in production (jsc#SLE-20555)
- Added note about RTL8821CE support (jsc#SLE-22690)
- Updated KillMode=none note (bsc#1193843)
- rhnlib
-
- version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- version 4.2.5-1
* do not build python 2 package for SLE15
- rpm
-
- Revert unwanted /usr/bin/python -> /usr/bin/python2 change we
got with the update to 4.14.3 [bsc#1194968]
new patch: no-python2.diff
- rsyslog
-
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
- salt
-
- Fix regression preventing bootstrapping new clients caused by
redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
* add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
* remove-duplicated-method-definitions-in-salt.netapi-.patch
* fix-multiple-security-issues-bsc-1197417.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
* fix-state.orchestrate_single-to-not-pass-pillar-none.patch
* clear-network-interface-cache-when-grains-are-reques.patch
- Renamed:
* patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
* Sign authentication replies to prevent MiTM (CVE-2022-22935)
* Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
* Prevent job and fileserver replays (CVE-2022-22936)
* Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
* patch_for_cve_bsc1197417.patch
- Fix inspector module export function (bsc#1097531)
- Add all ssh kwargs to sanitize_kwargs method
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
* add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* vendor-stateresult.patch
* fix-inspector-module-export-function-bsc-1097531-480.patch
* refactor-and-improvements-for-transactional-updates-.patch
- salt-netapi-client
-
- Hotfix (bsc#1192550):
* 0001-enable-arrays-in-StateApplyResult-name-bsc-1192550.patch
- Version 0.19.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0
- samba
-
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "/client max protocol"/ to NT1 before
calling the "/Reconnecting with SMB1 for workgroup listing"/
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "/smbd --build-options"/ no longer works without an smb.conf file;
(bso#14945);
- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).
- Update to version 4.15.3; (jsc#SLE-23329);
+ CVE-2021-43566: Symlink race error can allow directory creation
outside of the exported share; (bso#13979); (bsc#1139519);
+ CVE-2021-20316: Symlink race error can allow metadata read and
modify outside of the exported share; (bso#14842); (bsc#1191227);
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
- shadow
-
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- smdba
-
- Version 1.7.10
* adapt pgtune using new defaults for new postgres versions
* support special configuration for SSD storage
* make argument "/--backup-dir"/ symlink aware
- Version 1.7.9
- allow different standard configuration file location for other OSes
- spacecmd
-
- version 4.2.16-1
* implement system.bootstrap (bsc#1194909)
* Fix interactive mode for "/system_applyerrata"/ and "/errata_apply"/ (bsc#1194363)
- version 4.2.15-1
* require python macros for building
- spacewalk-admin
-
- version 4.2.10-1
* wait after copying the CA to give systemd time to finish automation
- spacewalk-backend
-
- version 4.2.20-1
* Fix reposync update notice formatting and date parsing (bsc#1194447)
* implement more decompression algorithms for reposync (bsc#1196704)
* enable check for client certificates in reposync
* remove auto inherit of host entitlements for virtual guests
- version 4.2.19-1
* Retrieve and store copyright information about patches
* SLES PAYG client support on cloud
* Add headers to update proxy auth token in listChannels (bsc#1193585)
* require python macros for building
* exchange zypp-plugin dependency to use the python3 version (bsc#1192514)
- spacewalk-branding
-
- version 4.2.13-1
* Fix modal footer misalignment
- version 4.2.12-1
* Fix header search autofocus
- spacewalk-certs-tools
-
- version 4.2.15-1
* Add dynamic version for bootstrap script header (bsc#1186336)
- spacewalk-client-tools
-
- version 4.2.18-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- version 4.2.17-1
* Update translation strings
- version 4.2.16-1
* do not build python 2 package for SLE15
* require python macros for building
- spacewalk-config
-
- version 4.2.6-1
* Upgrade build tooling, and corresponding cache configuration
- version 4.2.5-1
* add migration for changed rhn.conf values
- spacewalk-java
-
- version 4.2.34-1
* Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk
* update last checkin only if job is successful (bsc#1197007)
* Fix NPE when accessing cancelled action via system history (bsc#1195762)
* CVE Audit: Show patch as available in the currently installed product even if successor
patch affects additional packages (bsc#1196455)
* send notifications for new or changed ubuntu errata (bsc#1196977)
* change directory owner and permissions only when needed
* Fixed broken help link for system overview
* Provide link to Sync page when unsynced patches message show up
(bsc#1196094)
* fix class cast exception during action chains (bsc#1195772)
* Finding empty profiles by mac address must be case insensitive (bsc#1196407)
* prepare to use new postgresql-jdbc driver with stringprep and saslprep
support (bsc#1196693)
* allow SCC to display the last check-in time for registered systems
* generate the system ssh key when bootstrapping a salt-ssh client
(bsc#1194909)
* Provide link for CVEs
* Fix lock/unlock scheduling on page Software -> Packages -> Lock (bsc#1195271)
* When adding a product, check if the new vendor channels conflicts
with any of the existing custom channel (bsc#1193448)
* Fix disappearing metadata key files after channel change (bsc#1192822)
* Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
* Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)
* Fix virtualization list rendering for foreign systems (bsc#1195712)
* FIX errors when an image profile / store is deleted
during build / inspect action (bsc#1191597, bsc#1192150)
* Remove verbose token log (bsc#1195666)
* fix ClassCastException during action processing (bsc#1195043)
- version 4.2.33-1
* handle npe when syncing ubuntu errata (bsc#1196619)
- version 4.2.32-1
* Pass only selected servers to taskomatic for cancelation (bsc#1194044)
* Added rights field to generated updateinfo.xml to handle copyright
* provide static configuration key name for SSHMinionActionExecutor
parallel threads
* Add support for custom SSH port for SSH minions
* add ubuntu errata data and install handling
* Fix stack overflow when building a CLM project from modular sources (bsc#1194990)
* SLES PAYG client support on cloud
* Change order of 'Relevant' and 'All' in patches menu
* Handle multiple Kiwi bundles (bsc#1194905)
* Install product by default after a channel is subscribed
* Improve token validation logs
* fix possible race condition in job handling (bsc#1192510)
* Migrate the displaying of the date/time to rhn:formatDate
* Add additional matchers to package (nevra) filter
* Add greater equals matcher to package (nevra) filter
* fix XML syntax in cobbler snippets (bsc#1193694)
* Add new endpoints to packages API: schedulePackageLockChange, listPackagesLockStatus
* Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487)
* Fix stripping module metadata when cloning channels in CLM (bsc#1193008)
* UI and API call for changing proxy
* require postgresql14 on SLE15 SP4
* Update proxy path on minion connection
* fix actionchain stuck in pending/picked up (bsc#1189561)
* fix parsing error by making SCAP Profile description attribute optional
(bsc#1192321)
* Show salt ssh error message in failed action details
- spacewalk-reports
-
- version 4.2.7-1
* Fixes query for system-history report to prevent more than one
row returned by a subquery with rhnxccdftestresult.identifier
(bsc#1191192)
- spacewalk-search
-
- version 4.2.6-1
* Rename jakarta to apache on SPEC
- spacewalk-setup
-
- version 4.2.10-1
* During upgrade, set tomcat connector connectionTimeout
to 900000 if the previous values is the old default (20000)
- spacewalk-utils
-
- version 4.2.15-1
* require python macros for building
- spacewalk-web
-
- version 4.2.26-1
* Provide link to Sync page when unsynced patches message show up
(bsc#1196094)
* Provide a search box on section name for Formulas content
* Add expand/collapse all button for formula sections
* Improved large data support in channel selection
* Provide link for CVEs
* Improved error handling in the product setup page
* Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
* susemanager-web-libs is now packaged as a part of spacewalk-html
- version 4.2.25-1
* Add support for custom SSH port for SSH minions
* SLES PAYG client support on cloud
* Migrate the displaying of the date/time to rhn:formatDate, get rid of the legacy fmt:formatDate glue
* Fix header search autofocus
* Fix virtual systems list request error (bsc#1194397)
* UI for changing proxy
* Fix legacy timepicker passing wrong time to the backend if server and
user time differ (bsc#1192699)
* Fix legacy timepicker passing wrong time to the backend if selected
date is in summer time (bsc#1192776)
- subscription-matcher
-
- Version 0.29
* Migration to log4j 2
- Version 0.28
* Support both antlr3-java and antlr3-runtime as dependencies
* Make it obvious that log4j12 is used
- sudo
-
- Add sudo-1.9.5p2-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou@gmail.com>
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- supportutils-plugin-susemanager
-
- version 4.2.4-1
* Get version of bootstrap scripts for supportconfig (bsc#1186336)
- suse-build-key
-
- No longer install 1024bit keys by default. (bsc#1197293)
- SLE11 key moved to documentation
- old PTF (pre March 2022) moved to documentation only
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
- suseRegisterInfo
-
- version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- version 4.2.5-1
* require python macros for building
* Do not build python 2 package for SLE15 and higher
- susemanager
-
- version 4.2.28-1
* set default for registration batch size
- version 4.2.27-1
* mgr-setup: do not concanate www and apache groups (bsc#1195171)
* fix pg-migrate to check version of postgresql??-server (bsc#1192368)
* remove obsoleted sysv init script (bsc#1191857)
- susemanager-doc-indexes
-
- Renamed golang-github-wrouesnel-postgres_exporter to
prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that
mandatory channels are automatically checked. Also recommended
channels as long as they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on
SUSE Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI
section of the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration
Guide added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise
Micro Client documentation next to SUSE Linux Enterprise Client
documentation and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client
Configuration Guide
- Add troubleshooting section about avoiding package conflicts
with custom channels
- Added instructions for Pay-as-you-go to the Installation Guide
- In the Client Configuration Guide, documented finding channel names for
registering older SUSE Linux Enterprise clients
- Documented moving Salt clients between proxies in the Client
Configuration Guide
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
Configuration Guide
- In the Troubleshooting section of the Client Configuration Guide,
documented that SUSE Linux Enterprise Server 11 clients require previous
SSL versions installed on the server
- In the Retail Guide, adjust branch server version numbers (bsc#1193292)
- susemanager-docs_en
-
- Renamed golang-github-wrouesnel-postgres_exporter to
prometheus-postgres_exporter in the Administration Guide
- Clarified in Client Configuration Guide and Retail Guide that
mandatory channels are automatically checked. Also recommended
channels as long as they are not deactivated (bsc#1173527)
- In Custom Channels chapter of the Administration Guide, provide
information about creating metadata (bsc#1195294)
- In the Client Configuration Guide, mark Yomi as unsupported on
SUSE Linux Enterprise Server 11 and 12
- Documented GPG encrypted Salt Pillars in the Salt book
- In Client Configuration Guide, fixed channel configuration and
registration of Expanded Support clients
- Clarified channel label name in Registering Clients with RHUI
section of the Client Configuration Guide (bsc#1196067)
- In Throubleshooting Synchronization chapter in the Administration
Guide added instructions for GPG removal
- In Client Configuration Guide, integrated SUSE Linux Enterprise
Micro Client documentation next to SUSE Linux Enterprise Client
documentation and other related documentation improvements (bsc#1195145)
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client
Configuration Guide
- Add troubleshooting section about avoiding package conflicts
with custom channels
- Added instructions for Pay-as-you-go to the Installation Guide
- In the Client Configuration Guide, documented finding channel names for
registering older SUSE Linux Enterprise clients
- Documented moving Salt clients between proxies in the Client
Configuration Guide
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
Configuration Guide
- In the Troubleshooting section of the Client Configuration Guide,
documented that SUSE Linux Enterprise Server 11 clients require previous
SSL versions installed on the server
- In the Retail Guide, adjust branch server version numbers (bsc#1193292)
- susemanager-schema
-
- version 4.2.21-1
* fix check on allowVendorChange
* fix advisory status migration (bsc#1195765)
* FIX error when an image profile / store is deleted
during build / inspect action (bsc#1191597, bsc#1192150)
- version 4.2.20-1
* Added rights column to rhnerrata to handle copyright information
* Add support for custom SSH port for SSH minions
* add ubuntu errata data and install handling
* SLES PAYG client support on cloud
* Replace not existing Asia/Beijing timezone with Asia/Shanghai (bsc#1194862)
* Continue with index migration when the expected indexes do not exist
(bsc#1192566)
* Fix changing of existing proxy path
* Add pillars to Apply States action
* Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612)
- susemanager-sls
-
- version 4.2.21-1
* Improve `pkgset` beacon with using `salt.cache`
to notify about the changes made while the minion was stopped
* Align the code of pkgset beacon to prevent warnings (bsc#1194464)
* fixing how the return code is returned in mgrutil runner (bsc#1194909)
* Fix errors on calling sed -E ... by force_restart_minion
with action chains
* Avoid using lscpu -J option in grains (bsc#1195920)
* Postgres exporter package was renamed
* fix deprecation warnings
- version 4.2.20-1
* Handle multiple Kiwi bundles (bsc#1194905)
* enforce correct minion configuration similar to bootstrapping
(bsc#1192510)
* Add state for changing proxy
* Update proxy path on minion connection
* Fix problem installing/removing packages using action chains
in transactional systems
- susemanager-sync-data
-
- version 4.2.11-1
* change centos 8 eol urls to vault which still work
- systemd
-
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated. If such symlinks are found the script
now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
6cfeacbf86 shared/install: ignore failures for auxiliary files
37083278ed install: make UnitFileChangeType enum anonymous
0a02185526 shared/install: reduce scope of iterator variables
86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- update s390 udev rules conversion script to include the case when
the legacy rule was also 41-* (bsc#1195247)
* change scripts-udev-convert-rules.sh
- Import commit 773652879446a81689c39aea23a486627992409b
a76263ced9 meson: allow extra net naming schemes to be defined during configuration
301bf4f1bf meson: drop the list of valid net naming schemes
b89924793d netif-naming: inline one iterator variable
da4a4df29c udev: fix potential memleak
d60486bf1b udev: allow onboard index up to 65535
ac2baecc84 udev: use snprintf_ok()
8aad315c7c udev: fix potential infinite loop
471ea73eb0 udev: make dev_pci_slot() return earlier when PCI bridge is found
69b7c9a6bd udev: use uint32_t for hotplug_slot
cdd0e89c0e udev: split out logic of parsing s390 PCI slots
84e1a91baa udev: it is not necessary that the path is readable
03548e8d0e udev: add missing initialization to fix freeing invalid address
772f964bf6 udev: fix slot based network names on s390
c5071cf699 tree-wide: fix typo
06640d06df net_id: fix newly added naming scheme name
58f9592f1f udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
df9e240c92 udev/net_id: parse _SUN ACPI index as a signed integer
cfcaddfa74 localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- Import commit 6a96632f26f20a68578f9d620a593ceab2a0e3b6
c4aa40982c shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
ae13ea6511 shared/rm_rf: refactor rm_rf() to shorten code a bit
3266d7f5c8 shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
- Drop 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
Drop 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
Drop 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
They have been merged into 'SUSE/v246' branch.
- resolved: disable DNSSEC until the following issue is solved:
https://github.com/systemd/systemd/issues/10579
- resolved: disable fallback DNS servers and fail when no DNS server info could
be obtained from the links. It's better to let the sysadmin know that
something is likely misconfigured rather than silently handing over the DNS
queries to Google or Cloudflare.
- resolved: DNSSEC support (build) requires openssl therefore document this
build dependency in systemd-network sub-package.
- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)
- systemd-rpm-macros
-
- Bump version to 11
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406)
Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and
since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d...
- Bump version to 10
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too
- talloc
-
- Update to 2.3.3; (jsc#SLE-23329);
+ python: Ensure reference counts are properly incremented
+ Change pytalloc source to LGPL;(bso#9931);
- Update to 2.3.2
- Fix build with RPM 4.16:
bad %if condition: 01550 != 1110 || "/x86_64"/ == x86_64
no bare word support, x86_64 needs to be quoted
- tcl
-
- New version 8.6.12:
* (bug)[d43f96] [string trim*] broken for Emoji
* (bug)[22324b] [string reverse] broken for Emoji
* (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
* (bug)[8419c5] Unix tty channels tolerate EINTR
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[4c591f] [string compare] EIAS violation
* (bug)[266494] [concat foo [list #]] EIAS violation
* (bug)[24b918] Save IO buffers from modern optimizers
* (new) support for POSIX error EILSEQ
* (bug)[688fcc] segfault during traced delete of alias
* (bug)[ccc448] segfault in ensemble rewrite machinery
* (new) Update to Unicode-14
* (bug)[a8579d] failed proc argument spec processing
* Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
* Add tcltest::(Setup|Eval|Cleanup|)Test
* Update to Unicode-13
* Add 3 libtommath functions to stub table
* Many more bug fixes
- Potentially incompatible changes:
* (bug)[ffeb20] [binary decode base64] ignore invalid chars
* (bug)[b8e82d] some -maxlen values break uuencode round trip
* (bug)[085913] Tcl_DStringAppendElement # quoting precision
* (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
* (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
* (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
* (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
* (new) force -eofchar 032 when evaluating library scripts
* (new)[48898a] improve error message consistency
* (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- New version: 8.6.10:
* (bug)[7a9dc5] [file normalize ~/~foo] segfault
* (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
* (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
obsoletes tcl-expand-regression.patch.
* (bug)[e3f481] tests var-1.2[01]
* (new) Update to Unicode 12.0
* (new)[TIP 527] New command [timerate]
* (bug)[39fed4] [package require] memory validity
* (new) New command tcl::unsupported::corotype
* (bug) memlink when namespace deletion kills linked var
* (new) README file converted to README.md in Markdown
* (bug)[8b9854] [info level 0] regression with ensembles
* (bug)[6bdadf] crash multi-arg write-traced [lappend]
* (bug)[f8a33c] crash Tcl_Exit before init
* (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
* (bug)[fec0c1] C stack overflow compiling bytecode
* tzdata updated to Olson's tzdata2019c
* (bug)[16768d] Fix [info hostname] on NetBSD
* (new) libtommath updated to release 1.2.0
* (bug)[bcd100] bad fs cache when system encoding changes
* (bug)[135804] segfault in [next] after destroy
* (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
propagation
- Use FAT LTO objects in order to provide proper static
library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
(tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
* NR-enable [package require]
* (bug)[9fd5c6] crash in object deletion, test oo-11.5
* (bug)[3c32a3] crash deleting object with class mixed in
* (platform) stop using -lieee, removed from glibc-2.27
(bsc#1179615, bsc#1181840).
* (bug)[8e6a9a] bad binary [string match], test string-11.55
* (bug)[1873ea] repair multi-thread std channel init
* (bug)[db36fa] broken bytecode for index values
* (bug) broken compiled [string replace], test string-14.19
* (bug) [string trim*] engine crashed on invalid UTF
* (bug) missing trace in compiled [array set], test var-20.11
* (bug)[46a241] crash in unset array with search, var-13.[23]
* (bug)[27b682] race made [file delete] raise "/no such file"/
* (bug)[925643] 32/64 cleanup of filesystem DIR operations
* (bug) leaks in TclSetEnv and env cache
* (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
* (bug)[270f78] race in [file mkdir]
* (bug)[3f7af0] [file delete] raised "/permission denied"/
* (bug)[d051b7] overflow crash in [format]
* revised quoting of [exec] args in generated command line
* HTTP Keep-Alive with pipelined requests
* (new)[TIP 505] [lreplace] accepts all out of range indices
* (bug) Prevent crash from NULL keyName in the registry package
* Update tcltest package for Travis support
* (bug)[35a8f1] overlong string length of some lists
* (bug)[00d04c] Repair [binary encode base64]
- Version 8.6.8:
* [array names -regexp] supports backrefs
* Fix gcc build failures due to #pragma placement
* (bug)[b50fb2] exec redir append stdout and stderr to file
* (bug)[2a9465] http state 100 continue handling broken
* (bug)[0e4d88] replace command, delete trace kills namespace
* (bug)[1a5655] [info * methods] includes mixins
* (bug)[fc1409] segfault in method cloning, oo-15.15
* (bug)[3298012] Stop crash when hash tables overflow 32 bits
* (bug)[5d6de6] Close failing case of [package prefer stable]
* (bug)[4f6a1e] Crash when ensemble map and list are same
* (bug)[ce3a21] file normalize failure when tail is empty
* (new)[TIP 477] nmake build system reform
* (bug)[586e71] EvalObjv exception handling at level #0
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
iwidgets (bsc#903017).
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- tdb
-
- Update to version 1.4.4; (jsc#SLE-23329);
+ Fix a memory leak on error
+ python: remove all 'from __future__ import print_function'
+ Fix CID 1471761 String not null terminated
+ Use hex_byte() in parse_hex()
+ Use hex_byte() in read_data()
+ fix studio compiler build
+ Fix some signed/unsigned comparisons
+ also use __has_attribute macro to check for attribute support
+ Fix clang 9 missing-field-initializer warnings
+ pytdb tests: add test for storev()
+ pytdb: add python binding for storev()
+ tdbtorture: Use ARRAY_DEL_ELEMENT()
+ py3: Remove #define PyInt_FromLong PyLong_FromLong
+ py3: Remove #define PyInt_AsLong PyLong_AsLong
+ py3: Remove #define PyInt_Check PyLong_Check
+ tdb: Align integer types
- Drop obsolete patch ignore-tdb1-run-transaction-expand.diff
- Fix header file using undefined function visibility macro;
Add patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch; (bso#14762);
- tevent
-
- Adust tevent spec to export bundled libcmocka-tevent needed
by ldb; (jsc#SLE-23329);
- Update to version 0.11.0
+ Other minor build fixes; (bso#14526);
+ Add custom tag to events
+ Add event trace api
- timezone
-
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
- tk
-
- New version 8.6.12:
* (bug)[7beaed] ttk::bindMouseWheel syntax error
* (new) support 4 new keycodes: CodeInput, SingleCandidate,
MultipleCandidate, PreviousCandidate
* (new) Portable keycodes: OE, oe, Ydiaeresis
* (bug)[9e1312] <Enter> to parent after child destroyed
* (bug)[d3cd4c] more robust notebook processing
* (bug)[234ee4] crash in [clipboard get] invalid encoding
* (bug)[be9cad] Poor trace housekeeping -> tkwait segfault
* (bug)[9b6065] restore Tcl [update], see window-2.12
* (bug)[34db75,ea876b] cursor motion in peer text
* (bug)[c97464] memleak in TkpDrawAngledChars
* (bug)[171ba7] crash when grab and focus are not coordinated
* crash due to failed transient record housekeeping
* (bug)[099109] segfault reusing a container toplevel
* (bug)[4efbfe] static package init order in wish
* (bug)[033886] Win: hang in font loading
* (bug)[8ebed3] multi-thread safety in Xft use
* (new)[TIP 608] New virtual event <<TkWorldChanged>>
- Update to version 8.6.11.1 (still presenting itself as 8.6.11)
* Fixed issue in bindMouseWheel
- Version 8.6.11:
* Fix TkKeyEvent platform variations
* ttk respect -cursor option
* MouseWheel for ttk::scrollbar
* fix fontconfig crash when no font installed
* fix tearoff menu redraw artifacts
* stop crash w/Noto Color Emoji font
* fix crash of angled text w/o Xft
* fix crash when active button is destroyed
* disfavor Master/Slave terminology
* many more bug fixes.
- Fix manpage symlink for wish8.6.
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- Version 8.6.10:
* (bug)[0a9c91] crash in text-11a.22
* (bug)[9705d1] crash activating "/Alt"/ theme
* (bug)[e3b954] cursor offset at full screen display
* (bug)[18a4ba] cross-platform [winfo containing]
* (build) 'None', 'ControlMask' symbol conflicts
* (bug)[509caf] [treeview tag configure] regression
* (bug)[3003895] [scale] res rounds and -from
* (new)[TIP 533] [$mb post x y idx]
* (bug)[1529659] embed toplevel blocks outer menu
* (bug)[8814bd] crash in [NSMenu size]
* (bug)[1951ab] Prevent transient window cycles (crashed on Aqua)
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[4da219] Incomplete read of multi-image GIF
* (new)[TIP 535] Precision of ::scale widget tick mark values
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[da3914] [$treeview identify element] failure
* (bug)[897ffe] Prevent cross-manager loops of geom management
* (bug)[368fa4] Prevent toggle of hidden treeview indicators
* (bug)[928652] Apply TIP 533 for ttk::menubutton
* (bug)[1001070] X-platform rework of label options -highlight*
* (bug)[6286fd] checkbutton handling of -selectcolor
* (bug) Ttk scrolling bugs, see tests treeview-9.1, entry-3.[3-6]
* (new)[TIP 541] [combobox current] support "/end"/ index
* (bug)[2a6c62] <<TreeviewSelect>> trigger on item delete
* (bug)[75b8fb] Crash with some [event generate]d <ButtonRelease>
* (bug)[5ddeca] Stop app switching exposing withdrawn windows as zombies
* (new) Refactor all MouseWheel bindings
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[c8ccd1] up array key in [text] takes to index 1.0
* (new)[TIP 532] Tk event loop rewrite to prevent ring overflow
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[2834776] Stop disabled spinbox from generating
<<Increment>> & <<Decrement>>
* (bug)[a01b6f7] Workaround XWayland bug reporting screen width
* (bug)[b82bd4] Fix [style configure -compound]
* (bug)[69b48f] failing test textTag-18.1
* (bug)[c4abd2] panic in stackorder command
* (bug)[53d280] [wm iconphoto] crash on empty image
* [90d555] workaround NSFontManager bad selections
* (new) Partial Emoji support in text displays
- tk-8.5.12-fix-xft.patch is not needed anymore.
- Use FAT LTO objects in order to provide proper static
library (boo#1138797).
- Version 8.6.9:
* (platform) stop using -lieee, removed from glibc-2.27
(bsc#1179615, bsc#1181840).
* (bug)[aa7679] crash using window after master destroyed
* (bug)[925262] New option -state for ttk::scale
* (bug)[fa8de7] Crash [ttk::checkbutton .x -variable {}]
* (bug)[382712] Crash in [event generate . <KeyPress>]
* (bug)[657c38] Crash in menu destroy with checkbutton entry
* (bug)[de156e] Deny PRIMARY selection access in safe interps
* (bug)[b68710] Fixes in [text] bindings
* (bug)[e20d5c] Stop failures of textTag-18.1
* (bug)[5d991b] Fortify var traces against deleted vars
* (bug)[1821174] Stop RenderBadPicture X error
* (bug)[502e74] Stop X errors on untrusted connections
* (bug)[71b131] Regression in Tk_DrawChars()
* (bug)[59fccb] menu flaws when empty menubar clicked
* (bug)[7423f9] improved legacy support for [tk_setPalette]
* (bug)[de01e2] Crash in [$text replace]
* (bug)[135696] Crash in [wm transient]
* (bug)[309b42] Improve ttk high-contrast-mode support
* (bug)[fabed1] GIF photo support for "/deferred clear code"/
* (bug)[3441086] error message in layout-2
* (bug)[05bd7f] vista theme for combobox
* (bug)[382712] crash in KeyPress event handling
* (bug)[6fcaaa] insertion cursor visibility in ttk::entry
* (bug)[822923] cascade menu indicator color
* (bug)[9658bc] borderwidth calculations on menu items
* (bug)[ca403f] treeview border drawing
* (bug)[4b555a] hang in [$text search -all]
* (bug)[6b22d4] [treeview] binding fix
- Update tkcon.tcl to CVS revision 1.124:
* Use -underline clearly to disambiguate from new 8.6.6 option
- underlinefg
* prevent file edit from undoing loading of file
- add explicit buildrequire on fontconfig-devel
- Version 8.6.8:
* (bug)[f1a3ca] Memory leak in [text] B-tree
* (bug)[ee40fd] Report [console] init errors
* (bug)[3295446] Improve history visibility in [console]
* (bug)canvas closed polylines fully honor -joinstyle
* (bug)[cc42cc] out of mem crash in tests imgPhoto-18.*
* (bug)[3406785] fix coords rounding when drawing canvas items
* (bug)[8277e1] linux fontchooser sync with available fonts
* (bug)[5239fd] Segfault copying a photo image to itself
* (bug)[514ff6] canvas rotated text overlap detection
* (bug)[1e0db2] canvas rchars artifacts
* (bug)[d9fdfa] display of Long non-wrapped lines in text
* (bug)[dd9667] text anchor not set
* (bug)[bb6b40] ::tk::AmpMenuArgs and 'entryconf'
* (bug)[55b95f] Crash [scale] with a bignum value
* (bug)[ce62c8] text-37.1 fails
* (bug)[0ef1c5] OS X - tests menu-22.[345] hang
* (bug) display of embedded toplevels
* (bug)[73ba07] Correct property type for MULTIPLE conversion
* (bug) Memory leak in tkImgPhoto.c.
* (bug) Defeat zombie toplevels
* (bug) [wm withdraw] on Window and Dock menus
* (new)[TIP 477] nmake build system reform
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
iwidgets (bsc#903017).
- tomcat
-
- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch
- Remove log4j (bsc#1196137)
- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
- update-alternatives
-
- break bash <-> update-alternatives cycle by coolo's rewrite
of %post in lua [bsc#1195654]
- util-linux
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
bsc#1194976,
util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
blockdev-allow-for-larger-values-for-start-sector.patch
- util-linux-systemd
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
bsc#1194976,
util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
blockdev-allow-for-larger-values-for-start-sector.patch
- uyuni-common-libs
-
- version 4.2.6-1
* Read modularity data from DISTTAG tag as fallback (bsc#1192487)
* require python macros for building
- vim
-
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- xen
-
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
Replace
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
by upstream backport
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
- Upstream bug fixes (bsc#1027519)
60782745-x86-AMD-split-LFENCE-setup.patch
6081bae4-x86-cpuid-LFENCE-always-serialising.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Update to Xen 4.14.4 bug fix release (bsc#1027519)
xen-4.14.4-testing-src.tar.bz2
- Drop patches contained in new tarball
6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
6138b7a2-x86-AMD-enum-speculative-hints.patch
6138b7a3-x86-AMD-use-newer-SSBD.patch
6139f1b1-x86-spec-ctrl-print-AMD-features.patch
6148453b-VT-d-hidden-devices-unmap.patch
6148455f-VT-d-PCI-segment-numbers-16-bits.patch
61532102-PCI-bridge-with-subord-bus-0xFF.patch
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
618289da-x86-shstk-fix-with-XPTI-active.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
xsa393.patch
xsa394.patch
xsa395.patch
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
- Upstream bug fixes (bsc#1027519)
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
618289da-x86-shstk-fix-with-XPTI-active.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
- Drop xsa patches in favor of upstream versions
xsa385.patch
xsa388-1.patch
xsa388-2.patch
xsa389.patch
- xerces-j2
-
- Fix infinite loop within Apache XercesJ xml parser (bsc#1195108,
CVE-2022-23437)
* Added patch xerces-j2-CVE-2022-23437.patch
- xstream
-
- Upgrade to 1.4.19
* Security fixes
+ This maintenance release addresses the security vulnerability
CVE-2021-43859, bsc#1195458, when unmarshalling highly
recursive collections or maps causing a Denial of Service.
* API changes
+ Added c.t.x.XStream.COLLECTION_UPDATE_LIMIT and
c.t.x.XStream.COLLECTION_UPDATE_SECONDS.
+ Added c.t.x.XStream.setCollectionUpdateLimit(int).
+ Added c.t.x.core.SecurityUtils.
+ Added c.t.x.security.AbstractSecurityException and
c.t.x.security.InputManipulationException.
+ c.t.x.security.InputManipulationException derives now from
c.t.x.security.AbstractSecurityException.
- xz
-
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
(ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
* bsc1198062.patch
- yaml-cpp
-
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
yaml-cpp which cause DOS by stack consumption
(CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- yast2
-
- Fixed refreshing old repositories during system upgrade
(bsc#1196120, similar to bsc#1190228)
- 4.3.69
- do not strip surrounding white space in CDATA XML elements (bsc#1195910)
- 4.3.68
- do not strip trailing white space in XML elements (bsc#1195910)
- 4.3.67
- yast2-add-on
-
- Restore the repo unexpanded URL to get it properly saved in
the /etc/zypp/repos.d file (bsc#972046, bsc#1194851).
- 4.3.10
- yast2-audit-laf
-
- Set the name of the auto client in the desktop file
(bsc#1196590).
- 4.3.2
- yast2-country
-
- Fixed passing multiple arguments to "/localectl set-locale"/
(bsc#1177863)
- 4.3.19
- yast2-dhcp-server
-
- Fix DNS zone creation by fixing a maintained DNS zone check.
Reported and fixed by Daniel Pätzold <obel1x@web.de>
See github#yast/yast-dhcp-server#59.
- 4.3.2
- Fix URL in .spec file
- yast2-installation
-
- Do not stop xvnc.socket but run the YaST2-Second-Stage and
YaST2-Firsboot services before it in order to prevent early
vnc connections (bsc#1197265)
-4.3.50
- Run the YaST2-Second-Stage and YaST2-Firsboot services after
purge-kernels to prevent a zypper lock error message
(bsc#1196431).
- 4.3.49
- Prevent getty auto-generation because it makes xvnc to fail when
it is started in YaST second stage (bsc#1196614).
- 4.3.48
- Avoid terminal login prompt when running Second Stage service
(bsc#1196594 and related to bsc#1195059).
- 4.3.47
- Modified Second Stage service dependencies fixing a root login
systemd timeout when installing with ssh (bsc#1195059)
- 4.3.46
- Do not create a Btrfs snapshot at the end of the installation
or upgrade when the root filesystem is mounted as read-only
(jsc#SLE-22560).
- 4.3.45
- yast2-packager
-
- do not keep file handle to repo metadata open accidentally (bsc#1196061)
- 4.3.26
- yast2-schema
-
- Added fcoe-client schema (bsc#1194895)
- 4.3.28
- zlib
-
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch
- zsh
-
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
could be exploited through e.g. VCS_Info to execute arbitrary shell
commands (CVE-2021-45444 bsc#1196435)
- zypper
-
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52
- Singletrans: handle fatal and non-fatal script errors properly.
- Add SingleTransReportReceiver.
- Immediately write out additional rpm output.
- BuildRequires: libzypp-devel >= 17.29.0.
Need SingleTransReport and immediate rpm script output reports.
- version 1.14.51