- apache2-mod_wsgi-python3
-
- Add CVE-2022-2255.patch (bsc#1201634)
- autoyast2
-
- Process the <ask-list/> section in an installed system once the
<general/> section is imported in the (bsc#1201953).
- 4.3.104
- Revert the modification done in version 4.3.97 running the
initscripts before systed-user-sessions service again once
systemd fixed logind (bsc#1195059, bsc#1200780)
- 4.3.103
- avahi
-
- Add avahi-bsc1163683.patch: do not cache responses generated
locally (bsc#1163683).
- bind
-
- Add systemd drop-in directory for named service
[bsc#1201689, bind.spec]
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- catatonit
-
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
error not a warning.
- cloud-regionsrv-client
-
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- containerd
-
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
- curl
-
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- docker
-
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- dracut
-
- Update to version 049.1+suse.247.gfb7df05c:
* fix(systemd): add missing modprobe@.service (bsc#1203749)
* fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
* fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
* fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- expat
-
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
- gnutls
-
- Validate input when calling fmemopen() [bsc#1204511]
* Add gnutls-check-system_priority_buf-input.patch
- grub2
-
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- hwdata
-
- update to 0.365:
+ Updated pci, usb and vendor ids.
- update to 0.364:
+ Updated pci, usb and vendor ids.
- update to 0.363:
+ Updated pci, usb and vendor ids.
- update to 0.362:
+ Updated pci, usb and vendor ids.
- update to 0.361:
+ Updated pci, usb and vendor ids.
- iputils
-
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- kernel-default
-
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 028641d
- HID: check empty report_list in bigben_probe() (git-fixes,
bsc#1206784).
- commit c479b33
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit f6860d6
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit e015217
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit b165b65
- ceph: avoid putting the realm twice when decoding snaps fails
(bsc#1207198).
- ceph: do not update snapshot context when there is no new
snapshot (bsc#1207218).
- commit 2f13b5a
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit 88c4e72
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207125 CVE-2023-23455).
- commit e595908
- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0
- mm/memcg: optimize memory.numa_stat like memory.stat
(bsc#1206663).
- commit d7619da
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- commit ebdddc5
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit da7ea39
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 49dc51c
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 0726009
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d
- Refresh
patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
For bsc#1206904, see:
https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116
- README.BRANCH: Added myself as co-maintainer
And drop Oscars name.
- commit 0607a55
- ipv4: Handle attempt to delete multipath route when fib_info
contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2
- net: ipv4: fix route with nexthop object delete warning
(bsc#1204171 CVE-2022-3435).
- commit 51fb670
- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1
- module: merge repetitive strings in module_sig_check()
(git-fixes).
- commit e890371
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit bbf8a43
- modules: lockdep: Suppress suspicious RCU usage warning
(git-fixes).
- commit a75abac
- module: Remove accidental change of module_enable_x()
(git-fixes).
- commit c1799c7
- tracing: Verify if trace array exists before destroying it
(git-fixes).
- commit 484ce03
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit f1282a1
- blacklist.conf: Add reverted commit
- commit 1048706
- powerpc: Ensure that swiotlb buffer is allocated from low memory
(bsc#1156395).
- commit 6657d5f
- powerpc/powernv: Avoid re-registration of imc debugfs directory
(bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
translation in use (bsc#1156395).
- commit 1967b85
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- commit eef87f7
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
(bsc#1204989,bsc#1205601).
- commit b1fad8e
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 2423c59
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824
- blacklist.conf: ("/arm64: lse: Fix LSE atomics with LLVM"/)
- commit 22e012e
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit a642f3b
- blacklist.conf: ("/arm64: lse: fix LSE atomics with LLVM's integrated assembler"/)
- commit 76593cf
- blacklist.conf: ("/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator"/)
- commit 1caef50
- Refresh
patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
Update commit log to prevent patch and quilt from thinking it should apply the
example hunks and fail.
- commit 78fab3f
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
(git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
(git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
(git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
(git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
(git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- sunrpc: check that domain table is empty at module unload
(git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
(git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
(git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit c8d19aa
- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7
- blacklist.conf: ("/arm64: dts: ls1028a: fix typo in TMU calibration data"/)
- commit 716a28c
- blacklist.conf: ("/arm64: Validate tagged addresses in access_ok() called from kernel"/)
- commit 9dd7e12
- blacklist.conf: ("/arm64: insn: consistently handle exit text"/)
- commit f816334
- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49
- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8
- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a
- ext4: fix uninititialized value in 'ext4_evict_inode'
(bsc#1206893).
- commit ff976a4
- ext4: fix corruption when online resizing a 1K bigalloc fs
(bsc#1206891).
- commit 140cef5
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 0696f69
- ext4: silence the warning when evicting inode with
dioread_nolock (bsc#1206889).
- commit 8d66379
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 027bd53
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1206886).
- commit 7d14bba
- Update tags in
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit 05e8ed4
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 1b01bae
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1206881).
- commit f1f3d4f
- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f
- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit b931654
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit fde0a78
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit ecac58a
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit 35c3734
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4ca9666
- ext4: correct the error path of ext4_write_inline_data_end()
(bsc#1206875).
- commit 9ad9468
- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93
- blacklist.conf: blacklist efc61345274d
- commit 8078536
- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0
- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb
- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b
- blacklist.conf: blacklist f25391ebb475
- commit b3ab927
- ext4: avoid race conditions when remounting with options that
change dax (bsc#1206860).
Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2
- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit 9adbb3f
- ext4: mark block bitmap corrupted when found instead of BUGON
(bsc#1206857).
- commit 0b7c7d5
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35
- ext4: choose hardlimit when softlimit is larger than hardlimit
in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9
- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037
- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b
- sched/psi: Fix sampling error and rare div0 crashes with
cgroups and high uptime (bsc#1206841).
- commit d518fcd
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
members and padding (jsc#PED-1445).
- commit 76decfc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit b04c714
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit 3405c6d
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit 3d8dab2
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 2d03a85
- drm: mali-dp: potential dereference of null pointer
(CVE-2022-3115 bsc#1206393).
- commit 9246c67
- wifi: wilc1000: validate pairwise and authentication suite
offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a
- media: meson: vdec: potential dereference of null pointer
(CVE-2022-3112 bsc#1206399).
- commit 32c7d25
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit 81eb278
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit aa42b50
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788
- udf: fix the problem that the disc content is not displayed
(bsc#1206644).
- commit baed6fa
- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit 8c98e30
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit 0743d18
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit f8fb63e
- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa
- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d
- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b
- ext4: iomap that extends beyond EOF should be marked dirty
(bsc#1206637).
- commit e1b2dad
- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2
- lib/notifier-error-inject: fix error when writing -errno to
debugfs file (bsc#1206634).
- commit dea9978
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
(bsc#1206634).
- commit 2504e98
- blacklist.conf: Blacklist 9066e151c379
- commit 966d217
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d
- struct usbnet: move new members to end (git-fixes).
- commit f647bb2
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6
- blacklist.conf: ("/arm64: dts: armada-3720-turris-mox: add firmware node"/)
- commit 77ea716
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f
- blacklist.conf: ("/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()"/)
- commit 8dcdb26
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
- Update metadata references
- commit 71ea896
- Update
patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 66cd628
- Update
patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit 7c181a5
- RDMA/uverbs: Check for null return of kmalloc_array
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 73b6bff
- Update
patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
(jsc#SLE-16683 CVE-2022-3106 bsc#1206397).
- commit 3e8cb15
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit d5698e3
- Update
patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
(CVE-2022-3111 bsc#1206394 git-fixes).
- commit 2ff0fd7
- blacklist.conf: cosmetic, does not fix a bug
- commit c7bc28a
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
(git-fixes).
- commit 4972874
- tracing: Free buffers when a used dynamic event is removed
(git-fixes).
- commit 3703499
- tracing/dynevent: Delete all matched events (git-fixes).
- commit dcf29de
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
(git-fixes).
- commit 6ce4166
- blacklist.conf: Risky, requires reworking of mempolicies
- commit e11ba4b
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit 8dbcec6
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit f800975
- afs: Fix some tracing details (git-fixes).
- commit 161393a
- blacklist.conf: cosmetic fix
- commit 39c4f5a
- usb: host: xhci-hub: fix extra endianness conversion
(git-fixes).
- commit 3574ccc
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit d0798c9
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- commit 2e9f75b
- net: mana: Fix race on per-CQ variable napi work_done
(git-fixes).
- commit 935369b
- Update patches.suse/drm-amd-display-memory-leak.patch
(CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8).
Update the metadata of this patch and in particular its commit ID.
This fix was committed twice upstream, and we used one commit ID in
all branches except SLE15-SP3 where we use the other one. Align this
branch with what was done in all other branches. Benefits:
* No need to blacklist the other commit ID as it was never mentioned
in stable trees.
* Minimize the differences between branches to lower the risk of merge
conflicts.
I verified that the resulting source tree is exactly the same before
and after this change.
- commit 27c76af
- Rename 0001-drm-amd-display-memory-leak.patch
Use the same name as in all other branches for consistency.
- commit 9d96a87
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 6426714
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 1e50bbf
- ext4: Fixup pages without buffers (bsc#1205495).
- commit ad24b58
- kbuild: Unify options for BTF generation for vmlinux and modules
(bsc#1204693).
- Refresh
patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch.
- commit 5bc49fe
- fuse: lock inode unconditionally in fuse_fallocate()
(bsc#1206179).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- cuse: prevent clone (bsc#1206177).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: update attr_version counter on fuse_notify_inval_inode()
(bsc#1206175).
- fuse: don't check refcount after stealing page (bsc#1206174).
- commit 8cb708c
- Refresh
patches.kabi/kABI-remove-new-member-of-usbip_device.patch.
- commit bf09767
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
Fix up after merge from cve/5.3. The patch can be closer to upstream in
15sp3 as we have more than in the cve branch.
- commit 344ce75
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit df768bd
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 18b6c2b
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit ef1bd8e
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit dce5fa8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit ff0c181
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- commit 012ee9f
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit f959a8e
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 2043e6b
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205988).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1205987).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1205986).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- commit 3a3eff6
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 1cb9473
- io_uring/af_unix: defer registered files gc to io_uring release
(bsc#1204228 CVE-2022-2602).
- commit fee5862
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
(git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
(git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
(git-fixes).
- commit fdf27d9
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- commit 482b418
- block: Do not reread partition table on exclusively open device
(bsc#1190969).
- commit 1d888c0
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit 81a86f3
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit f11d21c
- Move upstreamed i915 patch into sorted section
- commit 4f7c541
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
resumed (git-fixes).
- wifi: mac8021: fix possible oob access in
ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
(git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
(git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
free_sja1000dev() (git-fixes).
- commit c233552
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
(git-fixes).
- commit a2d69de
- xen/privcmd: Corrected error handling path (git-fixes).
- commit 9273ea4
- blacklist.conf: add 5c13a4a0291b3019
- commit f414b37
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit d068003
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 310f73b
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit e66563b
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
(git-fixes).
- commit 2026fbd
- blacklist.conf: add e8240addd0a39
- commit c8fea7d
- blacklist.conf: add 0f4558ae91870
- commit 1f46313
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit b1da831
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit 7bcfa5e
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit df9a18a
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit b7e4dba
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit 5c64258
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 390f969
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit d1d28ba
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 26320ba
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit cb178a9
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 6b23717
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
delivery (git-fixes).
- commit c3e71c4
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit b773587
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit f009c3f
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc41a1f
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 9eafa9a
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
(git-fixes).
- commit a448c92
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit eda3b54
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit b68f2a5
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit 43d862b
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit 0f71692
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit e768449
- xen-blkback: prevent premature module unload (git-fixes).
- commit 55eaccd
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit 5b34629
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 48c193f
- USB: serial: option: remove old LARA-R6 PID.
- commit 50cfc4c
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- commit 3cf3877
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6ac2249
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit 774f54f
- drm/i915: fix TLB invalidation for Gen12 video and compute
engines (CVE-2022-4139 bsc#1205700).
- commit 58aaa10
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit 09cd28d
- blacklist.conf: duplicate
- commit 468555e
- blacklist.conf: cosmetic fix
- commit a8e199d
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bc1c359
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 1a77104
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit 43cdbc4
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit 3bef7b9
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit e4d40ab
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 9a43bb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
than input clock (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- commit acc3c71
- iio: core: Fix entry not deleted when
iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
(git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
(git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
(git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
(git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
in regulator_register() (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal
(git-fixes).
- Input: iforce - invert valid length check when fetching device
IDs (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
(git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
(git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
(git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- misc/vmw_vmci: fix an infoleak in
vmci_host_do_receive_datagram() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
at91_adc_allocate_trigger() (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
iio_sysfs_trig_init() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
pci_dev_put() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
CD# debounce timeout (git-fixes).
- mmc: core: properly select voltage range without power cycle
(git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
(git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
(git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- commit d87f9df
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
(git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
(git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
(git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
snd_usbmidi_output_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
(git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
(git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
(git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
(git-fixes).
- drm/imx: imx-tve: Fix return type of
imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
"/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
(git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
(git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
(git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
(git-fixes).
- ASoC: wm8997: Revert "/ASoC: wm8997: Fix PM disable depth
imbalance in wm8997_probe"/ (git-fixes).
- ASoC: wm5110: Revert "/ASoC: wm5110: Fix PM disable depth
imbalance in wm5110_probe"/ (git-fixes).
- ASoC: wm5102: Revert "/ASoC: wm5102: Fix PM disable depth
imbalance in wm5102_probe"/ (git-fixes).
- commit 27fe82f
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 25c2f2d
- Refresh
patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch.
- Delete patches.suse/nfsd-show_open-NULL-deref.patch.
These patches are for the same git commit, so merging.
"/return SEQ_SKIP"/ is changed to "/return 0"/ to match
upstream. Difference is only important if some content
has already been generated. In that case SEQ_SKIP discards it
and 0 leaves it. Here we haven't generated any content.
bsc#1205753
- commit 4d06f59
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit add2103
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- commit ced1fd6
- Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753)
- commit 5941245
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- commit 7b66fa8
- blacklist.conf: kvm_arch_no_poll() is called only once already
- commit 3bc62c2
- KVM: s390: pv: don't allow userspace to set the clock under PV
(git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- commit 76c25b0
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit fc4b67c
- Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705)
- commit 0d77342
- blacklist.conf: Unnecessary build config fix.
- commit 68959f0
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- commit 55df511
- iwlwifi: dbg: disable ini debug in 9000 family and below
(git-fixes).
- commit 152ef40
- blacklist.conf: kABI
- commit 509fe6c
- blacklist.conf: kABI
- commit 8bad736
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit dd6f85a
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit cac2314
- md: Replace snprintf with scnprintf (git-fixes).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit 8c3cff2
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector
(git-fixes).
- dm integrity: set journal entry unused when shrinking device
(git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device
when shrinking (git-fixes).
- dm writecache: return the exact table values that were set
(git-fixes).
- commit e0e374e
- dm: fix request-based DM to not bounce through indirect
dm_submit_bio (git-fixes).
- Refresh for the above change,
patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch.
- commit 259862c
- dm: remove special-casing of bio-based immutable singleton
target on NVMe (git-fixes).
- commit 31a00a1
- blacklist.conf: add non-backport git-fixes commit
- commit 42c7406
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit 3d5973a
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit e93318a
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 99fc524
- add another bug reference to some hyperv changes (bsc#1205617).
- commit b575115
- blacklist.conf: cleanup
- commit b0b46b5
- media: vim2m: initialize the media device earlier (git-fixes).
- commit c5af813
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 2431c97
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- commit 95d4e3d
- staging: greybus: light: fix a couple double frees (git-fixes).
- commit 58bdfb3
- blacklist.conf: duplicate
- commit 3dd1632
- tracing: Fix wild-memory-access in register_synth_event()
(git-fixes).
- commit 7dac608
- ftrace: Fix null pointer dereference in ftrace_add_mod()
(git-fixes).
- commit 4244693
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 464f48f
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit c7550d0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 47e4dec
- ring-buffer: Include dropped pages in counting dirty patches
(git-fixes).
- commit 284d26b
- tracing/ring-buffer: Have polling block on watermark
(git-fixes).
- commit d2a2e4f
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit b801309
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- commit 3c8b93e
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1156395).
- commit 0bc0054
- blacklist.conf: Add fixes for unsupported platforms
- commit 27bff58
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 8075958
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit d8c38e0
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 12fec90
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 3b01230
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT
for L1 (git-fixes).
- commit d56f1ae
- KVM: nVMX: Validate the EPTP when emulating
INVEPT(EXTENT_CONTEXT) (git-fixes).
- commit 26dc9e3
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- commit 2f5ac01
- blacklist.conf: add 514ccc194971d0 ("/x86/kvm: fix a missing-prototypes
"/vmread_error"/"/)
- commit c73c5e6
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
support (git-fixes).
- commit 038458a
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls
only when apicv is globally disabled (git-fixes).
- commit c95874c
- mISDN: fix misuse of put_device() in mISDN_register_device()
(git-fixes).
- commit fea2547
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- commit 1c08940
- net: thunderbolt: Fix error handling in tbnet_init()
(git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
(git-fixes).
- commit d89f3be
- Move upstreamed fbdev fix into sorted section
- commit c2656f7
- pinctrl: devicetree: fix null pointer dereferencing in
pinctrl_dt_to_map (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
(git-fixes).
- ata: libata-transport: fix double ata_host_put() in
ata_tport_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of
dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
(git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
case of errors (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
(git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
(git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
(git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
(git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
vc4_drm_register() (git-fixes).
- hamradio: fix issue of dev reference count leakage in
bpq_device_event() (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- capabilities: fix undefined behavior in bit shift for
CAP_TO_MASK (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
(git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
(git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration
(git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing
the device (git-fixes).
- media: venus: dec: Handle the case where find_format fails
(git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
(git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
(git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
(git-fixes).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(git-fixes).
- commit 87c5230
- usbip: usbip_event: use global lock (git-fixes).
- commit dfdff40
- usbip: synchronize event handler with sysfs code paths
(git-fixes).
- commit 02e148d
- usbip: vudc_sysfs: use global lock (git-fixes).
- commit 0d41db9
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 436bc70
- usbip: stub_dev: remake locking for kABI (git-fixes).
- commit 9d2c460
- kABI: remove new member of usbip_device (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths
(git-fixes).
- commit a40ec71
- blacklist.conf: kABI
- commit 304049d
- blacklist.conf: kABI
- commit 18d7f9f
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit b0b38c0
- blacklist.conf: too intrusive
- commit c4ba71f
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 84f9a38
- blacklist.conf: inapplicable
- commit f1ebd1d
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
(git-fixes).
- commit 8070192
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 761173c
- kabi: fix transport_add_device change (git-fixes).
- commit 9ff4597
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(bsc#1205428 LTC#200501).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (bsc#1205428 LTC#200501).
- commit 402d4fe
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
(git-fixes).
- scsi: drivers: base: Propagate errors through the transport
component (git-fixes).
- scsi: drivers: base: Support atomic version of
attribute_container_device_trigger (git-fixes).
- commit 7f6d450
- blacklist.conf: skip git-fix that is too invasive
- commit e017099
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
(git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
(git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
created (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment
queue limits (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
is zero (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
(git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- block: ataflop: fix breakage introduced at blk-mq refactoring
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
(git-fixes).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- commit 3b9349e
- Update references of
patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser
(bsc#1205428 LTC#200501).
- commit b4aa54c
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- commit 2be09ac
- blacklist.conf: ("/arm64: topology: move store_cpu_topology() to shared code"/)
- commit 68eedfd
- blacklist.conf: ("/arm64: topology: fix possible overflow in amu_fie_setup()"/)
- commit 4b45d2c
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default.
Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch
And refresh kABI patch.
- commit 543771f
- Drop NVMeoF support for TP 8013 & 8014 (bsc#1192761 bsc#1204827)
The kernel side for the TP 8013 and 8014 support was added before we
finished implementing the feature support in nvme-cli in 2.x.
As it turns out the rather old base version of nvme-cli would require
to completely re-implement the support for these feature for the 1.x
branch.
As SP3 is nearing it's end of the active update cycle, we decided
against to update the nvme-cli package hence these patches for the
kernel are not needed. In fact they introduce, regression due to the
nvme-cli package not able to do handle the new API correctly. So let's
remove these patches as there is no user for it.
- Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch.
- Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch.
- Delete patches.suse/nvme-Add-connect-option-discovery.patch.
- Delete
patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch.
- Delete
patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch.
- Delete patches.suse/nvme-display-correct-subsystem-NQN.patch.
- Delete
patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch.
- Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch.
- Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch.
- Delete
patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch.
- Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch.
- Delete
patches.suse/nvmet-register-discovery-subsystem-as-current.patch.
- Delete
patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch.
- Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch.
- commit 65fe080
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 3521cb1
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/ (bsc#1200845)
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- PCI: hv: Fix typo (bsc#1204446).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- commit 5f3eadd
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- commit 199a84c
- netfilter: nfnetlink_osf: fix possible bogus match in
nf_osf_find() (bsc#1204614).
- commit e9ccbaa
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller (git-fixes).
- commit 9593f85
- blacklist.conf: add some git-fixes commits which won't be backported
- commit 19d26a3
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 575009a
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 1da3c8a
- Refresh sorted patches.
- commit 759ab14
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit 6ad0462
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- commit 3de57a1
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
Refresh to upstream version of patch.
- commit 381d74e
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- commit b1a7e6a
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 617a752
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit f0e9f4a
- r8152: Add MAC passthrough support to new device (git-fixes).
- commit 2c0b0e4
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
(git-fixes).
- Refresh
patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing.
- commit 49c6928
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203144 LTC#199881).
- s390: fix double free of GS and RI CBs on fork() failure
(git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
(git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure
(git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
(git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- commit 2fade04
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- commit 114228e
- xfs: tail updates only need to occur when LSN changes
(git-fixes).
- commit 9d404a5
- xfs: factor common AIL item deletion code (git-fixes).
- commit b1771cc
- xfs: Throttle commits on delayed background CIL push
(git-fixes).
- commit e58ad94
- xfs: Lower CIL flush limit for large logs (git-fixes).
- commit 66c16cf
- xfs: Use scnprintf() for avoiding potential buffer overflow
(git-fixes).
- commit 1495b79
- xfs: check owner of dir3 blocks (git-fixes).
- commit cb50471
- xfs: xfs_buf_corruption_error should take __this_address
(git-fixes).
- commit 840c497
- xfs: rework collapse range into an atomic operation (git-fixes).
- commit cfa7b45
- xfs: rework insert range into an atomic operation (git-fixes).
- commit a96f43c
- xfs: open code insert range extent split helper (git-fixes).
- commit f1b0ddb
- blacklist.conf: ignore unapplicable rdma patches
- commit 38abdf0
- Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch
to upstream version.
- commit bb3e9b2
- NFSv3: use nfs_add_or_obtain() to create and reference inodes
(bsc#1204215).
- Refresh
patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch.
- commit d9aeac3
- NFS: Refactor nfs_instantiate() for dentry referencing callers
(bsc#1204215).
- Refresh
patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch.
- commit 50b85ce
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 2a514c4
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit c0bd14a
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit 5cc1f06
- blacklist.conf: livepatch: 32-bit only
- commit ed4af6c
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit cbc1bb8
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit ed70923
- workqueue: don't skip lockdep work dependency in
cancel_work_sync() (bsc#1204967).
- commit d7d8431
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit e027fbe
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 2f0e70b
- usb: dwc3: qcom: fix runtime PM wakeup.
- commit 770ebb2
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
(git-fixes).
- commit 1b57243
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- commit 16527ab
- blacklist.conf: cleanup
- commit a1ca722
- printk: use atomic updates for klogd work (bsc#1204934).
- commit 60be5fc
- printk: add missing memory barrier to wake_up_klogd()
(bsc#1204934).
- commit 270aa51
- blacklist.conf: this patch implements a feature implied, but not
implemented
- commit d863db7
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- commit b825ac2
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- commit 2d07106
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- commit 0dbe04a
- blacklist.conf: workqueue: put back cancel_work(); would be needed
only when backporting recent amdgpu stuff
- commit 9a9dea9
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- commit 8229886
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for
transceiver info (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect
(bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is
turned off (bsc#1204957).
- scsi: lpfc: Fix spelling mistake "/unsolicted"/ -> "/unsolicited"/
(bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- commit 641ed8b
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- commit 9c6ee14
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- commit 23d84da
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- commit 1db7560
- blacklist.conf: Ignore build fixes for crypto selftest config
Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y
and CRYPTO=m
- commit 423d58a
- RDMA/mlx5: Use different doorbell memory for different processes (git-fixes)
Refresh:
- patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch
- commit fd05a52
- Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
(bsc#1204693).
- commit 26595bd
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 293bf91
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit f7baf6a
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- commit d355c79
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- commit 6d0ef48
- RDMA/rxe: Fix "/kernel NULL pointer dereference"/ error (git-fixes)
- commit 9205fa0
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- commit 7daf160
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- commit 7890ffd
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit cc2cd02
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- commit 4332868
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- commit 19e84c3
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- commit db88b1b
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- commit c8db39b
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- commit e28b8f5
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- commit 4c36066
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 3ec31d2
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- commit 26de3e3
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- commit 9d4253b
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- commit 92bff10
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit e806a5b
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- commit 709fd3a
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- commit 121ed63
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- commit 1408298
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- commit 8a4119a
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit f1870dd
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 53e12a2
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- commit 3389a3f
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit a3b0ded
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- commit 12260f5
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7c89c4a
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 1259749
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- commit b499161
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 74e3ed2
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 858283b
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 47de10e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 385ff05
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 2498525
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit 96f828c
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- commit 49315d8
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit dc6482e
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- commit 4b744b6
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit b0c4366
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- commit 2e0cf31
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit 8d71bad
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- commit 2b87978
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit 6f47c39
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit bb23773
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- commit 1ebcca8
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- commit 242d271
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- commit 1421a09
- RDMA: Verify port when creating flow rule (git-fixes)
- commit 75b7985
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- commit c3aa778
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- commit 097d131
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 8811d6a
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit e6dae53
- RDMA/cxgb4: Remove MW support (git-fixes)
- commit d49ea58
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- commit fdca7b3
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- commit 289115b
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- commit ad98a0c
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- commit cda973b
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 0c97417
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- commit dd6c131
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a77f876
- kbuild: remove the target in signal traps when interrupted
(git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- commit d17022d
- blacklist.conf: Unnecessary S390 ARCHITECTURE fixes.
- commit 8f1bd85
- kbuild: Add skip_encoding_btf_enum64 option to pahole
(git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
(jsc#SLE-24559).
- commit 7b939ad
- fbdev: cyber2000fb: fix missing pci_disable_device()
(git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI
(git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- commit 77773fb
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit d4a892d
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 44c0d5c
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit 030e84d
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 500d3d5
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit 3f63b61
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit 1ac3e72
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit ee58509
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit daffb44
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 8618e02
- ring-buffer: Have the shortest_full queue be the shortest not
longest (git-fixes).
- commit ebf21e7
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 81e9520
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- commit e2b6a1c
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 75ec285
- device property: Fix documentation for *_match_string() APIs
(git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states
(git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle
(git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
(git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
(git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
(git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
(git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
(git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion
(git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
put_clock() in error path (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
'interlaced' (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values
(git-fixes).
- commit c820733
- Fix build warning
Refreshed:
patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch
- commit ca5cb24
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 94992c9
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone
(bsc#1204328).
- commit b9f2ea4
- thermal: intel_powerclamp: Use first online CPU as control_cpu
(git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report
(git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
(git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
(git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in
rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: host: xhci: Fix potential memory leak in
xhci_alloc_stream_info() (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in
adp5061_get_chg_type() (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number
(git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
(git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
(git-fixes).
- drm: Use size_t type for len variable in drm_copy_field()
(git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in
nouveau_bo_alloc() (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to
fix module autoloading (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670
(git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at
l2cap_chan_create() (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
(git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620
(git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
(git-fixes).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
(git-fixes).
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx()
(git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
log level (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch
(git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch
(git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of
smp_processor_id() to avoid crash (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
(git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- commit 89baab9
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- commit 0463863
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
hugetlb page (bsc#1204575).
- commit 06c4f04
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- commit fb82e46
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
(git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- commit 0ca6891
- mm: memcontrol: fix occasional OOMs due to proportional
memory.low reclaim (bsc#1204754).
- mm, memcg: avoid stale protection values when cgroup is above
protection (bsc#1204754).
- commit 0e7d107
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
(bsc#1204753).
- commit b8640ed
- blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- commit d9d65d4
- powerpc/fadump: align destination address to pagesize
(bsc#1204728 ltc#200074).
- commit 618ab17
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 2f39bf9
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit ab394e7
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 536e02f
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit 1f646df
- blacklist.conf: add commit from git-fixes
- commit c46aa6a
- devlink: Fix use-after-free after a failed reload (bsc#1204637
CVE-2022-3625).
- commit 3567978
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit 1b1642f
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- commit 9ea634f
- arm64: assembler: add cond_yield macro (git-fixes)
- commit f628c0a
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit 9a28d9e
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit 772e9a5
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
(CVE-2022-3640 bsc#1204619).
- commit b1ed4c2
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- commit d60e491
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- commit 477d56a
- KVM: s390: pv: don't present the ecall interrupt twice
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
(git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
(git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- commit 1c45296
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- commit ec837bd
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- commit bf7093a
- crypto: arm64/sha - fix function types (git-fixes)
- commit 887f265
- Update metadata references
- commit 980fadf
- blacklist.conf: ("/arm64: Introduce a way to disable the 32bit vdso"/)
- commit 0591754
- KVM: x86: do not report a vCPU as preempted outside instruction
boundaries (bsc#1203066 CVE-2022-39189).
- commit 89982eb
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit df5c951
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit 488dede
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
(CVE-2022-3577 bsc#1204470).
- commit e57339b
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit d2eeccc
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ec8a71d
- commit 6d888aa
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit bbd433f
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit 1917bcf
- net: ieee802154: return -EINVAL for unknown addr type
(git-fixes).
- commit 2d80805
- ACPI: HMAT: Release platform device in case of
platform_device_add_data() fails (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register()
(git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
(git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
(git-fixes).
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
(git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine
(git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg
(git-fixes).
- dmaengine: xilinx_dma: Report error in case of
dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores
property (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
(git-fixes).
- mmc: core: Replace with already defined values for readability
(git-fixes).
- commit ba86540
- struct pci_config_window kABI workaround (bsc#1204382).
- commit b2287af
- PCI: Dynamically map ECAM regions (bsc#1204382).
- commit dc89dd6
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch
- Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch
- commit 852bb71
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- commit c4ea05c
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- commit 72baa22
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 11a4b1b
- powerpc/kprobes: Fix null pointer reference in
arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246
git-fixes).
- commit 98b4617
- xfs: remove obsolete AGF counter debugging (git-fixes).
- commit 6b3cbd8
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- commit c80d128
- xfs: rename `new' to `delta' in xfs_growfs_data_private()
(git-fixes).
- commit 7994309
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- commit d0ec732
- xfs: fix memory corruption during remote attr value buffer
invalidation (git-fixes).
- commit 63ac0a8
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- commit cdcab38
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- commit 260cd8e
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- commit f916b39
- xfs: add missing assert in xfs_fsmap_owner_from_rmap
(git-fixes).
- commit 7d88bfe
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- commit dc70b98
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
header on fast-rx (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
(git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion
(git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq
(git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback
(git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure
(git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types
(git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to
use regmap (git-fixes).
- commit 90b2426
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
(git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
(git-fixes).
- commit d78eec4
- Move upstreamed WiFi fixes into sorted section
- commit 2dec8da
- Move upstreamed WiFi fixes into sorted section
- commit 05342a3
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 1ddb693
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit 07862de
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 4abed38
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit 2cf708c
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8712ddf
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 75749d4
- KVM: nVMX: Unconditionally purge queued/injected events on
nested "/exit"/ (git-fixes).
- commit 04b8316
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit f23b172
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit 3671e7c
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit e02caef
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
bsc#1203391).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978
bsc#1202700).
- commit 8c7541d
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 89e6f60
- staging: vt6655: fix some erroneous memory clean-up loops
(git-fixes).
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
(git-fixes).
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
(git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in
gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
(git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
(git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
(git-fixes).
- commit d4e6eb9
- soc: sunxi_sram: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- Refresh
patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch.
- commit 1478c4f
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
(git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable
callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22
(git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling
(git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
(git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
(git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight
registering (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in
omap1_spi100k_probe (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_resume() (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
(git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression
(git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit d4e37ac
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend
(git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall
(git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
(git-fixes).
- iio: adc: ad7923: fix channel readings for some variants
(git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements
(git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel
ABI (git-fixes).
- iio: inkern: only release the device node when done with it
(git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
freq (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure
and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
(git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
(git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
(git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap()
in the probe (git-fixes).
- mfd: sm501: Add check for platform_driver_register()
(git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
(git-fixes).
- mfd: fsl-imx25: Fix an error handling path in
mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in
intel_soc_pmic_i2c_probe() (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
(git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
(git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
(git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
(git-fixes).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
(git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers
(git-fixes).
- commit ea51746
- gpio: rockchip: request GPIO mux to pinctrl when setting
direction (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware
(git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister
(git-fixes).
- crypto: akcipher - default implementation for setting a private
key (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
(git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
(git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups
(git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
(git-fixes).
- dyndbg: let query-modname override actual module name
(git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
timer in __cleanup() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in
hidpp_connect_event (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug
(git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
(git-fixes).
- drm:pl111: Add of_node_put() when breaking out of
for_each_available_child_of_node() (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order
(git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/nouveau: fix a use-after-free in
nouveau_gem_prime_import_sg_table() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset
(git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- commit 6db482b
- ACPI: APEI: do not add task_work to kernel thread to avoid
memory leak (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying
num_parents (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
(git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
(git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init
(git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent()
(git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent()
(git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
(git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
(git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
(git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
(git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
API (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ALSA: hda/hdmi: Don't skip notification handling during PM
operation (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically
(git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak()
(git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
(git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
(git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(git-fixes).
- commit 058f8fc
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 15fe693
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 721c580
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 39988a9
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit c6967e3
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 7d9f3f3
- exfat: Return ENAMETOOLONG consistently for oversized paths
(bsc#1204053 bsc#1201725).
- commit 955135a
- selftests/powerpc: Skip energy_scale_info test on older firmware
(git-fixes).
- commit 2a9f2c0
- blacklist.conf: prerequisite too risky
- commit 67fdf07
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 3394628
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 71e1adc
- blacklist.conf: ignore unwanted nfs patches
- commit 5bb5269
- blacklist.conf: ignore unwanted md patches
- commit ff9f04a
- xfs: enable big timestamps (bsc#1203387).
- commit e8c654f
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit f11211b
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 1a9210f
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit ef6704e
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- commit 5c74e0f
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit 79f8f1e
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit f6d0842
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit d683559
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit e4afdb9
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit d8ae99a
- media: aspeed-video: ignore interrupts that aren't enabled
(git-fixes).
- commit 36a70fa
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- commit 6094fd3
- media: coda: Fix reported H264 profile (git-fixes).
- commit af3ba3e
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit 06361ad
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- commit debb8f9
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- commit f9fb0f8
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit 49f0f34
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- drm/amdgpu: don't register a dirty callback for non-atomic
(git-fixes).
- commit 0b4b37a
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- commit 0b58855
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- Revert "/usb: add quirks for Lenovo OneLink+ Dock"/ (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in
pxa3xx_gcu_write (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access
(git-fixes).
- commit 2e55e74
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info
(git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
(git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before
sending data (git-fixes).
- commit e040102
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit 51fbc8c
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup
(git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI
clocks (git-fixes).
- Revert "/drm: bridge: analogix/dp: add panel prepare/unprepare
in suspend/resume time"/ (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
(git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
(git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
(git-fixes).
- drm/amd/display: Limit user regamma to a valid value
(git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths
(git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
(git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit e7744dc
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit 24c89c9
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e500762
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 75be355
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- commit b42e64a
- parisc/sticon: fix reverse colors (bsc#1152489)
Backporting notes:
* context changes
- commit 206cd49
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- commit f67e434
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- padata: make padata_free_shell() to respect pd's ->refcnt
(bsc#1202638).
- commit 2827da5
- padata: introduce internal padata_get/put_pd() helpers
(bsc#1202638).
- commit 8fd1f6c
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 72392d0
- selftest/powerpc: Add PAPR sysfs attributes sniff test
(bsc#1200465 ltc#197256 jsc#PED-1931).
- powerpc/pseries: Interface to represent PAPR firmware attributes
(bsc#1200465 ltc#197256 jsc#PED-1931).
- commit 9795281
- krb5
-
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bso#15203), (bsc#1205126).
- Added patches:
* 0010-Fix-integer-overflows-in-PAC-parsing.patch
- libX11
-
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- libsodium
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Revert previous change about cpuid as previous change rejected
in https://build.opensuse.org/request/show/724809
- Disable LTO as bypass boo#1148184
- Add libsodium_configure_cpuid_chg.patch and call autoconf
to regenerate configure script with proper CPUID checking.
Required at least for PowerPC and ARM now that LTO enabled.
- Update to 1.0.18
- Enterprise versions of Visual Studio are now supported.
- Visual Studio 2019 is now supported.
- 32-bit binaries for Visual Studio 2010 are now provided.
- A test designed to trigger an OOM condition didn't work on
Linux systems with memory overcommit turned on. It has been
removed in order to fix Ansible builds.
- Emscripten: print and printErr functions are overridden to send
errors to the console, if there is one.
- Emscripten: UTF8ToString() is now exported since
Pointer_stringify() has been deprecated.
- Libsodium version detection has been fixed in the CMake recipe.
- Generic hashing got a 10% speedup on AVX2.
- New target: WebAssembly/WASI
(compile with dist-builds/wasm32-wasi.sh).
- New functions to map a hash to an edwards25519 point
or get a random point:
core_ed25519_from_hash() and core_ed25519_random().
- crypto_core_ed25519_scalar_mul() has been implemented for
scalar*scalar (mod L) multiplication.
- Support for the Ristretto group has been implemented for
interoperability with wasm-crypto.
- Improvements have been made to the test suite.
- Portability improvements have been made.
- getentropy() is now used on systems providing this system call.
- randombytes_salsa20 has been renamed to randombytes_internal.
- Support for NativeClient has been removed.
- Most ((nonnull)) attributes have been relaxed to allow 0-length
inputs to be NULL.
- The -ftree-vectorize and -ftree-slp-vectorize compiler switches
are now used, if available, for optimized builds.
- Update to 1.0.17
- Bug fix: sodium_pad() didn't properly support block sizes
>= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the
WebAssembly module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
returnEINVAL` on input strings with a short length, unlike
their high-level counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU
features not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime
order group:
- crypto_core_ed25519_scalar_random(),
crypto_core_ed25519_scalar_reduce(),
- crypto_core_ed25519_scalar_invert(),
crypto_core_ed25519_scalar_negate(),
- crypto_core_ed25519_scalar_complement(),
crypto_core_ed25519_scalar_add() and
crypto_core_ed25519_scalar_sub().
- New low-level APIs for scalar multiplication without clamping:
crypto_scalarmult_ed25519_base_noclamp() and
crypto_scalarmult_ed25519_noclamp().
These new APIs are especially useful for blinding.
- sodium_sub() has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The nonnull attribute has been added to all relevant
prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
- libtirpc
-
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
to a random port (bsc#1199467)
- add binddynport-honor-ip_local_reserved_ports.patch
- libxml2
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- libxslt
-
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- lvm2
-
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
- bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
- in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
- change %post behaviour, only do deleting job for non-link folder
- mozilla-nspr
-
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- mozilla-nss
-
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
(bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
* Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
(CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Enable nss-fips-drbg-libjitter.patch now that we have a patched
libjitter to build with (bsc#1202870).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
entropy. This is disabled until we can avoid the inline assembler
in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- nfs-utils
-
- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
Fix nfsdcltrack bug that affected non-x86 archs.
(bsc#1202627)
- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- nfsidmap
-
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
0002-Handle-NULL-names-better.patch
0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
0005-nss.c-wrong-check-of-return-value.patch
0006-Fixed-a-memory-leak-nss_name_to_gid.patch
Various bugfixes and improvemes from upstream
In particular, 0001 fixes a crash that can happen when
a 'static' mapping is configured.
(bnc#1200901)
- openssh
-
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
connections update their dbus environment (bsc#1179465).
- Add openssh-do-not-send-empty-message.patch: Prevent empty
messages from being sent. This avoids a superfluous new line
(bsc#1192439).
- openssl-1_1
-
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
* Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
- pam
-
- Update pam_motd to the most current version. This fixes various issues
and adds support for mot.d directories [jsc#PED-1712].
* Added: pam-ped1712-pam_motd-directory-feature.patch
- permissions
-
* Backport postfix to SLE-15-SP2 (bsc#1206738)
- Update to version 20181225:
- procps
-
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
- protobuf
-
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
CVE-2022-1941, bsc#1203681
* Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
protobuf-java, CVE-2022-3171, bsc#1204256
* Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
* Add protobuf-51026d922970e06475f005b39287963594134b96.patch
* Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
* Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
* Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
* Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
* Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
* Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
* Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
* Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering
- Fix potential Denial of Service in protobuf-java in the parsing procedure
for binary data, CVE-2021-22569, bsc#1194530
* Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
- python-PyNaCl
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- six is needed by testsuite
- Update to 1.4.0
* Update ``libsodium`` to 1.0.18.
* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* Added support for Python 3.8, and removed support for Python 3.4.
* Add low level bindings for extracting the seed and the public key
from crypto_sign_ed25519 secret key
* Add low level bindings for deterministic random generation.
* Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py`` (#485)
* Fix checks on very slow builders (#481, #495)
* Add low-level bindings to ed25519 arithmetic functions
* Update low-level blake2b state implementation
* Fix wrong short-input behavior of SealedBox.decrypt() (#517)
* Raise CryptPrefixError exception instead of InvalidkeyError when trying
to check a password against a verifier stored in a unknown format (#519)
* Add support for minimal builds of libsodium. Trying to call functions
not available in a minimal build will raise an UnavailableError
exception. To compile a minimal build of the bundled libsodium, set
the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
- removed obsolete back-port patch:
* fix_tests.patch
* hypothesis-no-unilmited.patch
* python-PyNaCl-hypothesis-remove-average_size.patch
- Fix tests with latest hypothesis:
* hypothesis-no-unilmited.patch
- Add missing runtime dependency on cffi
- add fix_tests.patch for new pytest
- run the testsuite
- added patches
https://github.com/pyca/pynacl/commit/a8c08b18f3a2e8f2140c531afaf42715fcab68e7
+ python-PyNaCl-hypothesis-remove-average_size.patch
- Update to 1.3.0
* Added support for Python 3.7.
* Run and test all code examples in PyNaCl docs through sphinx's doctest
builder.
* Add low-level bindings for chacha20-poly1305 AEAD constructions.
* Add low-level bindings for the chacha20-poly1305 secretstream
constructions.
* Add low-level bindings for ed25519ph pre-hashed signing construction.
* Add low-level bindings for constant-time increment and addition on
fixed-precision big integers represented as little-endian byte sequences.
* Add low-level bindings for the ISO/IEC 7816-4 compatible padding API.
* Add low-level bindings for libsodium's crypto_kx... key exchange
construction.
* Set hypothesis deadline to None in tests/test_pwhash.py to avoid incorrect
test failures on slower processor architectures.
- python-azure-agent
-
- Add paa_12_sp5_rdma_no_ext_driver.patch (bsc#1203181)
- Update to version 2.8.0.11 (bsc#1203164)
+ Enabled support for Fast Track (faster processing of extensions)
+ Add telemetry for VM Size
+ Add telemetry for environment variables passed to extensions
+ Enforce CPU quota on the Agent on Red Hat and CentOS 7.4+
+ Restore all firewall rules needed for communication with the WireServer
+ Fix false positives reporting processes in the Agent's cgroup
+ Fix false errors when collecting debug logs
+ Don't report incorrect CPU usage data
+ Fetching a goal state with empty certificates property
+ Silence goal state fetch errors after 3 logs
+ Change fast track timestamp default from None to datetime.min
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status
+ Support for Rocky Linux
+ RHEL 8
+ RHEL 9
+ Preliminary work to enforce CPU quota on extensions
+ Preliminary work for management of agent self-updates [GA Versioning]
+ Add CentOS 7.9 to end-to-end-tests
+ Add Mariner to end-to-end-tests
- 2.8.0.11 followed 2.7.3.0, no intermediate releases
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
- Update to 2.7.3.0 (jsc#PED-1298)
+ Remove proper_dhcp_config_set.patch included upstream
+ Remove sle_hpc-is-sles.patch included upstream
+ Forward port reset-dhcp-deprovision.patch
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status #2622
+ Use 'ip' instead of 'ifdown/ifup' to restart network interface on
RHEL >= 8.6 #2612 #2624
- From 2.7.1.0
+ hotfix for OOM errors on the log collector
- From 2.7.0.6
+ Increase time of autoupdates after updates are available #2403
+ Send telemetry when upgrade available #2421
+ Enable collection of debugging information #2436, #2453, #2510
+ Add support for Python 2.6 to the debug info collection code #2452
+ Enable CPU/memory data collection on RedHat and CentOS #2450
+ Exclude end-to-end tests from Agent setup #2396, #2402
+ Fix log message in cgroups management #2427
+ Fix parsing of malformed error.json files #2433
+ Allow DNS queries over TCP #2429
+ Dont exit extension handler process if unable to fetch
first goal state #2440
+ Improvements for Mariner #2407, #2414
+ Add uos support #2420
+ Add support for VMware PhotonOS #2431
- From 2.6.0.2
+ added cloudlinux support (#2344)
+ Enable extensions cpu monitoring (#2357, #2384, #2391)
+ Support Flatcar Container Linux (#2365)
+ Retrieve VmSettings from HostGAPlugin
(#2378, #2382, #2386, #2394, #2397, #2404)
+ Set Agent's CpuQuota to 75% (#2383)
+ Use handler status if extension status is None when computing
the ExtensionsSummary (#2358) (#2361)
+ fix bug with dependent extensions with no settings (#2285) (#2362)
+ Create events dir for handlers if ETP enabled (#2366)
+ Report status even if goal state cannot be processed (#2370)
+ Define ExtensionsSummary.eq (#2371) (#2373)
+ Implement ExtensionsSummary.ne in terms of eq (#2375)
- From 2.5.0.2
+ Enable Extension Telemetry Pipeline (#2337, #2339)
+ Enable Periodic Log Collection in systemd distros (#2295,#2289)
+ Implement InitialGoalStatePeriod parameter + improvements in logging
goal state processing(#2332)
+ Fix operation name in InitializeHostPlugin event(#2338)
+ Mock systemctl stop cmd (#2335)
+ Report transitioning when status file not found (#2330)
+ Dont create default status file for Single-Config extensions (#2318)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Save waagent_status to history folder and add additional details to
the status file (#2325,#2301,#2270)
+ Rename Debug.FetchVmSettings to Debug.EnableFastTrack (#2324)
+ Update HostGAplugin headers before fetching vmSettings (#2323)
+ Handle HTTP GONE in vmSettings request (#2321)
+ Added log statements to debug issues in vmSettings API(#2317)
+ Remove reference to re.IGNORECASE (#2316)
+ Add and remove extension slice (#2315)
+ FastTrack changes (#2314, #2313,#2306, #2304,#2294, #2293)
+ Helper to handle exception message(#2305)
+ Remove trailing spaces from command name (#2296)
+ Add debug info for systemd-run false positives (#2292)
+ Move Github Actions VMs to Ubuntu 18 (#2291)
+ Onboard redhat82, ubuntu20 (#2290, #2279)
+ Allow systemd-run in the Agent's cgroup (#2287)
+ Use handler status if extension status is None (#2358)
+ Bug Fix :Define ExtensionsSummary.ne (#2371)
- From 2.4.0.2
+ Support for Multi config (#2245, #2261)
+ Support sles 15 sp2 distro (#2272)
+ Cleanup history folder every 30 min (#2258)
+ Updated _read_status_file to include a fragment of status file in
the exception (#2257)
+ Fix telemetry unicode errors (Re-add #1937) (#2278)
+ Match IPoIB interface with any alphanumeric characters (#2239)
+ Fix bug with dependent extensions with no settings (#2285)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Refactoring of Agent's main loop (#2275)
+ Exception for Linux Patch Extension for creating placeholder
status file (#2307)
+ Dont create default status file for Single-Config extensions (#2318)
+ Fix bad logging (#2241)
+ Fixed logging of PeriodicOperation (#2263)
+ Log collector broken pipe fix (#2267)
+ Improved logging for Multi config (#2246)
- From 2.3.1.1
+ revert for reducing the time window where we restart the network
interfaces of the VM
- From 2.3.0.2
+ Enforce CPUQuota on agent #2222, #2226
+ Add support for RequiredFeatures and GoalStateAggregateStatus APIs
[#2190], #2206, #2209, #2216
+ Added fallback locations for extension manifests #2188
+ Add missing call to str.format() when creating exception #2193
+ Remove helper network service on deprovision #2191
+ Use a helper script to start the network service #2225 #2253
+ Initialize published_hostname using /var/lib/cloud/data/set-hostname #2215
+ Fix utf logging for persist firewall rules #2237
+ Replace firewall-setup unit file if changed #2236
- From 2.2.54
+ PA changes to check cloud-init (#2061)
+ log collector (#2066)
+ cgroups CPU percentage py processor count (#2074)
+ Parse InVMGoalStateMetaData from Extension Config (#2081)
+ iscsi disk support for agent configs (#2073)
+ Add support for VMs with multiple IB devices (#2085)
+ Python 3.9 support (#2082)
+ Add support for CBL-Mariner distro (#2099)
+ Enable Provisioning.MonitorHostName for Ubuntu (#1934)
+ Added supportedFeatures flag in status reporting (#2089)
+ Parse ext runtime settings (#2087)
+ GHA merge validation (#2097)
+ Cgroups improvements
+ renamed the eventsFolder variable for preview and enabled ETP (#2140)
+ Agent slice and custom unit files telemetry (#2150)
+ Make IPoIB interface online (#2116)
+ Add option to disable NetworkConfigurationChanges (#2156)
+ Log network configuration on service start (#2157)
+ Setup persistent firewall rules on service restart (#2154)
+ switched to using run_command (#2060)
+ fixes for chained-comparison and dangerous-default-value pylint
warnings (#2072)
+ fixed depends on errors (#2059)
+ WireIp env variable added (#2078)
+ Unstick HGAP channel as default (#2046)
+ shellutil.run_command fixes (#2086, #2098)
+ unit test fixes (#2090, #2091, #2108, #2153)
+ fix distro resolution for RedHat (#2083)
+ Read KVP value in binary mode (#2084)
+ Redact protected settings in goal state debug files (#2130)
+ Modify retry logic for empty goal state (#2140)
+ GS no config fix (#2141)
+ CommandExecution.log logrototate config -> custom log management (#2143)
+ binary file for firewall rules (#2147)
+ Refresh host ga plugin periodically (#2155)
+ Disabled custom service (#2166)
+ update test zips (#2167)
- From 2.2.53.1
+ Extension Telemetry Pipeline as a private-preview feature
- From 2.2.53
+ Start exthandler with the same python interpreter (#2007)
+ Verify that the extension status is an array (#2010)
+ Remove enum _UpdateType and retry fetching goal state (#2018)
+ use dd for ext4 as well as xfs (#2042)
+ Fix path for error.json (#2044)
+ Switch to run command changes, + provisioning changes that need to be
reverted. (#2050)
+ Fix timestamp for goal state archive (#2051)
+ Case insensitive parsing or Plugins and PluginSettings (#2054)
+ Revert "/Fixed delays for HTTP retries rather than exponential
delays (#1967)"/ (#2065)
+ Fixed bug causing "/MAC verified OK"/ message (#2069)
+ Revert unicode fix manually (#1937) (#2070)
+ Recreate handler environment file on service startup (#1960)
+ Add log collection tool and thread (#1987)
+ Thread interface (#1990)
+ Verify that the CPU and Memory cgroups for the agent are properly
initialized; disabled cgroups if they are not active. (#2015)
+ SUSE config: use Btrfs LZO compression for ResourceDisk (#2055)
+ Extension telemetry pipeline (#1918)
+ Reformatted the heartbeat event (#2009)
+ Add LIS version to OSInfo.message (#2011)
+ One thread for telemetry (#2019)
+ Limit description character length sent for health report (#2020)
+ Remove Serial Console Logging (#2028)
+ Echo log to /dev/console during provisioning (#2043)
+ Adding telemetry for logrotate (#2045)
+ Report placeholder extension status as an array (#2068)
+ Fix broken link in readme (#2014)
+ Add log collector flags to README (#2029)
- From 2.2.52
+ Do not retrieve users in each goal state (#1935)
+ Fix check for systemd-run failure when invoking extensions (#1943)
+ Fix telemetry unicode errors (#1937)
+ Uninstall unregistered extensions (#1970)
+ Use run_command to execute iptables (#1944)
+ Use run_command for ip route (#1958)
+ Fix handling of gen2 disks with udev rules (#1954)
+ Add API for uploading logs via host plugin (#1902)
+ Fixed delays for HTTP retries rather than exponential delays (#1967)
+ Resolve undefined variable (#1950)
+ Convert owner uid to string (#1949)
+ Fix Travis special checks for distro and remove useless cgroup tests (#1959)
+ Use tmp_dir instead of data_dir (#1968)
- Removed %config flag for files in /usr directory.
- Cleanup spec file:
- - Removed %{_distconfdir}/logrotate.d from dirlist. It will be
handled by package filelist now.
- - %{_distconfdir}/logrotate.d/* can be changed by vendor only.
So it will be replaced by an RPM update.
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- require python-rpm-macros to fix build for TW
- do not require test dependencies for build, they are not needed
(no testsuite run in %check)
- python-certifi
-
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
- python-cryptography
-
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
+ 5507-mitigate-Bleichenbacher-attacks.patch
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
* add disallow_implicit_tag_truncation.patch from
https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
- python-libxml2-python
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- python-msgpack
-
- Loose the filelist for the package info to avoid FTBFS on
SLE-15-SP5 (bsc#1203743).
- python-paramiko
-
- Add rsa-key-loading-fix.patch (bsc#1205132) fixing loading RSA
key.
- python-py
-
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python-wheel
-
- Add wheel_cve_2022_40898.patch (bsc#1206670)
+ Fix parsing regex, CVE-2022-40898
- python3
-
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- release-notes-sles
-
- 15.3.20220930 (tracked in bsc#933411)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Added note about BCI minimal container (jsc#SLE-22133)
- Added note about BCI containers (jsc#SLE-22144)
- Added note about XFS V4 filesystem (bsc#1200646)
- 15.3.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-1590)
- 15.3.20220831 (tracked in bsc#933411)
- Added note about schedutil (bsc#1176440)
- Added note about insserv-compat migration failure (bsc#1194837)
- Added note about Samba 4.15 (jsc#SLE-23330)
- rpm
-
- Strip critical bit in signature subpackage parsing
* modified patch: pgpharden.diff
- Add workaround to make newer dnf versions no longer deadlock
after it imported a pubkey [bnc#1202750]
* new patch: keyimportdeadlock.diff
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- rubygem-nokogiri
-
- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408)
fixes possibility to DoS because of inefficient RE in HTML encoding
- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782)
fixes Improper Handling of Unexpected Data Types
- runc
-
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
bsc#1202021
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "/permission denied"/ error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
- salt
-
- Pass the context to pillar ext modules
- Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
- Detect module run syntax version
- Implement automated patches alignment for the Salt Bundle
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Clarify pkg.installed pkg_verify documentation
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Added:
* clarify-pkg.installed-pkg_verify-documentation.patch
* make-pass-renderer-configurable-other-fixes-532.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
* detect-module.run-syntax.patch
* ignore-extend-declarations-from-excluded-sls-files.patch
* include-stdout-in-error-message-for-zypperpkg-559.patch
* pass-the-context-to-pillar-ext-modules.patch
- samba
-
- CVE-2022-38023 Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231); (bsc#1205386);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
- Remove the systemd drop-in file for named service to allow
read/write access to the DLZ directory as bind is not using
systemd filesystem namespaces but bind-chrootenv; (bsc#1205946);
- Install a systemd drop-in file for named service to allow
read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
(bso#14833); (bsc#1202803);
- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).
- spacewalk-backend
-
- version 4.2.25-1
* Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059)
* Prevent mixing credentials for proxy and repository server
while using basic authentication and avoid hiding errors
i.e. timeouts while having proxy settings issues
with extra logging in verbose mode (bsc#1201788)
- spacewalk-client-tools
-
- version 4.2.21-1
* Update translation strings
- spacewalk-web
-
- version 4.2.31-1
* Prevent proxy data from being logged (bsc#1205339)
- version 4.2.30-1
* Upgrade moment-timezone
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- sudo
-
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Fixed an issue where some redundant entries in a sudo configuration
file caused freed memory to be accessed in the error message thus
wrong information was output in the error message.
* [bsc#1190818]
* Added [sudo-1.9.5p2-no_free_alias_name.patch]
Sourced from the following git commit hashes:
| 9ed14870c Add garbage collection to the sudoers parser to clean
up on error. This makes it possible to avoid memory leaks when
there is a parse error.
| bdb02b1ef Got back to calling alias_free() on alias_add() failure.
We now need to remove the name and members from the leak list
* before* calling alias_add() since alias_add() will consume them
for both success and failure.
| b4cabdb39 Don't free the alias name in alias_add() if the alias
already exists. We need to be able to display it using
alias_error(). Only free what we actually allocated in alias_add()
on error and let the caller handle cleanup. Note that we cannot
completely fill in the alias until it is inserted. Otherwise,
we will have modified the file and members parameters even if
there was an error. As a result, we have to remove those from the
leak list after alias_add(), not before.
- supportutils
-
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
+ Added type output with df command in fs-diskio.txt (issue#141)
+ Gather all files in /etc/security/limits.d/ (issue#142)
+ Fixed KVM virtualization detection on bare metal (bsc#1184689)
+ Added logging using journalctl (bsc#1200330)
+ Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
+ Added system logging configuration and checking in messages_config.txt (issue#103)
+ If rsyslog not installed collect more from journalctl (issue#120)
+ Added systemd-status.txt for the status of all service units (issue#125)
+ autofs includes files in (+dir:<path>) (issue#111)
+ Get current sar data before collecting files (bsc#1192648)
+ Collects everything in /etc/multipath/ (bsc#1192252)
+ Collects power management information in hardware.txt (bsc#1197428)
+ Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
+ Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
+ Update to nvme_info and block_info #133 (bsc#1202417)
+ Added IO scheduler (issue#136)
+ Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
- suse-build-key
-
- added /usr/share/pki/containers directory for container pem keys
(cosign/sigstore style), put our PEM key there too (bsc#1204706)
- systemd
-
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-coredump-Fix-format-string-type-mismatch.patch
Add 5001-coredump-drop-an-unused-variable.patch
Add 5002-coredump-adjust-whitespace.patch
Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
f70647a7b7 udev/net_id: add debug logging for construction of device names
48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
dba888a4d3 pid1: watch bus name always when we have it
f524807b89 udev: add one more assertion
8558101c73 udev: drop assertion which is always false
566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
b4c4edaada tests: minor simplification in test-execute
76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
Also update the rule files to make use of the "/CONST{arch}"/ syntax (available
since v244).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
8a70235d8a core: Add trigger limit for path units
93e544f3a0 core/mount: also add default before dependency for automount mount units
5916a7748c logind: fix crash in logind on user-specified message string
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
- tar
-
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- tcl
-
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- timezone
-
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- util-linux
-
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- util-linux-systemd
-
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- vim
-
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Truncate file name even if no directory structure
* [bsc#1204720]
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
- xen
-
- Upstream bug fixes (bsc#1027519)
63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
637b5f4f-efifb-ignore-invalid.patch
63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
speculative security issues (XSA-422)
636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
(XSA-376)
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-10.patch (correction)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
for 2nd-level page tables on ARM systems (XSA-409)
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
crash xenstored (XSA-414)
xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
create orphaned Xenstore nodes (XSA-415)
xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
cause Xenstore to not free temporary memory (XSA-416)
xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
get access to Xenstore nodes of deleted domains (XSA-417)
xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
crash xenstored via exhausting the stack (XSA-418)
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
Xenstore: cooperating guests can create arbitrary numbers of
nodes (XSA-419)
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
Xenstore: Guests can create arbitray number of nodes via
transactions (XSA-421)
xsa421-01.patch
xsa421-02.patch
- yast2-bootloader
-
- prevent leak of grub2 password to logs(bsc#1201962)
- 4.3.32
- yast2-installation
-
- AutoYaST SecondStage: Revert changes introduced in 4.3.46 running
the initscript service before systemd-user-sessions again once
systemd patched logind (bsc#1195059, bsc#1200780)
- 4.3.55
- Do not restart services when updating the package (bsc#1199480,
bsc#1200274)
- 4.3.54
- AutoYaST Second Stage: Added a missing dependency to the service
to prevent getty-autogeneration listen on 5901 port (bsc#1199746)
- 4.3.53
- yast2-network
-
- Fixed issue when writing the NetworkManager config without a
gateway (bsc#1203866)
- 4.3.86
- Added a class to generate the configuration needed for a FCoE
device being aware of it during the installation (bsc#1199554)
- 4.3.85
- AY: Added missing route extrapara element to the networking
section (bsc#1201129)
- 4.3.84
- Allow more than 6 domains in resolver search list (bsc#1200155).
- 4.3.83
- yast2-registration
-
- Import the SSL certificate from the <reg_server_cert> AutoYaST
data also in the self-update step (bsc#1199091, bsc#1198642)
- 4.3.26
- yast2-schema
-
- Add 'extrapara' to routes in the networking section (bsc#1201129)
- 4.3.31
- Support for flatten and nested "/category_filter"/ element in the
"/online_update_configuration"/ section (bsc#1198848).
- 4.3.30
- zlib
-
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch