- apache2
-
- Security fix:
- CVE-2024-39573, bsc#1227271: potential SSRF in mod_rewrite
* Added apache2-CVE-2024-39573.patch
- CVE-2024-38477, bsc#1227270: null pointer dereference in mod_proxy
* Added apache2-CVE-2024-38477.patch
- CVE-2024-38475, bsc#1227268: Improper escaping of output in mod_rewrite
* Added apache2-CVE-2024-38475-1.patch
* Added apache2-CVE-2024-38475-2.patch
* Added apache2-CVE-2024-38475-3.patch
- CVE-2024-38476, bsc#1227269: Server may use exploitable/malicious
backend application output to run local handlers via internal
redirect
* Added apache2-CVE-2024-38476-1.patch
* Added apache2-CVE-2024-38476-2.patch
* Added apache2-CVE-2024-38476-3.patch
* Added apache2-CVE-2024-38476-4.patch
* Added apache2-CVE-2024-38476-5.patch
* Added apache2-CVE-2024-38476-6.patch
* Added apache2-CVE-2024-38476-7.patch
* Added apache2-CVE-2024-38476-8.patch
* Added apache2-CVE-2024-38476-9.patch
* Added apache2-CVE-2024-38476-10.patch
* Added apache2-CVE-2024-38476-11.patch
- added patches [bsc#1226217]
https://github.com/apache/httpd/pull/444/commits/c2fffd29b0f58bdc9caaaff4fec68e17a676f182
+ apache2-issue-444.patch
- autofs
-
- autofs-5.1.6-remove-intr-hosts-map-mount-option.patch
Don't use the intr option on NFS mounts by default, it's been
ignored by the kernel for a long time now. (bsc#1225130)
- bind
-
- Update to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-init
-
- Add cloud-init-skip-rename.patch (bsc#1219680)
+ Brute force appraoch to skip renames if the device is already present
- Add cloud-init-usr-sudoers.patch (bsc#1223469)
+ Handle the existence of /usr/etc/sudoers to search for the expected
include location
- Update cloud-init-no-openstack-guess.patch
+ Do not enable cloud-init on systems where there is no DMI just
because no data source has been found. No data source means
cloud-init will not run.
- cloud-regionsrv-client
-
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- cobbler
-
- Add EFI chainloader to enable SLE Micro PXE boot (bsc#1222225)
- containerd
-
- Revert noarch for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- cups
-
- Require the exact matching version-release of all libcups*
sub-packages (bsc#1226192)
- cups-2.2.7-CVE-2024-35235.patch is derived
from the upstream patch against master (CUPS 2.5)
to behave backward compatible for CUPS 2.2.7
in SLE15 and openSUSE Leap 15 to fix CVE-2024-35235
"cupsd Listen port arbitrary chmod 0140777"
without the more secure but backward-incompatible behaviour
of the upstream patch for CUPS 2.5
that ignores domain sockets specified in 'Listen' entries
in /etc/cups/cupsd.conf when cupsd is lauched via systemd
(in particular when launched on-demand by systemd)
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
bsc#1225365
- cups-2.2.7-web-ui-kerberos-authentication.patch, update
patch to handle local 'Negotiate' authentication response
for cli clients. (bsc#1223179).
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- docker
-
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
- dracut
-
- Update to version 055+suse.357.g905645c2:
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
* fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
* fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083)
- fence-agents
-
- Azure native fencing does not start due to Python version.
(bsc#1224797) (jsc#PED-8887)
Put fence_azure_arm into a separate package to be able to provide
the own requirements.
o Add upstream patch:
0001-fence_azure_arm-add-stack-cloud-support.patch
0001-azure_fence-use-correct-credential_scope-and-profile.patch
0001-lib-all-agents-use-r-for-all-regular-expressions-to-.patch
0001-fence_azure-fix-pinning-client-api-versions-for-comp.patch
o Add modified upstream patch:
0001-fence_azure_arm-fix-get-virtual-machines-call.patch
- grafana-formula
-
- Version 0.10.2
* Fix typo in mgr-server Grafana dashboard (bsc#1224786)
- Version 0.10.1
* Fix "Disk space usage" panel for btrfs filesystems
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- Enhancement to PPC secure boot's root device discovery config (bsc#1207230)
- Fix regex for Open Firmware device specifier with encoded commas
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution.
* 0004-Introduce-prep_load_env-command.patch
- Refreshed
* 0005-export-environment-at-start-up.patch
- iputils
-
- Backport upstream fix for bsc#1225963
b589819 ("arping: Fix exit code if receive more replies than sent")
0001-arping-Fix-exit-code-if-receive-more-replies-than-se.patch
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- java-11-openjdk
-
- Upgrade to upstream tag jdk-11.0.24+8 (July 2024 CPU)
* Security fixes:
+ JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String
supports
+ JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol
storage
+ JDK-8320097: Improve Image transformations
+ JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop
handling
+ JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200
loading
+ JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array
management
+ JDK-8323390: Enhance mask blit functionality
+ JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image
handling
+ JDK-8325600: Better symbol storage
+ JDK-8327413: Enhance compilation efficiency
* Other changes:
+ JDK-8015739: Background of JInternalFrame is located out of
JInternalFrame
+ JDK-8042380: Test javax/swing/JFileChooser/4524490/
/bug4524490.java fails with InvocationTargetException
+ JDK-8061729: Update java/net tests to eliminate dependency on
sun.net.www.MessageHeader and some other internal APIs
+ JDK-8158048: Fix failure message from jtreg gtest wrapper
+ JDK-8159927: Add a test to verify JMOD files created in the
images do not have debug symbols
+ JDK-8163921: HttpURLConnection default Accept header is
malformed according to HTTP/1.1 RFC
+ JDK-8187759: Background not refreshed when painting over a
transparent JFrame
+ JDK-8210988: Improved handling of compiler warnings in the
build
+ JDK-8214400: Update hotspot application/jcstress jtreg tests
wrappers to use jcstress 0.5
+ JDK-8218917: KeyEvent.getModifiers() returns inconsistent
values for ALT keys
+ JDK-8220202: Simplify/standardize method naming for HtmlTree
+ JDK-8231351: Add notes for PKCS11 tests in the test doc
+ JDK-8241951: SA core file tests failed to find core file for
signed binaries on OSX 10.15
+ JDK-8243010: Test support: Customizable Hex Printer
+ JDK-8248194: Need better support for running SA tests on core
files
+ JDK-8248667: Need support for building native libraries
located in the test/lib directory
+ JDK-8253980: javax/swing/plaf/synth/7158712/bug7158712.java
fails on windows
+ JDK-8255031: Update java/util/prefs/AddNodeChangeListener.java
to report more failure info
+ JDK-8256660: Disable DTLS 1.0
+ JDK-8261404: Class.getReflectionFactory() is not thread-safe
+ JDK-8263659: Reflow GTestResultParser for better readability
+ JDK-8263940: NPE when creating default file system when
default file system provider is packaged as JAR file on class
path
+ JDK-8264152: javax/net/ssl/DTLS/RespondToRetransmit.java
timed out
+ JDK-8267796: vmTestbase/nsk/jvmti/scenarios/hotswap/HS201/
/hs201t002/TestDescription.java fails with NoClassDefFoundError
+ JDK-8267938: (sctp) SCTP channel factory methods should check
platform support
+ JDK-8268974: GetJREPath() JLI function fails to locate
libjava.so if not standard Java launcher is used
+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java
failed with connection timeout
+ JDK-8270199: Most SA tests are skipped on macosx-aarch64
because all executables are signed
+ JDK-8271142: package help is not displayed for missing
X11/extensions/Xrandr.h
+ JDK-8273153: Consolidate file_exists into os:file_exists
+ JDK-8273831: PrintServiceLookup spawns 2 threads in the
current classloader, getting orphaned
+ JDK-8276125: RunThese24H.java SIGSEGV in
JfrThreadGroup::thread_group_id
+ JDK-8280546: Remove hard-coded 127.0.0.1 loopback address
+ JDK-8281507: Two javac tests have bad jtreg `@clean` tags
+ JDK-8282017: sun/net/www/protocol/https/HttpsURLConnection/
/B6216082.java fails with "SocketException: Unexpected end of
file from server"
+ JDK-8283349: Robustness improvements to
java/util/prefs/AddNodeChangeListener.jar
+ JDK-8286705: GCC 12 reports use-after-free potential bugs
+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/
/capability/CM03/cm03t001/TestDescription.java on linux-all
+ JDK-8292716: Configure should check that jtreg is of the
required version
+ JDK-8292717: Clean up checking of testing requirements in
configure
+ JDK-8292763: JDK-8292716 breaks configure without jtreg
+ JDK-8293563: [macos-aarch64] SA core file tests failing with
sun.jvm.hotspot.oops.UnknownOopException
+ JDK-8293887: AArch64 build failure with GCC 12 due to
maybe-uninitialized warning in libfdlibm k_rem_pio2.c
+ JDK-8293965: Code signing warnings after JDK-8293550
+ JDK-8294137: Review running times of java.math tests
+ JDK-8294156: Allow PassFailJFrame.Builder to create test UI
+ JDK-8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6
and newer
+ JDK-8297082: Remove sun/tools/jhsdb/BasicLauncherTest.java
from problem list
+ JDK-8297449: Update JInternalFrame Metal Border code
+ JDK-8297798: Timeout with DTLSOverDatagram test template
+ JDK-8299023: TestPLABResize.java and TestPLABPromotion.java
are failing intermittently
+ JDK-8299677: Formatter.format might take a long time to
format an integer or floating-point
+ JDK-8299858: [Metrics] Swap memory limit reported incorrectly
when too large
+ JDK-8302069: javax/management/remote/mandatory/notif/
/NotifReconnectDeadlockTest.java update
+ JDK-8302512: Update IANA Language Subtag Registry to Version
2023-02-14
+ JDK-8303466: C2: failed: malformed control flow. Limit type
made precise with MaxL/MinL
+ JDK-8304761: Update IANA Language Subtag Registry to Version
2023-03-22
+ JDK-8305645: System Tray icons get corrupted when Windows
primary monitor changes
+ JDK-8305874: Open source AWT Key, Text Event related tests
+ JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java
failed with "Expected chains but found none"
+ JDK-8305942: Open source several AWT Focus related tests
+ JDK-8305943: Open source few AWT Focus related tests
+ JDK-8305962: update jcstress to 0.16
+ JDK-8306031: Update IANA Language Subtag Registry to Version
2023-04-13
+ JDK-8306067: Open source AWT Graphics,GridBagLayout related
tests
+ JDK-8306634: Open source AWT Event related tests
+ JDK-8306714: Open source few Swing event and AbstractAction
tests
+ JDK-8306838: GetGraphicsTest needs to be headful
+ JDK-8306941: Open source several datatransfer and dnd AWT
tests
+ JDK-8307083: Open source some drag and drop tests 3
+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of
PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs'
+ JDK-8308021: Update IANA Language Subtag Registry to Version
2023-05-11
+ JDK-8310380: Handle problems in core-related tests on macOS
when codesign tool does not work
+ JDK-8310818: Refactor more Locale tests to use JUnit
+ JDK-8310923: Refactor Currency tests to use JUnit
+ JDK-8312194: test/hotspot/jtreg/applications/ctw/modules/
/jdk_crypto_ec.java cannot handle empty modules
+ JDK-8312383: Log X509ExtendedKeyManager implementation class
name in TLS/SSL connection
+ JDK-8313206: PKCS11 tests silently skip execution
+ JDK-8313702: Update IANA Language Subtag Registry to Version
2023-08-02
+ JDK-8314220: Configurable InlineCacheBuffer size
+ JDK-8314283: Support for NSS tests on aarch64 platforms
+ JDK-8314495: Update to use jtreg 7.3.1
+ JDK-8314552: Fix javadoc tests to work with jtreg 7
+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM
flags
+ JDK-8315071: Modify TrayIconScalingTest.java,
PrintLatinCJKTest.java to use new PassFailJFrame's builder
pattern usage
+ JDK-8315117: Update Zlib Data Compression Library to Version
1.3
+ JDK-8315609: Open source few more swing text/html tests
+ JDK-8315663: Open source misc awt tests
+ JDK-8315677: Open source few swing JFileChooser and other
tests
+ JDK-8315726: Open source several AWT applet tests
+ JDK-8315741: Open source few swing JFormattedTextField and
JPopupMenu tests
+ JDK-8315824: Open source several Swing Text/HTML related tests
+ JDK-8315834: Open source several Swing JSpinner related tests
+ JDK-8315889: Open source several Swing HTMLDocument related
tests
+ JDK-8316017: Refactor timeout handler in PassFailJFrame
+ JDK-8316053: Open some swing tests 3
+ JDK-8316138: Add GlobalSign 2 TLS root certificates
+ JDK-8316142: Enable parallelism in
vmTestbase/nsk/monitoring/stress/lowmem tests
+ JDK-8316154: Opensource JTextArea manual tests
+ JDK-8316164: Opensource JMenuBar manual test
+ JDK-8316242: Opensource SwingGraphics manual test
+ JDK-8316608: Enable parallelism in vmTestbase/gc/vector tests
+ JDK-8317287: [macos14] InterJVMGetDropSuccessTest.java: Child
VM: abnormal termination
+ JDK-8317507: C2 compilation fails with "Exceeded _node_regs
array"
+ JDK-8318322: Update IANA Language Subtag Registry to Version
2023-10-16
+ JDK-8318580: "javax/swing/MultiMonitor/MultimonVImage.java
failing with Error. Can't find library:
/open/test/jdk/java/awt/regtesthelpers" after JDK-8316053
+ JDK-8318599: HttpURLConnection cache issues leading to
crashes in JGSS w/ native GSS introduced by 8303809
+ JDK-8318727: Enable parallelism in
vmTestbase/vm/gc/concurrent tests
+ JDK-8318809: java/util/concurrent/ConcurrentLinkedQueue/
/WhiteBox.java shows intermittent failures on linux ppc64le
and aarch64
+ JDK-8318854: [macos14] Running any AWT app prints Secure
coding warning
+ JDK-8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64
+ JDK-8319136: Skip pkcs11 tests on linux-aarch64
+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is
null and interface not visible from class loader
+ JDK-8320005: Allow loading of shared objects with .a
extension on AIX
+ JDK-8320113: [macos14] : ShapeNotSetSometimes.java fails
intermittently on macOS 14
+ JDK-8320129: "top" command during jtreg failure handler does
not display CPU usage on OSX
+ JDK-8320303: Allow PassFailJFrame to accept single window
creator
+ JDK-8320342: Use PassFailJFrame for
TruncatedPopupMenuTest.java
+ JDK-8320943: Files/probeContentType/Basic.java fails on
latest Windows 11 - content type mismatch
+ JDK-8321489: Update LCMS to 2.16
+ JDK-8321925: sun/security/mscapi/KeytoolChangeAlias.java
fails with "Alias <246810> does not exist"
+ JDK-8322239: [macos] a11y : java.lang.NullPointerException is
thrown when focus is moved on the JTabbedPane
+ JDK-8322511: [11u] JfrCheckpointThreadClosure::do_thread
crashes when fetching thread_id
+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output
+ JDK-8323717: Introduce test keyword for tests that need
external dependencies
+ JDK-8323994: gtest runner repeats test name for every single
gtest assertion
+ JDK-8324238: [macOS] java/awt/Frame/ShapeNotSetSometimes/
/ShapeNotSetSometimes.java fails with the shape has not been
applied msg
+ JDK-8324598: use mem_unit when working with sysinfo memory
and swap related information
+ JDK-8324632: Update Zlib Data Compression Library to Version
1.3.1
+ JDK-8324723: GHA: Upgrade some actions to avoid deprecated
Node 16
+ JDK-8324733: [macos14] Problem list tests which fail due to
macOS bug described in JDK-8322653
+ JDK-8325137: com/sun/management/ThreadMXBean/
/ThreadCpuTimeArray.java can fail in Xcomp with out of
expected range
+ JDK-8325326: [PPC64] Don't relocate in case of allocation
failure
+ JDK-8325579: Inconsistent behavior in
com.sun.jndi.ldap.Connection::createSocket
+ JDK-8325972: Add -x to bash for building with LOG=debug
+ JDK-8326006: Allow TEST_VM_FLAGLESS to set flagless mode
+ JDK-8326101: [PPC64] Need to bailout cleanly if creation of
stubs fails when code cache is out of space
+ JDK-8326201: [S390] Need to bailout cleanly if creation of
stubs fails when code cache is out of space
+ JDK-8326351: Update the Zlib version in
open/src/java.base/share/legal/zlib.md to 1.3.1
+ JDK-8326521: JFR: CompilerPhase event test fails on windows
32 bit
+ JDK-8326529: JFR: Test for CompilerCompile events fails due
to time out
+ JDK-8326591: New test JmodExcludedFiles.java fails on Windows
when --with-external-symbols-in-bundles=public is used
+ JDK-8326638: Crash in
PhaseIdealLoop::remix_address_expressions due to unexpected
Region instead of Loop
+ JDK-8326643: JDK server does not send a dummy
change_cipher_spec record after HelloRetryRequest message
+ JDK-8326661: sun/java2d/cmm/ColorConvertOp/ColConvTest.java
assumes profiles were generated by LCMS
+ JDK-8326801: Bump update version for OpenJDK: jdk-11.0.24
+ JDK-8326891: Prefer RPATH over RUNPATH for $ORIGIN rpaths in
internal JDK binaries
+ JDK-8326938: [11u] JDK-8214908 broke two CTW tests
+ JDK-8327136: javax/management/remote/mandatory/notif/
/NotifReconnectDeadlockTest.java fails on libgraal
+ JDK-8328194: Add a test to check default rendering engine
+ JDK-8328524: [x86] StringRepeat.java failure on linux-x86:
Could not reserve enough space for 2097152KB object heap
+ JDK-8328540: test javax/swing/JSplitPane/4885629/
/bug4885629.java fails on windows hidpi
+ JDK-8328705: GHA: Cross-compilation jobs do not require build
JDK
+ JDK-8328812: Update and move siphash license
+ JDK-8328825: Google CAInterop test failures
+ JDK-8331643: [11u]: Bump GHA bootstrap JDK to 11.0.23
+ JDK-8331750: [11u] JDK-8259530 is not backported correctly to
11u
+ JDK-8331790: [11u] Remove problemlist entries after backport
of JDK-8228649
+ JDK-8334441: Mark tests in jdk_security_infra group as manual
+ JDK-8335973: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.24
- Modified patch:
* reproducible-javadoc-timestamp.patch
+ rediff to changed context
- Require file for posttrans phase of the headless subpackage
(bsc#1227298)
- Added patch:
* reproducible-jlink.patch
+ make the timestamp in jmods reproducible
- kernel-default
-
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit 97cd90c
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 810053d
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit 51a7eb4
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 10bbd80
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- commit 1ec0d1e
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes CVE-2024-35901 bsc#1224495).
- commit 9db7ad0
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit 9c27e1c
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit a10cc0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
(bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
- commit bb42730
- Update
patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
(git-fixes CVE-2021-47600 bsc#1226575).
- Update
patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
(bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
(git-fixes CVE-2021-47618 bsc#1226644).
- Update
patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
(git-fixes CVE-2022-48739 bsc#1226675).
- Update
patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
(git-fixes CVE-2022-48717 bsc#1226679).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
(git-fixes CVE-2022-48736 bsc#1226721).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
(git-fixes CVE-2022-48737 bsc#1226762).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
(git-fixes CVE-2022-48738 bsc#1226674).
- Update
patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
(git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
(git-fixes CVE-2022-48728 bsc#1226691).
- Update
patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
(jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
(git-fixes CVE-2022-48765 bsc#1226697).
- Update
patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
(git-fixes CVE-2022-48727 bsc#1226690).
- Update
patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
(git-fixes CVE-2022-48763 bsc#1226628).
- Update
patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
(git-fixes CVE-2021-47617 bsc#1226614).
- Update
patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
(jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
(jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
(jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
(jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
(git-fixes CVE-2022-48726 bsc#1226686).
- Update
patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
(git-fixes CVE-2022-48760 bsc#1226712).
- Update
patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
(git-fixes CVE-2021-47582 bsc#1226559).
- Update
patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
(git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
(bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
(git-fixes CVE-2021-47607 bsc#1226580).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
(bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
bsc#1226569).
- Update
patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
(bsc#1224488 CVE-2024-35905).
- Update
patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
(bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
(bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
(bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-48730 bsc#1226713).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(git-fixes CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(git-fixes CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(git-fixes CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
(CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
(git-fixes CVE-2022-48769 bsc#1226629).
- Update
patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
(bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
(git-fixes CVE-2021-47609 bsc#1226562).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
(git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
(jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
(git-fixes CVE-2021-47597 bsc#1226553).
- Update
patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
(bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
(git-fixes CVE-2022-48724 bsc#1226624).
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
(stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
CVE-2021-4439 bsc#1226670).
- Update
patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
(git-fixes CVE-2021-47602 bsc#1226554).
- Update
patches.suse/mac80211-validate-extended-element-ID-is-present.patch
(git-fixes CVE-2021-47611 bsc#1226583).
- Update
patches.suse/media-mxl111sf-change-mutex_init-location.patch
(git-fixes CVE-2021-47583 bsc#1226563).
- Update
patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
(git-fixes CVE-2022-48743 bsc#1226705).
- Update
patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
(bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48722 bsc#1226619).
- Update
patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
(git-fixes CVE-2022-48720 bsc#1226683).
- Update
patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
(git-fixes CVE-2022-48745 bsc#1226702).
- Update
patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
(git-fixes CVE-2022-48744 bsc#1226696).
- Update
patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
(git-fixes CVE-2022-48746 bsc#1226703).
- Update
patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
(git-fixes CVE-2022-48721 bsc#1226685).
- Update
patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
(git-fixes CVE-2022-48751 bsc#1226653).
- Update
patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
(git-fixes CVE-2021-47586 bsc#1226561).
- Update
patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
(git-fixes CVE-2021-47592 bsc#1226572).
- Update
patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
(git-fixes CVE-2021-47587 bsc#1226567).
- Update
patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
(git-fixes CVE-2021-47612 bsc#1226585).
- Update
patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
(bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
(git-fixes CVE-2022-48754 bsc#1226692).
- Update
patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
(bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
(git-fixes CVE-2022-48759 bsc#1226711).
- Update
patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
(git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
(git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
(git-fixes CVE-2021-47578 bsc#1226539).
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(git-fixes CVE-2021-47580 bsc#1226550).
- Update
patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
(git-fixes CVE-2021-47576 bsc#1226537).
- Update
patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
(git-fixes CVE-2022-48740 bsc#1226699).
- Update
patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
(git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
(jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
(bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
(git-fixes CVE-2022-48768 bsc#1226720).
- Update
patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
(git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- commit cc322a0
- X.509: Fix the parser of extended key usage for length
(bsc#1218820).
- commit b52dafe
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit bcf126b
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit 9e8060b
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- commit fec2539
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(CVE-2024-36974 bsc#1226519).
- commit 433e33d
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- commit 2ae4454
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- commit 2f48884
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit fac144b
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 552377b
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 240d70b
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit 8c880e4
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- xfs: don't include bnobt blocks when reserving free block pool
(bsc#1226270).
- commit 1f7ae4f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf
- inet: inet_defrag: prevent sk release while still in use
(CVE-2024-26921 bsc#1223138).
- commit fb20c1d
- Update references
- commit 006ab15
- drm/client: Fully protect modes with dev->mode_config.mutex (CVE-2024-35950 bsc#1224703).
- commit 75706b6
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- commit 1edb341
- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
CVE-2024-26828).
- commit cade548
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224763, CVE-2024-35863).
- commit bfa9e6b
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224664, CVE-2024-35867).
- commit 45bad5a
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224678, CVE-2024-35868).
- commit 3ae3416
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1223532, CVE-2024-26928).
- commit e95e3a6
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes CVE-2023-52736 bsc#1225486).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes CVE-2023-52806 bsc#1225554).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes CVE-2023-52833 bsc#1225595).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes CVE-2023-52745 bsc#1225032).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes CVE-2023-52747 bsc#1224931).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes CVE-2023-52840 bsc#1224928).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes CVE-2023-52744 bsc#1225121).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes CVE-2023-52834 bsc#1225599).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes CVE-2023-52878 bsc#1225000).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes CVE-2023-52741 bsc#1225479).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52875 bsc#1225096).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52870 bsc#1224937).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52873 bsc#1225589).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52865 bsc#1225086).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52858 bsc#1225566).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes CVE-2023-52876 bsc#1225036).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes CVE-2023-52819 bsc#1225532).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes CVE-2023-52818 bsc#1225530).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes CVE-2023-52753 bsc#1225478).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes CVE-2023-52817 bsc#1225569).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes CVE-2023-52814 bsc#1225565).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes CVE-2023-52738 bsc#1225005).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes CVE-2023-52825 bsc#1225076).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2023-52816 bsc#1225529).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes CVE-2023-52856 bsc#1224932).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2023-52821 bsc#1225022).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes CVE-2023-52867 bsc#1225009).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes CVE-2023-52838 bsc#1225031).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes CVE-2023-52810 bsc#1225557).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes CVE-2023-52759 bsc#1225560).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes CVE-2023-52853 bsc#1224988).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes CVE-2023-52791 bsc#1225108).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes CVE-2023-52763 bsc#1225570).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes CVE-2023-52788 bsc#1225106).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes CVE-2023-52743 bsc#1225003).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes CVE-2023-52799 bsc#1225472).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes CVE-2023-52805 bsc#1225553).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes CVE-2023-52847 bsc#1225588).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes CVE-2023-52764 bsc#1225571).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes CVE-2023-52754 bsc#1225490).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-52844 bsc#1225590).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes CVE-2023-52708 bsc#1225483).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes CVE-2023-52730 bsc#1224956).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes CVE-2023-52742 bsc#1225482).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes CVE-2023-52702 bsc#1224945).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes CVE-2023-52703 bsc#1225549).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes CVE-2023-52854 bsc#1225584).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes CVE-2023-52864 bsc#1225132).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
CVE-2023-52756 bsc#1225461).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes CVE-2023-52871 bsc#1225534).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes CVE-2023-52868 bsc#1225044).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes CVE-2023-52872 bsc#1225591).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes CVE-2023-52789 bsc#1225180).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes CVE-2023-52781 bsc#1225092).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes CVE-2023-52855 bsc#1225583).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes CVE-2023-52877 bsc#1224944).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes CVE-2023-52798 bsc#1224947).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2022-48710 bsc#1225230).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes CVE-2022-48709 bsc#1225095).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes CVE-2021-47511 bsc#1225411).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes CVE-2021-47509 bsc#1225409).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes CVE-2021-47502 bsc#1225369).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes CVE-2021-47522 bsc#1225437).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes CVE-2021-47521 bsc#1225435).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes CVE-2021-47514 bsc#1225425).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes CVE-2021-47550 bsc#1225379).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes CVE-2021-47551 bsc#1225510).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes CVE-2021-47535 bsc#1225446).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes CVE-2021-47533 bsc#1225445).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes CVE-2021-47499 bsc#1225358).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes CVE-2021-47500 bsc#1225360).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes CVE-2021-47529 bsc#1225373).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes CVE-2021-47560 bsc#1225495).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes CVE-2021-47513 bsc#1225380).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes CVE-2021-47564 bsc#1225501).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-47542 bsc#1225455).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes CVE-2021-47559 bsc#1225396).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes CVE-2021-47536 bsc#1225447).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes CVE-2021-47518 bsc#1225372).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes CVE-2021-47507 bsc#1225405).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes CVE-2021-47506 bsc#1225404).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes CVE-2021-47537 bsc#1225375).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes CVE-2021-47549 bsc#1225508).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes CVE-2021-47553 bsc#1225464).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes CVE-2021-47565 bsc#1225384).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes CVE-2021-47503 bsc#1225374).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes CVE-2021-47527 bsc#1194288).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes CVE-2021-47526 bsc#1225376).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes CVE-2021-47524 bsc#1225377).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes CVE-2021-47525 bsc#1225441).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes CVE-2021-47544 bsc#1225463).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes CVE-2021-47528 bsc#1225368).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes CVE-2021-47554 bsc#1225466).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes bsc#1225486 CVE-2023-52736).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes bsc#1225554 CVE-2023-52806).
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes bsc#1225411 CVE-2021-47511).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes bsc#1225409 CVE-2021-47509).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes bsc#1225369 CVE-2021-47502).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes bsc#1225595 CVE-2023-52833).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes bsc#1225437 CVE-2021-47522).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes bsc#1225032 CVE-2023-52745).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes bsc#1224931 CVE-2023-52747).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes bsc#1224928 CVE-2023-52840).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes bsc#1225121 CVE-2023-52744).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 bsc#1225160 CVE-2021-47366).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes bsc#1225599 CVE-2023-52834).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes bsc#1225000 CVE-2023-52878).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes bsc#1225435 CVE-2021-47521).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes bsc#1225479 CVE-2023-52741).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225096 CVE-2023-52875).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1224937 CVE-2023-52870).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225589 CVE-2023-52873).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225086 CVE-2023-52865).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225566 CVE-2023-52858).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes bsc#1225036 CVE-2023-52876).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes bsc#1225425 CVE-2021-47514).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes bsc#1225532 CVE-2023-52819).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes bsc#1225379 CVE-2021-47550).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes bsc#1225510 CVE-2021-47551).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes bsc#1225478 CVE-2023-52753).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 bsc#1225153 CVE-2021-47362).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes bsc#1225569 CVE-2023-52817).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes bsc#1225565 CVE-2023-52814).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 bsc#1225353 CVE-2021-47421).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes bsc#1225076 CVE-2023-52825).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes bsc#1225529 CVE-2023-52816).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225339 CVE-2021-47420).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes bsc#1224932 CVE-2023-52856).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 bsc#1225243 CVE-2021-47444).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 bsc#1225261 CVE-2021-47445).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 bsc#1225260 CVE-2021-47447).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 bsc#1225240 CVE-2021-47446).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes bsc#1225446 CVE-2021-47535).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 bsc#1225187 CVE-2021-47471).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225366 CVE-2021-47423).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 bsc#1225233 CVE-2021-47422).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225022 CVE-2023-52821).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes bsc#1225077 CVE-2023-52826).
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225230 CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes bsc#1225009 CVE-2023-52867).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 bsc#1225436 CVE-2021-47490).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes bsc#1225445 CVE-2021-47533).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes bsc#1225031 CVE-2023-52838).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes bsc#1225557 CVE-2023-52810).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes bsc#1225560 CVE-2023-52759).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes bsc#1224988 CVE-2023-52853).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes bsc#1225108 CVE-2023-52791).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes bsc#1225570 CVE-2023-52763).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes bsc#1225106 CVE-2023-52788).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes bsc#1225095 CVE-2022-48709).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes bsc#1225358 CVE-2021-47499).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes bsc#1225360 CVE-2021-47500).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes bsc#1225373 CVE-2021-47529).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes bsc#1225472 CVE-2023-52799).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes bsc#1225553 CVE-2023-52805).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes bsc#1225588 CVE-2023-52847).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes bsc#1225571 CVE-2023-52764).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes bsc#1225490 CVE-2023-52754).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes bsc#1225590 CVE-2023-52844).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes bsc#1225495 CVE-2021-47560).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes bsc#1225483 CVE-2023-52708).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes bsc#1224956 CVE-2023-52730).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes bsc#1225386 CVE-2021-47540).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes bsc#1225380 CVE-2021-47513).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes bsc#1225501 CVE-2021-47564).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes bsc#1224945 CVE-2023-52702).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes bsc#1225455 CVE-2021-47542).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes bsc#1225396 CVE-2021-47559).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes bsc#1225447 CVE-2021-47536).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes bsc#1225549 CVE-2023-52703).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes bsc#1225372 CVE-2021-47518).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes bsc#1225405 CVE-2021-47507).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes bsc#1225404 CVE-2021-47506).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes bsc#1225375 CVE-2021-47537).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes bsc#1224942 CVE-2022-48708).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes bsc#1225132 CVE-2023-52864).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
bsc#1225461 CVE-2023-52756).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes bsc#1225508 CVE-2021-47549).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes bsc#1225464 CVE-2021-47553).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes bsc#1225384 CVE-2021-47565).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes bsc#1225374 CVE-2021-47503).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes bsc#1194288 CVE-2021-47527).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes bsc#1225376 CVE-2021-47526).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes bsc#1225377 CVE-2021-47524).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes bsc#1225441 CVE-2021-47525).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes bsc#1225534 CVE-2023-52871).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes bsc#1225463 CVE-2021-47544).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes bsc#1225044 CVE-2023-52868).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes bsc#1225591 CVE-2023-52872).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes bsc#1225180 CVE-2023-52789).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes bsc#1225368 CVE-2021-47528).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes bsc#1225092 CVE-2023-52781).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes bsc#1225583 CVE-2023-52855).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes bsc#1224944 CVE-2023-52877).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes bsc#1225466 CVE-2021-47554).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes bsc#1224947 CVE-2023-52798).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes bsc#1225577 CVE-2023-52832).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit c477ba3
- powerpc/pseries/iommu: LPAR panics during boot up with a frozen
PE (bsc#1222011 ltc#205900 CVE-2024-36926).
- commit db3b1aa
- netfilter: nf_tables: release mutex after nft_gc_seq_end from
abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f
- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 64976b7
- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
CVE-2024-27413).
- commit bcbd0b7
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a
- selinux: avoid dereference of garbage after mount failure
(bsc#1224494 CVE-2024-35904).
- commit dad5bc3
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1223384).
- Refresh
patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c
- Update
patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
(bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
patches.suse/fs-aio-Check-IOCB_AIO_RW-before-the-struct-aio_kiocb.patch
(bsc#1222721 CVE-2024-26764 CVE-2024-35815 bsc#1224685).
- Update
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
(bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
(CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit 78f49e4
- Update
patches.suse/bpf-Guard-stack-limits-against-32bit-overflow.patch
(git-fixes CVE-2023-52676 bsc#1224730).
- commit bdae745
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- Update
patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch
(bsc#1191949 CVE-2021-42327 stable-5.14.16 CVE-2021-47489
bsc#1224901).
- Update
patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch
(stable-5.14.16 bsc#1193983 CVE-2021-4148 CVE-2021-47491
bsc#1224900).
- Update
patches.suse/mm-thp-bail-out-early-in-collapse_file-for-writeback.patch
(stable-5.14.16 CVE-2021-47492 bsc#1224898).
- commit 9ce4e35
- Update
patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
(git-fixes stable-5.14.12 CVE-2020-36788 bsc#1224816).
- commit 92d2a7f
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686).
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690).
- commit 2a79a5d
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling
(bsc#1216124).
- commit 7f04710
- rpm/kernel-obs-build.spec.in: remove reiserfs from OBS initrd
We disabled the FS in bug 1202309. And we actively blacklist it in:
/usr/lib/modprobe.d/60-blacklist_fs-reiserfs.conf
This, as a side-effect, fixes obs-build's warning:
dracut-pre-udev[1463]: sh: line 1: /usr/lib/module-init-tools/unblacklist: No such file or directory
Exactly due to the above 60-blacklist_fs-reiserfs.conf trying to call the
above unblacklist.
We should likely drop ext2+ext3 from the list too, as we don't build
them at all. But that's a different story.
- commit 9e1a078
- filemap: remove use of wait bookmarks (bsc#1224085).
- commit 36d572b
- scsi: qla2xxx: Fix double free of fcport (bsc#1223715
CVE-2024-26929).
- commit b3136a1
- powerpc/pseries/vio: Don't return ENODEV if node or compatible
missing (bsc#1220783).
- commit 1f4ad41
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(bsc#1224174 CVE-2024-27398).
- commit d55ff83
- af_unix: Fix garbage collector racing against connect()
(CVE-2024-26923 bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 94450ec
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc#1223626 CVE-2024-26930).
- commit dba3cc6
- Update
patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- commit 659f245
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit a741c33
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
- commit cca73b5
- Update
patches.suse/sched-debug-fix-dentry-leak-in-update_sched_domain_d.patch
(git-fixes CVE-2022-48699 bsc#1223996).
- commit 201a58f
- cachefiles: fix memory leak in cachefiles_add_cache()
(bsc#1222976 CVE-2024-26840).
- commit 6543e12
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 892e634
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- Update
patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
(jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
(git-fixes CVE-2022-48692 bsc#1223962).
- Update
patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
(bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
(git-fixes CVE-2022-48704 bsc#1223932).
- Update
patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
(jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
(git-fixes CVE-2022-48673 bsc#1223934).
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
CVE-2022-48697 bsc#1223922).
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- Update
patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
(bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
CVE-2022-48700 bsc#1223957).
- commit c8677b5
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 6e591e7
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit 517d4f7
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505).
Unbreak metadata (References: collides with our internal tracking,
switch to Fixes: when referencing a commit).
- commit cd38265
- Update
patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
(git-fixes CVE-2022-48675 bsc#1223894).
- Update
patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
(git-fixes CVE-2022-48634 bsc#1223501).
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
context management under GEM") bsc#1223505).
- Update
patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
(git-fixes CVE-2022-48632 bsc#1223481).
- Update
patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
(git-fixes CVE-2022-48652 bsc#1223520).
- Update
patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
(git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c
- krb5
-
- Fix vulnerabilities in GSS message token handling, add patch
0013-Fix-vulnerabilities-in-GSS-message-token-handling.patch
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
- libarchive
-
- Fix CVE-2024-20696, heap based out-of-bounds write
(CVE-2024-20696, bsc#1225971)
* CVE-2024-20696.patch
- gcc13
-
- Update to GCC 13.3 release
- Update to gcc-13 branch head, b7a2697733d19a093cbdd0e200, git8761
- Removed gcc13-pr111731.patch now included upstream
- Add gcc13-amdgcn-remove-fiji.patch removing Fiji support from
the GCN offload compiler as that is requiring Code Object version 3
which is no longer supported by llvm18.
- Add gcc13-pr101523.patch to avoid combine spending too much
compile-time and memory doing nothing on s390x. [boo#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- mozilla-nss
-
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- Added nss-fips-safe-memset.patch, fixing bsc#1222811.
- Removed some dead code from nss-fips-constructor-self-tests.patch.
- Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
- Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
- Updated nss-fips-approved-crypto-non-ec.patch and
nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
bsc#1222828, bsc#1222834.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.
- update to NSS 3.101.1
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
* bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
* bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
* bmo#1899883 - fix formatting issues.
* bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
* bmo#1899593 - remove invalid acvp fuzz test vectors.
* bmo#1898830 - pad short P-384 and P-521 signatures gtests.
* bmo#1898627 - remove unused FreeBL ECC code.
* bmo#1898830 - pad short P-384 and P-521 signatures.
* bmo#1898825 - be less strict about ECDSA private key length.
* bmo#1854439 - Integrate HACL* P-521.
* bmo#1854438 - Integrate HACL* P-384.
* bmo#1898074 - memory leak in create_objects_from_handles.
* bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1748105 - clean up escape handling
* bmo#1896353 - Use lib::pkix as default validator instead of the old-one
* bmo#1827444 - Need to add high level support for PQ signing.
* bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
* bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
* bmo#1793811 - Implement support for PBMAC1 in PKCS#12
* bmo#1897487 - disable VLA warnings for fuzz builds.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
* bmo#215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
* bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
* bmo#1830415 - Switch to the mozillareleases/image_builder image
- Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
- Remove part of nss-fips-zeroization.patch that got removed upstream
- update to NSS 3.100
- bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
faster Xyber operations.
- bmo#1893752 - remove ckcapi.
- bmo#1893162 - avoid a potential PK11GenericObject memory leak.
- bmo#671060 - Remove incomplete ESDH code.
- bmo#215997 - Decrypt RSA OAEP encrypted messages.
- bmo#1887996 - Fix certutil CRLDP URI code.
- bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH.
- bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c.
- bmo#1548723 - Moving the decodedCert allocation to NSS.
- bmo#1885404 - Allow developers to speed up repeated local execution
of NSS tests that depend on certificates.
- update to NSS 3.99
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
- update to NSS 3.98
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
in TLS
* bmo#1879513 - Certificate Compression: enabling the check that
the compression was advertised
* bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
* bmo#1879945 - Remove Email trust bit from OISTE WISeKey
Global Root GC CA
* bmo#1877344 - Replace `distutils.spawn.find_executable` with
`shutil.which` within `mach` in `nss`
* bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
support Certificate compression
* bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
* bmo#1875356 - Add valgrind annotations to freebl kyber operations
for constant-time execution tests
* bmo#1870673 - Set nssckbi version number to 2.66
* bmo#1874017 - Add Telekom Security roots
* bmo#1873095 - Add D-Trust 2022 S/MIME roots
* bmo#1865450 - Remove expired Security Communication RootCA1 root
* bmo#1876179 - move keys to a slot that supports concatenation in
PK11_ConcatSymKeys
* bmo#1876800 - remove unmaintained tls-interop tests
* bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
flags
* bmo#1874937 - bogo: add support for the -curves shim flag and
update Kyber expectations
* bmo#1874937 - bogo: adjust expectation for a key usage bit test
* bmo#1757758 - mozpkix: add option to ignore invalid subject
alternative names
* bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
* bmo#1876390 - take ownership of ecckilla shims
* bmo#1874458 - add valgrind annotations to freebl/ec.c
* bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* bmo#1875965 - Update zlib to 1.3.1
- Use %patch -P N instead of deprecated %patchN.
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
* bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
* bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
* bmo#1867408 - add a defensive check for large ssl_DefSend return values
* bmo#1869378 - Add dependency to the taskcluster script for Darwin
* bmo#1869378 - Upgrade version of the MacOS worker for the CI
- add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
explicit default trust flags" test needs longer than the allowed
6 seconds on s390x
- update to NSS 3.95
* bmo#1842932 - Bump builtins version number.
* bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
* bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
* bmo#1850982 - Remove Camerfirma root certificates from NSS.
* bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
* bmo#1860670 - Add four Commscope root certificates to NSS.
* bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
* bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
* bmo#1861728 - Include P-256 Scalar Validation from HACL*.
* bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
256 ECC without DER wrapping at the softoken level
* bmo#1837987 - Add means to provide library parameters to C_Initialize
* bmo#1573097 - clang format
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
* bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
* bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
* bmo#1573097 - Fix Invalid casts in instance.c
- update to NSS 3.94
* bmo#1853737 - Updated code and commit ID for HACL*
* bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
current NSS
* bmo#1827303 - Softoken C_ calls should use system FIPS setting
to select NSC_ or FC_ variants
* bmo#1774659 - NSS needs a database tool that can dump the low level
representation of the database
* bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
* bmo#1852179 - avoid implicit conversion for ByteString
* bmo#1818766 - update rust version for acvp docker
* bmo#1852011 - Moving the init function of the mpi_ints before
clean-up in ec.c
* bmo#1615555 - P-256 ECDH and ECDSA from HACL*
* bmo#1840510 - Add ACVP test vectors to the repository
* bmo#1849077 - Stop relying on std::basic_string<uint8_t>
* bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
- rebased patches
- added nss-fips-test.patch to fix broken test
- Update to NSS 3.93:
* bmo#1849471 - Update zlib in NSS to 1.3.
* bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
* bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
- Rebase nss-fips-pct-pubkeys.patch.
- update to NSS 3.92
* bmo#1822935 - Set nssckbi version number to 2.62
* bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
* bmo#1839992 - Add 4 SSL.com Root CA certificates
* bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
* bmo#1840437 - Add LAWtrust Root CA2 (4096)
* bmo#1822936 - Remove E-Tugra Certification Authority root
* bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
* bmo#1840505 - Remove Hongkong Post Root CA 1
* bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
* bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
* bmo#1837431 - Implementation of the HW support check for ADX instruction
* bmo#1836925 - Removing the support of Curve25519
* bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
* bmo#1839327 - Adding args to enable-legacy-db build
* bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
default trust flags"
* bmo#1837617 - Initialize flags in slot structures
* bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
* bmo#1829112 - Followup Fixes
* bmo#1784253 - avoid processing unexpected inputs by checking for
m_exptmod base sign
* bmo#1826652 - add a limit check on order_k to avoid infinite loop
* bmo#1834851 - Update HACL* to commit 5f6051d2
* bmo#1753026 - add SHA3 to cryptohi and softoken
* bmo#1753026 - HACL SHA3
* bmo#1836781 - Disabling ASM C25519 for A but X86_64
- removed upstreamed patch nss-fix-bmo1836925.patch
- update to NSS 3.90.3
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1748105 - clean up escape handling.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1836925 - Disable ASM support for Curve25519.
* bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
- remove upstreamed nss-fix-bmo1836925.patch
- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
when using FIPS-mode (bsc#1223724).
- Added "Provides: nss" so other RPMs that require 'nss' can
be installed (jira PED-6358).
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- openssl-1_1
-
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- libsolv
-
- add a conflict to older libsolv-tools to libsolv-tools-base
- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
cases
- added experimental lua bindings
- bump version to 0.7.29
- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- suseconnect-ng
-
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- Update to version 1.9.0
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
- libxml2
-
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
xmlHTMLPrintFileContext in xmllint.c
* Added libxml2-CVE-2024-34459.patch
- libzypp
-
- zypp-tui: Make sure translated texts use the correct textdomain
(fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)
- don't require libproxy1 on tumbleweed, it is optional now
- version 17.34.0 (34)
- Fix versioning scheme
- version 17.33.4 (35)
- add one more missing export for libyui-qt-pkg
- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)
- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2
- version 17.33.1 (33)
- switch to reduced size libsolv-tools-base (jsc#PED-8153)
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- Add ZYPP_API for exported functions and switch to
visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)
- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)
- shadow
-
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- mgr-push
-
- version 4.3.6-0
* Use bundle CA certificate in rhnpush (bsc#1222731)
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- patch
-
- CVE-2019-20633.patch: Fix double-free/OOB read in pch.c (bsc#1167721)
- patterns-base
-
- Added a fips-certified pattern matching the exact certified
FIPS versions
- prometheus-exporters-formula
-
- Version 1.4.1
* Fix Node Exporter flag name for TLS support (bsc#1226035)
* Fix PostgreSQL exporter drop-in directory name on Debian
(bsc#1226605)
- Version 1.4.0
* Fix parsing PostgreSQL password with special characters
* Add form fields for PostgreSQL data source
- python-azure-agent
-
- Add agent-btrfs-use-f.patch (bsc#1227711)
+ Use the proper option to force btrfs to overwrite a file system on the
resource disk if one already exists.
- Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro >= 5.5
(bsc#1227106).
- Do not package waagent2.0 in Python 3 builds.
- Drop obsolete otherproviders keyword from Conflicts statements
- Do not require wicked in non-SUSE build environments.
- Apply python3 interpreter patch in non SLE build environments
(bcs#1227067)
- Simplify %suse_version conditionals
- Use the -Z option for mv and cp in the posttrans to properly handle
SELinux context (bsc#1225946)
- python-rpm-macros
-
- Update to version 20240618.1e386da:
* Fix python_clone sed regex
- Update to version 20240614.02920b8:
* Make sure that RPM_BUILD_ROOT env is set
* don't eliminate any cmdline arguments in the shebang line
* Create python313 macros
- Update to version 20240415.c664b45:
* Fix typo 310 -> 312 in default-prjconf
- Update to version 20240202.501440e:
* SPEC0: Drop python39, add python312 to buildset (#169)
- Update to version 20231220.98427f3:
* fix python2_compile macro
- Update to version 20231207.46c2ec3:
* make FLAVOR_compile compatible with python2
- Update to version 20231204.dd64e74:
* Combine fix_shebang in one line
* New macro FLAVOR_fix_shebang_path
* Use realpath in %python_clone macro shebang replacement
* Compile and fix_shebang in %python_install macros
- Update to version 20231010.0a1f0d9:
* Revert "Compile and fix_shebang in %python_install macros"
* gh#openSUSE/python-rpm-macros#163
- Update to version 20231010.a32e110:
* Compile and fix_shebang in %python_install macros
- Update to version 20231005.bf2d3ab:
* Fix shebang also in sbin with macro _fix_shebang
- Update to version 20230609.6fe8111:
* move compile loop to python
* remove python38
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python-dnspython
-
- Add new patches to solve DoS:
- CVE-2023-29483-pre1.patch
- CVE-2023-29483.patch
(bsc#1222693, CVE-2023-29483, gh#rthalley/dnspython#1044)
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- rhnlib
-
- version 4.3.6-0
* Use bundle CA certificate in rhnpush (bsc#1222731)
- salt
-
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Added:
* make-salt-master-self-recoverable-on-killing-eventpu.patch
* skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
* remove-redundant-_file_find-call-to-the-master.patch
* prevent-possible-exception-in-tornado.concurrent.fut.patch
* improve-broken-events-catching-and-reporting.patch
* add-missing-contextvars-dependency-in-salt.version.patch
* do-not-call-the-async-wrapper-calls-with-the-separat.patch
* make-logging-calls-lighter.patch
* make-reactor-engine-less-blocking-the-eventpublisher.patch
* speed-up-salt.matcher.confirm_top-by-using-__context.patch
* remove-unused-import-causing-delays-on-starting-salt.patch
* prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
- spacewalk-certs-tools
-
- version 4.3.25-0
* Remove PKI of Salt Minion only in case of changing the Master
with the bootstrap script
- version 4.3.24-0
* Calculate bootstrap repo path for SL Micro 6.0
- spacewalk-client-tools
-
- version 4.3.20-0
* Update translation strings
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- Update to version 2.1.0 (bsc#1217537)
+ Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
rgnsrv-azure-eastus -> 40.121.202.140.pem expires 10 years
- release-notes-susemanager
-
- Update to SUSE Manager 4.3.13
* SUSE Linux Enterprise Server 15 SP6 Family support has been
added
* SUSE Linux Micro 6.0 support has been added
* openSUSE Leap 15.6 support has been added
* Bugs mentioned:
bsc#1216063, bsc#1218724, bsc#1219317, bsc#1219965, bsc#1220221
bsc#1220259, bsc#1220420, bsc#1221629, bsc#1222225, bsc#1222731
bsc#1222996, bsc#1224004, bsc#1224786, bsc#1225196, bsc#1225416
bsc#1225634, bsc#1225940, bsc#1227306
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by system getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- snakeyaml
-
- Modified patch:
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
+ remove unused List variable that was originally used for
debugging purposes
- The binaries are compatible with java 1.8
- Upgrade to upstrem version 2.2
* Changes of 2.2
+ Define default scalar style as PLAIN (for polyglot Maven)
+ Add missing 'exports org.yaml.snakeyaml.inspector' to
module-info.java
* Changes of 2.1
+ Heavy Allocation in Emitter.analyzeScalar(String) due to Regex
Overhead. Fixes 1075.
+ Use identity in toString() for sequences to avoid
OutOfMemoryError. Fixes 1064.
+ NumberFormatException from SnakeYAML due to int overflow for
corrupt YAML version. Fixes 1061.
+ Document size limit should be applied to single document not
the whole input stream. Fixes 1065.
+ Detect invalid Unicode code point (thanks to Tatu Saloranta).
Fixes 576.
+ Remove Trusted*Inspector classes from main sources tree
* Changes of 2.0
+ Rollback to Java 7 target. Fixes 570.
+ Add module-info.java. Fixes 495.
+ Migrate to Java 8
+ Remove many deprecated constructors
+ Remove long deprecated methods in FlowStyle
+ Do not allow global tags by default. Fixes 565.
+ Yaml.LoadAs() signature to support Class<? super T> type
instead of Class<T>. Fixes 556.
+ CustomClassLoaderConstructor takes LoaderOptions
+ Check input parameters for non-null values
- Removed patch:
* 0003-Fix-ReaderBomTest.patch
+ not needed
- Modified patches:
* 0001-replace-bundled-base64coder-with-java.util.Base64.patch ->
0001-Remove-external-Base64Coder-and-use-provided-Base64.patch
+ use the patch integrated for inclusion in 2.3
* 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
+ regenerate and fix tests
- Use %patch -P N instead of deprecated %patchN.
- spacecmd
-
- version 4.3.28-0
* Remove spacewalk-abrt related commands
- spacewalk-backend
-
- version 4.3.29-0
* Set permissions on exported Salt GPG key (bsc#1222996)
- spacewalk-web
-
- version 4.3.39-0
* Show server timezone with execution time in recurring action details
* Fix displayed time in datetime pickers that use server's
timezone (bsc#1225196)
* Bump the WebUI version to 4.3.13
* Prevent error in case of inconsistent subscription matcher message
data (bsc#1221629)
- spacewalk-java
-
- version 4.3.78-0
* Remove usage of deprecated constructor (bsc#1227306)
- version 4.3.77-0
* Allow running hardware refresh for BYOS Clients on a SUMA PAYG Server
to allow re-detection of the instance flavor (bsc#1225940)
* Fix PAYG client detection during hardware refresh (bsc#1225940)
- version 4.3.76-0
* Remove initiate action and cobbler system profile when cancelling
autoinstallion (bsc#1220259)
* Improve handling of virtual-host-gather host identifier from a
VMWare virtualization host (bsc#1218724)
* Replace symlink to kernel and initrd in salt filesystem with regular
files (bsc#1220221)
* Fix Null Pointer Exception when action completion time is not set
* Prevent Null Pointer Exception when processing reboot needed beacon
event(bsc#1216063)
* Change syncAll call at start-up to be asynchronous (bsc#1224004)
* Don't accept periods as valid characters in distribution label
(bsc#1219317)
* Increase reboot info beacon interval
- spacewalk-utils
-
- version 4.3.20-0
* Add SL Micro 6.0 Uyuni Client Tools Channel via spacewalk-common-channels
- subscription-matcher
-
- Version 0.38
* Workaround for Java 17 strong encapsulation (bsc#1225416)
- supportutils-plugin-susemanager
-
- version 4.3.12-0
* Update the spacewalk certificate location (bsc#1225634)
- suse-build-key
-
- added missing ; in shell script (bsc#1227681)
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them. (bsc#1227429)
gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.
- susemanager-build-keys
-
- Added the ALP product keys
- build-alp-09d9ea69-645b99ce.asc
- build-alp-reserve-73F03759-626bd414.asc
- susemanager-docs_en
-
- Added SUSE Liberty Linux 7 LTSS entries (bsc#1226913)
- Added SL Micro 6.0 as a supported client
- Added SLE 15 SP6 as a supported client
- Added openSUSE Leap 15.6 as a supported client
- Fixed PostgreSQL name entity
- susemanager-schema
-
- version 4.3.26-0
* Update list of package GPG keys in the database
- susemanager-sls
-
- version 4.3.43-0
* Fix PAYG client detection during hardware refresh (bsc#1225940)
- version 4.3.42-0
* Fix bootstrapping transactional systems if Salt Minion package
is already installed.
* Avoid sending empty events with reboot_info beacon
* Define bootstrap repo data for SL Micro 6.0
* Calculate bootstrap repo path for SL Micro 6.0
- susemanager-sync-data
-
- version 4.3.18-0
* Add SLE 12 SP5 LTSS channel families
* Remove SUSE Linux Liberty HA LTSS 7 channel family
- susemanager
-
- version 4.3.37-0
* Add bootstrap repository data for SUSE Liberty Linux 7 LTSS
(bsc#1226958)
- version 4.3.36-0
* Add bootstrap repository definition for SL Micro 6.0
- tomcat
-
- Update to Tomcat 9.0.91
* Fixed CVEs:
+ CVE-2024-34750: Improper handling of exceptional conditions
(bsc#1227399)
* Catalina
+ Fix: Allow JAASRealm to use the configuration source to load a configured
configFile, for easier use with testing. (remm)
+ Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm)
+ Fix: 69131: Expand the implementation of the filter value of the
Authenticator attribute allowCorsPreflight, so that it applies to all
requests that match the configured URL patterns for the CORS filter,
rather than only applying if the CORS filter is mapped to /*. (markt)
+ Add: Add support for shallow copies when using WebDAV. (markt)
+ Code: Deprecate the WebdavFixFilter as it is no longer required. (markt)
+ Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64.
Submitted by Daniel Lyko. (remm)
+ Update: Update minimum recommended version of Tomcat Native to 1.3.0. Pull
request #728 provided by Dimitrios Soumis. (markt)
+ Update: The system property org.apache.catalina.connector.RECYCLE_FACADES
will now default to true if not specified, which will in turn set the
default value for the discardFacades connector attribute, thus causing
facade objects to be discarded by default. (remm)
+ Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for
retrieving extended/additional information from an established GSS
context. (michaelo)
+ Fix: Correct a regression in the fix for 68721 that caused some instances
of LinkageError to be reported as ClassNotFoundException. (markt)
+ Fix: Ensure that static resources deployed via a JAR file remain
accessible when the context is configured to use a bloom filter. Based on
pull request #730 provided by bergander. (markt)
+ Add: Introduce reference counting so the AprLifecycleListener is more
robust. This particularly targets more complex embedded configurations
with multiple server instances with independent lifecycles where more than
one server instance requires the AprLifecycleListener. (markt)
+ Update: Deprecate and remove sessionCounter (replaced by the addition of
the active session count and the expired session count, as a reasonable
approximation) and duplicates (which does not represent a possible event
in current implementations) statistics from the session manager. (remm)
+ Fix: 68890 Align output encoding of JSPs in the Manager webapp with the
XML declarations in those same files. (schultz)
+ Fix: Update Basic authentication to implement the requirements of RFC 7617
including the changing of the trimCredentials setting which is now
defaults to false. Note that the trimCredentials setting will be removed
in Tomcat 11. (markt)
+ Add: Small performance optimization when logging cookies with no values.
(schultz)
+ Fix: Correct error handling for asynchronous requests. If the application
performs an dispatch during AsyncListener.onError() the dispatch is now
performed rather than completing the request using the error page
mechanism. (markt)
+ Fix: Fix WebDAV lock null (locks for non existing resources) thread safety
and removal. (remm)
+ Fix: Add periodic checking for WebDAV locks expiration. (remm)
+ Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo)
+ Update: Add highConcurrencyStatus attribute to the SemaphoreValve to
optionally allow the valve to return an error status code to the client
when a permit cannot be acquired from the semaphore. (remm)
+ Add: Add checking of the "age" of the running Tomcat instance since its
build-date to the SecurityListener, and log a warning if the server is
old. (schultz)
+ Fix: When using the AsyncContext, throw an IllegalStateException, rather
than allowing an NullPointerException, if an attempt is made to use the
AsyncContext after it has been recycled. (markt)
+ Fix: Change the thread-safety mechanism for protecting
StandardServer.services from a simple synchronized lock to a
ReentrantReadWriteLock to allow multiple readers to operate
simultaneously. Based upon a suggestion by Markus Wolfe. (schultz)
+ Fix: Improve Service connectors, Container children and Service executors
access sync using a ReentrantReadWriteLock. (remm)
+ Fix: Improve handling of integer overflow if an attempt is made to upload
a file via the Servlet API and the file is larger than
Integer.MAX_VALUE. (markt)
+ Fix: 68862: Handle possible response commit when processing read errors.
(remm)
* Jasper
+ Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of
new classes added to the java.lang package in Java 23. (markt)
+ Fix: Ensure that an exception in toString() still results in an
ELException when an object is coerced to a String using
ExpressionFactory.coerceToType(). (markt)
+ Add: Add support for specifying Java 24 (with the value 24) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that context relative includes are processed correctly. (
markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that file relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR
file, ensure that file relative includes are are not permitted to access
files outside of the /META_INF/tags/ directory nor outside of the JAR
file. (markt)
+ Fix: 68546: Small additional optimisation for initial loading of Servlet
code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt)
+ Add: Add support for specifying Java 23 (with the value 23) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: Handle the case where the JSP engine forwards a request/response to a
Servlet that uses an OutputStream rather than a Writer. This was
triggering an IllegalStateException on code paths where there was a
subsequent attempt to obtain a Writer. (markt)
+ Fix: Correctly handle the case where a tag library is packaged in a JAR
file and the web application is deployed as a WAR file rather than an
unpacked directory. (markt)
+ Fix: Prevent the web application's ClassLoader from being pinned by the
JSP compiler if an application uses a custom XMLInputFactory. Based upon a
suggestion from Simon Niederberger. (schultz)
* Web applications
+ Fix: Fix status servlet detailed view of the connectors when using
automatic port. (remm)
+ Add: Add the ability to set a sub-title for the Manager web application
main page. This is intended to allow users with lots of instances to
easily distinguish them. Based on pull request #724 by Simon Arame.
(markt)
+ Fix: Examples: Improve performance of WebSocket chat application when
multiple clients disconnect at the same time. (markt)
+ Update: Examples: Increase the number of previous messages displayed when
using the WebSocket chat application. (markt)
+ Fix: Examples: Improve performance of WebSocket snake application when
multiple clients disconnect at the same time. (markt)
* Coyote
+ Fix: Improve the algorithm used to identify the IP address to use to
unlock the acceptor thread when a Connector is listening on all local
addresses. Interfaces that are configured for point to point connections
or are not currently up are now skipped. (markt)
+ Fix: 69121: Ensure that the onComplete() event is triggered if
AsyncListener.onError() dispatches to a target that throws an exception.
(markt)
+ Fix: Following the trailer header field refactoring, -1 is no longer an
allowed value for maxTrailerSize. Adjust documentation accordingly. (remm)
+ Fix: 69068: Ensure read timouts are triggered for asynchronous,
non-blocking reads when using HTTP/2. (markt)
+ Update: 69133: Add task queue size configuration on the Connector element,
similar to the Executor element, for consistency. (remm)
+ Fix: Make counting of active HTTP/2 streams per connection more robust.
(markt)
+ Add: Add support for TLS 1.3 client initiated re-keying. (markt)
+ Fix: Align non-secure and secure writes with NIO and skip the write
attempt when there are no bytes to be written. (markt)
+ Fix: Allow any positive value for socket.unlockTimeout. If a negative or
zero value is configured, the default of 250ms will be used. (mark)
+ Fix: Reduce the time spent waiting for the connector to unlock. The
previous default of 10s was noticeably too long for cases where the unlock
has failed. The wait time is now 100ms plus twice socket.unlockTimeout.
(markt)
+ Fix: Ensure that the onAllDataRead() event is triggered when the request
body uses chunked encoding and is read using non-blocking IO. (markt)
+ Fix: 68934: Add debug logging in the latch object when exceeding
maxConnections. (remm)
+ Fix: Refactor trailer field handling to use a MimeHeaders instance to
store trailer fields. (markt)
+ Fix: Ensure that multiple instances of the same trailer field are handled
correctly. (markt)
+ Fix: Fix non-blocking reads of chunked request bodies. (markt)
+ Fix: When an invalid HTTP response header was dropped, an off-by-one error
meant that the first header in the response was also dropped. Fix based on
pull request #710 by foremans. (markt)
+ Fix: Add threadsMaxIdleTime attribute to the endpoint, to allow
configuring the amount of time before an internal executor will scale back
to the configured minSpareThreads size. (remm)
* WebSocket
+ Fix: 68884: Reduce the write timeout when writing WebSocket close messages
for abnormal closes. The timeout defaults to 50 milliseconds and may be
controlled using the
org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property
in the user properties collection associated with the WebSocket session.
(markt)
* Other
+ Update: Add test-only build target to allow running only the testsuite,
supporting Java versions down to the minimum supported to run Tomcat.
(rjung)
+ Update: Update UnboundID to 7.0.1. (markt)
+ Update: Update to SpotBugs 4.8.6. (markt)
+ Update: Remove cglib dependency as it is not required by the version of
EasyMock used by the unit tests. (markt)
+ Update: Update EasyMock to 5.3.0. This adds a test dependency on
Byte-Buddy 1.14.17. (markt)
+ Add: Improvements to Czech translations by VladimĂr Chlup. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by fangzheng. (markt)
+ Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby
that runs on Java 17. (markt)
+ Update: Update to Commons Daemon 1.4.0. (markt)
+ Update: Update to Objenesis 3.4. (markt)
+ Update: Update to Checkstyle 10.17.0. (markt)
+ Update: Update to SpotBugs 4.8.5. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Switch to using the Base64 encoder and decoder provided by the JRE
rather than the version provided by Commons Codec. The internal fork of
Commons Codec has been deprecated and will be removed in Tomcat 11.
(markt)
+ Update: Update NSIS to 3.10. (mark0t)
+ Update: Update UnboundID to 7.0.0. (markt)
+ Update: Update Checkstyle to 10.16.0. (markt)
+ Update: Update JaCoCo to 0.8.12. (markt)
+ Update: Update SpotBugs to 4.8.4. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
+ Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.14.1. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
+ Update: Update the internal fork of Apache Commons Codec to 1.16.1.
(markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (remm)
+ Add: Improvements to Chinese translations by leeyazhou. (remm)
- Modified patch:
* tomcat-9.0-build-with-java-11.patch
+ rediff to changed context
* tomcat-9.0-osgi-build.patch
+ move the definition of bnd.classpath out of the setup-bnd task
since it is one component in build.classpath
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- virtual-host-gatherer
-
- version 1.0.27-1
* Use uuid as host indentifier for VMWare hosted machines
(bsc#1218724)
* Log if regions are skipped during import
- wget
-
- Fix mishandled semicolons in the userinfo subcomponent could lead to an
insecure behavior in which data that was supposed to be in the userinfo
subcomponent is misinterpreted to be part of the host subcomponent.
[bsc#1226419, CVE-2024-38428, properly-re-implement-userinfo-parsing.patch]
- wicked
-
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- arp: increase arp-send retry value to avoid address configuration
failure due to ENOBUF reported by kernel while duplicate address
detection with underlying bonding in 802.3ad mode reporting link
"up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020,
gh#openSUSE/wicked#1022).
[+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- xfsprogs
-
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
- Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch
- zypper
-
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)