- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- aaa_base
-
- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
* The wrapper rootsh is not a restricted shell (bsc#1199492)
- btrfsprogs
-
- Build btrfsprogs against libudev-devel properly.
0001-btrfs-progs-build-make-libudev-selectable.patch
- Also make libudev-devel a hard requirement in the spec file.
- Ignore path devices when scanning btrfs filesystem (bsc#1199391)
0001-btrfs-progs-build-add-optional-dependency-on-libudev.patch
0002-btrfs-progs-ignore-devices-representing-paths-in-mul.patch
0003-btrfs-progs-add-fallback-code-for-multipath-device-d.patch
- c-ares
-
- Update to version 1.19.0
Security:
* Low. Stack overflow in ares_set_sortlist() which is used
during c-ares initialization and typically provided by an
administrator and not an end user.
(bsc#1208067, CVE-2022-4904)
Changes:
* Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
specifying a custom hosts file location.
Bug fixes:
* Fix memory leak in reading /etc/hosts when using localhost
fallback.
* Fix chain building c-ares when libresolv is already included by
another project.
* File lookup should not immediately abort as there may be other
tries due to search criteria.
* Asterisks should be allowed in host validation as CNAMEs may
reference wildcard domains.
* AutoTools build system referenced bad STDC_HEADERS macro.
* Even if one address class returns a failure for
ares_getaddrinfo() we should still return the results we have.
* Fix ares_getaddrinfo() numerical address resolution with
AF_UNSPEC
* Fix tools and help information.
* Various documentation fixes and cleanups.
* Add include guards to ares_data.h
* c-ares could try to exceed maximum number of iovec entries
supported by system.
* The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
* Allow '/' as a valid character for a returned name for
CNAME in-addr.arpa delegation
* no longer forwards requests for localhost resolution per RFC6761
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain
in the search.
* Provide ares_nameser.h as a public interface as needed by NodeJS
* Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
it would cause a crash
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
Travis: add iOS target built with CMake (#378)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
- fix build
External projects were using non-public header ares_dns.h, make public again (#376)
It appears some outside projects were relying on macros in ares_dns.h, even
though it doesn't appear that header was ever meant to be public. That said,
we don't want to break external integrators so we should distribute this header
again.
- note that so versioning has moved to configure.ac
- note about 1.17.1
- fix sed gone wrong
autotools cleanup (#372)
* buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
Removed:
- Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CA:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
- catatonit
-
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
error not a warning.
- cloud-netconfig
-
- Update to version 1.7:
+ Overhaul policy routing setup (issue #19)
+ Support alias IPv4 ranges (issue #14)
+ Add support for NetworkManager (bsc#1204549)
+ Remove dependency on netconfig
+ Install into libexec directory
+ Clear stale ifcfg files for accelerated NICs (bsc#1199853)
+ More debug messages
+ Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
Tumbleweed, update path (poo#116221)
- containerd
-
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.19>
Includes fixes for:
- CVE-2023-25153 bsc#1208423
- CVE-2023-25173 bsc#1208426
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.12>
- Update to containerd v1.6.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
- curl
-
- Security fixes:
* [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
* [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
* [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
Add curl-CVE-2023-27535.patch
* [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
Add curl-CVE-2023-27536.patch
* [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
* HTTP multi-header compression denial of service
* Add curl-CVE-2023-23916.patch
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
* Control codes in cookie denial of service
* Add curl-CVE-2022-35252.patch
- dbus-1
-
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* fix-upstream-CVE-2020-35512.patch
- docker
-
- update to 20.10.23-ce.
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
bsc#1205375 CVE-2022-36109
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- dracut
-
- Update to version 049.1+suse.251.g0b8dad5:
* fix(dracut.sh): omission is an addition to other omissions in conf files (bsc#1208929)
* fix(nfs): chown using rpc default group (bsc#1204929)
- Update to version 049.1+suse.247.gfb7df05c:
* fix(systemd): add missing modprobe@.service (bsc#1203749)
* fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
* fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
* fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- Update to version 049.1+suse.238.gd8dbb075:
* fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
* fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
- elfutils
-
- 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch:
make debuginfo extraction from go1.19 built binaries work again.
(bsc#1203599)
- Added 4G memory build constraint for aarch64 to pass testing.
- Update to version 0.177 (Martin Liška):
elfclassify: New tool to analyze ELF objects.
readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
backends: Add support for C-SKY.
- Update to version 0.176
build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
backends: riscv improved core file and return value location support.
Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether
the dyn data read from core file is truncated (bnc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero
terminated string (CVE is a bit misleading, as this is not a bug
in libelf as described) (bnc#1125007)
- Removed patches:
- libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
- libebl-check-NT_PLATFORM-core-notes.patch
- Update to version 0.175 (Martin Liška):
readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
libdwelf: New function dwelf_elf_begin.
libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bnc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are
files (bnc#1112726)
- Removed patches:
- arlib-check-that-sh_entsize-isnt-zero.patch
- libdwfl-sanity-check-partial-core-file-data-reads.patch
- size-handle-recursive-elf-ar-files.patch
- Update to version 0.174 (Martin Liška):
libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
strip: Handle mixed (out of order) allocated/non-allocated
sections.
unstrip: Handle SHT_GROUP sections.
backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- CVE-2018-16402: libelf: denial of service/double free on an
attempt to decompress the same section twice (bnc#1107066)
Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
Removed patches:
libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
libdw-check-end-of-attributes-list-consistently.patch
libdw-readelf-make-sure-there-is-enough-data-to-read.patch
- Update to version 0.173 (Martin Liška):
More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
- Update to version 0.172 (Martin Liška):
No functional changes compared to 0.171.
Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
- Update to version 0.171 (Martin Liška):
DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
readelf: Handle all new DWARF5 sections.
- -debug-dump=info+ will show split unit DIEs when found.
- -dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
- Update to version 0.170 (Martin Liška):
libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
backends: The bpf disassembler is now always build on all platforms.
- Includes changes in 0.169
backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bnc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bnc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bnc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bnc#1033084)
- CVE-2017-7608: heap-based buffer overflow in
ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption)
via a crafted ELF file (bnc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
over-read and application crash) via a crafted ELF file (bnc#1033089)
- Removed patches:
- obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
- ppc-machine-flags.patch
- elflint-check-symbol-table-data-is-big-enough-before-check.patch
- elflint-dont-check-section-group-without-flags-word.patch
- libelf-check-compression-before-allocate-output-buffer.patch
- readelf-fix-off-by-one-sanity-check.patch
- use-the-empty-string-for-note-names-with-zero-size.patch
- elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
- elfutils-dont-trust-sh_entsize.patch
- Packaging cleanups:
- Modernize specfile and metadata. (Jan Engelhardt)
- Use %make_build (Martin Liška)
- Update License tag to GPL-3.0-or-later, as requested by legal
review. (Dominique Leuenberger)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils. (Antoine Belvire)
- Fix typo in the recommends name bsc#1104264 (Tomas Chvatal)
- Use %license (boo#1082318) (Fabian Vogt)
- Test fixes (Andreas Schwab):
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
- expat
-
- Security fix:
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
* (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
function in xmlparse.c
- Added patch expat-CVE-2022-40674.patch
- freetype2
-
- disable brotli linkage / WOFF2 support for now to keep dependencies
as before.
- Added patches:
* CVE-2022-27404.patch
+ fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
* CVE-2022-27405.patch
+ fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
* CVE-2022-27406.patch
+ fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
* Fix a heap buffer overflow has been found in the handling of
embedded PNG bitmaps, introduced in FreeType version 2.6
(CVE-2020-15999 bsc#1177914)
* Minor improvements to the B/W rasterizer.
* Auto-hinter support for Medefaidrin script.
* Fix various memory leaks (mainly for CFF) and other issues that
might cause crashes in rare circumstances.
- Update to version 2.10.2
* Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
* Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
MM fonts.
* Type 1 fonts with non-integer metrics are now supported by the new
(CFF) engine introduced in FreeType 2.9.
* Drop support for Python 2 in Freetype's API reference generator
* Auto-hinter support for Hanifi Rohingya
* Document the `FT2_KEEP_ALIVE' debugging environment variable.
- glib2
-
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
Backported from upstream to fix regression on s390x.
(bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
from upstream to fix normal form handling in GVariant.
(CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
glgo#GNOME/glib!3125)
- glibc
-
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
(bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
(CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
(bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
with recent GCC
- x86-shared-non-temporal-threshold.patch: Reversing calculation of
__x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
(jsc#PED-987)
- disable-check-consistency.patch: i386: Disable check_consistency for GCC
5 and above (bsc#1201640, BZ #25788)
- static-tls-surplus.patch: Remove tunables (bsc#1201560)
- gnutls
-
- Security Fix: [bsc#1208143, CVE-2023-0361]
* Bleichenbacher oracle in TLS RSA key exchange
* Add gnutls-CVE-2023-0361.patch
- Validate input when calling fmemopen() [bsc#1204511]
* Add gnutls-check-system_priority_buf-input.patch
- Security fix: [bsc#1202020, CVE-2022-2509]
* Fixed double free during verification of pkcs7 signatures
* Add gnutls-CVE-2022-2509.patch
- gpg2
-
- Security fix [CVE-2022-34903, bsc#1201225]
- Vulnerable to status injection
- Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
of 3DES if we are in FIPS mode. (bsc#1196125)
- grub2
-
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
(bsc#1205554) (PED-2947)
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- hwinfo
-
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
nvme_core.multipath=1 (bsc#1199948)
- 21.82
- merge gh#openSUSE/hwinfo#112
- fix bug in determining serial console device name (bsc#1198043)
- 21.81
- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79
- merge gh#openSUSE/hwinfo#106
- Always read numerical 32bit serial number from EDID header.
Override this with ASCII serial number from display descriptor,
if available.
- Display numerical 32bit serial number for monitors without serial
number display descriptor
- 21.78
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
- merge gh#openSUSE/hwinfo#100
- recognize loongarch64 architecture
- 21.75
- merge gh#openSUSE/hwinfo#98
- update pci and usb ids
- 21.74
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
- icu
-
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
from upstream, use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- iputils
-
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- kdump
-
- unload.sh-support-kexec-unload-when-kexec_file_load.patch
Fix unload when secure boot enabled (bsc#1186272)
- fix-network-related-dracut-options-handling-for-fadu.patch
Fix network-related dracut options handling for fadump case
(bsc#1201051)
- kernel-default
-
- series.conf: cleanup
- update upstream references and resort:
- patches.suse/wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
- commit 9bae747
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787).
- commit 028f0fd
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
CVE-2023-28772).
- commit 5c5e4d3
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
occasionally"/ (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct
hv_pci_dev (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
cause panic (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
(bsc#1209785).
- commit 6b9e385
- kvm: initialize all of the kvm_debugregs structure before
sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit bd9c11d
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
CVE-2023-28464).
- commit 677d920
- net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
(bsc#1209366 CVE-2023-28466).
- commit 5f7c4a6
- Move ENA upstream fix to sorted section.
- commit aff6c71
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 50ba48b
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
CVE-2023-1390).
- commit b2c1533
- tun: avoid double free in tun_free_netdev (bsc#1209635
CVE-2022-4744).
- commit c5cf205
- net/sched: tcindex: update imperfect hash filters respecting
rcu (CVE-2023-1281 bsc#1209634).
- commit 97b3f9d
- fs/proc: task_mmu.c: don't read mapcount for migration entry
(CVE-2023-1582, bsc#1209636).
- commit 35d5c42
- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
(bsc#1209290 CVE-2023-28327).
- commit 000517c
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
CVE-2017-5753).
- commit cec3f24
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit 6a58da4
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit 06eaf34
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 890554b
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
(bsc#1209291 CVE-2023-28328).
- commit af7b7eb
- prlimit: do_prlimit needs to have a speculation check
(bsc#1209256 CVE-2017-5753).
- commit a2ac7fb
- rds: rds_rm_zerocopy_callback() correct order for
list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
(CVE-2023-1078 bsc#1208601).
- commit ec0c93c
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
bsc#1208598).
- commit d651270
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
(CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
(CVE-2023-1095 bsc#1208777).
- commit b65b67b
- cifs: fix use-after-free caused by invalid pointer `hostname`
(bsc#1208971).
- commit d1a37f1
- HID: bigben: use spinlock to safely schedule workers
(CVE-2023-25012 bsc#1207560).
- HID: bigben_worker() remove unneeded check on report_field
(CVE-2023-25012 bsc#1207560).
- HID: bigben: use spinlock to protect concurrent accesses
(CVE-2023-25012 bsc#1207560).
- commit 3c79258
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
CVE-2023-23004).
- commit a8f9557
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
When the source file location provided with -L is either prefixed or
postfixed with forward slash, the script get stuck in a infinite loop
inside calc_dirs() where $path is an empty string.
user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
...
path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
path = /usr/src/linux-5.14.21-150500.41/Documentation
path = /usr/src/linux-5.14.21-150500.41
path = /usr/src
path = /usr
path =
path =
path =
... # Stuck in an infinite loop
This workarounds the issue by breaking out the loop once path is an
empty string. For a proper fix we'd want something that
filesystem-aware, but this workaround should be enough for the rare
occation that this script is ran manually.
Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(CVE-2023-1118 bsc#1208837).
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
function (CVE-2023-23000 bsc#1208816).
- commit 52c897a
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 5959f82
- drm/virtio: Fix NULL vs IS_ERR checking in
virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit 2fd8a08
- net/mlx5: DR, Fix NULL vs IS_ERR checking in
dr_domain_init_resources (bsc#1208845 CVE-2023-23006).
- commit 14082ec
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- commit b092aa9
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
which sets the variable for a simple command.
However, the script is no longer a simple command. Export the variable
instead.
- commit 152a069
- README.BRANCH: Update
Relieve Ivan Ivanov of his duties as branch maintainer as I am back.
- commit 1da55f1
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core (bsc#1208741 CVE-2023-22995).
- commit 7a31d48
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit 18d9ec7
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- commit 7a62f13
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- commit 3a695c7
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit f589074
- usb: rndis_host: Secure rndis_query check against int overflow
(CVE-2023-23559 bsc#1207051).
- commit d9a137b
- net: mana: Assign interrupts to CPUs based on NUMA nodes
(bsc#1208153).
- Refresh
patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 342fb4d
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit 4d24191
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1f21d95
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- commit 77af0b0
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit f246cad
- Refresh
patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd.patch (bsc#1206351).
The former kABI fix only move the newly added member to scsi_host_template to
the end of the struct. But that is usually allocated statically, even by 3rd
party modules relying on kABI. Before we use the member we need to signalize
that it is to be expected. As we only expect it to be allocated by in-tree
modules that we can control, we can use a space in the bitfield to signalize
that.
- commit 0e772e8
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit f2c8c19
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit baf6bec
- net: ena: optimize data access in fast-path code (bsc#1208137).
- commit 09cfdc0
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
bsc#1207795).
- commit c6f042b
- Update
patches.suse/net-mlx5-Allocate-individual-capability.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Use-order-0-allocations-for-EQs.patch
(bsc#1195175).
Fixed bugzilla reference.
- commit e56868b
- watchdog: diag288_wdt: do not use stack buffers for hardware
data (bsc#1207497).
- commit f31eb64
- watchdog: diag288_wdt: fix __diag288() inline assembly
(bsc#1207497).
- commit 2f246cf
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 64f6682
- libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
(bsc#1204502 CVE-2022-3606).
- commit eef9e8d
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- Delete config/armv7hl/default.
- Delete config/armv7hl/lpae.
- commit 022c807
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
(bsc#1207769).
- commit be9727c
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
(git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
(git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
(git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
(git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
(git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
(git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: Revert "/scsi: qla2xxx: Fix disk failure to rediscover"/
(git-fixes).
- commit 25cb1e4
- dm thin: Use last transaction's pmd->root when commit failed
(git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
(git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
enabled (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
devices (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
(git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
(git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm btree: add a defensive bounds check to insert_at()
(git-fixes).
- commit 223b9c6
- nbd: Fix incorrect error handle when first_minor is illegal
in nbd_dev_add (git-fixes).
- Refresh for the above change,
patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 9c00c1c
- nbd: fix max value for 'first_minor' (git-fixes).
- Refresh for the above change,
patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch.
- commit dd126a5
- dm space maps: don't reset space map allocation cursor when
committing (git-fixes).
- dm verity: fix require_signatures module_param permissions
(git-fixes).
- dm integrity: fix flush with external metadata device
(git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- nbd: make the config put is called before the notifying the
waiter (git-fixes).
- nbd: restore default timeout when setting it to zero
(git-fixes).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- commit 50ca764
- rbd: work around -Wuninitialized warning (git-fixes).
- Refresh for the above change,
patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
- commit e923159
- blacklist.conf: add git-fixes commits which won't be backported
- commit 4601d33
- blacklist.conf: removing SCSI git-fix mistakenly added
This fix was labelled as already present in our
code base, but it was not.
- commit bcd8cfe
- scsi: pmcraid: Fix missing resource cleanup in error case
(git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
(git-fixes).
- scsi: megaraid: Fix error check return value of
register_chrdev() (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
(git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
(git-fixes).
- scsi: libiscsi: Fix UAF in
iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
(git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
(git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
(git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
"/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
(git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and
running device (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device
(git-fixes).
- scsi: sr: Return correct event when media event code is 3
(git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush
(git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback
(git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
(git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
IRQs (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through
RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
(git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
(git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
(git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
irq (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
processing (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during
reset (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens
(git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
disabled (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
commands (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
(git-fixes).
- commit cf6a959
- scsi: ufs: Make sure clk scaling happens only when HBA is
runtime ACTIVE (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by
ufshcd_hold() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
(git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
(git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered
(git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
(git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
(git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
ufs_qcom_testbus_config() (git-fixes).
- commit 0335e79
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- commit dcee4fd
- scsi: ufs: Clean up completed request without interrupt
notification (git-fixes).
- Refresh
patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully.
- commit 0e26434
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- commit 8d5e108
- scsi: ufs: Improve interrupt handling for shared interrupts
(git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts
(git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
(git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
(git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
(git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
(git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
(git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
(git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
(git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe()
(git-fixes).
- scsi: core: free sgtables in case command setup fails
(git-fixes).
- scsi: pm: Balance pm_only counter of request queue during
system resume (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
been removed (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
connections (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read
(git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
(git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
(git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
(git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
(git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
the probe fails (git-fixes).
- commit e77b62a
- scsi: hisi_sas: Replace in_softirq() check in
hisi_sas_task_exec() (git-fixes).
- Refresh patches.suse/scsi-hisi_sas-Remove-preemptible.
- commit ce7bed3
- blacklist.conf: add git-fixes to be skipped
- commit cb4a471
- netfilter: nft_payload: incorrect arithmetics when fetching
VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 9fe77eb
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 028641d
- HID: check empty report_list in bigben_probe() (git-fixes,
bsc#1206784).
- commit c479b33
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit f6860d6
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit e015217
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit b165b65
- ceph: avoid putting the realm twice when decoding snaps fails
(bsc#1207198).
- ceph: do not update snapshot context when there is no new
snapshot (bsc#1207218).
- commit 2f13b5a
- ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames (bsc#1207168).
- commit ad4a091
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit 88c4e72
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207125 CVE-2023-23455).
- commit e595908
- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0
- mm/memcg: optimize memory.numa_stat like memory.stat
(bsc#1206663).
- commit d7619da
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- commit ebdddc5
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit da7ea39
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 49dc51c
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 0726009
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d
- Refresh
patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
For bsc#1206904, see:
https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116
- README.BRANCH: Added myself as co-maintainer
And drop Oscars name.
- commit 0607a55
- ipv4: Handle attempt to delete multipath route when fib_info
contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2
- net: ipv4: fix route with nexthop object delete warning
(bsc#1204171 CVE-2022-3435).
- commit 51fb670
- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1
- module: merge repetitive strings in module_sig_check()
(git-fixes).
- commit e890371
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit bbf8a43
- modules: lockdep: Suppress suspicious RCU usage warning
(git-fixes).
- commit a75abac
- module: Remove accidental change of module_enable_x()
(git-fixes).
- commit c1799c7
- tracing: Verify if trace array exists before destroying it
(git-fixes).
- commit 484ce03
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit f1282a1
- blacklist.conf: Add reverted commit
- commit 1048706
- powerpc: Ensure that swiotlb buffer is allocated from low memory
(bsc#1156395).
- commit 6657d5f
- powerpc/powernv: Avoid re-registration of imc debugfs directory
(bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
translation in use (bsc#1156395).
- commit 1967b85
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- commit eef87f7
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
(bsc#1204989,bsc#1205601).
- commit b1fad8e
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 2423c59
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824
- blacklist.conf: ("/arm64: lse: Fix LSE atomics with LLVM"/)
- commit 22e012e
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit a642f3b
- blacklist.conf: ("/arm64: lse: fix LSE atomics with LLVM's integrated assembler"/)
- commit 76593cf
- blacklist.conf: ("/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator"/)
- commit 1caef50
- Refresh
patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
Update commit log to prevent patch and quilt from thinking it should apply the
example hunks and fail.
- commit 78fab3f
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
(git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
(git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
(git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
(git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
(git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- sunrpc: check that domain table is empty at module unload
(git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
(git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
(git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit c8d19aa
- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7
- blacklist.conf: ("/arm64: dts: ls1028a: fix typo in TMU calibration data"/)
- commit 716a28c
- blacklist.conf: ("/arm64: Validate tagged addresses in access_ok() called from kernel"/)
- commit 9dd7e12
- blacklist.conf: ("/arm64: insn: consistently handle exit text"/)
- commit f816334
- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49
- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8
- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a
- ext4: fix uninititialized value in 'ext4_evict_inode'
(bsc#1206893).
- commit ff976a4
- ext4: fix corruption when online resizing a 1K bigalloc fs
(bsc#1206891).
- commit 140cef5
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 0696f69
- ext4: silence the warning when evicting inode with
dioread_nolock (bsc#1206889).
- commit 8d66379
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 027bd53
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1206886).
- commit 7d14bba
- Update tags in
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit 05e8ed4
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 1b01bae
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1206881).
- commit f1f3d4f
- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f
- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit b931654
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit fde0a78
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit ecac58a
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit 35c3734
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4ca9666
- ext4: correct the error path of ext4_write_inline_data_end()
(bsc#1206875).
- commit 9ad9468
- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93
- blacklist.conf: blacklist efc61345274d
- commit 8078536
- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0
- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb
- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b
- blacklist.conf: blacklist f25391ebb475
- commit b3ab927
- ext4: avoid race conditions when remounting with options that
change dax (bsc#1206860).
Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2
- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit 9adbb3f
- ext4: mark block bitmap corrupted when found instead of BUGON
(bsc#1206857).
- commit 0b7c7d5
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35
- ext4: choose hardlimit when softlimit is larger than hardlimit
in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9
- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037
- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b
- sched/psi: Fix sampling error and rare div0 crashes with
cgroups and high uptime (bsc#1206841).
- commit d518fcd
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
members and padding (jsc#PED-1445).
- commit 76decfc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit b04c714
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit 3405c6d
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit 3d8dab2
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 2d03a85
- drm: mali-dp: potential dereference of null pointer
(CVE-2022-3115 bsc#1206393).
- commit 9246c67
- wifi: wilc1000: validate pairwise and authentication suite
offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a
- media: meson: vdec: potential dereference of null pointer
(CVE-2022-3112 bsc#1206399).
- commit 32c7d25
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit 81eb278
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit aa42b50
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788
- udf: fix the problem that the disc content is not displayed
(bsc#1206644).
- commit baed6fa
- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit 8c98e30
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit 0743d18
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit f8fb63e
- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa
- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d
- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b
- ext4: iomap that extends beyond EOF should be marked dirty
(bsc#1206637).
- commit e1b2dad
- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2
- lib/notifier-error-inject: fix error when writing -errno to
debugfs file (bsc#1206634).
- commit dea9978
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
(bsc#1206634).
- commit 2504e98
- blacklist.conf: Blacklist 9066e151c379
- commit 966d217
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d
- struct usbnet: move new members to end (git-fixes).
- commit f647bb2
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6
- blacklist.conf: ("/arm64: dts: armada-3720-turris-mox: add firmware node"/)
- commit 77ea716
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f
- blacklist.conf: ("/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()"/)
- commit 8dcdb26
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
- Update metadata references
- commit 71ea896
- Update
patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 66cd628
- Update
patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit 7c181a5
- RDMA/uverbs: Check for null return of kmalloc_array
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 73b6bff
- Update
patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
(jsc#SLE-16683 CVE-2022-3106 bsc#1206397).
- commit 3e8cb15
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit d5698e3
- Update
patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
(CVE-2022-3111 bsc#1206394 git-fixes).
- commit 2ff0fd7
- blacklist.conf: cosmetic, does not fix a bug
- commit c7bc28a
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
(git-fixes).
- commit 4972874
- tracing: Free buffers when a used dynamic event is removed
(git-fixes).
- commit 3703499
- tracing/dynevent: Delete all matched events (git-fixes).
- commit dcf29de
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
(git-fixes).
- commit 6ce4166
- blacklist.conf: Risky, requires reworking of mempolicies
- commit e11ba4b
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit 8dbcec6
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit f800975
- afs: Fix some tracing details (git-fixes).
- commit 161393a
- blacklist.conf: cosmetic fix
- commit 39c4f5a
- usb: host: xhci-hub: fix extra endianness conversion
(git-fixes).
- commit 3574ccc
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit d0798c9
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- commit 2e9f75b
- net: mana: Fix race on per-CQ variable napi work_done
(git-fixes).
- commit 935369b
- Update patches.suse/drm-amd-display-memory-leak.patch
(CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8).
Update the metadata of this patch and in particular its commit ID.
This fix was committed twice upstream, and we used one commit ID in
all branches except SLE15-SP3 where we use the other one. Align this
branch with what was done in all other branches. Benefits:
* No need to blacklist the other commit ID as it was never mentioned
in stable trees.
* Minimize the differences between branches to lower the risk of merge
conflicts.
I verified that the resulting source tree is exactly the same before
and after this change.
- commit 27c76af
- Rename 0001-drm-amd-display-memory-leak.patch
Use the same name as in all other branches for consistency.
- commit 9d96a87
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 6426714
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 1e50bbf
- ext4: Fixup pages without buffers (bsc#1205495).
- commit ad24b58
- kbuild: Unify options for BTF generation for vmlinux and modules
(bsc#1204693).
- Refresh
patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch.
- commit 5bc49fe
- fuse: lock inode unconditionally in fuse_fallocate()
(bsc#1206179).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- cuse: prevent clone (bsc#1206177).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: update attr_version counter on fuse_notify_inval_inode()
(bsc#1206175).
- fuse: don't check refcount after stealing page (bsc#1206174).
- commit 8cb708c
- Refresh
patches.kabi/kABI-remove-new-member-of-usbip_device.patch.
- commit bf09767
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
Fix up after merge from cve/5.3. The patch can be closer to upstream in
15sp3 as we have more than in the cve branch.
- commit 344ce75
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit df768bd
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 18b6c2b
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit ef1bd8e
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit dce5fa8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit ff0c181
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- commit 012ee9f
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit f959a8e
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 2043e6b
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205988).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1205987).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1205986).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- commit 3a3eff6
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 1cb9473
- io_uring/af_unix: defer registered files gc to io_uring release
(bsc#1204228 CVE-2022-2602).
- commit fee5862
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
(git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
(git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
(git-fixes).
- commit fdf27d9
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- commit 482b418
- block: Do not reread partition table on exclusively open device
(bsc#1190969).
- commit 1d888c0
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit 81a86f3
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit f11d21c
- Move upstreamed i915 patch into sorted section
- commit 4f7c541
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
resumed (git-fixes).
- wifi: mac8021: fix possible oob access in
ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
(git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
(git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
free_sja1000dev() (git-fixes).
- commit c233552
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
(git-fixes).
- commit a2d69de
- xen/privcmd: Corrected error handling path (git-fixes).
- commit 9273ea4
- blacklist.conf: add 5c13a4a0291b3019
- commit f414b37
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit d068003
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 310f73b
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit e66563b
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
(git-fixes).
- commit 2026fbd
- blacklist.conf: add e8240addd0a39
- commit c8fea7d
- blacklist.conf: add 0f4558ae91870
- commit 1f46313
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit b1da831
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit 7bcfa5e
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit df9a18a
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit b7e4dba
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit 5c64258
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 390f969
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit d1d28ba
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 26320ba
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit cb178a9
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 6b23717
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
delivery (git-fixes).
- commit c3e71c4
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit b773587
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit f009c3f
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc41a1f
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 9eafa9a
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
(git-fixes).
- commit a448c92
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit eda3b54
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit b68f2a5
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit 43d862b
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit 0f71692
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit e768449
- xen-blkback: prevent premature module unload (git-fixes).
- commit 55eaccd
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit 5b34629
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 48c193f
- USB: serial: option: remove old LARA-R6 PID.
- commit 50cfc4c
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- commit 3cf3877
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6ac2249
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit 774f54f
- drm/i915: fix TLB invalidation for Gen12 video and compute
engines (CVE-2022-4139 bsc#1205700).
- commit 58aaa10
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit 09cd28d
- blacklist.conf: duplicate
- commit 468555e
- blacklist.conf: cosmetic fix
- commit a8e199d
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bc1c359
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 1a77104
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit 43cdbc4
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit 3bef7b9
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit e4d40ab
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 9a43bb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
than input clock (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- commit acc3c71
- iio: core: Fix entry not deleted when
iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
(git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
(git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
(git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
(git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
in regulator_register() (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal
(git-fixes).
- Input: iforce - invert valid length check when fetching device
IDs (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
(git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
(git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
(git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- misc/vmw_vmci: fix an infoleak in
vmci_host_do_receive_datagram() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
at91_adc_allocate_trigger() (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
iio_sysfs_trig_init() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
pci_dev_put() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
CD# debounce timeout (git-fixes).
- mmc: core: properly select voltage range without power cycle
(git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
(git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
(git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- commit d87f9df
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
(git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
(git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
(git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
snd_usbmidi_output_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
(git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
(git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
(git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
(git-fixes).
- drm/imx: imx-tve: Fix return type of
imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
"/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
(git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
(git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
(git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
(git-fixes).
- ASoC: wm8997: Revert "/ASoC: wm8997: Fix PM disable depth
imbalance in wm8997_probe"/ (git-fixes).
- ASoC: wm5110: Revert "/ASoC: wm5110: Fix PM disable depth
imbalance in wm5110_probe"/ (git-fixes).
- ASoC: wm5102: Revert "/ASoC: wm5102: Fix PM disable depth
imbalance in wm5102_probe"/ (git-fixes).
- commit 27fe82f
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 25c2f2d
- Refresh
patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch.
- Delete patches.suse/nfsd-show_open-NULL-deref.patch.
These patches are for the same git commit, so merging.
"/return SEQ_SKIP"/ is changed to "/return 0"/ to match
upstream. Difference is only important if some content
has already been generated. In that case SEQ_SKIP discards it
and 0 leaves it. Here we haven't generated any content.
bsc#1205753
- commit 4d06f59
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit add2103
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- commit ced1fd6
- Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753)
- commit 5941245
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- commit 7b66fa8
- blacklist.conf: kvm_arch_no_poll() is called only once already
- commit 3bc62c2
- KVM: s390: pv: don't allow userspace to set the clock under PV
(git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- commit 76c25b0
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit fc4b67c
- Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705)
- commit 0d77342
- blacklist.conf: Unnecessary build config fix.
- commit 68959f0
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- commit 55df511
- iwlwifi: dbg: disable ini debug in 9000 family and below
(git-fixes).
- commit 152ef40
- blacklist.conf: kABI
- commit 509fe6c
- blacklist.conf: kABI
- commit 8bad736
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit dd6f85a
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit cac2314
- md: Replace snprintf with scnprintf (git-fixes).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit 8c3cff2
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector
(git-fixes).
- dm integrity: set journal entry unused when shrinking device
(git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device
when shrinking (git-fixes).
- dm writecache: return the exact table values that were set
(git-fixes).
- commit e0e374e
- dm: fix request-based DM to not bounce through indirect
dm_submit_bio (git-fixes).
- Refresh for the above change,
patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch.
- commit 259862c
- dm: remove special-casing of bio-based immutable singleton
target on NVMe (git-fixes).
- commit 31a00a1
- blacklist.conf: add non-backport git-fixes commit
- commit 42c7406
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit 3d5973a
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit e93318a
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 99fc524
- add another bug reference to some hyperv changes (bsc#1205617).
- commit b575115
- blacklist.conf: cleanup
- commit b0b46b5
- media: vim2m: initialize the media device earlier (git-fixes).
- commit c5af813
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 2431c97
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- commit 95d4e3d
- staging: greybus: light: fix a couple double frees (git-fixes).
- commit 58bdfb3
- blacklist.conf: duplicate
- commit 3dd1632
- tracing: Fix wild-memory-access in register_synth_event()
(git-fixes).
- commit 7dac608
- ftrace: Fix null pointer dereference in ftrace_add_mod()
(git-fixes).
- commit 4244693
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 464f48f
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit c7550d0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 47e4dec
- ring-buffer: Include dropped pages in counting dirty patches
(git-fixes).
- commit 284d26b
- tracing/ring-buffer: Have polling block on watermark
(git-fixes).
- commit d2a2e4f
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit b801309
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- commit 3c8b93e
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1156395).
- commit 0bc0054
- blacklist.conf: Add fixes for unsupported platforms
- commit 27bff58
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 8075958
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit d8c38e0
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 12fec90
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 3b01230
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT
for L1 (git-fixes).
- commit d56f1ae
- KVM: nVMX: Validate the EPTP when emulating
INVEPT(EXTENT_CONTEXT) (git-fixes).
- commit 26dc9e3
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- commit 2f5ac01
- blacklist.conf: add 514ccc194971d0 ("/x86/kvm: fix a missing-prototypes
"/vmread_error"/"/)
- commit c73c5e6
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
support (git-fixes).
- commit 038458a
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls
only when apicv is globally disabled (git-fixes).
- commit c95874c
- mISDN: fix misuse of put_device() in mISDN_register_device()
(git-fixes).
- commit fea2547
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- commit 1c08940
- net: thunderbolt: Fix error handling in tbnet_init()
(git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
(git-fixes).
- commit d89f3be
- Move upstreamed fbdev fix into sorted section
- commit c2656f7
- pinctrl: devicetree: fix null pointer dereferencing in
pinctrl_dt_to_map (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
(git-fixes).
- ata: libata-transport: fix double ata_host_put() in
ata_tport_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of
dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
(git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
case of errors (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
(git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
(git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
(git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
(git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
vc4_drm_register() (git-fixes).
- hamradio: fix issue of dev reference count leakage in
bpq_device_event() (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- capabilities: fix undefined behavior in bit shift for
CAP_TO_MASK (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
(git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
(git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration
(git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing
the device (git-fixes).
- media: venus: dec: Handle the case where find_format fails
(git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
(git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
(git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
(git-fixes).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(git-fixes).
- commit 87c5230
- usbip: usbip_event: use global lock (git-fixes).
- commit dfdff40
- usbip: synchronize event handler with sysfs code paths
(git-fixes).
- commit 02e148d
- usbip: vudc_sysfs: use global lock (git-fixes).
- commit 0d41db9
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 436bc70
- usbip: stub_dev: remake locking for kABI (git-fixes).
- commit 9d2c460
- kABI: remove new member of usbip_device (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths
(git-fixes).
- commit a40ec71
- blacklist.conf: kABI
- commit 304049d
- blacklist.conf: kABI
- commit 18d7f9f
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit b0b38c0
- blacklist.conf: too intrusive
- commit c4ba71f
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 84f9a38
- blacklist.conf: inapplicable
- commit f1ebd1d
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
(git-fixes).
- commit 8070192
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 761173c
- kabi: fix transport_add_device change (git-fixes).
- commit 9ff4597
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(bsc#1205428 LTC#200501).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (bsc#1205428 LTC#200501).
- commit 402d4fe
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
(git-fixes).
- scsi: drivers: base: Propagate errors through the transport
component (git-fixes).
- scsi: drivers: base: Support atomic version of
attribute_container_device_trigger (git-fixes).
- commit 7f6d450
- blacklist.conf: skip git-fix that is too invasive
- commit e017099
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
(git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
(git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
created (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment
queue limits (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
is zero (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
(git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- block: ataflop: fix breakage introduced at blk-mq refactoring
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
(git-fixes).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- commit 3b9349e
- Update references of
patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser
(bsc#1205428 LTC#200501).
- commit b4aa54c
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- commit 2be09ac
- blacklist.conf: ("/arm64: topology: move store_cpu_topology() to shared code"/)
- commit 68eedfd
- blacklist.conf: ("/arm64: topology: fix possible overflow in amu_fie_setup()"/)
- commit 4b45d2c
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default.
Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch
And refresh kABI patch.
- commit 543771f
- Drop NVMeoF support for TP 8013 & 8014 (bsc#1192761 bsc#1204827)
The kernel side for the TP 8013 and 8014 support was added before we
finished implementing the feature support in nvme-cli in 2.x.
As it turns out the rather old base version of nvme-cli would require
to completely re-implement the support for these feature for the 1.x
branch.
As SP3 is nearing it's end of the active update cycle, we decided
against to update the nvme-cli package hence these patches for the
kernel are not needed. In fact they introduce, regression due to the
nvme-cli package not able to do handle the new API correctly. So let's
remove these patches as there is no user for it.
- Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch.
- Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch.
- Delete patches.suse/nvme-Add-connect-option-discovery.patch.
- Delete
patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch.
- Delete
patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch.
- Delete patches.suse/nvme-display-correct-subsystem-NQN.patch.
- Delete
patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch.
- Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch.
- Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch.
- Delete
patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch.
- Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch.
- Delete
patches.suse/nvmet-register-discovery-subsystem-as-current.patch.
- Delete
patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch.
- Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch.
- commit 65fe080
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 3521cb1
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/ (bsc#1200845)
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- PCI: hv: Fix typo (bsc#1204446).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- commit 5f3eadd
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- commit 199a84c
- netfilter: nfnetlink_osf: fix possible bogus match in
nf_osf_find() (bsc#1204614).
- commit e9ccbaa
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller (git-fixes).
- commit 9593f85
- blacklist.conf: add some git-fixes commits which won't be backported
- commit 19d26a3
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 575009a
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 1da3c8a
- Refresh sorted patches.
- commit 759ab14
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit 6ad0462
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- commit 3de57a1
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
Refresh to upstream version of patch.
- commit 381d74e
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- commit b1a7e6a
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 617a752
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit f0e9f4a
- r8152: Add MAC passthrough support to new device (git-fixes).
- commit 2c0b0e4
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
(git-fixes).
- Refresh
patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing.
- commit 49c6928
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203144 LTC#199881).
- s390: fix double free of GS and RI CBs on fork() failure
(git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
(git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure
(git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
(git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- commit 2fade04
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- commit 114228e
- xfs: tail updates only need to occur when LSN changes
(git-fixes).
- commit 9d404a5
- xfs: factor common AIL item deletion code (git-fixes).
- commit b1771cc
- xfs: Throttle commits on delayed background CIL push
(git-fixes).
- commit e58ad94
- xfs: Lower CIL flush limit for large logs (git-fixes).
- commit 66c16cf
- xfs: Use scnprintf() for avoiding potential buffer overflow
(git-fixes).
- commit 1495b79
- xfs: check owner of dir3 blocks (git-fixes).
- commit cb50471
- xfs: xfs_buf_corruption_error should take __this_address
(git-fixes).
- commit 840c497
- xfs: rework collapse range into an atomic operation (git-fixes).
- commit cfa7b45
- xfs: rework insert range into an atomic operation (git-fixes).
- commit a96f43c
- xfs: open code insert range extent split helper (git-fixes).
- commit f1b0ddb
- blacklist.conf: ignore unapplicable rdma patches
- commit 38abdf0
- Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch
to upstream version.
- commit bb3e9b2
- NFSv3: use nfs_add_or_obtain() to create and reference inodes
(bsc#1204215).
- Refresh
patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch.
- commit d9aeac3
- NFS: Refactor nfs_instantiate() for dentry referencing callers
(bsc#1204215).
- Refresh
patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch.
- commit 50b85ce
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 2a514c4
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit c0bd14a
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit 5cc1f06
- blacklist.conf: livepatch: 32-bit only
- commit ed4af6c
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit cbc1bb8
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit ed70923
- workqueue: don't skip lockdep work dependency in
cancel_work_sync() (bsc#1204967).
- commit d7d8431
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit e027fbe
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 2f0e70b
- usb: dwc3: qcom: fix runtime PM wakeup.
- commit 770ebb2
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
(git-fixes).
- commit 1b57243
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- commit 16527ab
- blacklist.conf: cleanup
- commit a1ca722
- printk: use atomic updates for klogd work (bsc#1204934).
- commit 60be5fc
- printk: add missing memory barrier to wake_up_klogd()
(bsc#1204934).
- commit 270aa51
- blacklist.conf: this patch implements a feature implied, but not
implemented
- commit d863db7
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- commit b825ac2
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- commit 2d07106
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- commit 0dbe04a
- blacklist.conf: workqueue: put back cancel_work(); would be needed
only when backporting recent amdgpu stuff
- commit 9a9dea9
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- commit 8229886
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for
transceiver info (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect
(bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is
turned off (bsc#1204957).
- scsi: lpfc: Fix spelling mistake "/unsolicted"/ -> "/unsolicited"/
(bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- commit 641ed8b
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- commit 9c6ee14
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- commit 23d84da
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- commit 1db7560
- blacklist.conf: Ignore build fixes for crypto selftest config
Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y
and CRYPTO=m
- commit 423d58a
- RDMA/mlx5: Use different doorbell memory for different processes (git-fixes)
Refresh:
- patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch
- commit fd05a52
- Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
(bsc#1204693).
- commit 26595bd
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 293bf91
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit f7baf6a
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- commit d355c79
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- commit 6d0ef48
- RDMA/rxe: Fix "/kernel NULL pointer dereference"/ error (git-fixes)
- commit 9205fa0
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- commit 7daf160
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- commit 7890ffd
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit cc2cd02
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- commit 4332868
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- commit 19e84c3
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- commit db88b1b
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- commit c8db39b
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- commit e28b8f5
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- commit 4c36066
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 3ec31d2
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- commit 26de3e3
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- commit 9d4253b
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- commit 92bff10
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit e806a5b
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- commit 709fd3a
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- commit 121ed63
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- commit 1408298
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- commit 8a4119a
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit f1870dd
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 53e12a2
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- commit 3389a3f
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit a3b0ded
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- commit 12260f5
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7c89c4a
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 1259749
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- commit b499161
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 74e3ed2
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 858283b
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 47de10e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 385ff05
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 2498525
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit 96f828c
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- commit 49315d8
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit dc6482e
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- commit 4b744b6
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit b0c4366
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- commit 2e0cf31
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit 8d71bad
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- commit 2b87978
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit 6f47c39
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit bb23773
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- commit 1ebcca8
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- commit 242d271
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- commit 1421a09
- RDMA: Verify port when creating flow rule (git-fixes)
- commit 75b7985
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- commit c3aa778
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- commit 097d131
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 8811d6a
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit e6dae53
- RDMA/cxgb4: Remove MW support (git-fixes)
- commit d49ea58
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- commit fdca7b3
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- commit 289115b
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- commit ad98a0c
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- commit cda973b
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 0c97417
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- commit dd6c131
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a77f876
- kbuild: remove the target in signal traps when interrupted
(git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- commit d17022d
- blacklist.conf: Unnecessary S390 ARCHITECTURE fixes.
- commit 8f1bd85
- kbuild: Add skip_encoding_btf_enum64 option to pahole
(git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
(jsc#SLE-24559).
- commit 7b939ad
- fbdev: cyber2000fb: fix missing pci_disable_device()
(git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI
(git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- commit 77773fb
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit d4a892d
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 44c0d5c
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit 030e84d
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 500d3d5
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit 3f63b61
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit 1ac3e72
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit ee58509
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit daffb44
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 8618e02
- ring-buffer: Have the shortest_full queue be the shortest not
longest (git-fixes).
- commit ebf21e7
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 81e9520
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- commit e2b6a1c
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 75ec285
- device property: Fix documentation for *_match_string() APIs
(git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states
(git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle
(git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
(git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
(git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
(git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
(git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
(git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion
(git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
put_clock() in error path (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
'interlaced' (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values
(git-fixes).
- commit c820733
- Fix build warning
Refreshed:
patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch
- commit ca5cb24
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 94992c9
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone
(bsc#1204328).
- commit b9f2ea4
- thermal: intel_powerclamp: Use first online CPU as control_cpu
(git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report
(git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
(git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
(git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in
rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: host: xhci: Fix potential memory leak in
xhci_alloc_stream_info() (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in
adp5061_get_chg_type() (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number
(git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
(git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
(git-fixes).
- drm: Use size_t type for len variable in drm_copy_field()
(git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in
nouveau_bo_alloc() (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to
fix module autoloading (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670
(git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at
l2cap_chan_create() (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
(git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620
(git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
(git-fixes).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
(git-fixes).
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx()
(git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
log level (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch
(git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch
(git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of
smp_processor_id() to avoid crash (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
(git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- commit 89baab9
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- commit 0463863
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
hugetlb page (bsc#1204575).
- commit 06c4f04
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- commit fb82e46
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
(git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- commit 0ca6891
- mm: memcontrol: fix occasional OOMs due to proportional
memory.low reclaim (bsc#1204754).
- mm, memcg: avoid stale protection values when cgroup is above
protection (bsc#1204754).
- commit 0e7d107
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
(bsc#1204753).
- commit b8640ed
- blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- commit d9d65d4
- powerpc/fadump: align destination address to pagesize
(bsc#1204728 ltc#200074).
- commit 618ab17
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 2f39bf9
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit ab394e7
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 536e02f
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit 1f646df
- blacklist.conf: add commit from git-fixes
- commit c46aa6a
- devlink: Fix use-after-free after a failed reload (bsc#1204637
CVE-2022-3625).
- commit 3567978
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit 1b1642f
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- commit 9ea634f
- arm64: assembler: add cond_yield macro (git-fixes)
- commit f628c0a
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit 9a28d9e
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit 772e9a5
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
(CVE-2022-3640 bsc#1204619).
- commit b1ed4c2
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- commit d60e491
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- commit 477d56a
- KVM: s390: pv: don't present the ecall interrupt twice
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
(git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
(git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- commit 1c45296
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- commit ec837bd
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- commit bf7093a
- crypto: arm64/sha - fix function types (git-fixes)
- commit 887f265
- Update metadata references
- commit 980fadf
- blacklist.conf: ("/arm64: Introduce a way to disable the 32bit vdso"/)
- commit 0591754
- KVM: x86: do not report a vCPU as preempted outside instruction
boundaries (bsc#1203066 CVE-2022-39189).
- commit 89982eb
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit df5c951
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit 488dede
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
(CVE-2022-3577 bsc#1204470).
- commit e57339b
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit d2eeccc
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ec8a71d
- Update metadata references
- commit 6d888aa
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit bbd433f
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit 1917bcf
- net: ieee802154: return -EINVAL for unknown addr type
(git-fixes).
- commit 2d80805
- ACPI: HMAT: Release platform device in case of
platform_device_add_data() fails (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register()
(git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
(git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
(git-fixes).
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
(git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine
(git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg
(git-fixes).
- dmaengine: xilinx_dma: Report error in case of
dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores
property (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
(git-fixes).
- mmc: core: Replace with already defined values for readability
(git-fixes).
- commit ba86540
- struct pci_config_window kABI workaround (bsc#1204382).
- commit b2287af
- PCI: Dynamically map ECAM regions (bsc#1204382).
- commit dc89dd6
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch
- Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch
- commit 852bb71
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- commit c4ea05c
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- commit 72baa22
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 11a4b1b
- powerpc/kprobes: Fix null pointer reference in
arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246
git-fixes).
- commit 98b4617
- xfs: remove obsolete AGF counter debugging (git-fixes).
- commit 6b3cbd8
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- commit c80d128
- xfs: rename `new' to `delta' in xfs_growfs_data_private()
(git-fixes).
- commit 7994309
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- commit d0ec732
- xfs: fix memory corruption during remote attr value buffer
invalidation (git-fixes).
- commit 63ac0a8
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- commit cdcab38
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- commit 260cd8e
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- commit f916b39
- xfs: add missing assert in xfs_fsmap_owner_from_rmap
(git-fixes).
- commit 7d88bfe
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- commit dc70b98
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
header on fast-rx (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
(git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion
(git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq
(git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback
(git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure
(git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types
(git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to
use regmap (git-fixes).
- commit 90b2426
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
(git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
(git-fixes).
- commit d78eec4
- Move upstreamed WiFi fixes into sorted section
- commit 2dec8da
- Move upstreamed WiFi fixes into sorted section
- commit 05342a3
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 1ddb693
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit 07862de
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 4abed38
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit 2cf708c
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8712ddf
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 75749d4
- KVM: nVMX: Unconditionally purge queued/injected events on
nested "/exit"/ (git-fixes).
- commit 04b8316
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit f23b172
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit 3671e7c
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit e02caef
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
bsc#1203391).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978
bsc#1202700).
- commit 8c7541d
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 89e6f60
- staging: vt6655: fix some erroneous memory clean-up loops
(git-fixes).
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
(git-fixes).
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
(git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in
gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
(git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
(git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
(git-fixes).
- commit d4e6eb9
- soc: sunxi_sram: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- Refresh
patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch.
- commit 1478c4f
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
(git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable
callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22
(git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling
(git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
(git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
(git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight
registering (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in
omap1_spi100k_probe (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_resume() (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
(git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression
(git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit d4e37ac
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend
(git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall
(git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
(git-fixes).
- iio: adc: ad7923: fix channel readings for some variants
(git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements
(git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel
ABI (git-fixes).
- iio: inkern: only release the device node when done with it
(git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
freq (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure
and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
(git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
(git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
(git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap()
in the probe (git-fixes).
- mfd: sm501: Add check for platform_driver_register()
(git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
(git-fixes).
- mfd: fsl-imx25: Fix an error handling path in
mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in
intel_soc_pmic_i2c_probe() (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
(git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
(git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
(git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
(git-fixes).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
(git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers
(git-fixes).
- commit ea51746
- gpio: rockchip: request GPIO mux to pinctrl when setting
direction (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware
(git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister
(git-fixes).
- crypto: akcipher - default implementation for setting a private
key (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
(git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
(git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups
(git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
(git-fixes).
- dyndbg: let query-modname override actual module name
(git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
timer in __cleanup() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in
hidpp_connect_event (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug
(git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
(git-fixes).
- drm:pl111: Add of_node_put() when breaking out of
for_each_available_child_of_node() (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order
(git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/nouveau: fix a use-after-free in
nouveau_gem_prime_import_sg_table() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset
(git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- commit 6db482b
- ACPI: APEI: do not add task_work to kernel thread to avoid
memory leak (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying
num_parents (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
(git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
(git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init
(git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent()
(git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent()
(git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
(git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
(git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
(git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
(git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
API (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ALSA: hda/hdmi: Don't skip notification handling during PM
operation (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically
(git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak()
(git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
(git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
(git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(git-fixes).
- commit 058f8fc
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 15fe693
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 721c580
- wifi: mac80211: fix crash in beacon protection for P2P-device
(CVE-2022-42722 bsc#1204125).
- commit a6f4ca8
- wifi: mac80211: refactor elements parsing with parameter struct
(CVE-2022-42719 bsc#1204051).
- commit 26c2d4f
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
bsc#1204051).
- commit a818808
- mac80211: always allocate struct ieee802_11_elems
(CVE-2022-42719 bsc#1204051).
- commit a183a67
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 39988a9
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit c6967e3
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 7d9f3f3
- wifi: cfg80211: avoid nontransmitted BSS list corruption
(CVE-2022-42721 bsc#1204060).
- commit 5fe81ec
- wifi: mac80211: fix MBSSID parsing use-after-free
(CVE-2022-42719 bsc#1204051).
- commit 6462e9c
- wifi: mac80211: refactor elements parsing with parameter struct
(CVE-2022-42719 bsc#1204051).
- commit 7b3171e
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
bsc#1204051).
- mac80211: always allocate struct ieee802_11_elems
(CVE-2022-42719 bsc#1204051).
- commit 1d0e42c
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
bsc#1204059).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
bsc#1204051).
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
bsc#1204059).
- cfg80211: hold bss_lock while updating nontrans_list
(CVE-2022-42719 bsc#1204051).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
bsc#1204051).
- mac80211: don't re-parse elems in ieee80211_assoc_success()
(CVE-2022-42719 bsc#1204051).
- commit cf17eed
- exfat: Return ENAMETOOLONG consistently for oversized paths
(bsc#1204053 bsc#1201725).
- commit 955135a
- selftests/powerpc: Skip energy_scale_info test on older firmware
(git-fixes).
- commit 2a9f2c0
- blacklist.conf: prerequisite too risky
- commit 67fdf07
- Refresh metadata
Refresh:
patches.suse/nvme-ensure-subsystem-reset-is-single-threaded.patch
patches.suse/nvme-restrict-management-ioctls-to-admin.patch
- commit 32aee9f
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 3394628
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 71e1adc
- blacklist.conf: ignore unwanted nfs patches
- commit 5bb5269
- blacklist.conf: ignore unwanted md patches
- commit ff9f04a
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit b5c1e4b
- xfs: enable big timestamps (bsc#1203387).
- commit e8c654f
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit f11211b
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 1a9210f
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit ef6704e
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- commit 5c74e0f
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit 79f8f1e
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit f6d0842
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit d683559
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit e4afdb9
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit d8ae99a
- nvme: ensure subsystem reset is single threaded (bsc#1203290
CVE-2022-3169).
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit fb89dd3
- media: aspeed-video: ignore interrupts that aren't enabled
(git-fixes).
- commit 36a70fa
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- commit 6094fd3
- media: coda: Fix reported H264 profile (git-fixes).
- commit af3ba3e
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit 06361ad
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- commit debb8f9
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- commit f9fb0f8
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit 49f0f34
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 6251214
- drm/amdgpu: don't register a dirty callback for non-atomic
(git-fixes).
- commit 0b4b37a
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- commit 0b58855
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- Revert "/usb: add quirks for Lenovo OneLink+ Dock"/ (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in
pxa3xx_gcu_write (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access
(git-fixes).
- commit 2e55e74
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info
(git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
(git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before
sending data (git-fixes).
- commit e040102
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit 51fbc8c
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup
(git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI
clocks (git-fixes).
- Revert "/drm: bridge: analogix/dp: add panel prepare/unprepare
in suspend/resume time"/ (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
(git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
(git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
(git-fixes).
- drm/amd/display: Limit user regamma to a valid value
(git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths
(git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
(git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit e7744dc
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit 24c89c9
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e500762
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 75be355
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- commit b42e64a
- parisc/sticon: fix reverse colors (bsc#1152489)
Backporting notes:
* context changes
- commit 206cd49
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- commit f67e434
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit c6f643b
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
(CVE-2022-41849 bsc#1203992).
- commit 1b1c9cc
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
(git-fixes).
- commit d6b115e
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 6863cfd
- blacklist.conf: cleanup that breaks kABI
- commit 9b1761f
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 0a4bc80
- struct ehci_hcd: hide new member (git-fixes).
- commit 47be3bf
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- commit 6d316e7
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- commit f6f0e1f
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- commit 659ffb3
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 803fd47
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit cd54e08
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- commit 1eec519
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 78526f5
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- commit 1907554
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- commit b65f350
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- commit bdc6c6e
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- commit a9060b8
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 25390e7
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential
padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and
consistency (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN
Manager application (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically
allocated/freed phba (bsc#1185032 bsc#1203939).
Dropped:
patches.suse/lpfc-decouple-port_template-and-vport_template.patch
- scsi: lpfc: Fix multiple NVMe remoteport registration calls
for the same NPort ID (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early
return VMID cases (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver
unload (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology
(bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling
(bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- commit 829fcfa
- scsi: lpfc: Add missing destroy_workqueue() in error path
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
DID_REQUEUE (bsc#1203939).
- commit 26a6fd8
- wifi: cfg80211: ensure length byte is present before access
(CVE-2022-41674 bsc#1203770).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
(CVE-2022-41674 bsc#1203770).
- wifi: cfg80211: fix u8 overflow in
cfg80211_update_notlisted_nontrans() (CVE-2022-41674
bsc#1203770).
- commit a878ee7
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 7c106a6
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit 80690be
- kabi/severities: add mlx5 internal symbols
- commit 4fb94df
- net/mlx5: Dynamically resize flow counters query buffer
(bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs
(bsc#119175).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be
per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- commit cb2b71a
- psi: Fix uaf issue when psi trigger is destroyed while being
polled (bsc#1203909).
- commit fd0515b
- cgroup: cgroup_get_from_id() must check the looked-up kn is
a directory (bsc#1203906).
- Refresh patches.suse/scsi-cgroup-Add-cgroup_get_from_id.patch.
- commit f918358
- mm/mremap: hold the rmap lock in write mode when moving page
table entries (CVE-2022-41222 bsc#1203622).
- commit 07909f0
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit 5a61004
- blacklist.conf: irrelevant in our kernel configurations
- commit 0547ac8
- usb: dwc3: disable USB core PHY management (git-fixes).
- commit 5595967
- blacklist.conf: black list commit 2fdbb8dd0155
Add commit 2fdbb8dd0155 ("/fuse: fix deadlock between atomic O_TRUNC and page
invalidation"/) to the blacklist. It's a real bug, but it's been there for a
long time, it seems to have low impact and the backport risks are high.
- commit e45fa09
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 345c930
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- commit aa1dc74
- Revert "/SUNRPC: Remove unreachable error condition"/ (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSv4: Fix races in the legacy idmapper upcall (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
(git-fixes).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
(git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: Don't call connect() more than once on a TCP socket
(git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept()
(git-fixes).
- commit 3437f45
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit 7da5a85
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 2078b95
- padata: make padata_free_shell() to respect pd's ->refcnt
(bsc#1202638).
- commit 2827da5
- padata: introduce internal padata_get/put_pd() helpers
(bsc#1202638).
- commit 8fd1f6c
- ima: force signature verification when CONFIG_KEXEC_SIG is
configured (bsc#1203737).
- kexec: do not verify the signature without the lockdown or
mandatory signature (bsc#1203737).
- commit 6aaef78
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- commit f16766a
- kexec, KEYS, s390: Make use of built-in and secondary keyring
for signature verification (bsc#1196444).
- arm64: kexec_file: use more system keyrings to verify kernel
image signature (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
(bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- kexec_file: drop weak attribute from
arch_kexec_apply_relocations[_add] (bsc#1196444).
- commit 57f8f15
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread
is invalid (git-fixes).
- commit 3a8854b
- blacklist.conf: add git-fixes not needed to list
- commit 0514bb0
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
in mpc85xx (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
(git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
(git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel
(git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
(git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
(git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB
RmNet mode (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
Dot keymap fixes (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
(git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in
chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
(git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
(git-fixes).
- drm/radeon: add a force flush to delay work when radeon
(git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
(git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- commit 41cd9fa
- blacklist.conf: Remove vt patch entry that is needed by other fix
- commit d86dd83
- Revert "/ALSA: usb-audio: Split endpoint setups for hw_params
and prepare"/ (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using
jiffies timer (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
(git-fixes).
- commit c844286
- Move upstreamed patches into sorted section
- commit 8fc0f8a
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 260d985
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit 698f0eb
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit a7baae2
- Delete
patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch.
(bsc#1203313)
- commit 95f983b
- blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment
- commit de5ca80
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit b9d53ba
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 7105c05
- scsi: smartpqi: Shorten drive visibility after removal
(bsc#1200622).
Delete no longer needed SUSE-specific patch that adds tunable
parameters for smartpqi reset.
Deleted:
patches.suse/scsi-smartpqi-create-module-parameters-for-LUN-reset.patch.
- commit 46fd862
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit 8eb4b9e
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- commit 6f5d84d
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit 8fdd2ed
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit cb91fc5
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still work so
that it can be disabled.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit 922ee7a
- md: unlock mddev before reap sync_thread in action_store
(bsc#1197659).
- commit a26c618
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit b06f37e
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
value (git-fixes).
- commit 16015a8
- KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP (git-fixes).
- commit 3f756c3
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks (git-fixes).
- commit 56bf87e
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit a4e3370
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 01ba066
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 3a4afff
- Revert "/random: fix crash on multiple early calls to (bsc#1201645)"/
This reverts commit d8168ccb1401eeeed63fa376ac53b5ab983f6d1e.
This version of the patch causes regression of the problem it's supposed
to fix, drop it again.
- commit 55b3759
- Refresh sorted patches, move out-of-tree ppc patches to ppc section.
- commit 4fb7690
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit d91e617
- JFS: more checks for invalid superblock (git-fixes).
- commit 9d9aa1f
- JFS: fix memleak in jfs_mount (git-fixes).
- commit aaf1dca
- jfs: prevent NULL deref in diFree (bsc#1203389).
- commit 55c4d53
- jfs: fix GPF in diFree (bsc#1203389).
- commit 48bda4c
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit de3f02b
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
(git-fixes).
- commit 16424ba
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 5b60469
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- commit 9208a35
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- commit 790c147
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- commit 68c8906
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- commit ec68a76
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 3cd5dd6
- arm64: mm: fix p?d_leaf() (git-fixes)
- commit a914a52
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit 77f79cc
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- commit 500bc08
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- commit 93eea81
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- commit f1a43b3
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- commit b0eb54a
- blacklist.conf: ("/arm64: Fix kernel address detection of __is_lm_address()"/)
- commit 2aab643
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- commit f8968ca
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- commit cfcfe62
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- commit 067e57e
- blacklist.conf: ("/arm64: Drop unnecessary include from asm/smp.h"/)
- commit 998d48c
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
table (CVE-2022-2586 bsc#1202095).
Note: this patch is a backport of a 5.9-rc1 mainline commit which was only
backported into SLE15-SP3 so that it cannot be added to cve/linux-5.3.
- commit 10f848d
- dccp: don't duplicate ccid when cloning dccp sock
(CVE-2020-16119 bsc#1177471).
- commit 7c77568
- netfilter: nf_tables: do not allow RULE_ID to refer to another
chain (CVE-2022-2586 bsc#1202095).
- netfilter: nf_tables: do not allow SET_ID to refer to another
table (CVE-2022-2586 bsc#1202095).
- commit 9335568
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- commit cc91c04
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- ALSA: usb-audio: Register card again for iface over
delayed_register option (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- commit b46a495
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984
LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode
(bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization
(bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- commit 9031a4b
- regulator: core: Clean up on enable failure (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
overflow in il4965_rs_fill_link_cmd() (git-fixes).
- commit e4c4fe1
- USB: serial: ch341: fix disabled rx timer on older devices
(git-fixes).
- commit 85a0dd6
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit bf1a320
- USB: serial: ch341: name prescaler, divisor registers
(git-fixes).
- commit 63aa28e
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313
bsc#1201489).
- commit d4bd81f
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- commit cdc0881
- nvme-fabrics: parse nvme connect Linux error codes
(bsc#1201865).
- commit 9e2c1de
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- commit 173564a
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit ed68f11
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 84aac57
- netfilter: nf_tables: disallow binding to already bound chain
(bsc#1203117 CVE-2022-39190).
- commit 933f567
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- commit e82b600
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit a949534
- Revert "/clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"/
(git-fixes).
- Revert "/usb: gadget: udc-xilinx: replace memcpy with
memcpy_toio"/ (git-fixes).
- commit 855ba08
- gpio: pca953x: Add mutex_lock for regcache sync in PM
(git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for
the transmit engine to complete (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
(git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
(git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
(git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
(git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/i915/reg: Fix spelling mistake "/Unsupport"/ -> "/Unsupported"/
(git-fixes).
- driver core: Don't probe devices after bus_type.match() probe
deferral (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion
(git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error()
(git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- HID: steam: Prevent NULL pointer dereference in
steam_{recv,send}_report (git-fixes).
- commit ed7b741
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
(git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
instead of uvcg_info (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast
(git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet
(git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- commit 86912f8
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue
(git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
error path (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of
(git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
sm_release (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
(git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- commit b9934d3
- i2c: imx: Make sure to unregister adapter on remove()
(git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
(git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
(git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: wacom: Don't register pad_input for touch switch
(git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- commit f90560c
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- drm/meson: Fix refcount bugs in
meson_vpu_has_available_connectors() (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings
(git-fixes).
- dmaengine: sprd: Cleanup in .remove() after
pm_runtime_get_sync() failed (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
(git-fixes).
- commit 9b0074c
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs
(git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ALSA: info: Fix llseek return value when using callback
(git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path
(git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
S8_TLV (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in
mt6797_mt6351_dev_probe (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock()
(git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
DMI quirks (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
(git-fixes).
- commit a8924db
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit f477eb5
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit cfac9ee
- scsi: lpfc: Copyright updates for 14.2.0.6 patches
(bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
(bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during
PT2PT discovery (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue()
(bsc#1203063).
- commit e207225
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
!nested_run_pending case (git-fixes).
- commit 17df333
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit 55dfee4
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
case (git-fixes).
- commit 1a5a475
- KVM: x86: accept userspace interrupt only if no event is
injected (git-fixes).
- commit b61f5d7
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
(git-fixes).
- commit b27e2cd
- blacklist.conf: Add three patches
44585f7bc0cb psi: fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
5102bb1c9f82 psi: Fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
ec2444530612 psi: Fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit f8fef55
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- commit 32b8c39
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- nvme: fix RCU hole that allowed for endless looping in multipath
round robin (bsc#1202636).
- commit e7e083b
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
CVE-2022-3028).
- commit 50479c7
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
(git-fixes).
- commit 4ad76ff
- Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920).
- commit 52cb092
- usb: dwc3: gadget: Store resource index of start cmd
(git-fixes).
- commit 4fd8e68
- Update patch reference for USB gadget fix (CVE-2020-27784 bsc#1202895)
- commit 8033d12
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 32c5550
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 7db43e6
- usb: dwc3: Switch to platform_get_irq_byname_optional()
(git-fixes).
- commit 73d1e58
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
fallocate (bsc#1194272 CVE-2021-4155).
- commit 049d5e6
- usb: gadget: u_audio: fix race condition on endpoint stop
(git-fixes).
- commit 152ca21
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- commit af1df0f
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit 9881846
- bpf: Don't use tnum_range on array range checking for poke
descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905).
- commit c59b8fc
- blacklist.conf: Add reverted patch
d11219ad53dc amdgpu: disable powerpc support for the newer display engine
c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit b8f5e97
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
(git-fixes).
- commit 16c3d44
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet
(bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for out of order rx completion
(bsc#1200431).
- vmxnet3: add support for large passthrough BAR register
(bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration
(bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach()
(bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- commit b577aa9
- kbuild: do not create built-in objects for external module
builds (jsc#SLE-24559 bsc#1202756).
- commit 56b8142
- tracing/probes: Have kprobes and uprobes use $COMM too
(git-fixes).
- commit 26bf0d1
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
functions (git-fixes).
- commit 8c340f6
- tracing/histograms: Fix memory leak problem (git-fixes).
- commit 07d4ab9
- blacklist.conf: tracepoint cleanup for drivers/char/random
- commit f75eb58
- tracing/histogram: Fix a potential memory leak for kstrdup()
(git-fixes).
- commit cce24b0
- ceph: don't truncate file in atomic_open (bsc#1202811).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202810).
- commit 75744b6
- blacklist.conf: blacklist fea013e020e6
- commit 2fc68a2
- tracing: Add ustring operation to filtering string pointers
(git-fixes).
- commit 3fbf519
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- commit dade489
- blacklist.conf: not-relevant cleanup for drivers/char/random
- commit c90e359
- blktrace: fix blk_rq_merge documentation (git-fixes).
- commit c03c0ec
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet
info (bsc#1202701).
- commit 173844d
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
bsc#1202672).
- commit b71aab0
- list: add "/list_del_init_careful()"/ to go with
"/list_empty_careful()"/ (bsc#1202745).
- commit 71ed084
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 595e8a4
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
(bsc#1202722).
- commit f84d929
- blk-iocost: rename propagate_active_weights() to
propagate_weights() (bsc#1202722).
- commit 2724a56
- blacklist.conf: Blacklist aebf5db91705
- commit 578fbe5
- blk-iocost: fix operation ordering in iocg_wake_fn()
(bsc#1202720).
- commit 31b540e
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1202718).
- commit c85296f
- blk-iocost: fix weight updates of inner active iocgs
(bsc#1202717).
- commit 06cf027
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
(bsc#1197763).
- commit f7b5cbd
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
journal aborted (bsc#1202716).
- commit d741558
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- commit 4df2139
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages
(bsc#1200873).
- commit b654d4c
- ocfs2: fix crash when initialize filecheck kobj fails
(bsc#1197920).
- commit 137054f
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit 24a97d8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit d8cc34a
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
(bsc#1202714).
- commit 4fc81aa
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- commit 79e5db2
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit e96e640
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 8d9a89d
- ext4: fix use-after-free in ext4_rename_dir_prepare
(bsc#1200871).
- commit c9d1b13
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- commit f4c59a1
- ext4: force overhead calculation if the s_overhead_cluster
makes no sense (bsc#1200870).
- commit 24d5cfc
- ext4: fix overhead calculation to account for the reserved
gdt blocks (bsc#1200869).
- commit 8fa6a02
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- commit bc9242b
- ext4: fix symlink file size not match to file content
(bsc#1200868).
- commit 888bc97
- ext4: fix error handling in ext4_restore_inline_data()
(bsc#1197757).
- commit ed0d1f6
- ext4: don't use the orphan list when migrating an inode
(bsc#1197756).
- commit 2d21beb
- ext4: Fix BUG_ON in ext4_bread when write quota data
(bsc#1197755).
- commit 0551e1a
- ext4: fix potential infinite loop in ext4_dx_readdir()
(bsc#1191662).
- commit 26c80a3
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
(bsc#1202709).
- commit bb20240
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
(bsc#1202708).
- commit 070ad26
- ext4: fix invalid inode checksum (bsc#1179723).
- commit e670453
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- commit 5b945e4
- blacklist.conf: Blacklist ext2 since we don't even compile it
- commit 8f69ba8
- xfs: prevent a UAF when log IO errors race with unmount
(git-fixes).
- commit f7eb5c7
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- commit f514fcd
- xfs: make xfs_rtalloc_query_range input parameters const
(git-fixes).
- commit 0b84c2b
- xfs: only reset incore inode health state flags when reclaiming
an inode (git-fixes).
- commit a9e17d5
- xfs: bunmapi has unnecessary AG lock ordering issues
(git-fixes).
- commit a76eaaf
- xfs: mark a data structure sick if there are cross-referencing
errors (git-fixes).
- commit b0269a0
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 1433b65
- fuse: handle kABI change in struct sock (bsc#1194535
CVE-2021-4203).
- commit 53bc420
- usb: dwc3: qcom: fix missing optional irq warnings.
- commit de0c0d4
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
(git-fixes).
- commit fff57cf
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit 603bd9d
- powerpc/perf: Optimize clearing the pending PMI and remove
WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- commit d72c6fd
- powerpc/xive: Fix refcount leak in xive_get_max_prio
(fate#322438 git-fixess).
- commit 76798e0
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit 35df6ef
- powerpc: define get_cycles macro for arch-override
(bsc#1065729).
- commit 39ee615
- blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select
- commit b069bcf
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit a0b9b11
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
(CVE-2022-2588 bsc#1202096).
- commit b08a235
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- commit b08465c
- blacklist.conf: duplicate
- commit 23a0769
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command
(git-fixes).
- Refresh
patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 86ac68c
- KVM: PPC: Book3S HV: Context tracking exit guest context before
enabling irqs (bsc#1065729).
- commit b7e4839
- blacklist.conf: later reverted in upstream
- commit 31b3f5b
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit f3043dc
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 1ba1d86
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- commit 1b534db
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit 47070d3
- ext4: Fix check for block being out of directory size
(bsc#1198577 CVE-2022-1184).
- commit e41d129
- ext4: make sure ext4_append() always allocates new block
(bsc#1198577 CVE-2022-1184).
- commit 5c3a0a2
- ext4: check if directory block is within i_size (bsc#1198577
CVE-2022-1184).
- commit d289dcd
- Refresh
patches.suse/locking-lockdep-Avoid-potential-access-of-invalid-me.patch.
Fix builds with CONFIG_LOCKDEP on.
- commit b4f11f2
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
(bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
(bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific
interfaces (bsc#1200845).
- commit 7ab7313
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit 18b6fb8
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1198971).
- commit 948b7e8
- ext4: remove EA inode entry from mbcache on inode eviction
(bsc#1198971).
- commit d96ae24
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit dc90bf2
- mbcache: don't reclaim used entries (bsc#1198971).
- commit 9b2430e
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
stale pointer (git-fixes).
- commit 267c700
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
(git-fixes).
- commit ece08bc
- ARM: 9078/1: Add warn suppress parameter to
arm_gen_branch_link() (git-fixes).
- commit 3398bca
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE (git-fixes).
- commit 1d2e217
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- commit 83b5d04
- blacklist.conf: rework and optimization ftrace commits, not bug fixes
- commit e11832c
- Update config files.
- commit 7f7a8ef
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
ppc64: NVRAM=y
- commit 5e8bf01
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Updated
patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
Add missing objtool annotations from upstream commits and update the latter
patch to fix bsc#1202396.
- commit 8f03705
- objtool: Add support for intra-function calls (bsc#1202396).
- commit eabf007
- objtool: Remove INSN_STACK (bsc#1202396).
- commit c48377d
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit ef33ad6
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit cd6e886
- objtool: Support multiple stack_op per instruction
(bsc#1202396).
- Refresh
patches.suse/objtool-allow-no-op-cfi-ops-in-alternatives.patch.
- Refresh
patches.suse/objtool-fix-cfi-insn_state-propagation.patch.
- Refresh patches.suse/objtool-fix-orc-vs-alternatives.patch.
- Refresh patches.suse/objtool-rename-struct-cfi_state.patch.
- commit 5c735b5
- s390/ptrace: pass invalid syscall numbers to tracing
(bsc#1192594 LTC#197522).
- commit ad9e50e
- lib: bitmap: provide devm_bitmap_alloc() and
devm_bitmap_zalloc() (git-fixes).
- commit 2469dd3
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- commit 99eaa98
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
symbols (git-fixes).
- commit 35509ca
- blacklist.conf: unneeded and kABI-breaking module loader commits
- commit 3ccf763
- mm: memcontrol: fix potential oom_lock recursion deadlock
(bsc#1202447).
- commit bc21375
- blacklist.conf: Add 7b3c36fc4c23 ptrace: fix task_join_group_stop() for the case when current is traced
- commit 572eadd
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
(git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING
(git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent
methods (git-fixes).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
not available (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from
the PHY (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params
(git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- random: fix crash on multiple early calls to
add_bootloader_randomness() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for
tegra20 and tegra30 (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters
in ethtool (git-fixes).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put
(git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- commit b9e0ed7
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- commit 7d8ce88
- locking/lockdep: Avoid potential access of invalid memory in
lock_class (git-fixes).
- commit 6e699d5
- Update
patches.suse/can-ems_usb-ems_usb_start_xmit-fix-double-dev_kfree_.patch
(CVE-2022-28390 bsc#1198031).
- commit 9c17688
- Update
patches.suse/can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfre.patch
(CVE-2022-28389 bsc#1198033).
- commit 1983a37
- net: ethernet: ezchip: fix error handling (git-fixes).
- commit 5d377ed
- net: ethernet: ezchip: remove redundant check (git-fixes).
- commit cb426d4
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit ed56f34
- blacklist.conf: v5.16-rc2-1-gd257cc8cb8d5 introduces a rwsem regression
- commit edee2a5
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit f83edca
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- commit d5e4943
- perf bench: Share some global variables to fix build with gcc 10
(git-fixes).
- commit a397021
- net: moxa: Use devm_platform_get_and_ioremap_resource()
(git-fixes).
- commit d13dcd2
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit f14e06e
- net: pch_gbe: Propagate error from devm_gpio_request_one()
(git-fixes).
- commit 51f37b6
- net: ethernet: fix potential use-after-free in ec_bhf_remove
(git-fixes).
- commit 7175e70
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 16317aa
- net: stmmac: disable clocks in stmmac_remove_config_dt()
(git-fixes).
- commit 1bbbc9a
- net: stmmac: dwmac1000: Fix extended MAC address registers
definition (git-fixes).
- commit c6d0ccf
- ice: report supported and advertised autoneg using PHY
capabilities (git-fixes).
- commit 2243129
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- commit b4db988
- net/mlx5e: Check for needed capability for cvlan matching
(git-fixes).
- commit e46f646
- net: hns: Fix kernel-doc (git-fixes).
- commit 80f2716
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- commit 99b3a0b
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- commit 55781d8
- net: fec: fix the potential memory leak in fec_enet_init()
(git-fixes).
- commit 43431b4
- net: netcp: Fix an error message (git-fixes).
- commit 0432102
- qlcnic: Add null check after calling netdev_alloc_skb
(git-fixes).
- commit 9764dcc
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit ca3de9d
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit c1a547c
- net: stmicro: handle clk_prepare() failure during init
(git-fixes).
- commit 1249947
- Revert "/net: stmicro: fix a missing check of clk_prepare"/
(git-fixes).
- commit c8483b4
- Revert "/net: fujitsu: fix a potential NULL pointer dereference"/
(git-fixes).
- commit 35e4846
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
- commit 11b1f00
- net: davinci_emac: Fix incorrect masking of tx and rx error
channel (git-fixes).
- commit cef2ac2
- blacklist.conf: update blacklist
- commit e0f7a96
- blacklist.conf: Add 59b18a1e65b7 x86/msi: Fix msi message data shadow struct
- commit b422277
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- commit 090b87e
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
(git-fixes).
- commit 5b77923
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
(git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- commit 8286b1b
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machines (git-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch.
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch.
- commit 3b1083d
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
(git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
(git-fixes).
- commit e17531e
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
(git-fixes).
- commit 6646862
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
(git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- commit 4dbfddf
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- commit 99b2a82
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
(git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
(git-fixes).
- commit a6cb05c
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
Zenith II (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
(git-fixes).
- drm/gem: Properly annotate WW context on
drm_gem_lock_reservations() error (git-fixes).
- commit fc95967
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948).
- commit 97b83f0
- devlink: Fix use-after-free after a failed reload (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning
(git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
(git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable
(git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
should be bool (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
(git-fixes).
- pinctrl: nomadik: Fix refcount leak in
nmk_pinctrl_dt_subnode_to_map (git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- Revert "/scripts/mod/modpost.c: permit '.cranges' secton for
sh64 architecture."/ (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(git-fixes).
- commit 4ff3e1b
- blacklist.conf: Add 5f89468e2f06 swiotlb: manipulate orig_addr when tlb_addr has offset
- commit a6010ca
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- commit f1b6523
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- commit c36c19c
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- commit 34bbfc0
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator
(git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask
(git-fixes).
- commit 040a9c6
- blacklist.conf: add various fixes
- commit 73738d1
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
(CVE-2022-20368 bsc#1202346).
- commit e8bbbca
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
across ioctls (bsc#1202347 CVE-2022-20369).
- commit 36d8575
- iommu/vt-d: avoid invalid memory access via
node_online(NUMA_NO_NODE) (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
out of loop (git-fixes).
- commit c88bace
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
git-fixes).
- commit d5191b9
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified
beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- commit 7944adf
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
(git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
(git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
on error (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID
flag (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- SUNRPC reverting d03727b248d0 ("/NFSv4 fix CLOSE not waiting
for direct IO compeletion"/) (git-fixes).
- commit a827eeb
- md/bitmap: don't set sb values if can't pass sanity check
(bsc#1197158).
- commit 3927074
- kabi/severities: add stmmac driver local sumbols
- commit 31f077f
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 9af3eff
- octeontx2-af: fix infinite loop in unmapping NPC counter
(git-fixes).
- commit c88fc73
- net: mvpp2: fix interrupt mask/unmask skip condition
(git-fixes).
- commit 3584e08
- net: hdlc_x25: Return meaningful error code in x25_open
(git-fixes).
- commit 212e2be
- Update metadata references
- commit b372491
- net: dsa: b53: fix an off by one in checking "/vlan->vid"/
(git-fixes).
- commit ea4caa5
- can: m_can: process interrupt only when not runtime suspended
(git-fixes).
- commit bd4c919
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- commit 834df98
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of
devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand
side' (git-fixes).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before
memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
ark_set_pixclock() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
giveback (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit c5d77c5
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
CVE-2022-26373).
- commit abba98d
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
CVE-2022-26373).
- commit 061bcfd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
(bsc#1201726 CVE-2022-26373).
- commit 16768aa
- acpi: Disable APEI error injection if the kernel is locked down
(bsc#1023051, CVE-2016-3695).
- commit 80750a7
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- commit 6458cfa
- net: stmmac: Modify configuration method of EEE timers
(git-fixes).
- commit b6da91b
- net: stmmac: Use resolved link config in mac_link_up()
(git-fixes).
- commit 4dba15f
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- commit 8d37be1
- blacklist.conf: update blacklist
- commit 51d7b18
- powerpc: powernv: kABI: add back powernv_get_random_long
(bsc#1065729).
- commit f61a28c
- KVM: PPC: Use arch_get_random_seed_long instead of powernv
variant (bsc#1156395).
- commit 3e6dc98
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
later in boot (bsc#1065729).
- commit 74ae44c
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
(bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit a69b0d7
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
(bsc#1065729).
- commit 98a575d
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit ec6a677
- blacklist.conf: update blacklist
- commit 63fa2f9
- blacklist.conf: update blacklist
- commit cc1d04f
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
loop (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
(git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation
(git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in
esdhc_signal_voltage_switch (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
(git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
(git-fixes).
- PCI: dwc: Always enable CDM check if "/snps,enable-cdm-check"/
exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
(git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using
iATU (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI/portdrv: Don't disable AER reporting in
get_port_device_capability() (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write
(git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now
useless comments (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
completion (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove()
(git-fixes).
- soundwire: bus_type: fix remove and shutdown support
(git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
(git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety
(git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer
(git-fixes).
- intel_th: Fix a resource leak in an error handling path
(git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
(git-fixes).
- commit 2bc728a
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety
(git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
(git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
(git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety
(git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety
(git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety
(git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
(git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- commit 7981ef6
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
domain (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
(git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
(git-fixes).
- driver core: fix potential deadlock in __driver_attach
(git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
(git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
large (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- commit 9bda156
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
bsc#1202154).
- commit bfc6551
- blacklist.conf: update blacklist
- commit 847721e
- virtio-gpu: fix a missing check to avoid NULL dereference
(git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
(git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe()
(git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
mt76_led_init() (git-fixes).
- mt76: mt76x02u: fix possible memory leak in
__mt76x02u_mcu_send_msg (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- regulator: of: Fix refcount leak bug in
of_get_regulation_constraints() (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
(git-fixes).
- virtio-net: fix the race between refill work and close
(git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi
Dongle (git-fixes).
- commit 347666b
- drm/amd/display: Enable building new display engine with KCOV
enabled (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when
clk_set_parent() failed (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
function (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
(git-fixes).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
(git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: dsi: Add correct stop condition to
vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom
edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
(git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
(git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
(git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- commit cce0615
- drm/bridge: tc358767: Make sure Refclk clock are enabled
(git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register
(git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off
(git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off
(git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off
(git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off
(git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by
board_name only (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old
error logs (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources
(git-fixes).
- commit 6ee2d65
- ipv4: avoid using shared IP generator for connected sockets
(CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
bsc#1196616).
- commit 6c53c05
- blacklist.conf: add "/sched: Reenable interrupts in do_sched_yield()"/
This patch caused unexplained regressions and it's not fixing any
important issue.
- commit 7b4ecae
- Revert "/Refresh patches.suse/random-fix-crash-on-multiple-early-calls..."/ (bsc#1201645)
This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
- commit ef555c8
- media: smipcie: fix interrupt handling and IR timeout
(git-fixes).
- commit 72251a4
- sched/fair: Revise comment about lb decision matrix (git fixes
(sched/fair)).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
(git fixes (kernel/time)).
- random: remove useless header comment (git fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- sched/membarrier: fix missing local execution of
ipi_sync_rq_state() (git fixes (sched/membarrier)).
- mm: fix page reference leak in soft_offline_page() (git fixes
(mm/memory-failure)).
- commit b0029fe
- blacklist.conf: xtensa not used
- commit c7e553d
- blacklist.conf: UML not used
- commit d38c3c3
- blacklist.conf: Cosmetic patch
- commit 137482b
- blacklist.conf: GCC-12 not used
- commit b35581e
- blacklist.conf: KASAN not configured
- commit ddca4d2
- blacklist.conf: Clang not used for build
- commit f6cb05a
- blacklist.conf: KASAN not configured
- commit db5c6ef
- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
- commit ae569d4
- blacklist.conf: Build time micro-optimisation
- commit 091232d
- blacklist.conf: Build time micro-optimisation
- commit 06fea81
- blacklist.conf: Build time micro-optimisation
- commit c5a48f8
- blacklist.conf: Build fix that assumes bash does not exist
- commit a35739b
- blacklist.conf: Comment fix only
- commit 1f940f0
- blacklist.conf: Fixes pointing to misleading commit
- commit b94c0dc
- blacklist.conf: Patch has a number of high risk dependencies
- commit 58c61ac
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- media: rtl28xxu: add missing sleep before probing slave demod
(git-fixes).
- commit ac926ca
- media: usb: dvb-usb-v2: rtl28xxu: convert to use
i2c_new_client_device() (git-fixes).
- commit 47f6029
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
dongle (git-fixes).
- commit cf3cc2d
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- commit 27a23c1
- media: rc: increase rc-mm tolerance and add debug message
(git-fixes).
- commit 532733e
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
(git-fixes).
- commit 981dce5
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
(git-fixes).
- commit 691e7d8
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
(git-fixes).
- commit 2786445
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- Refresh
patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
- Refresh
patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
- commit de6720f
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit bafbca0
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit a77b059
- KVM: x86: Update vCPU's hv_clock before back to guest when
tsc_offset is adjusted (git-fixes).
- commit 143ba5a
- Updated commit IDs from a rebased upstream branch:
- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
- commit a3cdcd5
- KVM: x86: Fix split-irqchip vs interrupt injection window
request (git-fixes).
- commit 69e8da6
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
(git-fixes).
- commit 156ec3b
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- commit 2fe0bb0
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit cd08705
- KVM: VMX: Don't freeze guest when event delivery causes an
APIC-access exit (git-fixes).
- commit 13e27e5
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- commit 5a414a0
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- commit 65c08ec
- net: usb: ax88179_178a: remove redundant assignment to variable
ret (git-fixes).
- commit 75d1e2c
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- commit 8bcd286
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
(git-fixes).
- commit 18afbc0
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
(git-fixes).
- commit ad2b012
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- commit 564965b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- commit 8fc5407
- netfilter: nf_queue: do not allow packet truncation below
transport header offset (bsc#1201940 CVE-2022-36946).
- commit f4f33cd
- kvm/emulate: Fix SETcc emulation function offsets with SLS
(bsc#1201930).
- commit 0a6851d
- nvme: consider also host_iface when checking ip options
(bsc#1199670).
- commit edd56ec
- drivers/net: Fix kABI in tun.c (git-fixes).
- commit 3adafd5
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 49c7c8d
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 87b1bf0
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
(git-fixes).
- commit 11d0ba1
- net: macb: restore cmp registers on resume path (git-fixes).
- commit 73e4cc3
- drivers: net: fix memory leak in peak_usb_create_dev
(git-fixes).
- commit bf7b83d
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- commit 1811ff5
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit 58be63e
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
clock (git-fixes).
- commit 5683f5d
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
(git-fixes).
- commit a1e8450
- ftgmac100: Restart MAC HW once (git-fixes).
- commit 9b2ea44
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
(git-fixes).
- commit 74dff8e
- net/mlx5e: When changing XDP program without reset, take refs
for XSK RQs (git-fixes).
- commit 4584eb8
- net: lapbether: Remove netif_start_queue / netif_stop_queue
(git-fixes).
- commit 9195d10
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (git-fixes).
- commit 3eac36a
- net: enetc: keep RX ring consumer index in sync with hardware
(git-fixes).
- commit 5b9c123
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
packets (git-fixes).
- commit d2c7696
- net: hns3: fix error mask definition of flow director
(git-fixes).
- commit e86b116
- blacklist.conf: update blacklist
- commit 545a342
- scsi: lpfc: Copyright updates for 14.2.0.5 patches
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
configuration (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix possible memory leak when failing to issue
CMF WQE (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in
XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
malformed user input (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in
lpfc_nvme_cancel_iocb() (bsc#1201956).
- commit 6e7b732
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
(bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers
(bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size
(bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- commit d5c3642
- Drop qla2xxx patch which prevented nvme port discovery
(bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
Upstream fixed the problem by reverting the offending commit.
Delete:
- patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 1cb16fb
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
(bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
(bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive
buffer (bsc#1199364).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
(bsc#1199364).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
signature (bsc#1199364).
- commit cffae99
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- commit 317f350
- Refresh
patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c513474
- Update
patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
references (add CVE-2022-32250).
- commit 8871b3f
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(CVE-2022-29581 bsc#1199665).
- commit e1d6992
- random: fix typo in comments (git-fixes).
- commit 49bfcbe
- blacklist.conf: a cleanup that breaks kABI
- commit f8d13cb
- random: document add_hwgenerator_randomness() with other input
functions (git-fixes).
- commit 9a03f2f
- drbd: fix potential silent data corruption (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
(git-fixes).
- commit a9f5081
- kABI workaround for including mm.h in fs/sysfs/file.c
(bsc#1200598 cve-2022-20166).
- commit 29d7d8a
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit b651717
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 3ba5a53
- net: stmmac: fix CBS idleslope and sendslope calculation
(git-fixes).
- commit e0b11c6
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- commit 6020ebf
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 858de54
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit 75c3dff
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 2d480f1
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
timeout (git-fixes).
- commit 5734e3e
- net: axienet: Handle deferred probe on clock properly
(git-fixes).
- commit c2493d6
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
(git-fixes).
- commit 421a813
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- commit f6ff8de
- macvlan: remove redundant null check on data (git-fixes).
- commit 37296a9
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit d83cfd7
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
(bsc#1201846 ltc#198761).
- commit 4aa9f78
- net: macb: unprepare clocks in case of failure (git-fixes).
- commit 9b3aefc
- net: macb: add function to disable all macb clocks (git-fixes).
- commit e67caf5
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- commit 2629e74
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- commit 12700d6
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- commit 823b92f
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- commit 3311dc2
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- commit 0e7bc32
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
(git-fixes).
- commit 0b9accc
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- commit 96affe9
- net: ll_temac: Fix potential NULL dereference in temac_probe()
(git-fixes).
- commit 9f3a68c
- net: stmmac: dwmac1000: provide multicast filter fallback
(git-fixes).
- commit 173655e
- net: ll_temac: Use devm_platform_ioremap_resource_byname()
(git-fixes).
- commit bd77f60
- net: mscc: Fix OF_MDIO config check (git-fixes).
- commit 6a2a9df
- blacklist.conf: update blacklist
- commit 5495889
- blacklist.conf: update blacklist
- commit ccb0438
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- gpio: pca953x: use the correct register address when regcache
sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
(git-fixes).
- commit 20d420c
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
serial8250_request_std_resource() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
(git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
model (git-fixes).
- ASoC: madera: Fix event generation for rate controls
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: ops: Fix off by one in range control validation
(git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
(git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
(git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 7b686cc
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
for migration (bsc#1201610).
- commit fecc544
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
All are reports of the same problem - the IBRS_* regs push/popping was
wrong but it needs
1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
too.
- commit cc90276
- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
(git-fixes bsc#1200910 CVE-2020-36558).
Add references.
- commit d84e9d7
- Update
patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
(git-fixes bsc#1201429 CVE-2020-36557).
Add references.
- commit 76ab189
- lockdown: Fix kexec lockdown bypass with ima policy
(CVE-2022-21505 bsc#1201458).
- commit 5806b46
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- commit b51a741
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit 9493568
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
All are reports of the same problem - the IBRS_* regs push/popping was
wrong but it needs
1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
too.
- commit 7226005
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit b81e242
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- blacklist.conf: updated blacklist for new issue
- commit 93feb45
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
sysfs_emit (bsc#1200598 cve-2022-20166).
- commit 6f05f26
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
cve-2022-20166).
- commit 6ff7ebb
- drivers core: Remove strcat uses around sysfs_emit and neaten
(bsc#1200598 cve-2022-20166).
- commit 4cafd1f
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit bcf7213
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
* ...) functions (bsc#1200598 cve-2022-20166).
- commit 747b6a7
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
(bsc#1200598 cve-2022-20166).
- commit 4aaf7f0
- fbmem: Check virtual screen sizes in fb_set_var()
(CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
(CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
(CVE-2021-33655 bsc#1201635).
- commit a7693d8
- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
The patch seems causing a regression on Mac.
- commit f885f68
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- commit 036b703
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- commit 9d510a3
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit e7722fa
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 2f78693
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 5213f10
- kABI workaround for rtsx_usb (git-fixes).
- commit 4ee0d92
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- commit 0dca060
- power/reset: arm-versatile: Fix refcount leak in
versatile_reboot_probe (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
(git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
(git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
(git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
(git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: Fix a potential integer overflow in
ima_appraise_measurement (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
(git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector() (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
(git-fixes).
- misc: rtsx_usb: use separate command and response buffers
(git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
(git-fixes).
- fbcon: Disallow setting font bigger than screen size
(git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
(git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
(git-fixes).
- commit aa669e5
- ASoC: Intel: Skylake: Correct the handling of fmt_config
flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- commit 2be6c70
- arm64: fix compat syscall return truncation (git-fixes)
- commit 24bf105
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- commit 992de8b
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 867aa84
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ad8af15
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit 02d9d74
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- commit 4265617
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 080c096
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- commit ddc1d85
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit aff711b
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit d286e63
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- commit 437cb00
- usb: typec: add missing uevent when partner support PD
(git-fixes).
- commit 8f7dacd
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 052f747
- blacklist.conf: will speed up booting in exchange for breaking charging
from a switched off laptop with some firmwares
- commit bd8e45d
- blacklist.conf: build fix that does not matter on a released kernel
- commit 3296a39
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit a69d674
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 1caf14d
- Sort in RETbleed backport into the sorted section
Now that it is upstream..
- Refresh
patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit 94dfede
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- commit ed82a39
- blacklist.conf: blocks a driver from building
- commit 2f8d19f
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- commit 1950671
- arm64: lib: Use modern annotations for assembly functions (git-fixes)
Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
- commit fb5a868
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
(git-fixes).
- Refresh
patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
- commit 8e36894
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- commit a5d53f5
- usbnet: fix memory leak in error case (git-fixes).
- commit 988ba16
- arm64: module: rework special section handling (git-fixes)
- commit 7d368bc
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit fb0447a
- dm mirror log: round up region bitmap size to BITS_PER_LONG
(git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
(git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one
device (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
digest size (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
sizes (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
(git-fixes).
- dm: fix mempool NULL pointer race when completing IO
(git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
crypt_page_alloc() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
(git-fixes).
- blk-zoned: allow zone management send operations without
CAP_SYS_ADMIN (git-fixes).
- dm btree remove: assign new_root only when removal succeeds
(git-fixes).
- dm snapshot: properly fix a crash when an origin has no
snapshots (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk
size (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
table reload sequences (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
(git-fixes).
- dm persistent data: packed struct should have an aligned()
attribute too (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during
tear down (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size
(git-fixes).
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way
(git-fixes).
- dm integrity: conditionally disable "/recalculate"/ feature
(git-fixes).
- dm integrity: fix a crash if "/recalculate"/ used without
"/internal_hash"/ (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm snapshot: flush merged data before committing metadata
(git-fixes).
- lib/string.c: implement stpcpy (git-fixes).
- commit ab41893
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
rx queue (bsc#1201381).
- commit ae4d431
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
revert the effect of mainline 453431a54934d917153 on patch.
- commit 5e710e7
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 8d18bba
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- commit 2dbbe9d
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- commit 6a3fc85
- pty: do tty_flip_buffer_push without port->lock in pty_write
(bsc#1198829 CVE-2022-1462).
- commit ce8f318
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cbf8ad3
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- Update config files:
- MODULE_ALLOW_BTF_MISMATCH=y
- commit 0660602
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- Refresh
patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit 6a4211c
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- Refresh
patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit ec84a18
- kbuild: Skip module BTF generation for out-of-tree external
modules (jsc#SLE-24559).
- commit b411a90
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- commit dd48d54
- kbuild: Build kernel module BTFs if BTF is enabled and pahole
supports it (jsc#SLE-24559).
- Update config files:
- PAHOLE_HAS_SPLIT_BTF=y
- DEBUG_INFO_BTF_MODULES=y
- commit 00469b9
- bpf: Assign ID to vmlinux BTF and return extra info for BTF
in GET_OBJ_INFO (jsc#SLE-24559).
- commit bf525c4
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- commit de75fe3
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- Refresh
patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
- commit 97960b8
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- commit d74c2bd
- kbuild: drop $(wildcard $^) check in if_changed* for faster
rebuild (jsc#SLE-24559).
- commit 2b23691
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- Refresh
patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
- Refresh
patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
- Refresh
patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
- Refresh
patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
- commit 860eb7e
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- Refresh
patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
- commit e48ca3e
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- commit 089d37f
- io_uring: fix fs->users overflow (CVE-2022-1116, bsc#1199647).
- commit e8dfed6
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
(git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
(git-fixes).
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
changes to RUNNING (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
(git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
error (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- commit cad0d5f
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 12197a1
- mm/slub: add missing TID updates on slab deactivation
(git-fixes).
- commit af73675
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit 89b5cfc
- xen: don't continue xenstore initialization in case of errors
(git-fixes).
- commit a397042
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- commit 223f7ba
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
intel_pmu_refresh() (git-fixes).
- commit 2a600a1
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
GPAs (git-fixes).
- commit a048eb5
- KVM: apic: avoid calculating pending eoi from an uninitialized
val (git-fixes).
- commit bd607c6
- KVM: nVMX: handle nested posted interrupts when apicv is
disabled for L1 (git-fixes).
- commit a486b7a
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
attacks (git-fixes).
- commit eb73c2f
- KVM: x86: Don't let userspace set host-reserved cr4 bits
(git-fixes).
- commit 404b24a
- net: hso: bail out on interrupt URB allocation failure
(git-fixes).
- commit f562212
- blacklist.conf: misattributed in upstream
- commit 202e210
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
bsc#1201251).
- commit 84c7e09
- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
- commit 4566057
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- commit 8890fb5
- xen/netfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33741, XSA-403).
- commit 7daee4f
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-33740, XSA-403).
- commit bfb8cc2
- xen/blkfront: force data bouncing when backend is untrusted
(bsc#1200762, CVE-2022-33742, XSA-403).
- commit 9c6c1df
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
CVE-2022-26365, XSA-403).
- commit 7095954
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 72392d0
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 272b7b1
- selftest/powerpc: Add PAPR sysfs attributes sniff test
(bsc#1200465 ltc#197256 jsc#PED-1931).
- powerpc/pseries: Interface to represent PAPR firmware attributes
(bsc#1200465 ltc#197256 jsc#PED-1931).
- commit 9795281
- Add dtb-starfive
- commit 85335b1
- config: enable DEBUG_INFO_BTF
This option allows users to access the btf type information for vmlinux
but not kernel modules.
- commit fb07e10
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit b1b6d4b
- krb5
-
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bso#15203), (bsc#1205126).
- Added patches:
* 0010-Fix-integer-overflows-in-PAC-parsing.patch
- libassuan
-
- update to 2.5.5:
* Fix a crash in the logging code
* Upgrade autoconf
- update to 2.5.4:
* Fix some minor build annoyances
- Update to 2.5.3:
* Add a timeout for writing to a SOCKS5 proxy.
* Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
* configure.ac: Bump LT version to C8/A8/R2
* include libassuan.pc in the spec file
- libgpg-error
-
- Drop --with-pic (no effect with --disable-static).
- update to 1.42:
* Improve cross-compiling support
* Improve $libdir determination by gpgrt-config
* Support --disable-thread by gen-lock-obj.sh
* Interface changes relative to the 1.40 release
GPG_ERR_SOURCE_TPM2D
- update to 1.41:
* Fixes another glitch in the "/ignore"/ meta command.
* Fixes two typos in the German translation.
* New function gpgrt_access.
* Make "/ignore"/ meta command work correctly in the option parser.
* Interface changes relative to the 1.39 release:
gpgrt_access NEW.
- Update to 1.39:
* "/gpg-error --lib-version"/ works again.
* New function gpgrt_fcancel as alternative to gpgrt_close. This
function avoid flushing out buffered data and also tries to delete
a newly created file.
* Update the gnupg project keyring
* Interface changes relative to the 1.38 release:
- gpgrt_fcancel: NEW.
- Update to 1.38:
* New option parser features to implement system wide
configuration files
* New functions to build file names
* New function to help reallocating arrays
* Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
gawk5.patch
- Update to 1.37
Release-info: https://dev.gnupg.org/T4772
* Fixes a build problems when using Gawk 5.0 [#4459]
* Improves cross-compiling support. [#4643]
* New error codes to map SQLite primary error codes.
* Now uses poll(2) instead of select(2) in gpgrt_poll if possible.
* Fixes a bug in gpgrt_close. [#4698]
* Fixes a few minor portability bugs.
* New interfaces in this release:
GPG_ERR_NO_KEYBOXD GPG_ERR_KEYBOXD GPG_ERR_NO_SERVICE
GPG_ERR_SERVICE GPG_ERR_SQL_OK GPG_ERR_SQL_ERROR
GPG_ERR_SQL_INTERNAL GPG_ERR_SQL_PERM GPG_ERR_SQL_ABORT
GPG_ERR_SQL_BUSY GPG_ERR_SQL_LOCKED GPG_ERR_SQL_NOMEM
GPG_ERR_SQL_READONLY GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR
GPG_ERR_SQL_CORRUPT GPG_ERR_SQL_NOTFOUND GPG_ERR_SQL_FULL
GPG_ERR_SQL_CANTOPEN GPG_ERR_SQL_PROTOCOL GPG_ERR_SQL_EMPTY
GPG_ERR_SQL_SCHEMA GPG_ERR_SQL_TOOBIG GPG_ERR_SQL_CONSTRAINT
GPG_ERR_SQL_MISMATCH GPG_ERR_SQL_MISUSE GPG_ERR_SQL_NOLFS
GPG_ERR_SQL_AUTH GPG_ERR_SQL_FORMAT GPG_ERR_SQL_RANGE
GPG_ERR_SQL_NOTADB GPG_ERR_SQL_NOTICE GPG_ERR_SQL_WARNING
GPG_ERR_SQL_ROW GPG_ERR_SQL_DONE
- Remove patch fixed upstream.
* gawk5.patch
- Add patch to fix buidling with gawk 5.0 and newer:
* gawk5.patch
- Update to 1.36:
* Two new error codes to better support PIV cards
* Support armv7a-unknown-linux-gnueabihf
- Update to 1.35:
* Distribute the correct gpgrt-config
- update to 1.34:
* Support for riscv32
* New API to allow emergency cleanup after internal fatal errors
* Minor bug and portability fixes
- update to 1.33:
* New unified config script gpgrt-config
* The log functions now sanitize strings printed with the "/%s"/
format specifier
* New fprintf style function to apply a custom filter for string
arguments
* New function to compare version strings
- Update to 1.32:
* Fixes a problem with gpgrt_fflush and gpgrt_fopencookie
* Fixes a problem with the C11 header stdnoreturn.h
- Fix %install_info_delete usage:
* It has to be performed in %preun not in %postun.
* See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
- update to 1.31:
* Fixes for platforms other than GNU/Linux
* New translation for Spanish
- update to 1.30:
* fixes for platforms other than GNU/Linux
* Use %license (boo#1082318)
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- libsodium
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Revert previous change about cpuid as previous change rejected
in https://build.opensuse.org/request/show/724809
- Disable LTO as bypass boo#1148184
- Add libsodium_configure_cpuid_chg.patch and call autoconf
to regenerate configure script with proper CPUID checking.
Required at least for PowerPC and ARM now that LTO enabled.
- Update to 1.0.18
- Enterprise versions of Visual Studio are now supported.
- Visual Studio 2019 is now supported.
- 32-bit binaries for Visual Studio 2010 are now provided.
- A test designed to trigger an OOM condition didn't work on
Linux systems with memory overcommit turned on. It has been
removed in order to fix Ansible builds.
- Emscripten: print and printErr functions are overridden to send
errors to the console, if there is one.
- Emscripten: UTF8ToString() is now exported since
Pointer_stringify() has been deprecated.
- Libsodium version detection has been fixed in the CMake recipe.
- Generic hashing got a 10% speedup on AVX2.
- New target: WebAssembly/WASI
(compile with dist-builds/wasm32-wasi.sh).
- New functions to map a hash to an edwards25519 point
or get a random point:
core_ed25519_from_hash() and core_ed25519_random().
- crypto_core_ed25519_scalar_mul() has been implemented for
scalar*scalar (mod L) multiplication.
- Support for the Ristretto group has been implemented for
interoperability with wasm-crypto.
- Improvements have been made to the test suite.
- Portability improvements have been made.
- getentropy() is now used on systems providing this system call.
- randombytes_salsa20 has been renamed to randombytes_internal.
- Support for NativeClient has been removed.
- Most ((nonnull)) attributes have been relaxed to allow 0-length
inputs to be NULL.
- The -ftree-vectorize and -ftree-slp-vectorize compiler switches
are now used, if available, for optimized builds.
- Update to 1.0.17
- Bug fix: sodium_pad() didn't properly support block sizes
>= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the
WebAssembly module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
returnEINVAL` on input strings with a short length, unlike
their high-level counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU
features not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime
order group:
- crypto_core_ed25519_scalar_random(),
crypto_core_ed25519_scalar_reduce(),
- crypto_core_ed25519_scalar_invert(),
crypto_core_ed25519_scalar_negate(),
- crypto_core_ed25519_scalar_complement(),
crypto_core_ed25519_scalar_add() and
crypto_core_ed25519_scalar_sub().
- New low-level APIs for scalar multiplication without clamping:
crypto_scalarmult_ed25519_base_noclamp() and
crypto_scalarmult_ed25519_noclamp().
These new APIs are especially useful for blinding.
- sodium_sub() has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The nonnull attribute has been added to all relevant
prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
- libsolv
-
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
to a random port (bsc#1199467)
- add binddynport-honor-ip_local_reserved_ports.patch
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
- add 0001-fix-parms.r_addr-memory-leak.patch
- libxml2
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- Add libxml2-python3-string-null-check.patch: fix NULL pointer
dereference when parsing invalid data (bsc#1065270
glgo#libxml2!15).).
- clean with spec-cleaner
- libxml2-python3-unicode-errors.patch: work around an issue with
libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270)
- convert to singlespec, build a python 3 version
- change build instructions to use setup.py (and %python_build macros)
instead of makefile-based approach
- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6
- rename to python-libxml2-python to conform to package naming policy
(PyPI name is "/libxml2-python"/)
- libyajl
-
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
- libzypp
-
- ProgressData: enforce reporting the INIT||END state
(bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
(bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
(bsc#1203248)
Without enabled repos, the dependent PTF-packages would be
removed (not replaced!) as well. To remove a PTF "/zypper install
- - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
This will update the installed PTF packages to theit latest
version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
This patch hopefully fixes logging on WSL, getsockopt seems to
not be fully supported but the code required it when accepting
new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
(fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
settings.
- Implement geoIP feature for zypp.
This patch adds a feature to rewrite request URLs to the repo
servers by querying a geoIP file from download.opensuse.org. This
file can return a redirection target depending on the clients IP
adress, this way we can directly contact a local mirror of d.o.o
instead. The redir target stays valid for 24hrs.
This feature can be disabled in zypp.conf by setting
'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server
MediaMultiCurl used to fallback to a fixed, relatively small
BLKSIZE. This patch changes the fallback into a dynamic value
based on the filesize using a similar metric as the MirrorCache
implementation on the server side.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to
calculate if a repository needs to be refreshed. This
optimisation only takes place if the repo does specify only
downloading base urls.
- version 17.31.3 (22)
- Resolver: Fix missing --[no]-recommends initialization in
update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
an old Notcurses++ package which happens to be present in the
buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
c++11. In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
since 15.1 (bsc#1189282)
- version 17.31.1 (22)
- Add PoolItem::statusReinit to reset the status it's initial
state in the ResPool (might help bsc#1199895)
This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
(bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
This commit removes the MediaNetwork tech preview and all related
code. First reason for this is that MediaNetwork was just meant
as a way to test the new CURL based downloader and second: since
the Provide API is going to completely replace the current media
backend it would be extra work to ensure that changes on the
Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
- appdata plugin: Pass path to the repodata/ directory inside the
cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
solvable. May happen if (wrong arch) solvables were removed
at the beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
(fixes #388)
- version 17.30.1 (22)
- logrotate
-
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
* enforce stricter parsing to avoid CVE-2021-3864
* Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
* Added patch logrotate-dont_warn_on_size=_syntax.patch
- lvm2
-
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
- bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
- in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
- change %post behaviour, only do deleting job for non-link folder
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- Add patch ncurses-bnc1198627.patch
* Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- openldap2
-
- bsc#1198341 - Prevent memory reuse which may lead to instability
* 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- openssh
-
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
connections update their dbus environment (bsc#1179465).
- Add openssh-do-not-send-empty-message.patch: Prevent empty
messages from being sent. This avoids a superfluous new line
(bsc#1192439).
- openssl-1_1
-
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
* Double free after calling PEM_read_bio_ex()
* Add patches:
- openssl-CVE-2022-4450-1of2.patch
- openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
- FIPS: list only FIPS approved public key algorithms
[bsc#1121365, bsc#1198472]
* Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
* Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
- pam
-
- Update pam_motd to the most current version. This fixes various issues
and adds support for mot.d directories [jsc#PED-1712].
* Added: pam-ped1712-pam_motd-directory-feature.patch
- pcre2
-
- Added pcre2-bsc1199235-CVE-2022-1587.patch
* CVE-2022-1587 / bsc#1199235
* Fix out-of-bounds read due to bug in recursions
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch
* CVE-2019-20454 / bsc#1164384
* Fix crash when X is used in non-UTF mode on certain inputs.
* Sourced from:
- https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f
- https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9
- perl
-
- fix File::Path rmtree/remove_tree race condition
[bnc#1047178] [CVE-2017-6512]
new patch: perl-file_path_rmtree_fchmod.diff
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
(bsc#1198197)
- 0.938
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
jsc#SLE-18271).
- 0.937
- permissions
-
* Backport postfix to SLE-15-SP2 (bsc#1206738)
- Update to version 20181225:
* Revert "/drop ping capabilities in favor of ICMP_PROTO sockets"/. Older
SLE-15 versions don't properly support this feature yet (bsc#1204137)
- Update to version 20181225:
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20181225:
* chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20181225:
- procps
-
- Add patch bsc1209122-a6c0795d.patch
* Fix for bsc#1209122 to allow `-´ as leading character to ignore
possible errors on systctl entries
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
- Add the patches
* procps-3.3.17-library-bsc1181475.patch
* procps-3.3.17-top-bsc1181475.patch
which are backports of current newlib tree to solve bug bsc#1181475
* 'free' command reports misleading "/used"/ value
- protobuf
-
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
CVE-2022-1941, bsc#1203681
* Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
protobuf-java, CVE-2022-3171, bsc#1204256
* Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
* Add protobuf-51026d922970e06475f005b39287963594134b96.patch
* Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
* Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
* Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
* Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
* Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
* Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
* Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
* Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering
- Fix potential Denial of Service in protobuf-java in the parsing procedure
for binary data, CVE-2021-22569, bsc#1194530
* Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
- python-M2Crypto
-
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- python-certifi
-
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
- python-cryptography
-
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
* Don't allow update_into to mutate immutable objects
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
+ 5507-mitigate-Bleichenbacher-attacks.patch
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (>2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242
- drops CVE-2020-36242-buffer-overflow.patch on older dists
- update to 3.3.1:
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 3.3.0
- BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
due to low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
- BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
- BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
- Updated Windows, macOS, and manylinux wheels to be compiled
with OpenSSL 1.1.1i.
- Python 2 support is deprecated in cryptography. This is the
last release that will support Python 2.
- Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
- Remove unnecessary dependency virtualenv.
- update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
- update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Support for OpenSSL 1.0.2 has been removed.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
- update to 3.1.1:
* wheels compiled with OpenSSL 1.1.1h.
- update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
the OpenSSL project. The next version of ``cryptography`` will drop support
for it.
* Deprecated support for Python 3.5. This version sees very little use and will
be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2 :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch
* Removed support for passing an Extension instance
to from_issuer_subject_key_identifier(), as per our deprecation policy.
* Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
* Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
* add disallow_implicit_tag_truncation.patch from
https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
- python-msgpack
-
- Loose the filelist for the package info to avoid FTBFS on
SLE-15-SP5 (bsc#1203743).
- python-psutil
-
- Add patch mem-used-bsc1181475.patch (bsc#1181475)
* Adopt change of used memory calculation from upstream of procps
- python-py
-
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
* Fix a regular expression DoS vulnerability in the py.path.svnwc
SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
* Add type annotation stubs
- python-pytz
-
- update to 2022.1
* matches tzdata 2022a
* declare python 3.10 compatibility
- update to 2021.3
* matches tzdata 2021c
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python3
-
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
email.generator.py from replacing a non-existent header
(bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- - fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
* add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- ruby2
-
- Update suse.patch to 41adc98ad1:
- Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819)
- add back some lost chunks to the suse.patch
- runc
-
- Update to runc v1.1.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
Includes fixes for the following CVEs:
- CVE-2023-25809 bsc#1209884
- CVE-2023-27561 bsc#1208962
- CVE-2023-28642 bsc#1209888
* Fix the inability to use `/dev/null` when inside a container.
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1). bsc#1168481
* Fix rare runc exec/enter unshare error on older kernels.
* nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
bsc#1202021
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "/permission denied"/ error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
- salt
-
- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
* skip-package-names-without-colon-bsc-1208691-578.patch
- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
* fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
* 3004-implement-zypper-removeptf-574.patch
- Control the collection of lvm grains via config (bsc#1204939)
- Added:
* control-the-collection-of-lvm-grains-via-config.patch
- Pass the context to pillar ext modules
- Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
- Detect module run syntax version
- Implement automated patches alignment for the Salt Bundle
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Clarify pkg.installed pkg_verify documentation
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Added:
* clarify-pkg.installed-pkg_verify-documentation.patch
* make-pass-renderer-configurable-other-fixes-532.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
* detect-module.run-syntax.patch
* ignore-extend-declarations-from-excluded-sls-files.patch
* include-stdout-in-error-message-for-zypperpkg-559.patch
* pass-the-context-to-pillar-ext-modules.patch
- Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
- Fix Syndic authentication errors (bsc#1199562)
- Add Amazon EC2 detection for virtual grains (bsc#1195624)
- Fix the regression in schedule module releasded in 3004 (bsc#1202631)
- Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
- Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Fix test_ipc unit test
- Added:
* fix-the-regression-in-schedule-module-releasded-in-3.patch
* ignore-non-utf8-characters-while-reading-files-with-.patch
* backport-syndic-auth-fixes.patch
* retry-if-rpm-lock-is-temporarily-unavailable-547.patch
* change-the-delimeters-to-prevent-possible-tracebacks.patch
* fix-state.apply-in-test-mode-with-file-state-module-.patch
* fix-test_ipc-unit-tests.patch
* add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Added:
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* save-log-to-logfile-with-docker.build.patch
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* normalize-package-names-once-with-pkg.installed-remo.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* use-salt-bundle-in-dockermod.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* add-support-for-gpgautoimport-539.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- selinux-policy
-
- Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper
(bnc#1201015)
- shadow
-
- bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch
- shim
-
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
The 86b73d1 patch added the logic that using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
86b73d1 Fix that bootx64.efi is not updated on Leap
f2e8143 Use the long name to specify the grub2 key protector
7283012 cryptodisk: support TPM authorized policies
49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
a5c5734 Introduce --no-grub-install option
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
be merged to v5.19. On the other hand, upstream is working on
improve compressed kernel stage for NX:
[PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
- shim-Enable-TDX-measurement-to-RTMR-register.patch
- Enable TDX measurement to RTMR register (jsc#PED-1273)
- 4fd484e4c2 15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
- Patches (git log --oneline --reverse 15.6..15.7)
0eb07e1 Make SBAT variable payload introspectable
092c2b2 Reference MokListRT instead of MokList
8b59b69 Add a link to the test plan in the readme.
4fd484e Enable TDX measurement to RTMR register
14d6339 Discard load-options that start with a NUL
5c537b3 shim: Flush the memory region from i-cache before execution
2d4ebb5 load_cert_file: Fix stack issue
ea4911c load_cert_file: Use EFI RT memory function
0cf43ac Add -malign-double to IA32 compiler flags
17f0233 pe: Fix image section entry-point validation
5169769 make-archive: Build reproducible tarball
aa1b289 mok: remove MokListTrusted from PCR 7
53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
616c566 More coverity modeling
ea0d0a5 Update shim's .sbat to sbat,3
dd8be98 Bump grub's sbat requirement to grub,3
1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
- 15.7 release note https://github.com/rhboot/shim/releases
Make SBAT variable payload introspectable by @chrisccoulson in #483
Reference MokListRT instead of MokList by @esnowberg in #488
Add a link to the test plan in the readme. by @vathpela in #494
[V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
Discard load-options that start with a NUL by @frozencemetery in #505
load_cert_file bugs by @esnowberg in #523
Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
pe: Fix image section entry-point validation by @iokomin in #518
make-archive: Build reproducible tarball by @julian-klode in #527
mok: remove MokListTrusted from PCR 7 by @baloo in #519
- Drop upstreamed patch:
- shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
- Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify()
- 53509eaf22 15.7
- shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
- For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
- The following patches are merged to 15.7
aa1b289a1a mok: remove MokListTrusted from PCR 7
0cf43ac6d7 Add -malign-double to IA32 compiler flags
ea4911c2f3 load_cert_file: Use EFI RT memory function
2d4ebb5a79 load_cert_file: Fix stack issue
5c537b3d0c shim: Flush the memory region from i-cache before execution
14d6339829 Discard load-options that start with a NUL
092c2b2bbe Reference MokListRT instead of MokList
0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
patches between 15.6 with aa1b289a1a (jsc#PED-127):
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
and shim.changes: (jsc#PED-127)
- Add some change log from SLE shim.changes to Factory shim.changes
Those messages are added "/(sync shim.changes from SLE)"/ tag.
- Add the following changes to shim.spec
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
on openSUSE.
- Enable the AArch64 signature check for SLE:
[#] AArch64 signature
signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
(bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
- shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
which is from upstream grub2.cve_2021_3695.ms keybase channel.
- For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
support efi-app-aarch64 target. So we need the following patches in bintuils:
- binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
- binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
- binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
- Patches (git log --oneline --reverse 15.5~..77144e5a4)
448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
a2da05f shim: implement SBAT verification for the shim_lock protocol
bda03b8 post-process-pe: Fix a missing return code check
af18810 CI: don't cancel testing when one fails
ba580f9 CI: remove EOL Fedoras from github actions
bfeb4b3 Remove aarch64 build tests before f35
38cc646 CI: Add f36 and centos9 CI build tests.
b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
31094e5 tests: also look for system headers in multi-arch directories
4df989a mock-variables.c: fix gcc warning
6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
2670c6a Allow MokListTrusted to be enabled by default
5c44aaf Add code of conduct
d6eb9c6 Modernize aarch64
9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
de87985 make: don't treat cert.S specially
803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
bb4b60e Add verify_image
acfd48f Abstract out image reading
35d7378 Load additional certs from a signed binary
8ce2832 post-process-pe: there is no 's' argument.
465663e Add some missing PE image flag definitions
226fee2 PE Loader: support and require NX
df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
f81a7cc SBAT revocation management
abe41ab make: unbreak scan-build again for gnu-efi
610a1ac sbat.h: minor reformatting for legibility
f28833f peimage.h: make our signature macros force the type
5d789ca Always initialize data/datasize before calling read_image()
a50d364 sbat policy: make our policy change actions symbolic
5868789 load_certs: trust dir->Read() slightly less.
a78673b mok.c: fix a trivial dead assignment
759f061 Fix preserve_sbat_uefi_variable() logic
aa61fdf Give the Coverity scanner some more GCC blinders...
0214cd9 load_cert_file(): don't defererence NULL
1eca363 mok import: handle OOM case
75449bc sbat: Make nth_sbat_field() honor the size limit
c0bcd04 shim-15.6~rc1
77144e5 SBAT Policy latest should be a one-shot
- 15.5 release note https://github.com/rhboot/shim/releases
Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
mok: allocate MOK config table as BootServicesData by @lcp in #361
Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
Relax the check for import_mok_state() by @lcp in #372
SBAT.md: trivial changes by @hallyn in #389
shim: another attempt to fix load options handling by @chrisccoulson in #379
Add tests for our load options parsing. by @vathpela in #390
arm/aa64: fix the size of .rela* sections by @lcp in #383
mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
mok: relax the maximum variable size check by @lcp in #369
Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
Fallback allocation errors by @vathpela in #402
shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
str: remove duplicate parameter check by @xypron in #408
fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
Test mok mirror by @vathpela in #394
Modify sbat.md to help with readability. by @eshiman in #398
csv: detect end of csv file correctly by @xypron in #404
Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
pe: simplify generate_hash() by @xypron in #411
Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
Fallback to default loader if parsed one does not exist by @julian-klode in #393
fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
Better console checks by @vathpela in #416
docs: update SBAT UEFI variable name by @nicholasbishop in #421
Don't parse load options if invoked from removable media path by @julian-klode in #399
fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
Shim 15.5 coverity by @vathpela in #439
Allocate mokvar table in runtime memory. by @vathpela in #447
Remove post-process-pe on 'make clean' by @vathpela in #448
pe: missing perror argument by @xypron in #443
- 15.6-rc1 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
- 15.6 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
SBAT Policy latest should be a one-shot by @jsetje in #481
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
pe: Perform image verification earlier when loading grub by @chriscoulson
Update advertised sbat generation number for shim by @jsetje
Update SBAT generation requirements for 05/24/22 by @jsetje
Also avoid CVE-2022-28737 in verify_image() by @vathpela
- Drop upstreamed patch:
- shim-bsc1184454-allocate-mok-config-table-BS.patch
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- 4068fd42c8 15.5-rc1~70
- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
- Handle ignore_db and user_insecure_mode correctly
- 822d07ad4f07 15.5-rc1~73
- shim-bsc1185621-relax-max-var-sz-check.patch
- Relax the maximum variable size check for u-boot
- 3f327f546c219634b2 15.5-rc1~49
- shim-bsc1185261-relax-import_mok_state-check.patch
- Relax the check for import_mok_state() when Secure Boot is off
- 9f973e4e95b113 15.5-rc1~67
- shim-bsc1185232-relax-loadoptions-length-check.patch
- Relax the check for the LoadOptions length
- ada7ff69bd8a95 15.5-rc1~52
- shim-fix-aa64-relsz.patch
- Fix the size of rela* sections for AArch64
- 34e3ef205c5d65 15.5-rc1~51
- shim-bsc1187260-fix-efi-1.10-machines.patch
- Don't call QueryVariableInfo() on EFI 1.10 machines
- 493bd940e5 15.5-rc1~69
- shim-bsc1185232-fix-config-table-copying.patch
- Avoid buffer overflow when copying the MOK config table
- 7501b6bb44 15.5-rc1~50
- shim-bsc1187696-avoid-deleting-rt-variables.patch
- Avoid deleting the mirrored RT variables
- b1fead0f7c9 15.5-rc1~37
- Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
to make sure all object files gets rebuilt
- reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
in shim-15.6.tar.bz2
- shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
pe: Fix a buffer overflow when SizeOfRawData VirtualSize
- shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
pe: Perform image verification earlier when loading grub
- shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
Update advertised sbat generation number for shim
- shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
Update SBAT generation requirements for 05/24/22
- shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
Also avoid CVE-2022-28737 in verify_image()
- 0006-shim-15.6-rc2.patch
- 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
sbat: add the parsed SBAT variable entries to the debug log
- 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
show the prompt to ask whether the user trusts openSUSE certificate or not
(bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
(sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
- update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
- update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
- update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
related test failures on 32 bit
- update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
- update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
- update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
sqlite-src-3380100-atof1.patch
- update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like "/--wrap N"/,
"/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
- update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("/START"/) is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
- sudo
-
- Fix CVE-2023-28486, sudo does not escape control characters in
log messages, (CVE-2023-28486, bsc#1209362)
* Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
* bsc#1203201
* Do not re-enable the reader when flushing the buffers as part
of pty_finish().
* While sudo-observe-SIGCHLD patch applied earlier prevents a
race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
* bsc#1206483
* Fix a situation where "/sudo -U otheruser -l"/ would dereference
a NULL pointer.
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Fixed an issue where some redundant entries in a sudo configuration
file caused freed memory to be accessed in the error message thus
wrong information was output in the error message.
* [bsc#1190818]
* Added [sudo-1.9.5p2-no_free_alias_name.patch]
Sourced from the following git commit hashes:
| 9ed14870c Add garbage collection to the sudoers parser to clean
up on error. This makes it possible to avoid memory leaks when
there is a parse error.
| bdb02b1ef Got back to calling alias_free() on alias_add() failure.
We now need to remove the name and members from the leak list
* before* calling alias_add() since alias_add() will consume them
for both success and failure.
| b4cabdb39 Don't free the alias name in alias_add() if the alias
already exists. We need to be able to display it using
alias_error(). Only free what we actually allocated in alias_add()
on error and let the caller handle cleanup. Note that we cannot
completely fill in the alias until it is inserted. Otherwise,
we will have modified the file and members parameters even if
there was an error. As a result, we have to remove those from the
leak list after alias_add(), not before.
- supportutils
-
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
+ Added type output with df command in fs-diskio.txt (issue#141)
+ Gather all files in /etc/security/limits.d/ (issue#142)
+ Fixed KVM virtualization detection on bare metal (bsc#1184689)
+ Added logging using journalctl (bsc#1200330)
+ Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
+ Added system logging configuration and checking in messages_config.txt (issue#103)
+ If rsyslog not installed collect more from journalctl (issue#120)
+ Added systemd-status.txt for the status of all service units (issue#125)
+ autofs includes files in (+dir:<path>) (issue#111)
+ Get current sar data before collecting files (bsc#1192648)
+ Collects everything in /etc/multipath/ (bsc#1192252)
+ Collects power management information in hardware.txt (bsc#1197428)
+ Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
+ Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
+ Update to nvme_info and block_info #133 (bsc#1202417)
+ Added IO scheduler (issue#136)
+ Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
- suse-build-key
-
- Establish multiple new 4096 RSA keys that we will switch
to mid of 2023. (jsc#PED-2777)
- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
new RSA 4096 key for the SUSE registry registry.suse.com, installed as
suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
New PTF container signing key for registry.suse.com/ptf/ space.
- added /usr/share/pki/containers directory for container pem keys
(cosign/sigstore style), put our PEM key there too (bsc#1204706)
- sysconfig
-
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
- systemd
-
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-coredump-Fix-format-string-type-mismatch.patch
Add 5001-coredump-drop-an-unused-variable.patch
Add 5002-coredump-adjust-whitespace.patch
Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
f70647a7b7 udev/net_id: add debug logging for construction of device names
48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
dba888a4d3 pid1: watch bus name always when we have it
f524807b89 udev: add one more assertion
8558101c73 udev: drop assertion which is always false
566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
b4c4edaada tests: minor simplification in test-execute
76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
Also update the rule files to make use of the "/CONST{arch}"/ syntax (available
since v244).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
8a70235d8a core: Add trigger limit for path units
93e544f3a0 core/mount: also add default before dependency for automount mount units
5916a7748c logind: fix crash in logind on user-specified message string
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
To decrease log level of messages about use of KillMode=none from warning to
debug. SAP still uses this deprecated option and the warnings emitted by PID1
confuse both SAP customers and support.
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
90740ae2aa string-util: explicitly cast character to unsigned
ca1455c5b9 string-util: fix build error on aarch64
c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
387a2e1fbf basic/string-util: simplify how str_realloc() is used
cdc4d55d22 basic/string-util: inline iterator variable declarations
d435514c85 basic/string-util: split out helper function
bdbc4faff5 basic/escape: always escape newlines in shell_escape()
3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/
08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations
074e1b622e Allow control characters in environment variable values (bsc#1200170)
44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/
d5756f6f71 test-env-util: Verify that r is disallowed in env var values
d02bac33d3 basic/env-util: make function shorter
c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
887c150a04 test-env-util: print function headers
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
b593249c00 core/device: do not downgrade device state if it is already enumerated
7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
912c07c281 core/device: drop unnecessary condition
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Call pam_loginuid when creating user@.service (bsc#1198507)
It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
- systemd-presets-common-SUSE
-
- Enable systemd-pstore.service by default (jsc#PED-2663)
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter "/user"/, the save/apply-changes commands now
work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (boo#1200485)
- tar
-
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
results in use of uninitialized memory for a conditional jump
(CVE-2022-48303, bsc#1207753)
* fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
* remove bsc1202436.patch
* bsc1202436-1.patch
* bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- bsc1200657.patch was previously incomplete leading to deadlocks
* bsc#1202436
* bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- timezone
-
- timezone update 2023c:
* Revert changes made in 2023b
- timezone update 2023b:
* Lebanon delays the start of DST this year.
- timezone update 2023a:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- Update to reflect new Chile DST change, bsc#1202310
* bsc1202310.patch
- util-linux
-
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- util-linux-systemd
-
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- su: Change owner and mode for pty (bsc#1200842,
util-linux-login-move-generic-setting-to-ttyutils.patch,
util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
(bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
in utab (bsc#1198731,
util-linux-libmount-moving-mount-point-sub-mounts.patch,
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- vim
-
- Updated to version 9.0 with patch level 1443, fixes the following security problems
* Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
* Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
* Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
- Updated to version 9.0 with patch level 0313, fixes the following problems
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Truncate file name even if no directory structure
* [bsc#1204720]
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
- xen
-
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
- Upstream bug fixes (bsc#1027519)
63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
637b5f4f-efifb-ignore-invalid.patch
63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
speculative security issues (XSA-422)
636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
(XSA-376)
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-10.patch (correction)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
for 2nd-level page tables on ARM systems (XSA-409)
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
crash xenstored (XSA-414)
xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
create orphaned Xenstore nodes (XSA-415)
xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
cause Xenstore to not free temporary memory (XSA-416)
xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
get access to Xenstore nodes of deleted domains (XSA-417)
xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
crash xenstored via exhausting the stack (XSA-418)
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
Xenstore: cooperating guests can create arbitrary numbers of
nodes (XSA-419)
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
Xenstore: Guests can create arbitray number of nodes via
transactions (XSA-421)
xsa421-01.patch
xsa421-02.patch
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch
- bsc#1197081 - dom0 fails to boot with constrained vcpus and nodes
62f4cfee-sched-setup-dom0-vCPU-affinity-once.patch
- Upstream bug fixes (bsc#1027519)
62d65105-x86-spec-ctrl-MD_CLEAR-reporting.patch
62d807c1-x86-suppress-MMX.patch
62ecfc08-VMX-use-IST-RSB-protection.patch
62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
leaks (XSA-403)
xsa403.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
- Drop patch replaced by upstream version
xsa408.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
Part of already released 4.14.5 tarball
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- zlib
-
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch
- Fix heap-based buffer over-read or buffer overflow in inflate via
large gzip header extra field (bsc#1202175, CVE-2022-37434,
CVE-2022-37434-extra-header-1.patch,
CVE-2022-37434-extra-header-2.patch).
- zstd
-
- Fix CVE-2022-4899, bsc#1209533
* Disallow empty --output-dir-flat=
- Added patch:
* Disallow-empty-output-directory.patch
- zypper
-
- BuildRequires: libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
A remove command which prefers replacing dependant packages to
removing them as well.
A PTF is typically removed as soon as the fix it provides is
applied to the latest official update of the dependant packages.
But you don't want the dependant packages to be removed together
with the PTF, which is what the remove command would do. The
removeptf command however will aim to replace the dependant
packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
(bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires: libzypp-devel >= 17.31.5
- version 1.14.58
- BuildRequires: libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
(bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
Since libzypp 17.23.0 the PPP status is auto established. No
extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56
- lr: Allow shortening the Name column if table is wider than the
terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
(bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
resolve argument.
- zypper-download: Handle unresolvable arguments as error.
This commit changes zypper-download such that it behaves more
consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53