- bind
-
- Update to release 9.16.31
This is the first of monthly updates of "/bind"/. It is planned
to update bind when a new upstream maintennace release becomes
available, which is usually towards the end of a month, see
https://www.isc.org/blogs/2021-bind-release-model/
Compared to the previous SUSE release, in this release,
53 (minor) bugs were fixed
13 (minor) functional enhancements were made
3 security issues are now fixed upstream:
CVE-2022-0396, CVE-2021-25220, CVE-2021-25219
plus a few minor changes.
For a full list of changes, please refer to the
CHANGES file in the source rpm.
This update obsoletes the following patches:
* bind-fix-build-with-older-sphinx.patch
* bind-CVE-2021-25219.patch
* bind-9.16.27-0001-CVE-2021-25220.patch
* bind-9.16.27-0002-CVE-2022-0396.patch
[bind-9.16.31.tar.xz, bind-9.16.31.tar.xz.sha512.asc,
bind-9.16.20.tar.xz, bind-9.16.20.tar.xz.sha512.asc,
bind-fix-build-with-older-sphinx.patch, bind-CVE-2021-25219.patch,
bind-9.16.27-0001-CVE-2021-25220.patch,
bind-9.16.27-0002-CVE-2022-0396.patch,
jsc#SLE-24600]
- When enabling query_logging by un-commenting an example in
bind.conf, named attempts to create a file in /var/log which
fails due to missing credentials. This also applies to the
"/dump-file"/ and the "/statistics-file"/.
This is solved by having systemd-tmpfiles create a subdirectory
"//var/log/named"/ owned by named:named and changing the file
paths accordingly:
/var/log/named_querylog -> /var/log/named/querylog
/var/log/named_dump.db -> /var/log/named/dump.db
/var/log/named.stats -> /var/log/named/stats
Also, in "/named.service"/, the ReadWritePath was changed to
include "//var/log/named"/ rather than just "/var/log"/.
[bsc#1200685, bind.spec, vendor-files/config/named.conf,
vendor-files/system/named.service]
- A non-existent initialization script (eg a leftorver
"/createNamedConfInclude"/ in /etc/sysconfig/named) may cause named
not to start. A warning message is printed in named.prep and
the fact is ignored.
Also, the return value of a failed script was not handled properly
causing a failed script to not prevent named to start. This
is now fixed properly.
[bsc#1199044, vendor-files.tar.bz2]
- dracut
-
- Update to version 055+suse.279.g3b3c36b2:
* fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236)
* fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360)
* fix(convertfs): ignore commented lines in fstab (bsc#1200251)
* fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- Update to version 055+suse.271.g70f710e4:
* fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
* fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
* fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
* fix(crypt): remove quotes from cryptsetupopts (bsc#1197635)
* fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604)
* fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267)
* fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
* fix(bluetooth): make hostonly configuration files optional (bsc#1195047)
- fence-agents
-
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
(bsc#1195891)
- Apply proposed patch
0001-fix_support_for_sovereign_clouds_and_MSI-439.patch
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
of 3DES if we are in FIPS mode. (bsc#1196125)
- harfbuzz
-
- Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents
(boo#1200900 CVE-2022-33068).
- hwinfo
-
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
nvme_core.multipath=1 (bsc#1199948)
- 21.82
- java-11-openjdk
-
- Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)
* Security fixes:
+ JDK-8272243: Improve DER parsing
+ JDK-8272249: Better properties of loaded Properties
+ JDK-8277608: Address IP Addressing
+ JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class
compilation
+ JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance
MethodHandle invocations
+ JDK-8283190: Improve MIDI processing
+ JDK-8284370: Improve zlib usage
+ JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan
supports
* Other fixes:
+ JDK-6986863: ProfileDeferralMgr throwing
ConcurrentModificationException
+ JDK-7124293: [macosx] VoiceOver reads percentages rather than
the actual values for sliders.
+ JDK-7124301: [macosx] When in a tab group if you arrow
between tabs there are no VoiceOver announcements.
+ JDK-8133713: [macosx] Accessible JTables always reported as
empty
+ JDK-8139046: Compiler Control: IGVPrintLevel directive should
set PrintIdealGraph
+ JDK-8139173: [macosx] JInternalFrame shadow is not properly
drawn
+ JDK-8163498: Many long-running security libs tests
+ JDK-8166727: javac crashed: [jimage.dll+0x1942]
ImageStrings::find+0x28
+ JDK-8169004: Fix redundant @requires tags in tests
+ JDK-8181571: printing to CUPS fails on mac sandbox app
+ JDK-8182404: remove jdk.testlibrary.JDKToolFinder and
JDKToolLauncher
+ JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
+ JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with
java.net.ConnectException
+ JDK-8193682: Infinite loop in ZipOutputStream.close()
+ JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java
fails with "/expected 0 to equal 10"/
+ JDK-8202886: [macos] Test java/awt/MenuBar/8007006/
/bug8007006.java fails on MacOS
+ JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
+ JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld
test
+ JDK-8206187: javax/management/remote/mandatory/connection/
/DefaultAgentFilterTest.java fails with Port already in use
+ JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
+ JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003
fails to start
+ JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after
co-location
+ JDK-8208246: flags duplications in
vmTestbase_vm_g1classunloading tests
+ JDK-8208249: TriggerUnloadingByFillingMetaspace generates
garbage class names
+ JDK-8208697: vmTestbase/metaspace/stressHierarchy/
/stressHierarchy012/TestDescription.java fails with
OutOfMemoryError: Metaspace
+ JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a
different test
+ JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh
to plain java test
+ JDK-8209883: ZGC: Compile without C1 broken
+ JDK-8209920: runtime/logging/RedefineClasses.java fail with
OOME with ZGC
+ JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread
and XRun
+ JDK-8210039: move OSInfo to top level testlibrary
+ JDK-8210108: sun/tools/jstatd test build failures after
JDK-8210022
+ JDK-8210112: remove jdk.testlibrary.ProcessTools
+ JDK-8210649: AssertionError @
jdk.compiler/com.sun.tools.javac.comp.Modules.enter
(Modules.java:244)
+ JDK-8210732: remove jdk.testlibrary.Utils
+ JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader
after JDK-6788458
+ JDK-8211822: Some tests fail after JDK-8210039
+ JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
+ JDK-8212151: jdi/ExclusiveBind.java times out due to "/bind
failed: Address already in use"/ on Solaris-X64
+ JDK-8213440: Lingering INCLUDE_ALL_GCS in
test_oopStorage_parperf.cpp
+ JDK-8214275: CondyRepeatFailedResolution asserts "/Dynamic
constant has no fixed basic type"/
+ JDK-8214799: Add package declaration to each JTREG test case
in the gc folder
+ JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges
to enable MacOS tests on Mach5
+ JDK-8216137: assert(Compile::current()->live_nodes() <
Compile::current()->max_node_limit()) failed: Live Node limit
exceeded limit
+ JDK-8216265: [testbug] Introduce
Platform.sharedLibraryPathVariableName() and adapt all tests.
+ JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
+ JDK-8217233: Update build settings for AIX/xlc
+ JDK-8217340: Compilation failed:
tools/launcher/Test7029048.java
+ JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP
docker containers
+ JDK-8218136: minor hotspot adjustments for xlclang++ from
xlc16 on AIX
+ JDK-8218751: Do not store original classfiles inside the CDS
archive
+ JDK-8218965: aix: support xlclang++ in the compiler detection
+ JDK-8220658: Improve the readability of container information
in the error log
+ JDK-8220813: update hotspot tier1_gc tests depending on GC to
use @requires vm.gc.X
+ JDK-8222799: java.beans.Introspector uses an obsolete methods
cache
+ JDK-8222926: Shenandoah build fails with
- -with-jvm-features=-compiler1
+ JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
+ JDK-8223363: Bad node estimate assertion failure
+ JDK-8223502: Node estimate for loop unswitching is not
correct: assert(delta <= 2 * required) failed: Bad node estimate
+ JDK-8224648: assert(!exceeding_node_budget()) failed: Too
many NODES required! failure with ctw
+ JDK-8223389: Shenandoah optimizations fail with
assert(!phase->exceeding_node_budget())
+ JDK-8223396: [TESTBUG] several jfr tests do not clean up
files created in /tmp
+ JDK-8225475: Node budget asserts on x86_32/64
+ JDK-8227171: provide function names in native stack trace on
aix with xlc16
+ JDK-8227389: Remove unsupported xlc16 compile options on aix
+ JDK-8229210: [TESTBUG] Move gc stress tests from JFR
directory tree to gc/stress
+ JDK-8229486: Replace wildcard address with loopback or local
host in tests - part 21
+ JDK-8229499: Node budget assert in fuzzed test
+ JDK-8230305: Cgroups v2: Container awareness
+ JDK-8229202: Docker reporting causes secondary crashes in
error handling
+ JDK-8216366: Add rationale to PER_CPU_SHARES define
+ JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java
fails at-run shell MakeJAR.sh target
+ JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to
recognize unified hierarchy
+ JDK-8231454: File lock in Windows on a loaded jar due to a
leak in Introspector::getBeanInfo
+ JDK-8231489: GC watermark_0_1 failed due to
"/metaspace.gc.Fault: GC has happened too rare"/
+ JDK-8231565: More node budget asserts in fuzzed tests
+ JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
+ JDK-8234382: Test tools/javac/processing/model/
/testgetallmembers/Main.java using too small heap
+ JDK-8234605: C2 failed "/assert(C->live_nodes() -
live_at_begin <= 2 * _nodes_required) failed: Bad node
estimate: actual = 208 >> request = 101"/
+ JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a
memory leak
+ JDK-8235220: ClhsdbScanOops.java fails with
sun.jvm.hotspot.types.WrongTypeException
+ JDK-8235385: Crash on aarch64 JDK due to long offset
+ JDK-8237479: 8230305 causes slowdebug build failure
+ JDK-8239559: Cgroups: Incorrect detection logic on some
systems
+ JDK-8239785: Cgroups: Incorrect detection logic on old
systems in hotspot
+ JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java
+ JDK-8240189: [TESTBUG] Some cgroup tests are failing after
JDK-8231111
+ JDK-8240335: C2: assert(found_sfpt) failed: no node in loop
that's not input to safepoint
+ JDK-8240734: ModuleHashes attribute not reproducible between
builds
+ JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese
characters were garbled
+ JDK-8241707: introduce randomness k/w to hotspot test suite
+ JDK-8242310: use reproducible random in hotspot compiler tests
+ JDK-8242311: use reproducible random in hotspot runtime tests
+ JDK-8242312: use reproducible random in hotspot gc tests
+ JDK-8242313: use reproducible random in hotspot svc tests
+ JDK-8242538: java/security/SecureRandom/ThreadSafe.java
failed on windows
+ JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
+ JDK-8243666: ModuleHashes attribute generated for JMOD and
JAR files depends on timestamps
+ JDK-8244500: jtreg test error in test/hotspot/jtreg/
/containers/docker/TestMemoryAwareness.java
+ JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a
test
+ JDK-8245543: Cgroups: Incorrect detection logic on some
systems (still reproducible)
+ JDK-8245938: Remove unused print_stack(void) method from
XToolkit.c
+ JDK-8246494: introduce vm.flagless at-requires property
+ JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac
address uniqueness test failed
+ JDK-8247589: Implementation of Alpine Linux/x64 Port
+ JDK-8247591: Document Alpine Linux build steps in OpenJDK
build guide
+ JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java
+ JDK-8247614: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8248876: LoadObject with bad base address created for
exec file on linux
+ JDK-8249592: Robot.mouseMove moves cursor to incorrect
location when display scale varies and Java runs in DPI
Unaware mode
+ JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with
"/ConnectException: Connection refused: connect"/
+ JDK-8252248: __SIGRTMAX is not declared in musl libc
+ JDK-8252250: isnanf is obsolete
+ JDK-8252359: HotSpot Not Identifying it is Running in a
Container
+ JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
+ JDK-8253435: Cgroup: 'stomping of _mount_path' crash if
manually mounted cpusets exist
+ JDK-8253714: [cgroups v2] Soft memory limit incorrectly using
memory.high
+ JDK-8253727: [cgroups v2] Memory and swap limits reported
incorrectly
+ JDK-8253797: [cgroups v2] Account for the fact that swap
accounting is disabled on some systems
+ JDK-8253872: ArgumentHandler must use the same delimiters as
in jvmti_tools.cpp
+ JDK-8253939: [TESTBUG] Increase coverage of the cgroups
detection code
+ JDK-8254001: [Metrics] Enhance parsing of cgroup interface
files for version detection
+ JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling
a fully unrolled loop
+ JDK-8254997: Remove unimplemented
OSContainer::read_memory_limit_in_bytes
+ JDK-8255266: Update Public Suffix List to 3c213aa
+ JDK-8255604: java/nio/channels/DatagramChannel/Connect.java
fails with java.net.BindException: Cannot assign requested
address: connect
+ JDK-8255787: Tag container tests that use cGroups with
cgroups keyword
+ JDK-8256146: Cleanup test/jdk/java/nio/channels/
/DatagramChannel/Connect.java
+ JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
+ JDK-8257794: Zero: assert(istate->_stack_limit ==
istate->_thread->last_Java_sp() + 1) failed: wrong on
Linux/x86_32
+ JDK-8258795: Update IANA Language Subtag Registry to Version
2021-05-11
+ JDK-8258956: Memory Leak in StringCoding on ThreadLocal
resultCached StringCoding.Result
+ JDK-8259517: Incorrect test path in test cases
+ JDK-8260518: Change default -mmacosx-version-min to 10.12
+ JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
+ JDK-8262379: Add regression test for JDK-8257746
+ JDK-8263364: sun/net/www/http/KeepAliveStream/
/KeepAliveStreamCloseWithWrongContentLength.java wedged in
getInputStream
+ JDK-8263718: unused-result warning happens at os_linux.cpp
+ JDK-8263856: Github Actions for macos/aarch64 cross-build
+ JDK-8264179: [TESTBUG] Some compiler tests fail when running
without C2
+ JDK-8265261: java/nio/file/Files/InterruptCopy.java fails
with java.lang.RuntimeException: Copy was not interrupted
+ JDK-8265297: javax/net/ssl/SSLSession/
/TestEnabledProtocols.java failed with "/RuntimeException:
java.net.SocketException: Connection reset"/
+ JDK-8265343: Update Debian-based cross-compilation recipes
+ JDK-8266251: compiler.inlining.InlineAccessors shouldn't do
testing in driver VM
+ JDK-8266318: Switch to macos prefix for macOS bundles
+ JDK-8266391: Replace use of reflection in
jdk.internal.platform.Metrics
+ JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
+ JDK-8268773: Improvements related to: Failed to start thread
- pthread_create failed (EAGAIN)
+ JDK-8269772: [macos-aarch64] test compilation failed with
"/SocketException: No buffer space available"/
+ JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo
incorrect verification of protocol and cipher support
+ JDK-8270797: ShortECDSA.java test is not complete
+ JDK-8271055: Crash during deoptimization with
"/assert(bb->is_reachable()) failed: getting result from
unreachable basicblock"/ with -XX:+VerifyStack
+ JDK-8271199: Mutual TLS handshake fails signing client
certificate with custom sensitive PKCS11 key
+ JDK-8272167: AbsPathsInImage.java should skip *.dSYM
directories
+ JDK-8272358: Some tests may fail when executed with other
locales than the US
+ JDK-8272493: Suboptimal code generation around
Preconditions.checkIndex intrinsic with AVX2
+ JDK-8272908: Missing coverage for certain classes in
com.sun.org.apache.xml.internal.security
+ JDK-8272964: java/nio/file/Files/InterruptCopy.java fails
with java.lang.RuntimeException: Copy was not interrupted
+ JDK-8273176: handle latest VS2019 in abstract_vm_version
+ JDK-8273655: content-types.properties files are missing some
common types
+ JDK-8274171: java/nio/file/Files/probeContentType/Basic.java
failed on "/Content type"/ mismatches
+ JDK-8274233: Minor cleanup for ToolBox
+ JDK-8274735: javax.imageio.IIOException: Unsupported Image
Type while processing a valid JPEG image
+ JDK-8274751: Drag And Drop hangs on Windows
+ JDK-8275082: Update XML Security for Java to 2.3.0
+ JDK-8275330: C2: assert(n->is_Root() || n->is_Region() ||
n->is_Phi() || n->is_MachMerge() ||
def_block->dominates(block)) failed: uses must be dominated
by definitions
+ JDK-8275337: C1: assert(false) failed: live_in set of first
block must be empty
+ JDK-8276657: XSLT compiler tries to define a class with empty
name
+ JDK-8276990: Memory leak in invoker.c fillInvokeRequest()
during JDI operations
+ JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
+ JDK-8277093: Vector should throw ClassNotFoundException for a
missing class of an element
+ JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java,
frame is accessed from main thread
+ JDK-8277422: tools/jar/JarEntryTime.java fails with modified
time mismatch
+ JDK-8277922: Unable to click JCheckBox in JTable through Java
Access Bridge
+ JDK-8278065: Refactor subclassAudits to use ClassValue
+ JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils
.parseIdFromSameDocumentURI throws
StringIndexOutOfBoundsException when calling substring method
+ JDK-8278346: java/nio/file/Files/probeContentType/Basic.java
fails on Linux SLES15 machine
+ JDK-8278472: Invalid value set to CANDIDATEFORM structure
+ JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
+ JDK-8278851: Correct signer logic for jars signed with
multiple digestalgs
+ JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu
21.10
+ JDK-8279219: [REDO] C2 crash when allocating array of size
too large
+ JDK-8279356: Method linking fails with
guarantee(mh->adapter() != NULL) failed: Adapter blob must
already exist!
+ JDK-8279505: Update documentation for RETRY_COUNT and
REPEAT_COUNT
+ JDK-8279520: SPNEGO has not passed channel binding info into
the underlying mechanism
+ JDK-8279529: ProblemList java/nio/channels/DatagramChannel/
/ManySourcesAndTargets.java on macosx-aarch64
+ JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/
/NoInvalidateSocketException.java
+ JDK-8279668: x86: AVX2 versions of vpxor should be asserted
+ JDK-8279837: C2: assert(is_Loop()) failed: invalid node
class: Region
+ JDK-8279842: HTTPS Channel Binding support for Java
GSS/Kerberos
+ JDK-8279958: Provide configure hints for Alpine/apk package
managers
+ JDK-8280041: Retry loop issues in java.io.ClassCache
+ JDK-8280373: Update Xalan serializer / SystemIDResolver to
align with JDK-8270492
+ JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest
clang
+ JDK-8280684: JfrRecorderService failes with
guarantee(num_written > 0) when no space left on device.
+ JDK-8280799: С2: assert(false) failed: cyclic dependency
prevents range check elimination
+ JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD
CPUs
+ JDK-8280964: [Linux aarch64] : drawImage dithers
TYPE_BYTE_INDEXED images incorrectly
+ JDK-8281274: deal with ActiveProcessorCount in
os::Linux::print_container_info
+ JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as
filepath separator in gc paths
+ JDK-8281615: Deadlock caused by jdwp agent
+ JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after
JDK-8280799
+ JDK-8282008: Incorrect handling of quoted arguments in
ProcessBuilder
+ JDK-8282172: CompileBroker::log_metaspace_failure is called
from non-Java/compiler threads
+ JDK-8282225: GHA: Allow one concurrent run per PR only
+ JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv
corrupts registers
+ JDK-8282293: Domain value for system property
jdk.https.negotiate.cbt should be case-insensitive
+ JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic
on x86
+ JDK-8282382: Report glibc malloc tunables in error reports
+ JDK-8282422: JTable.print() failed with
UnsupportedCharsetException on AIX ko_KR locale
+ JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
+ JDK-8282583: Update BCEL md to include the copyright notice
+ JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
+ JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on
MacOS aarch64 in jdk 11
+ JDK-8282887: Potential memory leak in sun.util.locale.provider
.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
+ JDK-8283018: 11u GHA: Update GCC 9 minor versions
+ JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in
fontpath.c
+ JDK-8283323: libharfbuzz optimization level results in
extreme build times
+ JDK-8283350: (tz) Update Timezone Data to 2022a
+ JDK-8283408: Fix a C2 crash when filling arrays with unsafe
+ JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest
in 11u because of intermittent java.lang.AssertionError:
duplicate classes for name Ljava/lang/Boolean;
+ JDK-8283424: compiler/loopopts/
/LoopUnswitchingBadNodeBudget.java fails with release VMs due
to lack of -XX:+UnlockDiagnosticVMOptions
+ JDK-8283451: C2: assert(_base == Long) failed: Not a Long
+ JDK-8283469: Don't use memset to initialize members in
FileMapInfo and fix memory leak
+ JDK-8283497: [windows] print TMP and TEMP in hs_err and
VM.info
+ JDK-8283614: [11] Repair compiler versions handling after
8233787
+ JDK-8283641: Large value for CompileThresholdScaling causes
assert
+ JDK-8283834: Unmappable character for US-ASCII encoding in
TestPredicateInputBelowLoopPredicate
+ JDK-8284033: Leak XVisualInfo in getAllConfigs in
awt_GraphicsEnv.c
+ JDK-8284094: Memory leak in invoker_completeInvokeRequest()
+ JDK-8284102: [TESTBUG] [11u] Retroactively add regression
test for JDK-8272124
+ JDK-8284369: TestFailedAllocationBadGraph fails with
- XX:TieredStopAtLevel < 4
+ JDK-8284389: Improve stability of GHA Pre-submit testing by
caching cygwin installer
+ JDK-8284458: CodeHeapState::aggregate() leaks blob_name
+ JDK-8284507: GHA: Only check test results if testing was not
skipped
+ JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
+ JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and
TestGCOldWithCMS.java because of 8272195
+ JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1
+ JDK-8284620: CodeBuffer may leak _overflow_arena
+ JDK-8284622: Update versions of some Github Actions used in
JDK workflow
+ JDK-8284756: [11u] Remove unused isUseContainerSupport in
CgroupV1Subsystem
+ JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623:
InstalledCode
+ JDK-8285397: JNI exception pending in CUPSfuncs.c:250
+ JDK-8285445: cannot open file "/NUL:"/
+ JDK-8285515: (dc) DatagramChannel.disconnect fails with
"/Invalid argument"/ on macOS 12.4
+ JDK-8285523: Improve test
java/io/FileOutputStream/OpenNUL.java
+ JDK-8285591: [11] add signum checks in DSA.java engineVerify
+ JDK-8285686: Update FreeType to 2.12.0
+ JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/
/Basic.java fails to compile after backport of 8273655
+ JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with
version from head
+ JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with
version from head
+ JDK-8285828: runtime/execstack/TestCheckJDK.java fails with
zipped debug symbols
+ JDK-8286013: Incorrect test configurations for
compiler/stable/TestStableShort.java
+ JDK-8286198: [linux] Fix process-memory information
+ JDK-8286293: Tests ShortResponseBody and
ShortResponseBodyWithRetry should use less resources
+ JDK-8286444: javac errors after JDK-8251329 are not helpful
enough to find root cause
+ JDK-8286594: (zipfs) Mention paths with dot elements in
ZipException and cleanups
+ JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on
Windows
+ JDK-8286855: javac error on invalid jar should only print
filename
+ JDK-8287109: Distrust.java failed with
CertificateExpiredException
+ JDK-8287119: Add Distrust.java to ProblemList
+ JDK-8287362: FieldAccessWatch testcase failed on AIX platform
+ JDK-8287378: GHA: Update cygwin to fix issues in langtools
tests on Windows
+ JDK-8287739: [11u] ProblemList sun/security/ssl/
/SSLSessionImpl/NoInvalidateSocketException.java
- kernel-default
-
- fix race between exit_itimers() and /proc/pid/timers
(git-fixes).
- commit 62d2eea
- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094).
- commit 2decf97
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit e9f7bfc
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 87cc728
- sched/core: Do not requeue task on CPU excluded from cpus_mask
(bnc#1199356).
- commit f226af5
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 935d297
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- commit 154606a
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit 6f81977
- blacklist.conf: This is a cleanup, not fixing any bug
- commit 6f050ff
- tee: fix put order in teedev_close_context() (git-fixes).
- commit 1650ec3
- blacklist.conf: duplicate
- commit 1c70642
- random: fix typo in comments (git-fixes).
- commit 6de6114
- blacklist.conf: breaks kABI for a cleanup
- commit 678666e
- random: document add_hwgenerator_randomness() with other input
functions (git-fixes).
- commit 0fb6e8a
- Bluetooth: btusb: Add the new support IDs for WCN6855
(git-fixxes).
- Refresh
patches.suse/Bluetooth-btusb-Add-one-more-Bluetooth-part-for-WCN6.patch.
- commit 91ad5ba
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
(bsc#1201846 ltc#198761).
- commit 4c3e250
- page_alloc: fix invalid watemark check on a negative value
(git fixes (mm/pgalloc)).
- commit 11d19f6
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- commit 91f9b43
- VMCI: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1
(bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA
datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register
defines (bsc#1199291, jsc#SLE-24635).
- commit 0e13b0d
- blacklist.conf: add commit 7acae6183cf3
I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the
commit that introduced the bug fixed by it (which isn't present in SLE15-SP4).
- commit 8ec5489
- net: mscc: ocelot: fix backwards compatibility with single-chain
tc-flower offload (git-fixes).
- commit 5dd0ec2
- net: bcmgenet: skip invalid partial checksums (git-fixes).
- commit af8e915
- ice: Fix race condition during interface enslave (git-fixes).
- commit 873e269
- net: bcmgenet: Don't claim WOL when its not available
(git-fixes).
- commit a981d90
- net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (git-fixes).
- commit 4aa2b33
- net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
- commit b08b10f
- net: ethernet: ti: cpts: Handle error for clk_enable
(git-fixes).
- commit 549b785
- ice: Fix error with handling of bonding MTU (git-fixes).
- commit 03f6b8d
- ice: stop disabling VFs due to PF error responses (git-fixes).
- commit 13b5865
- ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
- commit 1b69809
- net: dsa: mt7530: fix incorrect test in
mt753x_phylink_validate() (git-fixes).
- commit 8344b36
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref
for non DMA transfers (git-fixes).
- commit 2faff78
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- i2c: mlxcpld: Fix register setting for 400KHz frequency
(git-fixes).
- gpio: gpio-xilinx: Fix integer overflow (git-fixes).
- gpio: pca953x: use the correct register address when regcache
sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
(git-fixes).
- drm/imx/dcss: Add missing of_node_put() in fail path
(git-fixes).
- drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
- commit 7a76772
- Update kabi files: import symvers from MU 5.14.21-150400.24.11
- commit 5ac1ff2
- r8152: fix a WOL issue (git-fixes).
- docs: net: dsa: re-explain what port_fdb_dump actually does
(git-fixes).
- docs: net: dsa: delete port_mdb_dump (git-fixes).
- docs: net: dsa: remove port_vlan_dump (git-fixes).
- docs: net: dsa: document port_fast_age (git-fixes).
- docs: net: dsa: document port_setup and port_teardown
(git-fixes).
- docs: net: dsa: document the teardown method (git-fixes).
- docs: net: dsa: document change_tag_protocol (git-fixes).
- docs: net: dsa: add more info about the other arguments to
get_tag_protocol (git-fixes).
- docs: net: dsa: rename tag_protocol to get_tag_protocol
(git-fixes).
- docs: net: dsa: document the shutdown behavior (git-fixes).
- docs: net: dsa: update probing documentation (git-fixes).
- Revert "/e1000e: Fix possible HW unit hang after an s0ix exit"/
(git-fixes).
- e1000e: Enable GPT clock before sending message to CSME
(git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
serial8250_request_std_resource() (git-fixes).
- tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
- drm/i915/gt: Serialize GRDOM access between multiple engine
resets (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
(git-fixes).
- pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux() (git-fixes).
- irqchip: or1k-pic: Undefine mask_ack for level triggered
hardware (git-fixes).
- ASoC: madera: Fix event generation for rate controls
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
(git-fixes).
- ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO
error (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering
problem (git-fixes).
- ASoC: wcd938x: Fix event generation for some controls
(git-fixes).
- ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
(git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues
in probe (git-fixes).
- ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
(git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
(git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- cpufreq: mediatek: Unregister platform device on exit
(git-fixes).
- cpufreq: mediatek: Use module_init and add module_exit
(git-fixes).
- drm/i915/dg2: Add Wa_22011100796 (git-fixes).
- drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
- drm/i915/uc: correctly track uc_fw init failure (git-fixes).
- commit 4bd213d
- ARM: 9214/1: alignment: advance IT state after emulating Thumb
instruction (git-fixes).
- ARM: 9213/1: Print message about disabled Spectre workarounds
only once (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc221 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
model (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
(git-fixes).
- ASoC: rt711: fix calibrate mutex initialization (git-fixes).
- ASoC: Intel: sof_sdw: handle errors on card registration
(git-fixes).
- ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
(git-fixes).
- ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on
remove (git-fixes).
- ASoC: ops: Fix off by one in range control validation
(git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
(git-fixes).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106
devices (git-fixes).
- ARM: dts: stm32: use the correct clock source for CEC on
stm32mp151 (git-fixes).
- commit 65713d7
- Move upstreamed be2net patch into sorted section
- commit c55a187
- Drop doubly applied arm64 dts patch
Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch
- commit efd9176
- net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
- commit eb2677a
- net: ipa: add an interconnect dependency (git-fixes).
- commit 94e475f
- net: stmmac: fix return value of __setup handler (git-fixes).
- commit 3c858ea
- net: sxgbe: fix return value of __setup handler (git-fixes).
- commit 723d359
- net: sparx5: Fix add vlan when invalid operation (git-fixes).
- commit 1d88b17
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (git-fixes).
- commit 74c8cc9
- net: mv643xx_eth: process retval from of_get_mac_address
(git-fixes).
- commit 810f895
- net: ll_temac: check the return value of devm_kmalloc()
(git-fixes).
- commit 093ee20
- net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
- commit 13c2302
- Revert "/net: ethernet: bgmac: Use
devm_platform_ioremap_resource_byname"/ (git-fixes).
- commit 411126e
- dpaa2-eth: Initialize mutex used in one step timestamping path
(git-fixes).
- commit b952b7a
- net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
- commit 7bd7001
- blacklist.conf: add ARCnet drivers
- commit 1614d85
- Sort patches from bsc#1201323
- commit 4165437
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit c3b4451
- lockdown: Fix kexec lockdown bypass with ima policy
(CVE-2022-21505 bsc#1201458).
- commit 5f6e1e5
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- scsi: make sure that request queue queiesce and unquiesce
balanced (bsc#1201651).
Refresh:
- patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch
- patches.kabi/kABI-fix-adding-field-to-scsi_device.patch
- patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch
- scsi: avoid to quiesce sdev->request_queue two times
(bsc#1201651).
- dm: don't stop request queue after the dm device is suspended
(bsc#1201651).
- commit 4dedd62
- kabi/severities: add intel ice
- commit 77a60f8
- Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch
(bsc#1201691)
This patch leads to a failure to power off.
https://bugzilla.kernel.org/show_bug.cgi?id=216243
- commit f2d59c9
- i2c: smbus: Check for parent device before dereference
(git-fixes).
- net: dsa: mv88e6xxx: fix use-after-free in
mv88e6xxx_mdios_unregister (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit c96154e
- net: dsa: mv88e6xxx: flush switchdev FDB workqueue before
removing VLAN (git-fixes).
- commit c4e0776
- net: dsa: lan9303: fix reset on probe (git-fixes).
- commit 33805f1
- ice: Avoid RTNL lock when re-creating auxiliary device
(git-fixes).
- commit c168b96
- net: mscc: ocelot: fix mutex lock error during ethtool stats
read (git-fixes).
- commit ceff3da
- dpaa2-eth: unregister the netdev before disconnecting from
the PHY (git-fixes).
- commit c46c86b
- net: amd-xgbe: disable interrupts during pci removal
(git-fixes).
- commit c2f5c50
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
- commit 1ebdd4d
- net: dsa: lantiq_gswip: don't use devres for mdiobus
(git-fixes).
- commit 93f4a90
- net: dsa: mt7530: fix kernel bug in mdiobus_free() when
unbinding (git-fixes).
- commit 76cc859
- ethtool: Fix get module eeprom fallback (bsc#1201323).
- commit f5666fa
- nvme: wait until quiesce is done (bsc#1201651).
- blk-mq: add one API for waiting until quiesce is done
(bsc#1201651).
- commit d28bf38
- arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes)
Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch
- commit cbc315a
- arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
- commit b3a2425
- blk-mq: fix kabi support concurrent queue quiesce unquiesce
(bsc#1201651).
- commit def3ab7
- net: dsa: felix: don't use devres for mdiobus (git-fixes).
- commit a03978a
- net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes).
- commit 682abc6
- net: dsa: ar9331: register the mdiobus under devres (git-fixes).
- commit 6f8e329
- net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes).
- commit 61ee304
- gve: Recording rx queue before sending to napi (git-fixes).
- commit 6edbff0
- ixgbevf: Require large buffers for build_skb on 82599VF
(git-fixes).
- commit 2479d47
- net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
- commit ea855e1
- net: stmmac: ensure PTP time register reads are consistent
(git-fixes).
- commit 993d341
- net: macsec: Verify that send_sci is on when setting Tx sci
explicitly (git-fixes).
- commit 3b02b3e
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
(git-fixes).
- commit d048544
- net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
- commit 741baff
- blk-mq: support concurrent queue quiesce/unquiesce
(bsc#1201651).
- nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue
is reallocated (bsc#1201651).
- nvme: paring quiesce/unquiesce (bsc#1201651).
- nvme: prepare for pairing quiescing and unquiescing
(bsc#1201651).
- nvme: apply nvme API to quiesce/unquiesce admin queue
(bsc#1201651).
- nvme: add APIs for stopping/starting admin queue (bsc#1201651).
- commit 6f75240
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
(git-fixes).
- commit c68ab05
- be2net: Fix buffer overflow in be_get_module_eeprom
(bsc#1201323).
- commit 46a7cc8
- net: stmmac: properly handle with runtime pm in
stmmac_dvr_remove() (git-fixes).
- commit 904137a
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit fe79137
- Input: i8042 - Apply probe defer to more ASUS ZenBook models
(bsc#1190256).
- commit cf06848
- net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
- commit 92bd067
- net: ieee802154: hwsim: Ensure proper channel selection at
probe time (git-fixes).
- commit 7ae5bdc
- tun: fix bonding active backup with arp monitoring (git-fixes).
- commit cf865a3
- Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635)
- commit eb3d075
- supported.conf: rvu_mbox as supported (jsc#SLE-24682)
- commit f21578a
- blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872
- commit 932b7ef
- blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig
- commit 1fe0fd9
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- commit e2af2db
- kABI workaround for snd-soc-rt5682-* (git-fixes).
- kabi/severities: ignore dropped symbol rt5682_headset_detect
- commit 5e19e6d
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for
unexpected speed request (git-fixes).
- commit 59356c4
- net: amd-xgbe: ensure to reset the tx_timer_active flag
(git-fixes).
- commit 3831453
- net: amd-xgbe: Fix skb data length underflow (git-fixes).
- commit 50d3988
- net: stmmac: skip only stmmac_ptp_register when resume from
suspend (git-fixes).
- commit b59b0a9
- blacklist: added commit e1a4541ec0b9
- commit 7d0447e
- net: stmmac: configure PTP clock source prior to PTP
initialization (git-fixes).
- commit 6cefa9d
- libceph: fix potential use-after-free on linger ping and resends
(bsc#1201596).
- ceph: fix up non-directory creation in SGID directories
(bsc#1201595).
- commit 8aa4851
- net: cpsw: Properly initialise struct page_pool_params
(git-fixes).
- commit d65aa35
- net: sfp: ignore disabled SFP node (git-fixes).
- commit 5b8ce08
- octeontx2-pf: Forward error codes to VF (git-fixes).
- commit 562327e
- octeontx2-af: cn10k: Do not enable RPM loopback for LPC
interfaces (git-fixes).
- commit b549cad
- octeontx2-af: Do not fixup all VF action entries (git-fixes).
- commit dd1aa95
- net: stmmac: dwmac-visconti: Fix clock configuration for RMII
mode (git-fixes).
- commit e3e3f07
- net: stmmac: dwmac-visconti: Fix bit definitions for
ETHER_CLK_SEL (git-fixes).
- commit 1470b40
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(git-fixes).
- commit f842d14
- net/fsl: xgmac_mdio: Add workaround for erratum A-009885
(git-fixes).
- commit 6cf1273
- net: mscc: ocelot: fix using match before it is set (git-fixes).
- commit 78b3f03
- net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into
account (git-fixes).
- commit cfa26bb
- net: axienet: increase default TX ring size to 128 (git-fixes).
- commit d910ea1
- net: axienet: fix for TX busy handling (git-fixes).
- commit 99e0d80
- net: axienet: fix number of TX ring slots for available check
(git-fixes).
- commit 0c7e435
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
- fuse: make sure reclaim doesn't write the inode (bsc#1201592).
- commit 938aae2
- net: axienet: Fix TX ring slot available check (git-fixes).
- commit c151ff3
- net: axienet: limit minimum TX ring size (git-fixes).
- commit 13afdcb
- net: axienet: add missing memory barriers (git-fixes).
- commit d466816
- net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
- commit 7c11a1f
- net: axienet: increase reset timeout (git-fixes).
- commit 5cd6041
- net: sfp: fix high power modules without diagnostic monitoring
(git-fixes).
- commit 8a29229
- net: ethernet: mtk_eth_soc: fix error checking in
mtk_mac_config() (git-fixes).
- commit 7d643fb
- bcmgenet: add WOL IRQ check (git-fixes).
- commit d56437b
- net: ipa: prevent concurrent replenish (git-fixes).
- commit 63abe4d
- net: ipa: use a bitmap for endpoint replenish_enabled
(git-fixes).
- commit 4d71717
- net: ipa: fix atomic update in ipa_endpoint_replenish()
(git-fixes).
- commit f58c0c8
- fsl/fman: Check for null pointer after calling devm_ioremap
(git-fixes).
- commit 2af3cae
- rocker: fix a sleeping in atomic bug (git-fixes).
- commit 75f1355
- kABI workaround for phy_device changes (git-fixes).
- commit 91e246e
- mm: swap: get rid of livelock in swapin readahead (git fixes
(mm/swap)).
- mm: don't try to NUMA-migrate COW pages that have other uses
(git fixes (mm/numa)).
- mm/large system hash: avoid possible NULL deref in
alloc_large_system_hash (git fixes (mm/pgalloc)).
- mm/vmalloc: make sure to dump unpurged areas in
/proc/vmallocinfo (git fixes (mm/vmalloc)).
- mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node()
(git fixes (mm/vmalloc)).
- kasan: fix tag for large allocations when using CONFIG_SLAB
(git fixes (mm/kasan)).
- mm/vmalloc: fix numa spreading for large hash tables (git fixes
(mm/vmalloc)).
- mm/secretmem: avoid letting secretmem_users drop to zero
(git fixes (mm/secretmem)).
- memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT
(git fixes (mm/pgalloc)).
- commit 4d0f0a6
- Update patch metadata and move to sorted section
patches.suse/mm-page_alloc-Do-not-prefetch-buddies-during-bulk-free.patch.
patches.suse/mm-page_alloc-Drain-the-requested-list-first-during-bulk-free.patch.
patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch.
patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch.
patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch.
patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch.
patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch.
- commit 14b9fbe
- usbnet: fix memory leak in error case (git-fixes).
- commit 7372d17
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
- commit 9119799
- rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
- commit 0d8f996
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes)
- commit 3250248
- crypto: testmgr - allow ecdsa-nist in FIPS mode
(jsc#SLE-21132,bsc#1201258).
- commit d8e5343
- blacklist.conf: ffc95a46: CONFIG_SLAB not set in config
- commit d12fa0c
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit 3919bf9
- usb: typec: add missing uevent when partner support PD
(git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- vt: fix memory overlapping when deleting chars in the buffer
(git-fixes).
- wifi: mac80211_hwsim: set virtio device ready in probe()
(git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
(git-fixes).
- sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- commit 2f456a6
- serial: 8250: Fix PM usage_count for console handover
(git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- reset: Fix devm bulk optional exclusive control getter
(git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- Revert "/serial: sc16is7xx: Clear RS485 bits in the shutdown"/
(git-fixes).
- serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
- commit f48404b
- power/reset: arm-versatile: Fix refcount leak in
versatile_reboot_probe (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
(git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
(git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
(git-fixes).
- net: phy: Don't trigger state machine while in suspend
(git-fixes).
- mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
(git-fixes).
- commit 8948cad
- kABI workaround for rtsx_usb (git-fixes).
- commit ea7f901
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is
configured (git-fixes).
- ima: Fix a potential integer overflow in
ima_appraise_measurement (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
(git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
(git-fixes).
- i2c: piix4: Fix a memory leak in the EFCH MMIO support
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- Input: cpcap-pwrbutton - handle errors from platform_get_irq()
(git-fixes).
- commit 41d4678
- efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
(git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
(git-fixes).
- fbcon: Disallow setting font bigger than screen size
(git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- hwmon: (occ) Prevent power cap command overwriting poll response
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(git-fixes).
- hwmon: (occ) Remove sequence numbering and checksum calculation
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
(git-fixes).
- commit 5a5128b
- drm/amd/display: Only use depth 36 bpp linebuffers on DCN
display engines (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
(git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
(git-fixes).
- drm/i915/gvt: IS_ERR() vs NULL bug in
intel_gvt_update_reg_whitelist() (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
(git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector() (git-fixes).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
(git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
correctly (git-fixes).
- dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
- drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (git-fixes).
- drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
- drm/i915: Fix a race between vma / object destruction and
unbinding (git-fixes).
- drm/mediatek: Detect CMDQ execution timeout (git-fixes).
- drm/mediatek: Remove the pointer of struct cmdq_client
(git-fixes).
- drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
(git-fixes).
- drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
- commit d7feb0b
- dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
broken CRC on TBC register (git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
handling for mcp2517fd (git-fixes).
- can: m_can: m_can_chip_config(): actually enable internal
timestamping (git-fixes).
- can: grcan: grcan_probe(): remove extra of_node_get()
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- Revert "/can: xilinx_can: Limit CANFD brp to 2"/ (git-fixes).
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
(git-fixes).
- batman-adv: Use netif_rx() (git-fixes).
- commit ee36772
- ASoC: Intel: Skylake: Correct the handling of fmt_config
flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: tas2764: Fix amp gain register offset & default
(git-fixes).
- ASoC: tas2764: Correct playback volume range (git-fixes).
- ASoC: tas2764: Fix and extend FSYNC polarity handling
(git-fixes).
- ASoC: tas2764: Add post reset delays (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
.set_jack_detect (git-fixes).
- ASoC: rt711-sdca: Add endianness flag in
snd_soc_component_driver (git-fixes).
- commit 46eda4a
- arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
- commit e9387c5
- ASoC: rt5682: Fix deadlock on resume (git-fixes).
- Refresh
patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch.
- commit b58000f
- ASoC: rt5682: Re-detect the combo jack after resuming
(git-fixes).
- Refresh
patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch.
- commit e602e5e
- arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
(git-fixes).
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
(git-fixes).
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
- arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver
(git-fixes).
- ASoC: rt5682: fix an incorrect NULL check on list iterator
(git-fixes).
- ASoC: rt5682: Avoid the unexpected IRQ event during going to
suspend (git-fixes).
- ASoC: rt5682: move clk related code to rt5682_i2c_probe
(git-fixes).
- commit 9f44c25
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
(git-fixes).
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
- ACPI: video: Fix acpi_video_handles_brightness_key_presses()
(git-fixes).
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable
(git-fixes).
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU
comes out of idle (git-fixes).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
(git-fixes).
- commit 72aed94
- Move upstreamed netfilter and tty patches to sorted section
- commit 9d5e117
- x86/bugs: Remove apostrophe typo (bsc#1190497).
- commit 0e5e638
- Sort in RETbleed backport into the sorted section
Now that it is upstream...
- Refresh
patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh
patches.suse/objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch.
- Refresh
patches.suse/objtool-Treat-.text.__x86.-as-noinstr.patch.
- Refresh patches.suse/objtool-Update-Retpoline-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-ftrace-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch.
- Refresh patches.suse/x86-objtool-Create-.return_sites.patch.
- Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch.
- Refresh
patches.suse/x86-retpoline-Swizzle-retpoline-thunk.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
patches.suse/x86-speculation-Fix-RSB-filling-with-CONFIG_RETPOLINE-n.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-static_call-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit cc67fa3
- kABI: fix adding field to ufs_hba (git-fixes).
- kABI: fix adding field to scsi_device (git-fixes).
- scsi: iscsi: Exclude zero from the endpoint ID range
(git-fixes).
- scsi: scsi_debug: Fix zone transition to full condition
(git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
- scsi: ufs: Fix runtime PM messages never-ending cycle
(git-fixes).
- scsi: core: sd: Add silence_suspend flag to suppress some PM
messages (git-fixes).
- scsi: ufs: Fix a deadlock in the error handler (git-fixes).
- scsi: ufs: Remove dead code (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
(git-fixes).
- scsi: scsi_debug: Don't call kcalloc() if size arg is zero
(git-fixes).
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
(git-fixes).
- scsi: lpfc: Fix mailbox command failure during driver
initialization (git-fixes).
- commit fb67102
- perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability
attribute (jsc#SLE-24578).
- commit 9992992
- perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
- commit 3de312d
- perf/amd/ibs: Use ->is_visible callback for dynamic attributes
(jsc#SLE-24578).
- commit 1a42a36
- perf/amd/ibs: Cascade pmu init functions' return value
(jsc#SLE-24578).
- commit 82fef3c
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
- commit 3585cf1
- kabi/severities: add stmmac network driver local symbols
- commit 832dcf3
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit 1871bcf
- veth: Do not record rx queue hint in veth_xmit (git-fixes).
- commit 4e81b53
- net: ethernet: mtk_eth_soc: fix return values and refactor
MDIO ops (git-fixes).
- commit 89745b1
- net: stmmac: Add platform level debug register dump feature
(git-fixes).
- commit 1f1e295
- fsl/fman: Fix missing put_device() call in fman_port_probe
(git-fixes).
- commit 1ea5bd4
- net: lantiq_xrx200: fix statistics of received bytes
(git-fixes).
- commit 21661cb
- net: ag71xx: Fix a potential double free in error handling paths
(git-fixes).
- commit bdd4068
- net: stmmac: dwmac-visconti: Fix value of
ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes).
- commit 100c8d7
- net: stmmac: ptp: fix potentially overflowing expression
(git-fixes).
- commit c8a3960
- veth: ensure skb entering GRO are not cloned (git-fixes).
- commit de7c3ec
- net: ks8851: Check for error irq (git-fixes).
- commit c6aa897
- drivers: net: smc911x: Check for error irq (git-fixes).
- commit 76302d7
- fjes: Check for error irq (git-fixes).
- commit 3518c05
- net: marvell: prestera: fix incorrect return of port_find
(git-fixes).
- commit caea254
- net: systemport: Add global locking for descriptor lifecycle
(git-fixes).
- commit ca205ab
- net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
(git-fixes).
- commit d928a50
- net: stmmac: fix tc flower deletion for VLAN priority Rx
steering (git-fixes).
- commit c13727a
- netdevsim: don't overwrite read only ethtool parms (git-fixes).
- commit e49332e
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- commit 14806b1
- net: mvpp2: fix XDP rx queues registering (git-fixes).
- commit 785d73e
- net: fec: only clear interrupt of handling queue in
fec_enet_rx_queue() (git-fixes).
- commit e300fac
- net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
- commit 1aeafc7
- qede: validate non LSO skb length (git-fixes).
- commit a6a6f45
- net: altera: set a couple error code in probe() (git-fixes).
- commit 4b6f9c2
- net: bcm4908: Handle dma_set_coherent_mask error codes
(git-fixes).
- commit 57e402c
- net: annotate data-races on txq->xmit_lock_owner (git-fixes).
- commit 823f883
- octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
- commit ab94872
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf
dev xmit (git-fixes).
- commit eb079a6
- natsemi: xtensa: fix section mismatch warnings (git-fixes).
- commit dbb5264
- dpaa2-eth: destroy workqueue at the end of remove function
(git-fixes).
- commit 1aeeaf7
- net: marvell: mvpp2: Fix the computation of shared CPUs
(git-fixes).
- commit f25bb21
- Remove Half duplex mode speed capabilities (git-fixes).
- commit 92878dd
- net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header
support (git-fixes).
- commit de8c06a
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
(git-fixes).
- commit a6567bd
- net: phylink: Force retrigger in case of latched link-fail
indicator (git-fixes).
- commit 6d547bd
- net: phylink: Force link down and retrigger resolve on interface
change (git-fixes).
- commit 4e89e84
- gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
- commit 6cf809d
- gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
- commit f025bf7
- dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
- commit f8d4262
- spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
- commit e187f9a
- spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
- commit f0be9d3
- spi: tegra210-quad: add acpi support (jsc#SLE-24570)
- commit 55e4b0b
- spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
- commit 45eae59
- spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
- commit 3f5e1a3
- spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
- commit 58f5e5f
- i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
- commit 47fa6c7
- i2c: tegra: Add the ACPI support (jsc#SLE-24569)
- commit d323c6e
- i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
- commit 3dd00f6
- i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
- commit 3c0a341
- docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
- commit 6cd5dd2
- device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
- commit cd979cf
- crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
- hwrng: cavium - fix NULL but dereferenced coccicheck error
(jsc#SLE-24682).
- crypto: octeontx2 - add synchronization between mailbox accesses
(jsc#SLE-24682).
- crypto: octeontx2 - increase CPT HW instruction queue length
(jsc#SLE-24682).
- crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
- crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- arm64: Add cavium_erratum_23154_cpus missing sentinel
(jsc#SLE-24682).
- irqchip/gic-v3: Workaround Marvell erratum 38545 when reading
IAR (jsc#SLE-24682).
- crypto: octeontx2 - Avoid stack variable overflow
(jsc#SLE-24682).
- crypto: octeontx2 - out of bounds access in
otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
- crypto: octeontx2 - Use swap() instead of swap_engines()
(jsc#SLE-24682).
- crypto: octeontx2 - parameters for custom engine groups
(jsc#SLE-24682).
- crypto: octeontx2 - add apis for custom engine groups
(jsc#SLE-24682).
- crypto: octeontx2 - use swap() to make code cleaner
(jsc#SLE-24682).
- commit e64c29a
- crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
- commit 755232f
- supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682)
Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
- commit 2c9f726
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 0702138
- kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569).
kABI fix for "/i2c: smbus: Use device_*() functions instead of of_*()"/
- commit d0b5048
- ldb
-
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
changes for ldb-2.4.4.
+ CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
+ CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
+ CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
+ Fix build problems, waf produces incorrect names for python
extensions; (bso#15071);
- libxml2
-
- Update to 2.9.14:
* Security:
+ [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
+ Fix potential double-free in xmlXPtrStringRangeFunction
+ Fix memory leak in xmlFindCharEncodingHandler
+ Normalize XPath strings in-place
+ Prevent integer-overflow in htmlSkipBlankChars() and
xmlSkipBlankChars()
+ Fix leak of xmlElementContent
* Bug fixes:
+ Fix parsing of subtracted regex character classes
+ Fix recursion check in xinclude.c
+ Reset last error in xmlCleanupGlobals
+ Fix certain combinations of regex range quantifiers
+ Fix range quantifier on subregex
* Improvements:
+ Fix recovery from invalid HTML start tags
* Build system, portability:
+ Define LFS macros before including system headers
+ Initialize XPath floating-point globals
+ configure: check for icu DEFS
+ configure.ac: produce tar.xz only (GNOME policy)
+ CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
+ Fix build with older Python versions
+ Fix --without-valid build
- Build python bindings in a 2nd run, using multibuild: otherwise,
libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
to bootstrap.
- Update to version 2.9.13:
* Security fixes:
+ [CVE-2022-23308] Use-after-free of ID and IDREF attributes
(boo#1196490);
+ Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others:
+ xmllint's --maxmem option should work as expected now;
+ xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.
- The full Libxml2 2.9.13 NEWS can be found here:
https://download.gnome.org/sources/libxml2/2.9/+ libxml2-2.9.13.news.
- Replace version-release macros in all 3 Obsoletes tag with
plain 2.9.13 to avoid unwanted behaviors in the future.
- Remove dropped upstream AUTHORS file from list of files to be
installed in the documentation location with 'cp' command.
- Update http://xmlsoft.org URL tag to Libxml2's new web home:
https://gitlab.gnome.org/GNOME/libxml2.
- Update ftp://xmlsoft.org Source tag to Libxml2's new download
host: https://download.gnome.org.
- Drop deprecated Python-2-related macro definitions/conditional
statement from spec file.
- Drop merged upstream patches:
libxml2-fix-lxml-corrupted-subtree-structures.patch;
libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
- Drop libxml2.keyring source file as the new download host doesn't
offer GPG signatures.
- Use ldconfig_scriptlets macro for post(un) handling.
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
- Security fix: [bsc#1185698, CVE-2021-3537]
decompression (boo#1088279 boo#1105166).
(boo#1102046).
- libzypp
-
- appdata plugin: Pass path to the repodata/ directory inside the
cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
solvable. May happen if (wrong arch) solvables were removed
at the beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
(fixes #388)
- version 17.30.1 (22)
- mozilla-nspr
-
- update to version 4.34
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
- update to 4.33:
* fixes to build system and export of private symbols
- mozilla-nss
-
- Update nss-fips-constructor-self-tests.patch to add on-demand
integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI.
- Remove upstreamed patches:
* nss-fips-version-indicators.patch
* nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
- bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- bmo#1766907 - Update mercurial in clang-format docker image.
- bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
- bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
- bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- bmo#1764788 - Correct invalid record inner and outer content type alerts.
- bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
- bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
bmo#1763120 - Add ECH Grease Support to tstclnt
bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
* Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
(bmo#1767590)
- Update nss-fips-constructor-self-tests.patch to scan
LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
test certificate creation and disables the library checksum
validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- ncurses
-
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- patterns-suse-manager
-
- Strictly require OpenJDK 11 (bsc#1202142)
- pcre2
-
- Added pcre2-bsc1199235-CVE-2022-1587.patch
* CVE-2022-1587 / bsc#1199235
* Fix out-of-bounds read due to bug in recursions
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- permissions
-
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
- Update to version 20201225:
* apptainer: fix starter-suid location (bsc#1198720)
- Update to version 20201225:
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
- Update to version 20201225:
- postgresql
-
- Fix the pg_server_requires macro on older rpm versions (SLE-12).
- Avoid a dependency on awk in postgresql-script.
- Move the dependency of llvmjit-devel on clang and llvm to the
implementation packages where we can depend on the correct
versions.
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
- add postgresql-llvmjit-devel subpackage:
This package will pull in clang and llvm if the distro has a
recent enough version, otherwise it will just pull
postgresql-server-devel.
- add postgresql macros to the postgresql-server-devel package
those cover all the variables from pg_config and some macros
to remove repitition from the spec files
- Bump version to 14.
- Bump default to 14 on Factory and future SPs.
- postgresql-jdbc
-
- Address arbitrary File Write Vulnerability CVE-2022-26520
(bsc#1197356)
* Add: CVE-2022-26520.patch
- python-M2Crypto
-
- update CVE-2020-25657-Bleichenbacher-attack.patch to actually
contain the fix rather than just being empty (CVE-2020-25657,
bsc#1178829)
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- python-py
-
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
* Fix a regular expression DoS vulnerability in the py.path.svnwc
SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
* Add type annotation stubs
- rsync
-
- Security fix: [bsc#1201840, CVE-2022-29154]
* arbitrary file write vulnerability via do_server_recv function
* Added patch rsync-rsync-CVE-2022-29154.patch
- samba
-
- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
- systemd-presets-common-SUSE
-
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter "/user"/, the save/apply-changes commands now
work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (boo#1200485)
- tar
-
- bsc1200657.patch was previously incomplete leading to deadlocks
* bsc#1202436
* bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- xen
-
- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- yaml-cpp
-
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol
from the old ABI to prevent ABI breakage and crash of
applications compiled with 0.6.1 (bsc#1200624, bsc#1178332,
bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch).
- zypper
-
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53