- 000release-packages:SLE_HPC-release
-
n/a
- binutils
-
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- curl
-
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- deltarpm
-
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- dracut
-
- Update to version 055+suse.392.g7930ab23:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- glib2
-
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- glibc
-
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- kernel-azure
-
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 6d0732e
- efi/unaccepted: touch soft lockup during memory accept
(bsc#1225773 CVE-2024-36936).
- commit 29d2eb8
- vdpa: ifcvf: Do proper cleanup if IFCVF init fails (bsc#1225524
CVE-2022-48706).
- commit 023b108
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 717d839
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit b02e597
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 07bd1e3
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- ocfs2: use coarse time for new created files (git-fixes).
- commit 82dc1eb
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit f65ae14
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 3005438
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit b060763
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 264a4ea
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ALSA-usb-audio-Fix-possible-NULL-pointer-dereference.patch
(git-fixes CVE-2023-52904 bsc#1229529).
- Update
patches.suse/ASoC-Intel-sof-nau8825-fix-module-alias-overflow.patch
(git-fixes CVE-2022-48889 bsc#1229545).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update patches.suse/bpf-Add-schedule-points-in-batch-ops.patch
(jsc#PED-1377 CVE-2022-48939 bsc#1229616).
- Update
patches.suse/bpf-Fix-crash-due-to-incorrect-copy_map_value.patch
(jsc#PED-1377 CVE-2022-48940 bsc#1229615).
- Update
patches.suse/btrfs-prevent-copying-too-big-compressed-lzo-segment.patch
(git-fixes CVE-2022-48923 bsc#1229662).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch
(bsc#1206843 CVE-2023-52908 bsc#1229525).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-Fixed-bug-on-error-when-unloading-amdgpu.patch
(bsc#1206843 CVE-2023-52912 bsc#1229588).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update patches.suse/drm-i915-Fix-potential-context-UAFs.patch
(git-fixes CVE-2023-52913 bsc#1229521).
- Update
patches.suse/drm-i915-gt-Cleanup-partial-engine-discovery-failure.patch
(git-fixes CVE-2022-48893 bsc#1229576).
- Update
patches.suse/drm-msm-dpu-Fix-memory-leak-in-msm_mdss_parse_data_b.patch
(git-fixes CVE-2022-48888 bsc#1229546).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
(bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457
bsc#1213632 CVE-2022-48887 bsc#1229547).
- Update
patches.suse/drop_monitor-replace-spin_lock-by-raw_spin_lock.patch
(References: CVE-2021-47546 bsc#1227937 CVE-2024-40980).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update patches.suse/ice-Add-check-for-kzalloc.patch (jsc#PED-376
CVE-2022-48886 bsc#1229548).
- Update
patches.suse/ice-Fix-potential-memory-leak-in-ice_gnss_tty_write.patch
(jsc#PED-376 CVE-2022-48885 bsc#1229564).
- Update
patches.suse/iommu-iova-Fix-alloc-iova-overflows-issue.patch
(git-fixes CVE-2023-52910 bsc#1229523).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-ipv6-ensure-we-call-ipv6_mc_down-at-most-once.patch
(git-fixes CVE-2022-48910 bsc#1229632).
- Update
patches.suse/net-ks8851-Fix-deadlock-with-the-SPI-chip-variant.patch
(git-fixes CVE-2024-41036 bsc#1228496).
- Update
patches.suse/net-ks8851-Queue-RX-packets-in-IRQ-handler-instead-o.patch
(CVE-2024-35971 bsc#1224578 CVE-2024-36962 bsc#1225827).
- Update
patches.suse/net-mlx5-Fix-command-stats-access-after-free.patch
(jsc#PED-1549 CVE-2022-48884 bsc#1229562).
- Update
patches.suse/net-mlx5e-Fix-macsec-possible-null-dereference-when-.patch
(jsc#PED-1549 CVE-2022-48882 bsc#1229558).
- Update
patches.suse/net-mlx5e-IPoIB-Block-PKEY-interfaces-with-less-rx-q.patch
(jsc#PED-1549 CVE-2022-48883 bsc#1229560).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfsd-fix-handling-of-cached-open-files-in-nfsd4_open.patch
(git-fixes CVE-2023-52909 bsc#1229524).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/platform-x86-amd-Fix-refcount-leak-in-amd_pmc_probe.patch
(bsc#1210644 CVE-2022-48881 bsc#1229559).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229190 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- commit 777a4e3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 7d81a29
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit f13afd4
- blacklist.conf: 0cac183b98d8 drm/amdkfd: range check cp bad op exception interrupts
- commit a1d8500
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- Revert "drm/amd/display: Validate hw_points_num before using it"
(stable-fixes).
- drm/amd/display: Validate hw_points_num before using it
(stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all
possible values can be stored (stable-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings
(stable-fixes).
- commit 91b4876
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit d3f6894
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit e13b213
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit 427ff01
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 6961c54
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit 9927afc
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit ff5617f
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit c954239
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- jfs: fix null ptr deref in dtInsertEntry (bsc#1229820
CVE-2024-44939).
- commit 02ccaa1
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit a4daba4
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit d450d98
- blacklist.conf: Patch hangs graphics on RPi3 (bsc#1225352)
- commit 54b22e6
- drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904 bsc#1229768)
- commit c2331c0
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- commit 2e1b5f5
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ca65d0a
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 32a510a
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 13ec104
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit a558155
- net/sched: act_mpls: Fix warning during failed attribute
validation (CVE-2023-52906 bsc#1229527).
- commit 5be67dc
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit f5f318d
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 5a53e2c
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 31be414
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 9d86cff
- blacklist.conf: Add a50e1fcbc9b85 ("btrfs: do not WARN_ON() if we have PageError set")
- commit bf3feb4
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 4342cf9
- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large (CVE-2022-48906 bsc#1229605)
- commit a7a3da6
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit af12745
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 78df5c8
- Reapply "drm/vc4: hdmi: Enforce the minimum rate at
This reverts commit 048f829d4b52520058c31bae2ef1ec08563c460a.
- commit 5126762
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- commit b3fe404
- Add exception protection processing for vd in
axi_chan_handle_err function (CVE-2023-52899 bsc#1229569).
- commit 510675c
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit ccfe5a9
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit f41507c
- vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873 bsc#1229488)
- commit d4e35ee
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 91482e3
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9ac27bb
- netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (CVE-2021-47106 bsc#1220962)
- commit e6e6065
- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
is set via ethtool (CVE-2021-47517 bsc#1225428).
- commit f131073
- ethtool: do not perform operations on net devices being
unregistered (CVE-2021-47517 bsc#1225428).
- ethtool: return error from ethnl_ops_begin if dev is NULL
(CVE-2021-47517 bsc#1225428).
- ethtool: runtime-resume netdev parent in ethnl_ops_begin
(CVE-2021-47517 bsc#1225428).
- ethtool: move netif_device_present check from
ethnl_parse_header_dev_get to ethnl_ops_begin (CVE-2021-47517
bsc#1225428).
- ethtool: move implementation of ethnl_ops_begin/complete to
netlink.c (CVE-2021-47517 bsc#1225428).
- commit 2e58867
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 134cc98
- exfat: fix potential deadlock on __exfat_get_dentry_set
(git-fixes).
- commit 2294924
- afs: Don't cross .backup mountpoint from backup volume
(git-fixes).
- commit b94ac2d
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- commit c10d9f9
- ubifs: dbg_orphan_check: Fix missed key type checking
(git-fixes).
- commit aca23b0
- ubifs: Fix adding orphan entry twice for the same inode
(git-fixes).
- commit e42f9e0
- ubifs: Fix unattached xattr inode if powercut happens after
deleting (git-fixes).
- commit ed1af4c
- exfat: fix inode->i_blocks for non-512 byte sector size device
(git-fixes).
- commit a3a46dd
- exfat: redefine DIR_DELETED as the bad cluster number
(git-fixes).
- commit 52b33f6
- exfat: support dynamic allocate bh for exfat_entry_set_cache
(git-fixes).
- commit dd685aa
- nilfs2: Remove check for PageError (git-fixes).
- commit cd97d8f
- drop_monitor: replace spin_lock by raw_spin_lock (References:
CVE-2021-47546 bsc#1227937).
- commit dd4f366
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- commit b7df97b
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- commit 0a0202d
- supported.conf: Sort with tool
No functional change intended
- commit 4d22f17
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 31787dd
- supported.conf: Fix comment placement.
We have a script for automated sorting of this file.
However, it can only work with comments that are placed together with
the module name on the same line, not with comments on their own line.
- commit d1c37d4
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- commit 6daa607
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: disable toggling dormant table state
more than once (CVE-2024-35897 bsc#1224510).
- commit c138803
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit 15b1876
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 081f6b0
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit 4e175b8
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit 4b042b0
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 7074520
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 5731bf5
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 3f2b4eb
- kabi: hide include of ppp files from genksyms (CVE-2024-27016
bsc#1223807).
- commit db3abd4
- net: phy: phy_device: Prevent nullptr exceptions on ISR
(CVE-2024-35945 bsc#1224639).
- net: phy: allow a phy to opt-out of interrupt handling
(CVE-2024-35945 bsc#1224639).
- net: phy: Deduplicate interrupt disablement on PHY attach
(CVE-2024-35945 bsc#1224639).
- commit 2a46e5f
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit f901f47
- netfilter: flowtable: validate pppoe header (CVE-2024-27016
bsc#1223807).
- commit ad249c6
- netfilter: flowtable: Fix QinQ and pppoe support for inet table
(CVE-2024-27016 bsc#1223807).
- commit 0b940a3
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 11d3282
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit 886bbe9
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit 99e9416
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 230ddc2
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 4c196fd
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 52bf670
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 3e4f173
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit ff5170b
- s390/pkey: Wipe sensitive data on failure (bsc#1228727
CVE-2024-42157 git-fixes).
- commit bfb03ba
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229573).
- commit 5bbca6e
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229572).
- commit de7864e
- blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs to not set the
reference serial number")
(CVE-2024-26677 bsc#1222387)
[#] Conflicts:
[#] blacklist.conf
- commit 7adb3c8
- blacklist.conf: printk/panic: not needed; the fixed functionality is not there
- commit 1e311d5
- blacklist.conf: Add 467324bcfe1a ("ax25: Fix netdev refcount issue")
(CVE-2024-36009 bsc#1224542)
- commit 414c075
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit 256d260
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit aa78187
- ceph: periodically flush the cap releases (bsc#1225162).
- ceph: issue a cap release immediately if no cap exists
(bsc#1225162).
- commit 3fe7ed5
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- commit 03a8502
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- commit af4907d
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- commit 7de02e0
- blacklist.conf: unwanted sunrpc patch
- commit 7593bcd
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- commit 7da24f6
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit 82fce1f
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 7943dda
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit 2f1fd70
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 3e19d8c
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 51cef10
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- commit 87f8b26
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit fa634c1
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit c8788c0
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0f7f361
- arm64: cpufeature: Always specify and use a field width for capabilities (git-fixes)
Refresh patches.suse/arm64-cpufeature-Fix-field-sign-for-DIT-hwcap-detection.patch.
Refresh patches.suse/arm64-cpufeature-Force-HWCAP-to-be-based-on-the-sysreg-visible-to-user-space.patch.
- commit 8d157b0
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- commit 817012e
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit 8e189b9
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit a85e801
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- commit a7d20d9
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 9ffdd2d
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 828e8df
- net: enetc: move enetc_set_psfp() out of the common
enetc_set_features() (CVE-2022-48645 bsc#1223508).
- commit 995bd04
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 7e08cca
- net: tcp: fix unexcepted socket die when snd_wnd is 0
(CVE-2024-41007 bsc#1227863).
- commit 226da79
- net: nsh: Use correct mac_offset to unwind gso skb in
nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit a887eae
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 765d56f
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit ac167d3
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit 245f980
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit eabaf05
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit a2d18fc
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit dabff04
- arm64: errata: Unify speculative SSBS errata logic (git-fixes)
Also update default configuration.
- commit c115971
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 9e86d7f
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit cca3066
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit b5d9595
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh capability reservation patch and enable workarounds.
- commit f1638b8
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 5592cab
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit e63daa2
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 525b096
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 9d204de
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- commit ed48e5e
- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
devm_pm_runtime_enable() (CVE-2024-42319 bsc#1229350).
- commit 7de6296
- remoteproc: imx_rproc: Skip over memory region when node value
is NULL (CVE-2024-43860 bsc#1229319).
- commit eb0027b
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit bb0530e
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 5fa7be4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 0be5a80
- soc: qcom: pdr: protect locator_addr with the main mutex
(CVE-2024-43849 bsc#1229307).
- commit 2a0434d
- wifi: virt_wifi: don't use strlen() in const context
(CVE-2024-43841 bsc#1229304).
- wifi: virt_wifi: avoid reporting connection success with wrong
SSID (CVE-2024-43841 bsc#1229304).
- commit 4c3129e
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 681a377
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- can: mcp251xfd: fix infinite loop when xmit fails
(CVE-2024-41088 bsc#1228469).
- can: mcp251xfd: move TX handling into separate file
(CVE-2024-41088 bsc#1228469).
- commit 11bb8df
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 9abb2d6
- blacklist.conf: Add libata entry that caused a regression (bsc#1229054)
- commit 0645b91
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229453).
- commit 803fe7f
- Refresh patches.suse/drm-amd-display-Fix-vs-typos.patch (git-fixes)
Alt-commit
- commit c32dc85
- drm/amd/display: Fix && vs || typos (git-fixes).
- commit e43afc5
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/platform-x86-intel-uncore-freq-Prevent-driver-loading-in-guests.patch.
- commit 90be679
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch.
- commit 7b2122f
- Refresh patches.suse/drm-amd-display-fix-cursor-offset-on-rotation-180.patch (git-fixes)
Alt-commit
- commit 9bfc3c1
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 050ccc2
- Refresh patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch (git-fixes)
Alt-commit
- commit b9a2ae1
- Refresh patches.suse/drm-amd-Flush-GFXOFF-requests-in-prepare-stage.patch (git-fixes)
Alt-commit
- commit 5d001ff
- Refresh patches.suse/drm-amd-display-Preserve-original-aspect-ratio-in-cr.patch (git-fixes)
Alt-commit
- commit 7a0957e
- Refresh patches.suse/0001-drm-amd-display-Implement-bounds-check-for-stream-en.patch (git-fixes)
Alt-commit
- commit 83a8df8
- Refresh patches.suse/0001-drm-amd-display-Add-NULL-test-for-timing-generator-i.patch (git-fixes)
Alt-commit
- commit 96ead93
- Refresh patches.suse/drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch (git-fixes)
Alt-commit
- commit c97f053
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 6eeb5fc
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229418).
- commit e9340b2
- blacklist.conf: added several CACHEFILES_ONDEMAND-related commits
- commit d10fac3
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit f56b67a
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit 66923e5
- net/rds: fix possible cp null dereference (git-fixes).
- commit 266afb9
- Refresh
patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git commit and move to sorted section.
- commit 89d3015
- blacklist.conf: add unwanted nfs patch
- commit e4440a4
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- commit 06d3b72
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- commit fdf3d9e
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- commit 582ab23
- Subject: RDMA/rxe: Handle zero length rdma (git-fixes)
- commit d8ea1d2
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit 6cb46c4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 6a10c09
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 3d017fc
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit 587e4e9
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- commit 1158708
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 79ff759
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit 3aa0f11
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc: Fail build if using recordmcount with binutils v2.37
(bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed()
(bsc#1194869).
- Refresh patches.suse/powerpc-vmlinux.lds-Add-an-explicit-symbol-for-the-S.patch
- powerpc: Mark .opd section read-only (bsc#1194869).
- commit 2160944
- blacklist.conf: Add a bunch of superfluous ppc changes reported by
git-fixes.
- commit 1ab92eb
- blacklist.conf: Add ppc more ppc unsupported arch paths and commits.
- commit e1bb6f6
- blacklist.conf: Add 9bce6243848d powerpc/rtas: make all exports GPL
- commit dd9bd74
- blacklist.conf: Add ppc 32bit commit and paths.
- commit 293db9f
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229190).
- commit 8da5fb8
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229188).
- commit f8287f7
- s390/cpacf: Make use of invalid opcode produce a link error
(git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes
bsc#1229187).
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079
bsc#1229187).
- commit ef080ed
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
(stable-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam
Deck revisions (stable-fixes).
- commit e806b26
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab
3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
(stable-fixes).
- commit f4c5b8f
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit e5ad6b1
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void
(git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c
(git-fixes).
- commit d462b94
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit d553d97
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit 1be5f1f
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 06e9d31
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 5b03027
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 1a47b84
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 3ebff38
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 3876087
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 1c4efdd
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit f11ea1a
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit ec733e8
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit dfa3da1
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit c01d7b5
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit 7ba0b5e
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit e8c18c1
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 2c5d7b8
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232).
- commit bbe2784
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 430794a
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 9456b6b
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- commit 64f81fd
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 04f92b6
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit aac2b6a
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- commit 7560f66
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- commit 8b41557
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 358a165
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 082b3ea
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit ae18577
- genirq: Take the proposed affinity at face value if force==true
(git-fixes).
- commit 01fe9f9
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit 3bff740
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- net: ks8851: Fix potential TX stall after interface reopen
(git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag
handling (git-fixes).
- commit 7cb23d2
- net: ks8851: Queue RX packets in IRQ handler instead of
disabling BHs (CVE-2024-35971 bsc#1224578).
- net: ks8851: Handle softirqs at the end of IRQ thread to fix
hang (CVE-2024-35971 bsc#1224578).
- net: ks8851: Inline ks8851_rx_skb() (CVE-2024-35971
bsc#1224578).
- net: ks8851: Fix TX stall caused by TX buffer overrun
(gix-fixes).
- commit a0911e3
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC
(git-fixes).
- commit dc74872
- ACPI: bus: Indicate support for the Generic Event Device thru
_OSC (git-fixes).
- Refresh
patches.suse/ACPI-Fix-Generic-Initiator-Affinity-_OSC-bit.patch.
- commit 5e88627
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
(git-fixes).
- commit 39678ad
- ACPI: x86: s2idle: Post-increment variables when getting
constraints (git-fixes).
- Refresh
patches.suse/ACPI-x86-s2idle-Fix-a-logic-error-parsing-AMD-constr.patch.
- commit f30def6
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/block-add-check-that-partition-length-needs-to-be-aligned-with-block-size.patch
(bsc#1227867 CVE-2024-41000 CVE-2023-52458 bsc#1220428).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
(git-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 05086b1
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- commit 5de370b
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 9250a1e
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- commit 29bbfef
- ACPI: bus: Rework system-level device notification handling
(git-fixes).
- Refresh
patches.suse/ACPI-bus-Ensure-that-notify-handlers-are-not-running.patch.
- commit 7dcab46
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- kernel/irq/irqdomain.c: fix memory leak with using
debugfs_lookup() (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- genirq: Don't return error on missing optional
irq_request_resources() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable
affinities (git-fixes).
- commit 2fd5320
- blacklist.conf: add IRQ HANDLING one
- commit de8bb5c
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- commit 096fa1d
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 9870725
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit 2f9875a
- PM: sleep: Fix possible deadlocks in core system-wide PM code
(bsc#1221269 CVE-2023-52498).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- commit 14accb2
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit 77769f2
- net: dsa: fix panic when DSA master device unbinds on shutdown
(CVE-2022-48808 bsc#1227958).
- commit 1e672d7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 082abd5
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit f99b96f
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit ddec32c
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 0d8cf49
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit db1c6e2
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit 13bca15
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- block: add check that partition length needs to be aligned
with block size (bsc#1227867 CVE-2024-41000).
- commit f6a3a4f
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 52582b0
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3fdab8d
- netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042
bsc#1228526).
- Refresh
patches.kabi/netfilter-KABI-workaround-for-CVE-2023-3610-bsc-1213.patch.
- commit 05a5b4a
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit 8a881f9
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit a738a53
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- libpcap
-
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python311
-
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- Update F00251-change-user-install-location.patch to make pip and
modern tools install directly in /usr/local when used by the user.
bsc#1225660
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- libzypp
-
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- python-azure-agent
-
- Restart the agent (bsc#1227600)
+ The agent service gets restarted in post but may fail due to a missing
config file. config files were split into their own package previously.
When we detect that we have to restore a config file we also need
to restart the agent again.
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- python-aiohttp
-
- Add patch CVE-2024-42367-path-traversal-via-symlink.patch:
* Do not follow symlinks for compressed file variants.
(CVE-2024-42367, bsc#1229226)
- python-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- Update to version 2.1.0 (bsc#1217537)
+ Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
rgnsrv-azure-eastus -> 40.121.202.140.pem expires 10 years
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-hpc-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- xen
-
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
xen-4.17.5-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- yast2-installation
-
- Don't block in AutoYaST upgrade (bsc#1181625)
- 4.5.20
- zypper
-
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74