- aaa_base
-
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to also fix the typo to set JAVA_BINDIR in the csh variant
of the alljava profile script (bsc#1221361)
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
make sure the script does not exit with 1 if a file
with content is found (bsc#1222547)
- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- silence the output in the case of broken symlinks (bsc#1218232)
- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to actually apply
- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
* fix the issues from bsc#1107342 and bsc#1215434 and just
use the settings from update-alternatives to set JAVA_HOME
- audit-secondary
-
- Fix plugin termination when using systemd service units (bsc#1215377)
* add auditd.service-fix-plugin-termination.patch
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- btrfsprogs
-
- btrfs-progs: fix defrag -c option parsing (bsc#1218029)
* btrfs-progs-fix-defrag-c-option-parsing.patch
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- ca-certificates
-
- Update to version 2+git20240416.98ae794 (bsc#1221184):
* Use flock to serialize calls (boo#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
- catatonit
-
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
- 99bb9048f.patch
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-netconfig
-
- Update to version 1.14
+ Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)
- Add version settings to Provides/Obsoletes
- Update to version 1.12 (bsc#1221202)
+ If token access succeeds using IPv4 do not use the IPv6 endpoint
only use the IPv6 IMDS endpoint if IPv4 access fails.
- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d
on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d
parent directory
- Update to version 1.11:
+ Revert address metadata lookup in GCE to local lookup (bsc#1219454)
+ Fix hang on warning log messages
+ Check whether getting IPv4 addresses from metadata failed and abort
if true
+ Only delete policy rules if they exist
+ Skip adding/removing IPv4 ranges if metdata lookup failed
+ Improve error handling and logging in Azure
+ Set SCRIPTDIR when installing netconfig wrapper
- Update to version 1.10:
+ Drop cloud-netconfig-nm sub package and include NM dispatcher
script in main packages (bsc#1219007)
+ Spec file cleanup
- Update to version 1.9:
+ Drop package dependency on sysconfig-netconfig
+ Improve log level handling
+ Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
+ Fix the failover path to a new target update server. At present a new
server is not found since credential validation fails. We targeted
the server detected in down condition to verify the credentials instead
of the replacement server.
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
+ Fix the algorithm to determine the region from the availability zone
information retrieved from IMDS.
- Update to version 10.1.6
+ Support specifying an IPv6 address for a manually configured target
update server.
- cockpit
-
- remove_rh_links.patch: remove additional hardcoded RH refs (bsc#1221336)
- hide-pcp.patch: don't display info about cockpit-pcp - uninstallable
- suse-microos-branding.patch: install branding
- CVE-2024-6126.patch: Fix insecure killing of session ssh-agent
(CVE-2024-6126, bsc#1226040)
- libssh.patch: backport compatibility fixes for libssh (still bsc#1220385)
- Remove SELinux file context for /usr/bin/cockpit-bridge, this
is already defined in the main selinux-policy package (bsc#1220385).
- container-selinux
-
- Allow iptables_t list directory permissions of container_file_t (bsc#1227442)
- added 1227442-allow-iptables_t-list_dir_perms-container_file_t.patch
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Revert noarch for devel subpackage for SLE 15
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
- Update to containerd v1.7.10. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- coreutils
-
- ls: avoid triggering automounts (bsc#1221632)
- add coreutils-ls-avoid-triggering-automounts.patch
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
- add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch
- cpio
-
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
* fix-bsc1219238.patch
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
* fix-CVE-2023-7207.patch
- curl
-
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- Security fix: [bsc#1221665, CVE-2024-2004]
* Usage of disabled protocol
* Add curl-CVE-2024-2004.patch
- Security fix: [bsc#1221667, CVE-2024-2398]
* curl: HTTP/2 push headers memory-leak
* Add curl-CVE-2024-2398.patch
- lvm2
-
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
+ bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- docker
-
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
[NOTE: This update was only ever released in SLES and Leap.]
- Add patch to fix bsc#1220339
* 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
- Allow to disable apparmor support (ALP supports only SELinux)
- Update to Docker 25.0.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2503>
- Fixes:
* bsc#1219267 - CVE-2024-23651
* bsc#1219268 - CVE-2024-23652
* bsc#1219438 - CVE-2024-23653
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
- Vendor latest buildkit v0.11:
Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
vendors in the latest v0.11 buildkit branch including bugfixes for the following:
* bsc#1219438: CVE-2024-23653
* bsc#1219268: CVE-2024-23652
* bsc#1219267: CVE-2024-23651
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
completion warnings
- transactional-update
-
- Version 4.1.9
- Adding support for specifying migration arguments
- Version 4.1.8
- tukit: Properly handle overlay syncing failures: If the system
would not be rebooted and several snapshots accumulated in the
meantime, it was possible that the previous base snapshot -
required for /etc syncing - was deleted already. In that case
changes in /etc might have been reset.
[gh#openSUSE/transactional-update#116]
[gh#kube-hetzner/terraform-hcloud-kube-hetzner#1287]
- Version 4.1.7
- Always use zypper of installed system [bsc#1221346]
- Version 4.1.6
- Use permissions of real /etc when creating overlay
[bsc#1215878]
- Version 4.1.5
- Add support for configuration file snippets
- dracut
-
- Update to version 055+suse.396.g701c6212:
* fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)
- Update to version 055+suse.394.ga838b0c7:
* fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
- Update to version 055+suse.392.g7930ab23:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- Update to version 055+suse.388.g70c21afa:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
- Update to version 055+suse.382.g80b55af2:
* fix(dracut): correct regression with multiple `rd.break=` options (bsc#1221675)
* fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
* fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
* fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
several tests (bsc#1223596)
- glib2
-
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- Add patches to fix CVE-2024-34397 (boo#1224044):
glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
for _start routine (bsc#1221940)
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
nscd: Stack-based buffer overflow in netgroup cache
(CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
nscd: Do not send missing not-found response in addgetnetgrentX
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
CVE-2024-33602, bsc#1223425, BZ #31680)
- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
- duplocale-global-locale.patch: duplocale: protect use of global locale
(bsc#1220441, BZ #23970)
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
(bsc#1218866)
- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
(bsc#1217445, BZ #31113)
- grub2
-
- Fix OOM error in loading loopback file (bsc#1230840)
* 0001-tpm-Skip-loopback-image-measurement.patch
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
- Fix LPAR falls into grub shell after installation with lvm (bsc#1221866)
* 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch
- Fix memdisk becomes the default boot entry, resolving no graphic display
device error in guest vnc console (bsc#1221779)
* grub2-xen-pv-firmware.cfg
- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
(bsc#1219248) (bsc#1181762)
* grub2-xen-pv-firmware.cfg
* 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- iputils
-
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
- Backport upstream fix for bsc#1224877
4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
- kdump
-
- spec: return success from pre, post, preun and postun scriplets
(bsc#1222228, bsc#1191410)
- spec: differentiate between uninstall and upgrade in postun/preun
(bsc#1191410)
- dracut: always create fstab, even if empty (bsc#1218494)
- fix NOSPLIT option
- Honor the KDUMP_VERBOSE setting in kdump-save
- kernel-default
-
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 1cf5de8
- cachefiles: fix dentry leak in cachefiles_open_file()
(bsc#1231181).
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231180).
- commit 47c22dc
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
(CVE-2024-46830 bsc#1231116).
- commit 5d5e02e
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- commit 1b1ffa2
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- commit 901f16d
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- commit 0627e93
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- commit e8a76c0
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- tomoyo: fallback to realpath if symlink's pathname does not
exist (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
(git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
(git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
(git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
(git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
(git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
(stable-fixes).
- commit b15f073
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
(git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
mutexes (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: ilitek_ts_i2c - add report id message validation
(git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
(git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
(git-fixes).
- media: venus: fix use after free bug in venus_remove due to
race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (stable-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
(git-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- commit 0120ced
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/nvme-auth-retry-command-if-DNR-bit-is-not-set.patch
- commit 4effcb1
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit 2398294
- Refresh
patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit ba454fb
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 1959490
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 867d207
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit ec589da
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit fb3eb08
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH
(bsc#1199769).
- commit 8283ab9
- scsi: sd: Fix off-by-one error in
sd_read_block_characteristics() (bsc#1223848).
- commit 04f7eb0
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit b81ed11
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b544cf
- blacklist.conf: CVE-2024-46772 bsc#1230772: not applicable
Functionality not present (pixel rate based CRB allocation,
9ba90d760e9354c12).
- commit d6db85b
- blacklist.conf: CVE-2024-46778 bsc#1230776: not applicable, code does not exist
- commit 14795f1
- blacklist.conf: CVE-2024-46727 bsc#1230707: not applicable, code does not exist
- commit b7188ff
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
PWM frequency (git-fixes).
- commit 3f7057a
- arm64: dts: rockchip: Correct the Pinebook Pro battery design
capacity (git-fixes).
- commit 7f351fe
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- commit 3d80de5
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (git-fixes).
- commit 293aaa9
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 24cf4b5
- blacklist.conf: remove an entry which was merged anyway via another branch
- commit 29f0240
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
Move patch into the sorted section.
- commit 790aa5a
- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
(stable-fixes CVE-2024-44954 bsc#1230176).
- Update
patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
(git-fixes CVE-2024-46798 bsc#1230830).
- Update
patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
(stable-fixes CVE-2024-46746 bsc#1230751).
- Update
patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
(stable-fixes CVE-2024-46747 bsc#1230752).
- Update
patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
(stable-fixes CVE-2024-46745 bsc#1230748).
- Update
patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
(git-fixes CVE-2024-46744 bsc#1230747).
- Update
patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
(git-fixes CVE-2024-46738 bsc#1230731).
- Update
patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
(bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
(git-fixes CVE-2024-46771 bsc#1230766).
- Update
patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
(git-fixes CVE-2024-46791 bsc#1230821).
- Update
patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
(git-fixes CVE-2024-45011 bsc#1230440).
- Update
patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
(stable-fixes CVE-2024-46732 bsc#1230711).
- Update
patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
(stable-fixes CVE-2024-46773 bsc#1230791).
- Update
patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
(stable-fixes CVE-2024-46726 bsc#1230706).
- Update
patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
(stable-fixes CVE-2024-46714 bsc#1230699).
- Update
patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
(git-fixes CVE-2024-46694 bsc#1230511).
- Update
patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46731 bsc#1230709).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
(stable-fixes CVE-2024-46724 bsc#1230725).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
(stable-fixes CVE-2024-46725 bsc#1230705).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
(stable-fixes CVE-2024-44977 bsc#1230217).
- Update
patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
(stable-fixes CVE-2024-46720 bsc#1230724).
- Update
patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46722 bsc#1230712).
- Update
patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46723 bsc#1230702).
- Update
patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
(git-fixes CVE-2024-44967 bsc#1230224).
- Update
patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
(git-fixes CVE-2024-44982 bsc#1230204).
- Update
patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
(bsc#1229453 CVE-2024-45000 bsc#1230170).
- Update
patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
(bsc#1230592 CVE-2024-46786 bsc#1230813).
- Update
patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
(stable-fixes CVE-2024-46759 bsc#1230814).
- Update
patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
(stable-fixes CVE-2024-46758 bsc#1230812).
- Update
patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
(stable-fixes CVE-2024-46756 bsc#1230806).
- Update
patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
(git-fixes CVE-2024-45028 bsc#1230450).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
(bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
(git-fixes CVE-2024-46676 bsc#1230535).
- Update
patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
(git-fixes CVE-2024-46781 bsc#1230768).
- Update
patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
(git-fixes CVE-2024-46780 bsc#1230808).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
(stable-fixes CVE-2024-46761 bsc#1230761).
- Update
patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
(git-fixes bsc#1229573 CVE-2024-45026 bsc#1230454).
- Update
patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
(git-fixes bsc#1229572 CVE-2024-44969 bsc#1230200).
- Update
patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
(git-fixes CVE-2024-46675 bsc#1230533).
- Update
patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
(git-fixes CVE-2024-46674 bsc#1230507).
- Update
patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
(stable-fixes CVE-2024-46755 bsc#1230802).
- Update
patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
(git-fixes CVE-2024-44948 bsc#1230174).
- Update
patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
(git-fixes CVE-2024-45006 bsc#1230247).
- commit 3ab4fc7
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit 731ca61
- cachefiles: Fix non-taking of sb_writers around set/removexattr
(bsc#1231013).
- commit 8d75b42
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- commit afe0b92
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
(git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
(git-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe
(git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- Refresh
patches.suse/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch.
- commit 1275322
- blacklist.conf: add two PCI git-fixes
- commit 02f416e
- Update
patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
(stable-fixes CVE-2024-46750 bsc#1230783).
- commit c259807
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit bfe7fd1
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(git-fixes).
- commit 644bf81
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- net: tunnels: annotate lockless accesses to dev->needed_headroom
(CVE-2024-26804 bsc#1222629).
- commit 319c5b5
- kabi: add __nf_queue_get_refs() for kabi compliance.
(bsc#1229633, CVE-2022-48911)
(cherry picked from commit 09526c9424a7fbc2a4d656f79c4ad7878f435ecb)
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
(cherry picked from commit 758c6b1299c09ef730f452c74ec7f72a9327354f)
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 0bf9c36
- drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703 CVE-2024-46728)
- commit 6a51cab
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit e49b867
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 50d4a10
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 813af9f
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit 2bb823b
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit f6fcd8c
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 328d52f
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 33ac85f
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 01729dd
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit 68948b5
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit 65bf6d4
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit dfdb2f8
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 97307dd
- blacklist.conf: CVE-2024-44972 bsc#1230212: not applicable
Subpage code exists but zoned mode is not enabled being hidden behind
CONFIG_BTRFS_DEBUG.
- commit 702f20e
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 65fd2b1
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- net: tighten bad gso csum offset check in virtio_net_hdr
(git-fixes).
- commit 34aa4c1
- udp: fix receiving fraglist GSO packets (git-fixes).
- commit fa1c6cd
- xen/swiotlb: fix allocated size (git-fixes).
- commit 6131ead
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit eee6dcc
- xen: tolerate ACPI NVS memory overlapping with Xen allocated
memory (bsc#1226003).
- commit c0747b9
- xen: allow mapping ACPI data using a different physical address
(bsc#1226003).
- commit c94b5d0
- xen: add capability to remap non-RAM pages to different PFNs
(bsc#1226003).
- commit 489b422
- xen: move max_pfn in xen_memory_setup() out of function scope
(bsc#1226003).
- commit 88edee6
- blacklist.conf: kABI
- commit 0e6101c
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 6843c76
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- commit 262114a
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (git-fixes).
- commit 1d6cee4
- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 305f805
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- commit 8a8aa4d
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit de593a5
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- commit 28bc636
- xen: introduce generic helper checking for memory map conflicts
(bsc#1226003).
- commit b5a62b0
- xen: use correct end address of kernel for conflict checking
(bsc#1226003).
- commit 864cea2
- x86/xen: Convert comma to semicolon (git-fixes).
- commit aea0e48
- net: drop bad gso csum_start and offset in virtio_net_hdr
(git-fixes).
- commit 89b9f35
- crypto: virtio - Wait for tasklet to complete on device remove
(git-fixes).
- commit 3c716ae
- Update references for patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch (CVE-2024-46761 bsc#1230761)
- commit dcc7841
- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit c8c34cc
- Update references for patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch (CVE-2024-46759 bsc#1230814)
- commit 246b51d
- Update references for patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch (CVE-2024-46747 bsc#1230752)
- commit d22b00d
- Update references for patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch (CVE-2024-46745 bsc#1230748)
- commit 584f3d0
- Update references for patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch (CVE-2024-46746 bsc#1230751)
- commit 20864a7
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit 72de3c2
- Update references for patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch (CVE-2024-46786 bsc#1230592 bsc#1230813)
- commit b23da3a
- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit a2b9776
- scsi: lpfc: Copyright updates for 14.4.0.4 patches
(bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology
(bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
attached topology (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
(bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building
an abort request (bsc#1229429).
- scsi: lpfc: Change diagnostic log flag during receipt of
unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- commit 6dfc9ed
- blacklist.conf: Add f8321fa75102 ("virtio_net: Fix
napi_skb_cache_put warning") (CVE-2024-43835 bsc#1229289)
- commit 18f3802
- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit dcc83f4
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
(bsc#1230794 CVE-2024-46752).
- btrfs: sink parameter is_data to btrfs_set_disk_extent_flags
(bsc#1230794 CVE-2024-46752).
- commit c2d0eaf
- kABI, crypto: virtio - Handle dataq logic with tasklet
(git-fixes).
- commit 7b17b1c
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl()
(git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps
(git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 14b1d67
- drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701 CVE-2024-46730)
- commit 45e46f9
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd2cc38
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(git-fixes).
- commit 157099e
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 657f164
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(git-fixes).
- commit 24419a8
- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit d0ab63e
- btrfs: do not start relocation until in progress drops are done
(bsc#1229607 CVE-2022-48901).
- Refresh
patches.suse/btrfs-sysfs-update-fs-features-directory-asynchronou.patch.
- commit a5756e7
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 2dc0a89
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit f3e346f
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 2d8f102
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit e09cbac
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 25c83fa
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit 2205648
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit 44ce0f3
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
(git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
occurs (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
(git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
(git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
(git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
(git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
(git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
(git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
(git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
radeon_add_common_modes (git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
(git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
(git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
(git-fixes).
- commit a7fb7f8
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 3bf0292
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit 25632eb
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit 16fd035
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 0a04e5e
- soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689 bsc#1230524)
- commit d574d3c
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit eecf85c
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 23b1681
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 02a056d
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit e4c4047
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 12d1e30
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
(git-fixes).
- commit a4cc5f2
- net: missing check virtio (git-fixes).
- commit 5c4c37d
- virtio_net: checksum offloading handling fix (git-fixes).
- commit d5e193e
- virtio: delete vq in vp_find_vqs_msix() when request_irq()
fails (CVE-2024-37353 bsc#1226875).
- commit 7853f36
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- commit 1d51d93
- virtio: reenable config if freezing device failed (git-fixes).
- commit 92899fb
- virtio-blk: Ensure no requests in virtqueues before deleting
vqs (git-fixes).
- commit 5677525
- virtio_net: Fix "'%d' directive writing between 1 and 11 bytes into
a region of size 10" warnings (git-fixes).
- commit c6eef4e
- virtio/vsock: fix logic which reduces credit update messages
(git-fixes).
- commit ba4fb58
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- commit a7e32aa
- vsock/virtio: remove socket from connected/bound list on
shutdown (git-fixes).
- commit 0f347cf
- virtio_net: use u64_stats_t infra to avoid data-races
(git-fixes).
- commit 463733f
- vsock/virtio: initialize the_virtio_vsock before using VQs
(git-fixes).
- commit 1fec77b
- tools/virtio: fix build (git-fixes).
- commit e7f47cc
- xfs: don't include bnobt blocks when reserving free block pool
(git-fixes).
- commit 3c9db4e
- vsock/virtio: add support for device suspend/resume (git-fixes).
- commit 010c69d
- vsock/virtio: factor our the code to initialize and delete VQs
(git-fixes).
- commit 21a4d2a
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
(git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
(git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
(git-fixes).
- mtd: slram: insert break after errors in parsing the map
(git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
(git-fixes).
- power: supply: Drop use_cnt check from
power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
voltage (git-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
(stable-fixes).
- commit 392a8e2
- Update patches.suse/NFS-never-reuse-a-NFSv4-0-lock-owner.patch
(bsc#1227726 bsc#1230733).
- commit c293534
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit 0e4e6bb
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- commit daa2cc5
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- commit 1a96576
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- commit 99a4208
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- commit 9dc3dba
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
bcm2835_rng_init (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
(git-fixes).
- Bluetooth: hci_sync: Ignore errors from
HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
(git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
(git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
(git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
measurements (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
(git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit b2930fe
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit bb45424
- x86/xen: Convert comma to semicolon (git-fixes).
- commit f308bb3
- Refresh
patches.suse/virtio-blk-scsi-use-block-layer-helpers-to-calculate.patch.
The compiler is unhappy with the types. Add a cast to tell what the
compiler should do.
- commit aba9465
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(git-fixes).
- commit b3f5137
- blacklist.conf: pure cleanup
- commit 97c4b58
- blacklist.conf: irrelevant in our kernel configs
- commit f68f968
- usb: uas: set host status byte on data completion error
(git-fixes).
- commit 842e02d
- blacklist.conf: Add 9ad797485692 ("wifi: cfg80211: check A-MSDU
format more carefully")
- commit 6c8d8b6
- fscache: delete fscache_cookie_lru_timer when fscache exits
to avoid UAF (bsc#1230592).
- virtiofs: forbid newlines in tags (bsc#1230591).
- commit 03e6dba
- blacklist.conf: not a fix
- commit 7c06448
- blacklist.conf: spelling fixes in documentation
- commit e014f71
- blacklist.conf: cleanup breaking kABI
- commit b4addb1
- blacklist.conf: just comments
- commit eb0717d
- blacklist.conf: pure cleanup
- commit 7aa8489
- blacklist.conf: pure cleanup
- commit c33966d
- blacklist.conf: irrelevant in our kernel configuration
- commit 66d28be
- blacklist.conf: no RiscV in SP5
- commit 681bba5
- blacklist.conf: build fix
- commit caed058
- blacklist.conf: add 053fc4f755ad fuse: fix UAF in rcu pathwalks
This commit breaks kABI and the data structure has no free room for the
extra field, i.e. memcpy would fail to copy the additional member added by
this patch.
- commit e5e762d
- x86/hyperv: fix kexec crash due to VP assist page corruption
(git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
(git-fixes).
- commit f7a5c89
- NFSv4: Add missing rescheduling points in
nfs_client_return_marked_delegations (git-fixes).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
(git-fixes).
- commit 6327192
- blacklist.conf: Unwanted nfsd namespace patches
- commit 204b82c
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- commit 3824ded
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
(git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
(stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145
(stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers
on Sirius devices (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc()
(git-fixes).
- Input: uinput - reject requests with unreasonable number of
slots (stable-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- HID: amd_sfh: free driver_data after destroying hid device
(stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
(stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
(git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
(stable-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA
setup (stable-fixes).
- devres: Initialize an uninitialized struct member
(stable-fixes).
- pcmcia: Use resource_size function on resource object
(stable-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
(stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
(stable-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- usb: uas: set host status byte on data completion error
(stable-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace
(stable-fixes).
- usbip: Don't submit special requests twice (stable-fixes).
- ASoC: topology: Properly initialize soc_enum values
(stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map
controls (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails
(stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in
check_tiling_flags_gfx6 (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used
(stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
(stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
(stable-fixes).
- media: vivid: don't set HDMI TX controls if there are no HDMI
outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane
(stable-fixes).
- media: uvcvideo: Enforce alignment of frame and interval
(stable-fixes).
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (stable-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
(stable-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit
attributes (stable-fixes).
- ACPI: processor: Fix memory leaks in error paths of
processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info()
fails in processor_add() (stable-fixes).
- commit c0216a0
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 5ac8578
- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 12f7852
- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 25df9d1
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- commit 4fb379d
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- usbnet: ipheth: race between ipheth_close and error handling
(git-fixes).
- commit 7ee6be8
- Refresh
patches.suse/USB-serial-option-add-MeiG-Smart-SRM825L.patch.
- commit 7c21712
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit d21e438
- Squashfs: sanity check symbolic link size (git-fixes).
- commit 38be121
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 12b6dd4
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e83daef
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b3f74b7
- drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444 CVE-2024-45015)
- commit baea6a3
- media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269 CVE-2023-52916)
- commit 1c1f90d
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- commit 63b4ff1
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- commit 9995679
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (CVE-2024-44971 bsc#1230211)
- commit 6f30d53
- bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989 bsc#1230193)
- commit 656ad24
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 9c6f084
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
(CVE-2024-44970 bsc#1230209).
- commit 204a351
- blacklist.conf: Add cf3f9a593dab mm: optimize the redundant loop of mm_update_owner_next()
- commit fe36c25
- bonding: fix null pointer deref in bond_ipsec_offload_ok
(CVE-2024-44990 bsc#1230194).
- commit caaca9d
- blk-mq: issue warning when offlining hctx with online isolcpus
(bsc#1229034).
- commit c169848
- Refresh
patches.suse/net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch.
- commit 0ae4275
- media: Revert "media: dvb-usb: Fix unexpected infinite loop
in dvb_usb_read_remote_control()" (git-fixes).
- commit 69c4bbe
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- commit 5094611
- drm/amd/display: fixed integer types and null check locations
(CVE-2024-26767 bsc#1230339).
- commit 91909ca
- blacklist.conf: irrelevant in our configs
- commit aa4efb5
- blacklist.conf: kABI
- commit ec16bc2
- Fix KABI for
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- Update
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
(bsc#1230392).
- commit cbecb11
- net: dsa: mv88e6xxx: Fix out-of-bound access (CVE-2024-44988 bsc#1230192)
- commit e74f32c
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit fd19d1b
- ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986 bsc#1230230)
- commit 6ffd49a
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit e1f3131
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- commit fac58ad
- mm/swap: fix race when skipping swapcache (CVE-2024-26759
bsc#1230340).
- commit 8d9f1de
- filemap: remove use of wait bookmarks (bsc#1224085).
- commit a120011
- VMCI: Fix use-after-free when removing resource in
vmci_resource_remove() (git-fixes).
- iio: fix scale application in
iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error
(git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter
value (git-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
(stable-fixes).
- drm/amd/display: Correct the defined value for
AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream
(stable-fixes).
- drm/bridge: tc358767: Check if fully initialized before
signalling HPD event via IRQ (stable-fixes).
- commit fae29ce
- ALSA: hda/conexant: Mute speakers at suspend / shutdown
(stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at
suspend/shutdown (stable-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions
(stable-fixes).
- drm/amd/pm: check negtive return for table entries
(stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4
(stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode
setting on legacy SOCs (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in
struct kfd_topology_device (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning
(stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
(stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
(stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
(stable-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow
(stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
dal_gpio_service_create (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation
(stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing
reader_wm_sets[] (stable-fixes).
- drm/amd/display: Add array index check for hdcp ddc access
(stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums
greater than 6 (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index
(stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
(stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of
max_vid_step (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
(stable-fixes).
- drm/amdgpu: fix overflowed array index read warning
(stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
amdgpu_afmt_acr (stable-fixes).
- commit 22196ae
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- commit 392d522
- usb: dwc3: st: add missing depopulate in probe error path
(git-fixes).
- commit 5abd1b6
- usb: dwc3: st: fix probed platform device ref count on probe
error path (git-fixes).
- commit 7faef21
- usb: dwc3: omap: add missing depopulate in probe error path
(git-fixes).
- commit 50650b1
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL
is disabled (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate
API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
(git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload
(git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
(git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
(git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with
__maybe_unused (git-fixes).
- commit 3d813e4
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 58d7754
- Restore dropped fields for bluetooth MGMT/SMP structs
(git-fixes).
- commit 697b5de
- usbnet: modern method to get random MAC (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type
(git-fixes).
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP
over BREDR/LE" (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during
mcp251x_open (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered
(git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
(git-fixes).
- commit 2df245a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 85db03a
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- char: xillybus: Check USB endpoints when probing device
(git-fixes).
- char: xillybus: Refine workqueue handling (CVE-2024-45007
bsc#1230175).
- char: xillybus: Don't destroy workqueue from work item running
on it (CVE-2024-45007 bsc#1230175).
- commit 47704bc
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit 6ff419f
- ACPI: SBS: manage alarm sysfs attribute through psy core
(git-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
(git-fixes).
- commit 272cbf0
- blacklist.conf: More unwanted nfsd stuff
- commit 2324ced
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- commit 9dc4a6f
- driver core: Add missing parameter description to
__fwnode_link_add() (git-fixes).
- commit b36a347
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit 5e594a9
- ext4: fix infinite loop when replaying fast_commit (bsc#1229394
CVE-2024-43828).
- commit c02cd83
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit 461fe08
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 1129dda
- ext4: make sure the first directory block is not a hole
(bsc#1229364 CVE-2024-42304).
- commit 26f77f8
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit 0d8efe8
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- commit ea6216f
- tcp: add sanity checks to rx zerocopy (CVE-2024-26640
bsc#1221650).
- commit 57d4108
- driver core: fw_devlink: Consolidate device link flag
computation (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being
part of a cycle (git-fixes).
- driver core: fw_devlink: Don't purge child fwnode's consumer
links (git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add wait_for_init_devices_probe helper function
(git-fixes).
Refresh
patches.suse/driver-core-Introduce-device_link_wait_removal.patch.
- driver core: Add debug logs when fwnode links are added/deleted
(git-fixes).
- driver core: Create __fwnode_link_del() helper function
(git-fixes).
- driver core: Set deferred probe reason when deferred by driver
core (git-fixes).
- commit 164932e
- net: bridge: switchdev: Skip MDB replays of deferred events
on offload (CVE-2024-26837 bsc#1222973).
- commit 3cf54c6
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- commit 7b935d7
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
(git-fixes).
- commit 2395491
- usb: dwc3: core: Prevent USB core invalid event buffer address
access (git-fixes).
- commit 55d4338
- usb: dwc3: core: Skip setting event buffers for host only
controllers (git-fixes).
- commit 352e074
- nilfs2: fix state management in error path of log writing
function (git-fixes).
- commit d45c3fc
- nilfs2: fix missing cleanup on rollforward recovery error
(git-fixes).
- commit 819efb5
- nilfs2: protect references to superblock parameters exposed
in sysfs (git-fixes).
- commit 85cfeab
- blacklist.conf: cosmetic fix
- commit 4d6094c
- nilfs2: Constify struct kobj_type (git-fixes).
- commit 157952f
- nilfs2: use default_groups in kobj_type (git-fixes).
- commit 9ed2d62
- nilfs2: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 137f088
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 3d57dce
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- commit a8ffc3d
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- commit 264a15d
- blacklist.conf: ("KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range()") (bsc#1229585)
- commit e43b74a
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- commit e2ccb4d
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- commit 0534ffe
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- commit 21c5e59
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- commit a1743f6
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- commit 823cdf8
- net/sched: act_ct: fix skb leak and crash on ooo frags
(CVE-2023-52610 bsc#1221610).
- commit 57db46f
- netfilter: ctnetlink: use helper function to calculate expect ID
(CVE-2024-44944 bsc#1229899).
- commit 744b379
- sctp: Fix null-ptr-deref in reuseport_add_sock()
(CVE-2024-44935 bsc#1229810).
- commit d4709fe
- blacklist.conf: update blacklist
- commit 401873a
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: update stats for pages in dropped aux writeback list
(bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230129).
- commit 32e32b0
- blacklist.conf: blacklist some non-fixes for nfsd
- commit 7cd894f
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 6d0732e
- efi/unaccepted: touch soft lockup during memory accept
(bsc#1225773 CVE-2024-36936).
- commit 29d2eb8
- vdpa: ifcvf: Do proper cleanup if IFCVF init fails (bsc#1225524
CVE-2022-48706).
- commit 023b108
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 717d839
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit b02e597
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 07bd1e3
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- ocfs2: use coarse time for new created files (git-fixes).
- commit 82dc1eb
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit acc20fb
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit c1bc9ca
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit f65ae14
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 3005438
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit b060763
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 264a4ea
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ALSA-usb-audio-Fix-possible-NULL-pointer-dereference.patch
(git-fixes CVE-2023-52904 bsc#1229529).
- Update
patches.suse/ASoC-Intel-sof-nau8825-fix-module-alias-overflow.patch
(git-fixes CVE-2022-48889 bsc#1229545).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update patches.suse/bpf-Add-schedule-points-in-batch-ops.patch
(jsc#PED-1377 CVE-2022-48939 bsc#1229616).
- Update
patches.suse/bpf-Fix-crash-due-to-incorrect-copy_map_value.patch
(jsc#PED-1377 CVE-2022-48940 bsc#1229615).
- Update
patches.suse/btrfs-prevent-copying-too-big-compressed-lzo-segment.patch
(git-fixes CVE-2022-48923 bsc#1229662).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch
(bsc#1206843 CVE-2023-52908 bsc#1229525).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-Fixed-bug-on-error-when-unloading-amdgpu.patch
(bsc#1206843 CVE-2023-52912 bsc#1229588).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update patches.suse/drm-i915-Fix-potential-context-UAFs.patch
(git-fixes CVE-2023-52913 bsc#1229521).
- Update
patches.suse/drm-i915-gt-Cleanup-partial-engine-discovery-failure.patch
(git-fixes CVE-2022-48893 bsc#1229576).
- Update
patches.suse/drm-msm-dpu-Fix-memory-leak-in-msm_mdss_parse_data_b.patch
(git-fixes CVE-2022-48888 bsc#1229546).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/drm-vmwgfx-Remove-rcu-locks-from-user-resources.patch
(bsc#1203329 CVE-2022-40133 bsc#1203330 CVE-2022-38457
bsc#1213632 CVE-2022-48887 bsc#1229547).
- Update
patches.suse/drop_monitor-replace-spin_lock-by-raw_spin_lock.patch
(References: CVE-2021-47546 bsc#1227937 CVE-2024-40980).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update patches.suse/ice-Add-check-for-kzalloc.patch (jsc#PED-376
CVE-2022-48886 bsc#1229548).
- Update
patches.suse/ice-Fix-potential-memory-leak-in-ice_gnss_tty_write.patch
(jsc#PED-376 CVE-2022-48885 bsc#1229564).
- Update
patches.suse/iommu-iova-Fix-alloc-iova-overflows-issue.patch
(git-fixes CVE-2023-52910 bsc#1229523).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-ipv6-ensure-we-call-ipv6_mc_down-at-most-once.patch
(git-fixes CVE-2022-48910 bsc#1229632).
- Update
patches.suse/net-ks8851-Fix-deadlock-with-the-SPI-chip-variant.patch
(git-fixes CVE-2024-41036 bsc#1228496).
- Update
patches.suse/net-ks8851-Queue-RX-packets-in-IRQ-handler-instead-o.patch
(CVE-2024-35971 bsc#1224578 CVE-2024-36962 bsc#1225827).
- Update
patches.suse/net-mlx5-Fix-command-stats-access-after-free.patch
(jsc#PED-1549 CVE-2022-48884 bsc#1229562).
- Update
patches.suse/net-mlx5e-Fix-macsec-possible-null-dereference-when-.patch
(jsc#PED-1549 CVE-2022-48882 bsc#1229558).
- Update
patches.suse/net-mlx5e-IPoIB-Block-PKEY-interfaces-with-less-rx-q.patch
(jsc#PED-1549 CVE-2022-48883 bsc#1229560).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfsd-fix-handling-of-cached-open-files-in-nfsd4_open.patch
(git-fixes CVE-2023-52909 bsc#1229524).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/platform-x86-amd-Fix-refcount-leak-in-amd_pmc_probe.patch
(bsc#1210644 CVE-2022-48881 bsc#1229559).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229190 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- commit 777a4e3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 7d81a29
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit f13afd4
- blacklist.conf: 0cac183b98d8 drm/amdkfd: range check cp bad op exception interrupts
- commit a1d8500
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- Revert "drm/amd/display: Validate hw_points_num before using it"
(stable-fixes).
- drm/amd/display: Validate hw_points_num before using it
(stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all
possible values can be stored (stable-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings
(stable-fixes).
- commit 91b4876
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit d3f6894
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit e13b213
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit 427ff01
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 6961c54
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit 9927afc
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit ff5617f
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit c954239
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- jfs: fix null ptr deref in dtInsertEntry (bsc#1229820
CVE-2024-44939).
- commit 02ccaa1
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit a4daba4
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit d450d98
- blacklist.conf: Patch hangs graphics on RPi3 (bsc#1225352)
- commit 54b22e6
- drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904 bsc#1229768)
- commit c2331c0
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- commit 2e1b5f5
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ca65d0a
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 32a510a
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 13ec104
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit a558155
- net/sched: act_mpls: Fix warning during failed attribute
validation (CVE-2023-52906 bsc#1229527).
- commit 5be67dc
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit f5f318d
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 5a53e2c
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 31be414
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 9d86cff
- blacklist.conf: Add a50e1fcbc9b85 ("btrfs: do not WARN_ON() if we have PageError set")
- commit bf3feb4
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 4342cf9
- mptcp: Correctly set DATA_FIN timeout when number of retransmits is large (CVE-2022-48906 bsc#1229605)
- commit a7a3da6
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit af12745
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 78df5c8
- Reapply "drm/vc4: hdmi: Enforce the minimum rate at
This reverts commit 048f829d4b52520058c31bae2ef1ec08563c460a.
- commit 5126762
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- commit b3fe404
- Add exception protection processing for vd in
axi_chan_handle_err function (CVE-2023-52899 bsc#1229569).
- commit 510675c
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit ccfe5a9
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit 297df1b
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit f41507c
- vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873 bsc#1229488)
- commit d4e35ee
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 91482e3
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9ac27bb
- netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() (CVE-2021-47106 bsc#1220962)
- commit e6e6065
- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
is set via ethtool (CVE-2021-47517 bsc#1225428).
- commit f131073
- ethtool: do not perform operations on net devices being
unregistered (CVE-2021-47517 bsc#1225428).
- ethtool: return error from ethnl_ops_begin if dev is NULL
(CVE-2021-47517 bsc#1225428).
- ethtool: runtime-resume netdev parent in ethnl_ops_begin
(CVE-2021-47517 bsc#1225428).
- ethtool: move netif_device_present check from
ethnl_parse_header_dev_get to ethnl_ops_begin (CVE-2021-47517
bsc#1225428).
- ethtool: move implementation of ethnl_ops_begin/complete to
netlink.c (CVE-2021-47517 bsc#1225428).
- commit 2e58867
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 134cc98
- exfat: fix potential deadlock on __exfat_get_dentry_set
(git-fixes).
- commit 2294924
- afs: Don't cross .backup mountpoint from backup volume
(git-fixes).
- commit b94ac2d
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- commit c10d9f9
- ubifs: dbg_orphan_check: Fix missed key type checking
(git-fixes).
- commit aca23b0
- ubifs: Fix adding orphan entry twice for the same inode
(git-fixes).
- commit e42f9e0
- ubifs: Fix unattached xattr inode if powercut happens after
deleting (git-fixes).
- commit ed1af4c
- exfat: fix inode->i_blocks for non-512 byte sector size device
(git-fixes).
- commit a3a46dd
- exfat: redefine DIR_DELETED as the bad cluster number
(git-fixes).
- commit 52b33f6
- exfat: support dynamic allocate bh for exfat_entry_set_cache
(git-fixes).
- commit dd685aa
- nilfs2: Remove check for PageError (git-fixes).
- commit cd97d8f
- drop_monitor: replace spin_lock by raw_spin_lock (References:
CVE-2021-47546 bsc#1227937).
- commit dd4f366
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- commit b7df97b
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- commit 0a0202d
- supported.conf: Sort with tool
No functional change intended
- commit 4d22f17
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 31787dd
- supported.conf: Fix comment placement.
We have a script for automated sorting of this file.
However, it can only work with comments that are placed together with
the module name on the same line, not with comments on their own line.
- commit d1c37d4
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- commit 6daa607
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: disable toggling dormant table state
more than once (CVE-2024-35897 bsc#1224510).
- commit c138803
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit 15b1876
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 081f6b0
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit 4e175b8
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit 4b042b0
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 7074520
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 5731bf5
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 3f2b4eb
- kabi: hide include of ppp files from genksyms (CVE-2024-27016
bsc#1223807).
- commit db3abd4
- net: phy: phy_device: Prevent nullptr exceptions on ISR
(CVE-2024-35945 bsc#1224639).
- net: phy: allow a phy to opt-out of interrupt handling
(CVE-2024-35945 bsc#1224639).
- net: phy: Deduplicate interrupt disablement on PHY attach
(CVE-2024-35945 bsc#1224639).
- commit 2a46e5f
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit f901f47
- netfilter: flowtable: validate pppoe header (CVE-2024-27016
bsc#1223807).
- commit ad249c6
- netfilter: flowtable: Fix QinQ and pppoe support for inet table
(CVE-2024-27016 bsc#1223807).
- commit 0b940a3
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 11d3282
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit 886bbe9
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit 99e9416
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 230ddc2
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 4c196fd
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 52bf670
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 3e4f173
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit ff5170b
- s390/pkey: Wipe sensitive data on failure (bsc#1228727
CVE-2024-42157 git-fixes).
- commit bfb03ba
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229573).
- commit 5bbca6e
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229572).
- commit de7864e
- blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs to not set the
reference serial number")
(CVE-2024-26677 bsc#1222387)
[#] Conflicts:
[#] blacklist.conf
- commit 7adb3c8
- blacklist.conf: printk/panic: not needed; the fixed functionality is not there
- commit 1e311d5
- blacklist.conf: Add 467324bcfe1a ("ax25: Fix netdev refcount issue")
(CVE-2024-36009 bsc#1224542)
- commit 414c075
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit 256d260
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit aa78187
- ceph: periodically flush the cap releases (bsc#1225162).
- ceph: issue a cap release immediately if no cap exists
(bsc#1225162).
- commit 3fe7ed5
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- commit 03a8502
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- commit af4907d
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- commit 7de02e0
- blacklist.conf: unwanted sunrpc patch
- commit 7593bcd
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy
(git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- commit 7da24f6
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit 82fce1f
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 7943dda
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit 2f1fd70
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 3e19d8c
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 51cef10
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- commit 87f8b26
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit fa634c1
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit c8788c0
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0f7f361
- arm64: cpufeature: Always specify and use a field width for capabilities (git-fixes)
Refresh patches.suse/arm64-cpufeature-Fix-field-sign-for-DIT-hwcap-detection.patch.
Refresh patches.suse/arm64-cpufeature-Force-HWCAP-to-be-based-on-the-sysreg-visible-to-user-space.patch.
- commit 8d157b0
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- commit 817012e
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit 8e189b9
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit a85e801
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- commit a7d20d9
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 9ffdd2d
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 828e8df
- net: enetc: move enetc_set_psfp() out of the common
enetc_set_features() (CVE-2022-48645 bsc#1223508).
- commit 995bd04
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 7e08cca
- net: tcp: fix unexcepted socket die when snd_wnd is 0
(CVE-2024-41007 bsc#1227863).
- commit 226da79
- net: nsh: Use correct mac_offset to unwind gso skb in
nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit a887eae
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 765d56f
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit ac167d3
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit 245f980
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit eabaf05
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit a2d18fc
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit dabff04
- arm64: errata: Unify speculative SSBS errata logic (git-fixes)
Also update default configuration.
- commit c115971
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 9e86d7f
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit cca3066
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit b5d9595
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh capability reservation patch and enable workarounds.
- commit f1638b8
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 5592cab
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit e63daa2
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 525b096
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 9d204de
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- commit ed48e5e
- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
devm_pm_runtime_enable() (CVE-2024-42319 bsc#1229350).
- commit 7de6296
- remoteproc: imx_rproc: Skip over memory region when node value
is NULL (CVE-2024-43860 bsc#1229319).
- commit eb0027b
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit bb0530e
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 5fa7be4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 0be5a80
- soc: qcom: pdr: protect locator_addr with the main mutex
(CVE-2024-43849 bsc#1229307).
- commit 2a0434d
- wifi: virt_wifi: don't use strlen() in const context
(CVE-2024-43841 bsc#1229304).
- wifi: virt_wifi: avoid reporting connection success with wrong
SSID (CVE-2024-43841 bsc#1229304).
- commit 4c3129e
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 681a377
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- can: mcp251xfd: fix infinite loop when xmit fails
(CVE-2024-41088 bsc#1228469).
- can: mcp251xfd: move TX handling into separate file
(CVE-2024-41088 bsc#1228469).
- commit 11bb8df
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 9abb2d6
- blacklist.conf: Add libata entry that caused a regression (bsc#1229054)
- commit 0645b91
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229453).
- commit 803fe7f
- Refresh patches.suse/drm-amd-display-Fix-vs-typos.patch (git-fixes)
Alt-commit
- commit c32dc85
- drm/amd/display: Fix && vs || typos (git-fixes).
- commit e43afc5
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/platform-x86-intel-uncore-freq-Prevent-driver-loading-in-guests.patch.
- commit 90be679
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch.
- commit 7b2122f
- Refresh patches.suse/drm-amd-display-fix-cursor-offset-on-rotation-180.patch (git-fixes)
Alt-commit
- commit 9bfc3c1
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 050ccc2
- Refresh patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch (git-fixes)
Alt-commit
- commit b9a2ae1
- Refresh patches.suse/drm-amd-Flush-GFXOFF-requests-in-prepare-stage.patch (git-fixes)
Alt-commit
- commit 5d001ff
- Refresh patches.suse/drm-amd-display-Preserve-original-aspect-ratio-in-cr.patch (git-fixes)
Alt-commit
- commit 7a0957e
- Refresh patches.suse/0001-drm-amd-display-Implement-bounds-check-for-stream-en.patch (git-fixes)
Alt-commit
- commit 83a8df8
- Refresh patches.suse/0001-drm-amd-display-Add-NULL-test-for-timing-generator-i.patch (git-fixes)
Alt-commit
- commit 96ead93
- Refresh patches.suse/drm-amd-pm-fix-a-memleak-in-aldebaran_tables_init.patch (git-fixes)
Alt-commit
- commit c97f053
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 6eeb5fc
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229418).
- commit e9340b2
- blacklist.conf: added several CACHEFILES_ONDEMAND-related commits
- commit d10fac3
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit f56b67a
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit 66923e5
- net/rds: fix possible cp null dereference (git-fixes).
- commit 266afb9
- Refresh
patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git commit and move to sorted section.
- commit 89d3015
- blacklist.conf: add unwanted nfs patch
- commit e4440a4
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- commit 06d3b72
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- commit fdf3d9e
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- commit 582ab23
- Subject: RDMA/rxe: Handle zero length rdma (git-fixes)
- commit d8ea1d2
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- commit 6cb46c4
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit 6a10c09
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit 3d017fc
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit 587e4e9
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- commit 1158708
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 79ff759
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit 3aa0f11
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc: Fail build if using recordmcount with binutils v2.37
(bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed()
(bsc#1194869).
- Refresh patches.suse/powerpc-vmlinux.lds-Add-an-explicit-symbol-for-the-S.patch
- powerpc: Mark .opd section read-only (bsc#1194869).
- commit 2160944
- blacklist.conf: Add a bunch of superfluous ppc changes reported by
git-fixes.
- commit 1ab92eb
- blacklist.conf: Add ppc more ppc unsupported arch paths and commits.
- commit e1bb6f6
- blacklist.conf: Add 9bce6243848d powerpc/rtas: make all exports GPL
- commit dd9bd74
- blacklist.conf: Add ppc 32bit commit and paths.
- commit 293db9f
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229190).
- commit 8da5fb8
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229188).
- commit f8287f7
- s390/cpacf: Make use of invalid opcode produce a link error
(git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes
bsc#1229187).
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079
bsc#1229187).
- commit ef080ed
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
(stable-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam
Deck revisions (stable-fixes).
- commit e806b26
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab
3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
(stable-fixes).
- commit f4c5b8f
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit e5ad6b1
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void
(git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c
(git-fixes).
- commit d462b94
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit d553d97
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit 1be5f1f
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 06e9d31
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 5b03027
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 1a47b84
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 3ebff38
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 3876087
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 1c4efdd
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit f11ea1a
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit ec733e8
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit dfa3da1
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit c01d7b5
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit 7ba0b5e
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit e8c18c1
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit 4c817e3
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 2c5d7b8
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232).
- commit bbe2784
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 430794a
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 9456b6b
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- commit 64f81fd
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 04f92b6
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit aac2b6a
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- commit 7560f66
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- commit 8b41557
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 358a165
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 082b3ea
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit ae18577
- genirq: Take the proposed affinity at face value if force==true
(git-fixes).
- commit 01fe9f9
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit 3bff740
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- net: ks8851: Fix potential TX stall after interface reopen
(git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag
handling (git-fixes).
- commit 7cb23d2
- net: ks8851: Queue RX packets in IRQ handler instead of
disabling BHs (CVE-2024-35971 bsc#1224578).
- net: ks8851: Handle softirqs at the end of IRQ thread to fix
hang (CVE-2024-35971 bsc#1224578).
- net: ks8851: Inline ks8851_rx_skb() (CVE-2024-35971
bsc#1224578).
- net: ks8851: Fix TX stall caused by TX buffer overrun
(gix-fixes).
- commit a0911e3
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled
(bsc#1229034).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs
(bsc#1229034).
- virtio: blk/scsi: use block layer helpers to calculate num of
queues (bsc#1229034).
- scsi: use block layer helpers to calculate num of queues
(bsc#1229034).
- nvme-pci: use block layer helpers to calculate num of queues
(bsc#1229034).
- blk-mq: add number of queue calc helper (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with
blk_mq_dev_map_queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues
(bsc#1229034).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- commit 8efabbc
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC
(git-fixes).
- commit dc74872
- ACPI: bus: Indicate support for the Generic Event Device thru
_OSC (git-fixes).
- Refresh
patches.suse/ACPI-Fix-Generic-Initiator-Affinity-_OSC-bit.patch.
- commit 5e88627
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in
group_cpus_evenly (bsc#1229031).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP
kernels (bsc#1229031).
- blk-mq: Build default queue map via group_cpus_evenly()
(bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/
(bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as
group_cpus_evenly (bsc#1229031).
- genirq/affinity: Don't pass irq_affinity_desc array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from
irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty()
where appropriate (bsc#1229031).
- commit 614293b
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
(git-fixes).
- commit 39678ad
- ACPI: x86: s2idle: Post-increment variables when getting
constraints (git-fixes).
- Refresh
patches.suse/ACPI-x86-s2idle-Fix-a-logic-error-parsing-AMD-constr.patch.
- commit f30def6
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/block-add-check-that-partition-length-needs-to-be-aligned-with-block-size.patch
(bsc#1227867 CVE-2024-41000 CVE-2023-52458 bsc#1220428).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228190 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
(git-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 05086b1
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- commit 5de370b
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 9250a1e
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- commit 29bbfef
- ACPI: bus: Rework system-level device notification handling
(git-fixes).
- Refresh
patches.suse/ACPI-bus-Ensure-that-notify-handlers-are-not-running.patch.
- commit 7dcab46
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- kernel/irq/irqdomain.c: fix memory leak with using
debugfs_lookup() (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- genirq: Don't return error on missing optional
irq_request_resources() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable
affinities (git-fixes).
- commit 2fd5320
- blacklist.conf: add IRQ HANDLING one
- commit de8bb5c
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- commit 096fa1d
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 9870725
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit 2f9875a
- PM: sleep: Fix possible deadlocks in core system-wide PM code
(bsc#1221269 CVE-2023-52498).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- commit 14accb2
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit 77769f2
- net: dsa: fix panic when DSA master device unbinds on shutdown
(CVE-2022-48808 bsc#1227958).
- commit 1e672d7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 082abd5
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit f99b96f
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit ddec32c
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 0d8cf49
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit db1c6e2
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit 13bca15
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- block: add check that partition length needs to be aligned
with block size (bsc#1227867 CVE-2024-41000).
- commit f6a3a4f
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 52582b0
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3fdab8d
- netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042
bsc#1228526).
- Refresh
patches.kabi/netfilter-KABI-workaround-for-CVE-2023-3610-bsc-1213.patch.
- commit 05a5b4a
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit 8a881f9
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit a738a53
- tipc: force a dst refcount before doing decryption (CVE-2024-40983 bsc#1227819).
- commit af53498
- Refresh
patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
Fix KABI restoration also in tracing event message format.
- commit 3bd4a56
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit 6410fe4
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d
- Drop doubly defined References in sound patches
- commit 46ad1df
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
(stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
(git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
format (stable-fixes).
- commit b91fd99
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 8359d86
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1194869).
- commit cc22863
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- ax25: merge repeat codes in ax25_dev_device_down()
(git-fixes CVE-2024-38602 bsc#1226613).
- commit 99f40ab
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit b8cf562
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit 21ebef1
- ax25: Fix reference count leak issue of net_device
(CVE-2024-38554 bsc#1226742).
- commit 802e6bf
- ax25: Fix reference count leak issues of ax25_dev
(CVE-2024-38602 bsc#1226613).
- commit 1e21ae9
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90
- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6
- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
In the 5.15 stable series there was a full backport of nfsd. We don't
won't all of that. So blacklist lots of patches that we don't want.
- commit 0cfb63d
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 51e6ff5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit f28c110
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
CVE-2024-39493).
- commit 14b61d5
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
(git-fixes CVE-2024-40956 bsc#1227810).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
(git-fixes CVE-2024-38588 bsc#1226837).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb
- Update
patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48852 bsc#1228067).
- Update
patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
(jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
(jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48730 bsc#1226713).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
(git-fixes CVE-2022-48809 bsc#1227947).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
(jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6
- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit cd7215b
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit 507f516
- nsh: Restore skb->{protocol,data,mac_header} for outer header
in nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit 6bef246
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit dd99721
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- net: core: reject skb_copy(_expand) for fraglist GSO skbs
(CVE-2024-36929 bsc#1225814).
- commit 9a1b478
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
(bsc#1224548 CVE-2024-36000).
- commit bb54a15
- net: enetc: deny offload of tc-based TSN features on VF
interfaces (CVE-2022-48645 bsc#1223508).
- commit 020db72
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit d1b1ed5
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 9249ead
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit a021822
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit d6c3d9d
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 8c80fa1
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit ba6e5c8
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit c3c9515
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845
- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
Different code using a local variable, switch to dynamic allocation done
in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
in 5.16.
- commit 40fbbcc
- blk-cgroup: dropping parent refcount after pd_free_fn() is done
(bsc#1224573).
- commit 87d4ac6
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 3c731c9
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 43f2501
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 568c7dd
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 65556f4
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- commit 3b8e93d
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 4f042e1
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit e559e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
is paused (git-fixes).
- commit 81d45da
- wifi: mac80211: handle tasklet frames before stopping
(stable-fixes).
- commit 51c6566
- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
(stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
(stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
(git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
(stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
(stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
(stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
(stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
(stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
(stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
(stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
(stable-fixes).
- mei: demote client disconnect warning on suspend to debug
(stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
(stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
(stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
(stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
(stable-fixes).
- commit 38d8033
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit 9b9175d
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 3a2120b
- jfs: don't walk off the end of ealist (bsc#1228403
CVE-2024-41017).
- commit 553b2ef
- ext4: do not create EA inode under buffer lock (bsc#1227910
CVE-2024-40972).
- commit aacd3b6
- ext4: fold quota accounting into
ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857
- ext4: fix mb_cache_entry's e_refcnt leak in
ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749
- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- ceph: fix incorrect kmalloc size of pagevec mempool
(bsc#1228418).
- commit 2230e72
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 80ce1bf
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 38c1d39
- mptcp: remove tcp ulp setsockopt support
(CVE-2021-47591 bsc#1226570).
- commit 2079fc2
- Refresh
patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 05ae86a
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 875e673
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e
- devres: Fix memory leakage caused by driver API
devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
(git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b
- bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512
- drm/radeon: check bo_va->bo is non-NULL before using it
(stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
(stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
(stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
(stable-fixes).
- commit a18e5d0
- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
bsc#1227919).
- commit 6169baf
- wifi: mt76: mt7921s: fix potential hung tasks during chip
recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4
- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
bsc#1227899).
- commit 713bbc3
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2
- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67
- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558
- net/rds: fix WARNING in rds_conn_connect_if_down (CVE-2024-27024
bsc#1223777).
- commit eedb0bb
- smb: client: fix use-after-free in smb2_query_info_compound()
(bsc#1225489, CVE-2023-52751).
- commit a32502b
- bpf: Set run context for rawtp test_run callback (bsc#1227783
CVE-2024-40908).
- commit 3bc3979
- ipv6: prevent possible NULL dereference in rt6_probe()
(CVE-2024-40960 bsc#1227813).
- commit 33bfa43
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
(git-fixes).
- commit e67818e
- cachefiles: flush all requests after setting CACHEFILES_DEAD
(bsc#1227797 CVE-2024-40935).
- commit f7e6672
- xfs: Add cond_resched to block unmap range and reflink remap
path (bsc#1228226).
- commit 398a1d5
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6
- PCI: Introduce cleanup helpers for device reference counts
and locks (git-fixes).
- commit 4645732
- PCI: tegra194: Set EP alignment restriction for inbound ATU
(git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- commit b5dfbee
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit f84afd1
- blacklist.conf: add one pci entry
- commit 8c4446c
- ipv6: prevent possible NULL deref in fib6_nh_init()
(CVE-2024-40961 bsc#1227814).
- commit 09176fe
- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56
- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
(bsc#1227732 CVE-2024-39508).
- commit 9c3b469
- mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f
- usb: typec: tcpm: clear pd_event queue in PORT_RESET
(git-fixes).
- commit 8782764
- netrom: Fix a memory leak in nr_heartbeat_expiry()
(CVE-2024-41006 bsc#1227862).
- commit fa76ffa
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
(git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
(git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
and locks (stable-fixes).
- commit a5ba589
- usb: gadget: call usb_gadget_check_config() to verify UDC
capability (git-fixes).
- commit a789eca
- blacklist.conf: pure dts
- commit ed51b87
- usb: cdns3: fix iso transfer error when mult is not zero
(git-fixes).
- commit 24ef45f
- usb: cdns3: fix incorrect calculation of ep_buf_size when more
than one config (git-fixes).
- commit 1aee554
- usb: cdns3: allocate TX FIFO size according to composite EP
number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228190).
- commit 7cce822
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
is true (git-fixes).
- Refresh
patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84
- usb: cdns3: optimize OUT transfer by copying only actual
received data (git-fixes).
- commit 909f26f
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- commit 82de9d3
- usb: cdns3: improve handling of unaligned address case
(git-fixes).
- commit ada0d19
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
(bsc#1227121 ltc#207129).
- commit 2fe1c33
- blacklist.conf: pure optimization
- commit 0f44899
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Input: elan_i2c - do not leave interrupt disabled on suspend
failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
(git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
(stable-fixes).
- crypto: ecdsa - Fix the public key format description
(git-fixes).
- commit daf9e8d
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
(git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
(git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
(stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
(stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
(stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
(stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
(stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
(stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
(stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
(stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
(stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
(stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
(stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
(stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
(stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
(stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd
- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
(git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
prepare() (git-fixes).
- commit 7e23de0
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
(stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
(stable-fixes).
- commit df254fc
- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 39544d5
- mptcp: ensure snd_una is properly initialized on connect
(CVE-2024-40931 bsc#1227780).
- commit 8410912
- bnxt_en: Adjust logging of firmware messages in case of released
token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7
- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a
- nilfs2: fix incorrect inode allocation from reserved inodes
(git-fixes).
- commit 84d8b23
- nilfs2: convert persistent object allocator to use kmap_local
(git-fixes).
- commit 5ccbbbd
- nilfs2: add missing check for inode numbers on directory entries
(git-fixes).
- commit 907b3f0
- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa
- jffs2: Fix potential illegal address access in jffs2_free_inode
(git-fixes).
- commit 03a6330
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24
- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit 2476f39
- Refresh
patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759
- xfs: fix log recovery buffer allocation for the legacy h_size
fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
(git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
(git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
(git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
(git-fixes).
- leds: triggers: Flush pending brightness before activating
trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee
- Update
patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
(CVE-2024-36889 bsc#1225746).
- commit cf8a3ad
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8
- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9
- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8
- mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889).
- commit d97efaf
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff
- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
bsc#1225851).
- commit f863dba
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977
- r8169: Fix possible ring buffer corruption on fragmented Tx
packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- commit cee3770
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94
- wifi: rtw89: Fix array index mistake in
rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
(git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
(git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
(git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
(git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
(git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
(git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
(git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
(git-fixes).
- drm/gma500: fix null pointer dereference in
cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
(git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
(git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
(git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
(git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
(git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
(git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
(git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
(git-fixes).
- nfsd: don't free files unconditionally in
__nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
(git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
(git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
(git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
(git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
(git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
(git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
(git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
(git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
(git-fixes).
- NFSD: verify the opened dentry after setting a delegation
(git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
(git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
(git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
(git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
(git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
(git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
(git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
(git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
(git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
(git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
(git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(git-fixes).
- commit e973410
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug# reference
- commit 354086f
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- commit b5e215c
- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370
- blacklist.conf: missing backport for fix
- commit 6f546a1
- net/mlx5: Always stop health timer during driver removal
(CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c
- usb: dwc3: gadget: Synchronize IRQ between soft
connect/disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2
- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c
- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc
- hfsplus: fix to avoid false alarm of circular locking
(git-fixes).
- commit 88f4150
- blacklist.conf: cleanup, not a fix
- commit b7bc0b1
- net/mlx5: Register devlink first under devlink lock
(CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
bsc#1222799).
- commit b9232bb
- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
bsc#1221010).
- commit 6ef4a6c
- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
bsc#1226565).
- commit 994eb84
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841
- ionic: fix use after netif_napi_del() (CVE-2024-39502
bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
race (git-fixes).
- commit f8dee1e
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e
- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
(CVE-2024-35853 bsc#1224604).
- commit e216456
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9
- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
bsc#1224414).
- commit 3644194
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 4ab465a
- tracing/net_sched: NULL pointer dereference in
perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5
- tracing: Build event generation tests only as modules
(git-fixes).
- commit 383ccf7
- cachefiles: add output string to
cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c
- ftrace: Fix possible use-after-free issue in ftrace_location()
(git-fixes).
- commit f6aba47
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b
- netfilter: nf_tables: do not compare internal table flags on
updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba
- csky: ftrace: Drop duplicate implementation of
arch_check_ftrace_location() (git-fixes).
- commit c9c9bba
- net/smc: avoid data corruption caused by decline (bsc#1225088
CVE-2023-52775).
- commit 7b97698
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7
- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
bsc#1223806).
- commit 6af6de1
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947
- blacklist.conf: Blacklist unneeded patch
- commit a22ed51
- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
bsc#1220952).
- commit 3d5c321
- tipc: check for null after calling kmemdup (CVE-2021-47186
bsc#1222702).
- commit 34af8f8
- i2c: rcar: bring hardware to known state when probing
(git-fixes).
- i2c: testunit: avoid re-issued work after read message
(git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0
- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
(git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
(git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
(stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
(stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
(stable-fixes).
- drm/amd/display: Check index msg_id before read or write
(stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
(stable-fixes).
- commit 7c70cdc
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit eaeef60
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
is out-of-bounds (git-fixes).
- commit 9ec2217
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
(git-fixes).
- commit 8bd778f
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1227162).
- commit 71773a0
- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
IDs (git-fixes).
- commit bf2b1de
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942 bsc#1225843).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944 bsc#1225847).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
(git-fixes CVE-2024-39475 bsc#1227435).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950 bsc#1225895).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947 bsc#1225856).
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
invalid target (git-fixes).
- commit 112065d
- KVM: x86: Purge "highest ISR" cache when updating APICv state
(git-fixes).
- commit a129b88
- KVM: x86: Disable APIC logical map if vCPUs are aliased in
logical mode (git-fixes).
- commit 8d68b06
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: x86: Disable APIC logical map if logical ID covers multiple
MDAs (git-fixes).
- commit 0357410
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
setup (git-fixes).
- commit 288a73b
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- KVM: x86: Explicitly track all possibilities for APIC map's
logical modes (git-fixes).
- commit 2cf1fb4
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
LDR==0 (git-fixes).
- commit d6f5973
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
routes (git-fixes).
- commit a815f21
- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
in CPUID (git-fixes).
- commit ccf2508
- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- commit ee1e789
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
Misconfig (git-fixes).
- commit 0d2641d
- KVM: VMX: Report up-to-date exit qualification to userspace
(git-fixes).
- commit 606216a
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- commit 7f61c0e
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
(git-fixes).
- commit eea9593
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6
- Refresh
patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 69cbb3f
- Refresh
patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 8238035
- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d
- btrfs: use dev_t to match device in device_matched
(bsc#1227162).
- commit 4a1fa42
- btrfs: add device major-minor info in the struct btrfs_device
(bsc#1227162).
- commit 297d7e5
- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd
- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c
- btrfs: remove the cross file system checks from remap
(bsc#1227157).
- commit b30d559
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
In order to apply current patch need to refresh:
arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7
- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d
- selftests/bpf: test case for callback_depth states pruning logic
(bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
(bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
(bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
(bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
(bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
(bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
(bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
(bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
(bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
expected messages (bsc#1225903).
- commit d974185
- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit dccf281
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit a961424
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(CVE-2024-36939 bsc#1225838).
- commit 1e7c712
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272).
- commit a570654
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- netfilter: conntrack: ignore overly delayed tcp packets
(bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
(bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
(bsc#1223180).
- commit f482451
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557
- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
fixed incorrect bug number reference
- commit 999a0f9
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit a6082a0
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
CVE-2023-52580).
- commit 0ff3299
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
(sched)).
- commit 27be692
- blacklist.conf: Unsupported architecture
- commit 74cc76a
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(git-fixes).
- commit 4c4245d
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1
- drm/nouveau: fix null pointer dereference in
nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
(stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
(stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
(stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
(git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
(stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
(stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
(stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
(stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
(stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
(stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
(stable-fixes).
- commit 7f3043b
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef
- bpf: check bpf_func_state->callback_depth when pruning states
(bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
func exit (bsc#1225903).
- commit d19d633
- bcache: fix variable length array abuse in btree_iter
(CVE-2024-39482 bsc#1227447).
- commit 17815f2
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 450645b
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 2baf830
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit 47079b2
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
(git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(git-fixes).
- commit 2b22fa3
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
(bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
(bsc#1225903).
- commit c363b0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- blacklist.conf: Add 8b793bcda61f watchdog: move softlockup_panic back to early_param
- commit 884e27b
- blacklist.conf: Add d988d9a9b9d1 panic: Flush kernel log buffer at the end
- commit 1b88df8
- net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505 CVE-2021-47547).
- commit 9f2e6d7
- Update
patches.suse/arm64-mm-Batch-dsb-and-isb-when-populating-pgtables.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-for-allocate-vs-populate.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-per-cont-pte-pmd-block.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-don-t-acquire-mutex-when-rewriting-swapper.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch
(jsc#PED-8690 bsc#1226202).
- commit 6a3ad32
- Update
patches.suse/usb-gadget-printer-fix-races-against-disable.patch
(CVE-2024-25741 bsc#1219832).
- commit ad103cc
- md: fix resync softlockup when bitmap size is less than array
size (CVE-2024-38598, bsc#1226757).
- commit 63bdd4c
- Replaced by upstream version and add CVE-2024-35979 bsc#1224572 References,
patches.suse/raid1-fix-use-after-free-for-original-bio-in-raid1_w-fcf3.patch.
- commit b286e82
- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
CVE-2024-35805).
- commit cd48313
- llc: make llc_ui_sendmsg() more robust against bonding changes
(CVE-2024-26636 bsc#1221659).
- commit ecb089c
- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
bsc#1221656).
- commit 1100e9f
- usb: gadget: u_audio: Fix race condition use of controls after
free during gadget unbind (CVE-2024-38628 bsc#1226911).
- commit 9098f97
- usb: gadget: u_audio: clean up some inconsistent indenting
(CVE-2024-38628 bsc#1226911).
- commit 59d56d9
- blacklist.conf: 9cb46b31f3d0 drm/xe/xe_migrate: Cast to output precision before multiplying operands
- commit f111be2
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
(CVE-2024-26641 bsc#1221654).
- commit 41bffae
- hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021
CVE-2024-26863).
- commit f065753
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633 bsc#1221647).
- commit f5f5027
- gfs2: Fix potential glock use-after-free on unmount (bsc#1226775
CVE-2024-38570).
- gfs2: Rename sd_{ glock => kill }_wait (bsc#1226775
CVE-2024-38570).
- gfs2: Use container_of() for gfs2_glock(aspace) (bsc#1226775
CVE-2024-38570).
- commit 1854bb6
- io_uring: check for non-NULL file pointer in io_file_can_poll()
(bsc#1226990 CVE-2024-39371).
- commit f9fcf1f
- fs/9p: fix uninitialized values during inode evict (bsc#1225815
CVE-2024-36923).
- commit 40f7a6e
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot
of subvolume being deleted (bsc#1221282).
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1221282 CVE-2024-26644 bsc#1222072).
- commit 7829d14
- btrfs: fix crash on racing fsync and size-extending write into
prealloc (bsc#1227101 CVE-2024-37354).
- commit 899b45b
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit f847397
- kbuild: do not include include/config/auto.conf from shell
scripts (bsc#1227274).
- commit c743753
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an
assertion msg (git-fixes).
- commit d600a63
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected
(git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND
identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper
layers (git-fixes).
- commit 69e8827
- bpf: keep track of max number of bpf_loop callback iterations
(bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- commit 4740932
- bpf: verify callbacks as if they are called unknown number of
times (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: clean up visit_insn()'s instruction processing
(bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- bpf: Remove unused insn_cnt argument from
visit_[func_call_]insn() (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- commit 4cfaa45
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in
strobemeta (bsc#1225903).
- bpf: print full verifier states on infinite loop detection
(bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- commit 319cd93
- Update
patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
(git-fixes CVE-2021-47600 bsc#1226575).
- Update
patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
(bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
(git-fixes CVE-2021-47618 bsc#1226644).
- Update
patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
(git-fixes CVE-2022-48739 bsc#1226675).
- Update
patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
(git-fixes CVE-2022-48717 bsc#1226679).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
(git-fixes CVE-2022-48736 bsc#1226721).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
(git-fixes CVE-2022-48737 bsc#1226762).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
(git-fixes CVE-2022-48738 bsc#1226674).
- Update
patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
(git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
(git-fixes CVE-2022-48728 bsc#1226691).
- Update
patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
(jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
(git-fixes CVE-2022-48765 bsc#1226697).
- Update
patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
(git-fixes CVE-2022-48727 bsc#1226690).
- Update
patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
(git-fixes CVE-2022-48763 bsc#1226628).
- Update
patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
(git-fixes CVE-2021-47617 bsc#1226614).
- Update
patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
(jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
(jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
(jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
(jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
(git-fixes CVE-2022-48726 bsc#1226686).
- Update
patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
(git-fixes CVE-2022-48760 bsc#1226712).
- Update
patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
(git-fixes CVE-2021-47582 bsc#1226559).
- Update
patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
(git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
(bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
(git-fixes CVE-2021-47607 bsc#1226580).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
(bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
bsc#1226569).
- Update
patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
(bsc#1224488 CVE-2024-35905).
- Update
patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
(bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
(bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
(bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-48730 bsc#1226713).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(git-fixes CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(git-fixes CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(git-fixes CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
(CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
(git-fixes CVE-2022-48769 bsc#1226629).
- Update
patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
(bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
(git-fixes CVE-2021-47609 bsc#1226562).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
(git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
(jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
(git-fixes CVE-2021-47597 bsc#1226553).
- Update
patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
(bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
(git-fixes CVE-2022-48724 bsc#1226624).
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
(stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
CVE-2021-4439 bsc#1226670).
- Update
patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
(git-fixes CVE-2021-47602 bsc#1226554).
- Update
patches.suse/mac80211-validate-extended-element-ID-is-present.patch
(git-fixes CVE-2021-47611 bsc#1226583).
- Update
patches.suse/media-mxl111sf-change-mutex_init-location.patch
(git-fixes CVE-2021-47583 bsc#1226563).
- Update
patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
(git-fixes CVE-2022-48743 bsc#1226705).
- Update
patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
(bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48722 bsc#1226619).
- Update
patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
(git-fixes CVE-2022-48720 bsc#1226683).
- Update
patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
(git-fixes CVE-2022-48745 bsc#1226702).
- Update
patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
(git-fixes CVE-2022-48744 bsc#1226696).
- Update
patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
(git-fixes CVE-2022-48746 bsc#1226703).
- Update
patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
(git-fixes CVE-2022-48721 bsc#1226685).
- Update
patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
(git-fixes CVE-2022-48751 bsc#1226653).
- Update
patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
(git-fixes CVE-2021-47586 bsc#1226561).
- Update
patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
(git-fixes CVE-2021-47592 bsc#1226572).
- Update
patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
(git-fixes CVE-2021-47587 bsc#1226567).
- Update
patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
(git-fixes CVE-2021-47612 bsc#1226585).
- Update
patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
(bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
(git-fixes CVE-2022-48754 bsc#1226692).
- Update
patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
(bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
(git-fixes CVE-2022-48759 bsc#1226711).
- Update
patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
(git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
(git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
(git-fixes CVE-2021-47578 bsc#1226539).
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(git-fixes CVE-2021-47580 bsc#1226550).
- Update
patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
(git-fixes CVE-2021-47576 bsc#1226537).
- Update
patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
(git-fixes CVE-2022-48740 bsc#1226699).
- Update
patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
(git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
(jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
(bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
(git-fixes CVE-2022-48768 bsc#1226720).
- Update
patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
(git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- commit cc322a0
- X.509: Fix the parser of extended key usage for length
(bsc#1218820).
- commit c5d6d23
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- bpf: correct loop detection for iterators convergence
(bsc#1225903).
- commit c7253b6
- bpf: exact states comparison for iterator convergence checks
(bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c
(bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids()
(bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- commit 7f3ee03
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- commit 3786246
- Update
patches.suse/1203-drm-mxsfb-Fix-NULL-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48718 bsc#1226616).
- Update
patches.suse/1250-drm-amd-display-Wrap-dcn301_calculate_wm_and_dlg-for.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48766 bsc#1226704).
- Update
patches.suse/1327-drm-msm-Fix-null-ptr-access-msm_ioctl_gem_submit.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47610 bsc#1226581).
- Update
patches.suse/ALSA-Fix-deadlocks-with-kctl-removals-at-disconnecti.patch
(stable-fixes CVE-2024-38600 bsc#1226864).
- Update
patches.suse/ALSA-core-Fix-NULL-module-pointer-assignment-at-card.patch
(git-fixes CVE-2024-38605 bsc#1226740).
- Update
patches.suse/ALSA-hda-cs_dsp_ctl-Use-private_free-for-control-cle.patch
(git-fixes CVE-2024-38388 bsc#1226890).
- Update
patches.suse/ALSA-timer-Set-lower-bound-of-start-tick-time.patch
(stable-fixes git-fixes CVE-2024-38618 bsc#1226754).
- Update
patches.suse/ASoC-kirkwood-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-38550 bsc#1226633).
- Update
patches.suse/Input-cyapa-add-missing-input-core-locking-to-suspen.patch
(git-fixes CVE-2023-52884 bsc#1226764).
- Update
patches.suse/KEYS-trusted-Do-not-use-WARN-when-encode-fails.patch
(git-fixes CVE-2024-36975 bsc#1226520).
- Update
patches.suse/KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch
(git-fixes CVE-2024-36967 bsc#1226131).
- Update
patches.suse/RDMA-hns-Fix-deadlock-on-SRQ-async-events.patch
(git-fixes CVE-2024-38591 bsc#1226738).
- Update
patches.suse/RDMA-hns-Modify-the-print-level-of-CQE-error.patch
(git-fixes CVE-2024-38590 bsc#1226839).
- Update
patches.suse/RDMA-rxe-Fix-seg-fault-in-rxe_comp_queue_pkt.patch
(git-fixes CVE-2024-38544 bsc#1226597).
- Update
patches.suse/block-fix-memory-leak-in-disk_register_independent_a.patch
(jsc#PED-1183 CVE-2022-48753 bsc#1226693).
- Update
patches.suse/bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch
(git-fixes CVE-2024-38540 bsc#1226582).
- Update
patches.suse/bpf-Guard-against-accessing-NULL-pt_regs-in-bpf_get_.patch
(jsc#PED-1377 CVE-2022-48770 bsc#1226730).
- Update
patches.suse/bpf-Use-VM_MAP-instead-of-VM_ALLOC-for-ringbuf.patch
(jsc#PED-1377 CVE-2022-48714 bsc#1226622).
- Update
patches.suse/btrfs-fix-use-after-free-after-failure-to-create-a-s.patch
(git-fixes CVE-2022-48733 bsc#1226718).
- Update
patches.suse/cppc_cpufreq-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38573 bsc#1226739).
- Update patches.suse/crypto-bcm-Fix-pointer-arithmetic.patch
(git-fixes CVE-2024-38579 bsc#1226637).
- Update
patches.suse/drm-amd-display-Fix-division-by-zero-in-setup_dsc_co.patch
(stable-fixes CVE-2024-36969 bsc#1226155).
- Update
patches.suse/drm-amd-display-Fix-potential-index-out-of-bounds-in.patch
(git-fixes CVE-2024-38552 bsc#1226767).
- Update
patches.suse/drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
(stable-fixes CVE-2024-39471 bsc#1227096).
- Update
patches.suse/drm-amdgpu-mes-fix-use-after-free-issue.patch
(stable-fixes CVE-2024-38581 bsc#1226657).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548).
- Update
patches.suse/drm-mediatek-Add-0-size-check-to-mtk_drm_gem_obj.patch
(git-fixes CVE-2024-38549 bsc#1226735).
- Update
patches.suse/drm-msm-a6xx-Avoid-a-nullptr-dereference-when-speedb.patch
(git-fixes CVE-2024-38390 bsc#1226891).
- Update
patches.suse/drm-vc4-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38546 bsc#1226593).
- Update
patches.suse/drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-event.patch
(git-fixes CVE-2024-36960 bsc#1225872).
- Update
patches.suse/efi-libstub-only-free-priv.runtime_map-when-allocate.patch
(git-fixes CVE-2024-33619 bsc#1226768).
- Update
patches.suse/io-wq-check-for-wq-exit-after-adding-new-worker-task.patch
(bsc#1205205 CVE-2021-47577 bsc#1226538).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848).
- Update
patches.suse/media-atomisp-ssh_css-Fix-a-null-pointer-dereference.patch
(git-fixes CVE-2024-38547 bsc#1226632).
- Update
patches.suse/media-lgdt3306a-Add-a-check-against-null-pointer-def.patch
(stable-fixes CVE-2022-48772 bsc#1226976).
- Update
patches.suse/media-stk1160-fix-bounds-checking-in-stk1160_copy_vi.patch
(git-fixes CVE-2024-38621 bsc#1226895).
- Update
patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
(git-fixes CVE-2022-48748 bsc#1226647).
- Update
patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
(bsc#1207361 CVE-2021-47595 bsc#1226552).
- Update
patches.suse/netfilter-complete-validation-of-user-input.patch
(CVE-2024-35896 bsc#1224662 git-fixes CVE-2024-35962
bsc#1224583).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch
(stable-fixes CVE-2024-38582 bsc#1226658).
- Update
patches.suse/nilfs2-fix-use-after-free-of-timer-for-log-writer-th.patch
(git-fixes CVE-2024-38583 bsc#1226777).
- Update
patches.suse/powerpc64-bpf-Limit-ldbrx-to-processors-compliant-wi.patch
(jsc#PED-1377 CVE-2022-48755 bsc#1226706).
- Update
patches.suse/remoteproc-mediatek-Make-sure-IPI-buffer-fits-in-L2T.patch
(git-fixes CVE-2024-36965 bsc#1226149).
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893 CVE-2024-38601 bsc#1226876).
- Update
patches.suse/scsi-qla2xxx-Fix-off-by-one-in-qla_edif_app_getstats.patch
(git-fixes CVE-2024-36025 bsc#1225704).
- Update
patches.suse/serial-max3100-Lock-port-lock-when-calling-uart_hand.patch
(git-fixes CVE-2024-38634 bsc#1226868).
- Update
patches.suse/serial-max3100-Update-uart_driver_registered-on-driv.patch
(git-fixes CVE-2024-38633 bsc#1226867).
- Update
patches.suse/soundwire-cadence-fix-invalid-PDI-offset.patch
(stable-fixes CVE-2024-38635 bsc#1226863).
- Update patches.suse/speakup-Fix-sizeof-vs-ARRAY_SIZE-bug.patch
(git-fixes CVE-2024-38587 bsc#1226780).
- Update
patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
(bsc#1224331 CVE-2024-35814 bsc#1224602).
- Update
patches.suse/thermal-drivers-tsens-Fix-null-pointer-dereference.patch
(git-fixes CVE-2024-38571 bsc#1226737).
- Update
patches.suse/tpm_tis_spi-Account-for-SPI-header-when-allocating-TPM-SPI-xfer-buffer.patch
(bsc#1225535 CVE-2024-36477 bsc#1226840).
- Update
patches.suse/usb-storage-alauda-Check-whether-the-media-is-initia.patch
(git-fixes CVE-2024-38619 bsc#1226861).
- Update
patches.suse/vduse-check-that-offset-is-within-bounds-in-get_conf.patch
(jsc#PED-1549 CVE-2021-47604 bsc#1226566).
- Update
patches.suse/vduse-fix-memory-corruption-in-vduse_dev_ioctl.patch
(jsc#PED-1549 CVE-2021-47605 bsc#1226579).
- Update
patches.suse/watchdog-cpu5wdt.c-Fix-use-after-free-bug-caused-by-.patch
(git-fixes CVE-2024-38630 bsc#1226908).
- Update
patches.suse/wifi-ar5523-enable-proper-endpoint-verification.patch
(git-fixes CVE-2024-38565 bsc#1226747).
- Update
patches.suse/wifi-carl9170-add-a-proper-sanity-check-for-endpoint.patch
(git-fixes CVE-2024-38567 bsc#1226769).
- Update
patches.suse/wifi-carl9170-re-fix-fortified-memset-warning.patch
(git-fixes CVE-2024-38616 bsc#1226852).
- commit efd69a4
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- bpf: support precision propagation in the presence of subprogs
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- bpf: fix mark_all_scalars_precise use in mark_chain_precision
(bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames
(bsc#1225903).
- bpf: maintain bitmasks across all active frames in
__mark_chain_precision (bsc#1225903).
- bpf: take into account liveness when propagating precision
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-propagation-verbose-logging.patch
- commit c5f7596
- net: ena: Fix redundant device NUMA node override
(jsc#PED-8690).
- commit 629130c
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error
(git-fixes).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst
(git-fixes).
- iio: chemical: bme680: Fix sensor data read operation
(git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions
(git-fixes).
- iio: chemical: bme680: Fix calibration data variable
(git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
(git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget
suspend/resume to avoid deadlock (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- commit 201a936
- i2c: testunit: discard write requests while old command is
running (git-fixes).
- i2c: testunit: don't erase registers after STOP (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
(git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- commit 958e336
- gpiolib: cdev: Disallow reconfiguration without direction
(uAPI v1) (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- commit dc60c09
- net/9p: fix uninit-value in p9_client_rpc() (CVE-2024-39301
bsc#1226994).
- commit b325415
- arm64: mm: Don't remap pgtables for allocate vs populate
(jsc#PED-8690).
- arm64: mm: Batch dsb and isb when populating pgtables
(jsc#PED-8690).
- arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
(jsc#PED-8690).
- arm64: mm: don't acquire mutex when rewriting swapper
(jsc#PED-8690).
- commit 911eabe
- smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103,
CVE-2024-39468).
- commit ef9e40f
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping
(bsc#1225903).
- Refresh patches.suse/bpf-Fix-precision-tracking-for-BPF_ALU-BPF_TO_BE-BPF.patch
- bpf: mark relevant stack slots scratched for register read
instructions (bsc#1225903).
- commit acd95d8
- bpf: Improve verifier u32 scalar equality checking
(bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites
(bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
(bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in
regsafe() (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves
parent/live fields (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range
info (bsc#1225903).
- commit 6ef5769
- bpf: reject non-exact register type matches in regsafe()
(bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping
(bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id
(bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock
(bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across
all frames (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames
(bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id()
(bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- selftests/bpf: make test_align selftest more robust
(bsc#1225903).
- bpf: aggressively forget precise markings during state
checkpointing (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs
(bsc#1225903).
- Remove f655badf2a8f "bpf: fix propagate_precision() logic for inner
frames" from blacklist.conf, which is a fix for this
- commit 605166e
- iommu: mtk: fix module autoloading (git-fixes).
- commit 8d5ca45
- iommu: Return right value in iommu_sva_bind_device()
(git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- commit 89e035d
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit ad48400
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit 71e0b41
- Fix new build warnings regarding unused variables:
Changed build warnings:
* **** 2 warnings *****
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work':
../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable]
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work':
../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- Refresh
patches.suse/ceph-add-ceph_cap_unlink_work-to-fire-check_caps-imme.patch.
- Refresh
patches.suse/ceph-switch-to-use-cap_delay_lock-for-the-unlink-dela.patch.
- commit 0e2186a
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820
(git-fixes).
- commit 7df4f37
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes).
- drm/panel: simple: Add missing display timing flags for KOE
TX26D202VM0BWA (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table
(git-fixes).
- batman-adv: Don't accept TT entries for out-of-spec VIDs
(git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during
BAM transmission (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one()
(git-fixes).
- net: can: j1939: enhanced error handling for tightly received
RTS messages in xtp_rx_rts_session_new (git-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in
acp_i2s_probe() (git-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure
(git-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
(git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
(git-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
(git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
445/465 G11 (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset
(stable-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP
execution (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution
(stable-fixes).
- commit 8b51ea0
- kfence: fix memory leak when cat kfence objects (bsc#1220958,
CVE-2021-47089).
- commit 10017b7
- nilfs2: fix potential kernel bug due to lack of writeback flag
waiting (bsc#1227066 CVE-2024-37078).
- commit f38d6d3
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on
I/O errors (bsc#1226992 CVE-2024-39469).
- commit 6b2d7ad
- kABI workaround for FPGA changes (CVE-2024-35247 bsc#1226948
CVE-2024-36479 bsc#1226949 CVE-2024-37021 bsc#1226950).
- commit 34bcd8e
- fpga: region: add owner module and take its refcount
(CVE-2024-35247 bsc#1226948).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 2206f02
- fpga: manager: add owner module and take its refcount
(CVE-2024-37021 bsc#1226950).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 9371d28
- fpga: bridge: add owner module and take its refcount
(CVE-2024-36479 bsc#1226949).
- commit 8710b3c
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources
after upload (bsc#1224767 CVE-2024-36919).
- commit 0e530b8
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- commit bacb90a
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Add sockopt case to verify prog_type (bsc#1226789
CVE-2024-38564).
- selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
(bsc#1226789 CVE-2024-38564).
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Check whether to run selftest (bsc#1226789
CVE-2024-38564).
- bpf: Force kprobe multi expected_attach_type for kprobe_multi
link (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Convert sockopt test to ASSERT_* macros
(bsc#1226789 CVE-2024-38564).
- commit fec2539
- s390/ap: Fix crash in AP internal function modify_bitmap()
(CVE-2024-38661 bsc#1226996 git-fixes).
- commit bd5322c
- null_blk: Fix return value of nullb_device_power_store()
(bsc#1226841 CVE-2024-36478).
- commit c3dfa05
- null_blk: fix null-ptr-dereference while configuring 'power'
and 'submit_queues' (bsc#1226841 CVE-2024-36478).
- commit 0589f0b
- block: fix overflow in blk_ioctl_discard() (bsc#1225770
CVE-2024-36917).
- commit 8cdaac1
- epoll: be better about file lifetimes (bsc#1226610
CVE-2024-38580).
- commit e0be089
- Kabi fix for ipv6: fix memory leak in fib6_rule_suppress
(CVE-2021-47546 bsc#1225504).
- ipv6: fix memory leak in fib6_rule_suppress (CVE-2021-47546
bsc#1225504).
- commit 589556f
- cifs: fix hang in wait_for_response() (bsc#1220812,
bsc#1220368).
- commit b9be417
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- Update
patches.suse/io_uring-fix-race-between-timeout-flush-and-removal.patch
(bsc#1205205 CVE-2022-29582).
I accidentally dropped the CVE reference when updating this backport.
Re-add it.
- commit f2446ba
- mptcp: clear 'kern' flag from fallback sockets
(CVE-2021-47593 bsc#1226551).
- commit 2659f40
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit bc93665
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(CVE-2024-36974 bsc#1226519).
- commit 433e33d
- xhci: Simplify event ring dequeue pointer update for port
change events (git-fixes).
- commit 3185bc8
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- commit b938861
- mm: Avoid overflows in dirty throttling logic (bsc#1222364
CVE-2024-26720).
- commit 6a8050a
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- enic: Validate length of nl attributes in enic_set_vf_port
(CVE-2024-38659 bsc#1226883).
- net: fec: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38553 bsc#1226744).
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- net/mlx5: Add a timeout to acquire the command queue semaphore
(CVE-2024-38556 bsc#1226774).
- net/mlx5: Reload only IB representors upon lag disable/enable
(CVE-2024-38557 bsc#1226781).
- net/mlx5e: Fix netif state handling (CVE-2024-38608
bsc#1226746).
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38597 bsc#1226749).
- net: stmmac: move the EST lock to struct stmmac_priv
(CVE-2024-38594 bsc#1226734).
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove
unused args (CVE-2024-38608 bsc#1226746).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- commit 2ae4454
- usb: xhci: address off-by-one in xhci_num_trbs_free()
(git-fixes).
- commit 841d39b
- usb: xhci: improve debug message in xhci_ring_expansion_needed()
(git-fixes).
- commit d2b5f1e
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- commit 1a2e96b
- xhci: fix matching completion events with TDs (git-fixes).
- commit aca914a
- xhci: update event ring dequeue pointer position to controller
correctly (git-fixes).
- commit 93be17d
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
(CVE-2024-38780 bsc#1226886).
- commit 43f7b44
- nvmet-passthru: propagate status from id override functions
(git-fixes).
- nvme: find numa distance only if controller has valid numa id
(git-fixes).
- commit cdc1f02
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- commit 5d3e24c
- stm class: Fix a double free in stm_register_device()
(CVE-2024-38627 bsc#1226857).
- commit 050e247
- Input: ili210x - fix ili251x_read_touch_data() return value
(git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
(git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
(git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support
(git-fixes).
- commit 6e807ea
- drivers/perf: hisi: hns3: Actually use
devm_add_action_or_reset() (CVE-2024-38603 bsc#1226842).
- commit 1bb22d3
- usb: xhci: Implement xhci_handshake_check_state() helper
(git-fixes).
- commit cb838be
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- commit 63fa513
- xhci: Fix failure to detect ring expansion need (git-fixes).
- commit 113690d
- usb: typec: ucsi: Never send a lone connector change ack
(git-fixes).
- commit 7ee9645
- xhci: restre deleted trb fields for tracing (git-fixes).
- commit 93cf02b
- xhci: Stop unnecessary tracking of free trbs in a ring
(git-fixes).
- commit a2d1e46
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- commit 896ce4e
- xhci: remove unused stream_id parameter from
xhci_handle_halted_endpoint() (git-fixes).
- commit 98ef3b9
- xhci: simplify event ring dequeue tracking for transfer events
(git-fixes).
- commit 53c9c00
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- commit 212d0e7
- usb: typec: ucsi: Ack also failed Get Error commands
(git-fixes).
- commit 39df22a
- net: usb: ax88179_178a: improve reset check (git-fixes).
- commit a9cd82a
- net: usb: rtl8150 fix unintiatilzed variables in
rtl8150_get_link_ksettings (git-fixes).
- commit 331f817
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- commit 208be97
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap"
undefined (git-fixes).
- commit 67d8d3b
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- commit d13a032
- drm/i915/mso: using joiner is not possible with eDP MSO
(git-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
(git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle
(git-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs
(stable-fixes).
- commit 2ec7855
- ASoC: codecs: wcd938x: fix incorrect used of portid
(CVE-2022-48716 bsc#1226678).
- Refresh
patches.suse/ASoC-codecs-wcd938x-fix-return-value-of-mixer-put-fu.patch.
- commit 72e80ef
- drivers/perf: hisi: hns3: Fix out-of-bound access when valid
event group (CVE-2024-38568 bsc#1226771).
- commit 8713f77
- sched/core: Fix incorrect initialization of the 'burst'
parameter in cpu_max_write() (bsc#1226791).
- commit b41cbc1
- bsc#1225894: Fix patch references
- commit eaa0db4
- net/mlx5: Properly link new fs rules into the tree (bsc#1224588
CVE-2024-35960).
- commit e25590c
- net/mlx5e: fix a potential double-free in fs_any_create_groups
(bsc#1224603 CVE-2023-52667).
- commit df4661c
- net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605
CVE-2024-35835).
- commit 60e8562
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- Update config files.
- supported.conf:
- commit 875ffbb
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: ena: Fix incorrect descriptor free behavior (bsc#1224677
CVE-2024-35958).
- commit 5e978bb
- net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716
CVE-2024-27432).
- commit d64a6b1
- Revert "net/mlx5: Block entering switchdev mode with ns
inconsistency" (bsc#1224719 CVE-2023-52658).
- commit a900e45
- bonding: stop the device in bond_setup_by_slave() (bsc#1224946
CVE-2023-52784).
- commit e6d4b4f
- cachefiles: remove requests from xarray during flushing requests
(bsc#1226588).
- commit 3613d54
- blacklist.conf: add ppdev cleanup
- commit efdca47
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(git-fixes bsc#1225823 CVE-2024-36945 bsc#1226548).
- commit 1725fed
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- commit 11a4ad4
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- commit 4f86e97
- amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872 CVE-2024-36949)
- commit 0c17d54
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- commit a9a84c1
- nfsd: optimise recalculate_deny_mode() for a common case
(bsc#1217912).
- commit 49675fb
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
bsc#1226226).
- commit 8203342
- Revert "Add remote for nfs maintainer"
This reverts commit 9de16b6543dde7651ef5da514ebf6f29e7eac94b.
This came in through the wrong tree - sorry.
- commit 3905117
- Rename to
patches.suse/fs-9p-only-translate-RWX-permissions-for-plain-9P200.patch.
by scripts/renamepatches
- commit 0b4b132
- x86/mce: Dynamically size space for machine check records
(bsc#1222241).
- commit 96985c9
- seg6: fix the iif in the IPv6 socket control block
(CVE-2021-47515 bsc#1225426).
- commit 07e18ce
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
(CVE-2021-47572 bsc#1225389).
- commit 87d2dc4
- netfilter: nf_tables: reject new basechain after table flag update
(CVE-2024-35900 bsc#1224497).
- commit e2ad7db
- ipv6: Fix infinite recursion in fib6_dump_done() (CVE-2024-35886
bsc#1224670).
- commit 8bfad13
- Update references
- commit b8183f9
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- commit 0b50d79
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- commit a3c495c
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized
address translation (bsc#1225300).
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- commit 4a3a73c
- i2c: designware: Fix the functionality flags of the slave-only
interface (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only
interface (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- usb-storage: alauda: Check whether the media is initialized
(git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
(git-fixes).
- usb: typec: tcpm: fix use-after-free case in
tcpm_register_source_caps (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
(git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent()
(git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call
(git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value
(git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- mei: me: release irq in mei_me_pci_resume error path
(git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- spi: stm32: Don't warn about spurious interrupts (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer()
(stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table
(stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot
not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: core: Add mmc_gpiod_set_cd_config() function
(stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
(git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints
(git-fixes).
- media: lgdt3306a: Add a check against null-pointer-def
(stable-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes
(stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection
(stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
(stable-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
(stable-fixes).
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
(stable-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
(stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts
floating (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- wifi: cfg80211: fix the order of arguments for trace events
of the tx_rx_evt class (stable-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions
(stable-fixes).
- mmc: core: Do not force a retune before RPMB switch
(stable-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
(stable-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
(stable-fixes).
- media: flexcop-usb: clean up endpoint sanity checks
(stable-fixes).
- media: ipu3-cio2: Use temporary storage for struct device
pointer (stable-fixes).
- commit aace7d0
- netfilter: complete validation of user input
(CVE-2024-35896 bsc#1224662 git-fixes).
- commit 58a4873
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when
no EDID found (git-fixes).
- drm/bridge/panel: Fix runtime warning on panel bridge release
(git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- commit e843af8
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914 bsc#1225757).
- commit 9393875
- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 221e9a0
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
(git-fixes).
- HID: logitech-dj: Fix memory leak in
logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: core: remove unnecessary WARN_ON() in implement()
(git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value
(git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits
(git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory
(git-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
(git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect
problem (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set
element (git-fixes).
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of
debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
(git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
(git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(git-fixes).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency
units (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n'
(git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
440/460 G11 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
connected (git-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
(stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process
(stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU
(stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush
(stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
(stable-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts
(stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
(stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- commit 8f779cb
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857 bsc#1225581).
- commit 3f9829b
- drm/amd: check num of link levels when update pcie param (CVE-2023-52812 bsc#1225564).
- commit 86f2ac6
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 212272f
- ext4: correct offset of gdb backup in non meta_bg group to
update_backups (bsc#1224735 CVE-2024-35807).
- commit bec0d72
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit b08e6de
- ext4: remove unnecessary check from alloc_flex_gd() (bsc#1222080
CVE-2023-52622).
- commit f15da02
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- btrfs: lock the inode in shared mode before starting fiemap
(bsc#1225484 CVE-2023-52737).
- commit 613e476
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit ade8b65
- blk-iocost: avoid out of bounds shift (bsc#1225759
CVE-2024-36916).
- commit bc772e8
- lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1225391 CVE-2021-47432).
- commit 3dddaec
- blk-mq: make sure active queue usage is held for
bio_integrity_prep() (bsc#1225105 CVE-2023-52787).
- commit a4bdd9d
- block: prevent division by zero in blk_rq_stat_sum()
(bsc#1224661 CVE-2024-35925).
- commit 8cd7179
- ext4: fix corruption during on-line resize (bsc#1224735
CVE-2024-35807).
- commit d596ce4
- fat: fix uninitialized field in nostale filehandles (git-fixes
CVE-2024-26973 bsc#1223641).
- commit 91c4b39
- ext4: avoid online resizing failures due to oversized flex bg
(bsc#1222080 CVE-2023-52622).
- commit e47e37e
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
(CVE-2023-52882 bsc#1225692).
- commit fe79065
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- supported.conf: mark ufs as unsupported
UFS is an unsupported filesystem, mark it as such. We still keep it
around (not marking as optional), to accommodate any potential
migrations from BSD systems.
- commit 0fea8fe
- supported.conf: mark orangefs as optional
We don't support orangefs at all (and it is already marked as such), but
since there are no SLE consumers of it, mark it as optional.
- commit fa81a2f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- llc: verify mac len before reading mac header
(CVE-2023-52843 bsc#1224951).
- commit ad237fd
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
(CVE-2024-35898 bsc#1224498).
- commit c5fbeed
- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
(CVE-2024-36915 bsc#1225758).
- commit 5137f7b
- net: add copy_safe_from_sockptr() helper
(git-fixes prerequisite CVE-2024-36915 bsc#1225758).
- commit 7b13e3e
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- Kabi workaround for icmp: prevent possible NULL dereferences from
icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d5d7caf
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
(CVE-2021-47539 bsc#1225452).
- Refresh
patches.suse/rxrpc-Fix-race-between-conn-bundle-lookup-and-bundle.patch.
- commit 0d78641
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
(CVE-2021-47538 bsc#1225448).
- commit 6348fbd
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
(CVE-2024-36017 bsc#1225681).
- commit 829fd05
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- net: hns3: fix kernel crash when devlink reload during
initialization (CVE-2024-36900 bsc#1225726).
- net: hns3: release PTP resources if pf initialization failed
(CVE-2024-36900 bsc#1225726).
- commit 59940cd
- netfilter: validate user input for expected length
(CVE-2024-35896 bsc#1224662).
- commit 4582da9
- scsi: sd: Update DIX config every time sd_revalidate_disk()
is called (bsc#1218570).
- commit d99bf25
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
(git-fixes).
- commit a35fad9
- net: mana: Enable MANA driver on ARM64 with 4K page size
(jsc#PED-8491).
- Update config files.
- commit b5a81c3
- bna: ensure the copied buf is NUL terminated (CVE-2024-36934
bsc#1225760).
- i40e: fix vf may be used uninitialized in this function warning
(CVE-2024-36020 bsc#1225698).
- net: hns3: fix kernel crash when devlink reload during pf
initialization (CVE-2024-36021 bsc#1225699).
- commit f146593
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- xdp: use flags field to disambiguate broadcast redirect
(bsc#1225834 CVE-2024-36937).
- commit 7bc6ec5
- NFS: abort nfs_atomic_open_v23 if name is too long
(bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly
(bsc#1219847).
- commit c7a4ea9
- Add remote for nfs maintainer
- commit 9de16b6
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
(CVE-2023-52845 bsc#1225585).
- commit e952257
- fs/pipe: move check to pipe_has_watch_queue() (bsc#1224614
CVE-2023-52672).
- commit 3827adf
- pstore/platform: Add check for kstrdup (bsc#1225050
CVE-2023-52869).
- Refresh
patches.suse/pstore_disable_efi_backend_by_default.patch.
While refreshing of pstore_disable_efi_backend_by_default.patch, also
fix the non-conformant Patch-mainline tag.
- commit 6db9ce6
- pipe: wakeup wr_wait after setting max_usage (bsc#1224614
CVE-2023-52672).
- commit 2e5e06b
- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac
- nvme: use ctrl state accessor (bsc#1215492).
- nvme: ensure reset state check ordering (bsc#1215492).
Refresh:
- patches.suse/nvme-tcp-do-not-terminate-commands-when-in-resetting.patch
- patches.suse/nvme-tcp-make-err_work-a-delayed-work.patch
- commit cad3abd
- netfilter: nf_tables: honor table dormant flag from netdev release event path
(CVE-2024-36005 bsc#1224539).
- commit a6152f6
- blacklist.conf: kABI
- commit 3718c69
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
lock-up (bsc#1224552 CVE-2024-35997).
- commit bce3fab
- eeprom: at24: fix memory corruption race condition (bsc#1224612
CVE-2024-35848).
- commit 3fcf5a7
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
(CVE-2024-35884 bsc#1224520).
- commit 62c6d61
- mm/slab: make __free(kfree) accept error pointers
(CVE-2024-36890 bsc#1225714).
- commit d6b7c8a
- perf/core: Bail out early if the request AUX area is out of
bound (bsc#1225602 CVE-2023-52835).
- commit cf52881
- Update
patches.suse/scsi-target-core-Add-TMF-to-tmr_list-handling.patch
(bsc#1223018 CVE-2024-26845).
Update references to correct bug number and CVE number.
- commit 0b7584b
- blacklist.conf: add CVE-2024-26842 bsc#1223013
- commit 654e9e2
- scsi: target: core: Add TMF to tmr_list handling (bsc#1223013
CVE-2024-26842).
- commit b16632b
- blacklist.conf: CVE-2024-35956 bsc#1224674: not applicable bsc#1225945
- commit ae7238f
- powerpc/imc-pmu: Add a null pointer check in
update_events_in_group() (bsc#1224504 CVE-2023-52675).
- commit 9619143
- icmp: prevent possible NULL dereferences from icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d66584e
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit c99f07a
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- sock_map: avoid race between sock_map_close and sk_psock_put
(bsc#1225475 CVE-2023-52735).
- Refresh patches.kabi/bpf-sockmap-struct-psock-kABI-workaround.patch
- commit 4b60451
- proc/vmcore: fix clearing user buffer by properly using
clear_user() (CVE-2021-47566 bsc#1225514).
- commit 26144da
- ceph: switch to use cap_delay_lock for the unlink delay list
(bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately
(bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps
(bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- commit de9fe57
- usb: typec: altmodes/displayport: create sysfs nodes as driver's
default device attribute group (CVE-2024-35790 bsc#1224712).
Altered because we do not have 001b0c780eac328bc48b70b8437f202a4ed785e4
Needs to be redone if DRM requires that
- blacklist.conf: Incompatible with adjusted version
- commit a52e669
- usb: typec: ucsi: Limit read size on v1.2 (CVE-2024-35924
bsc#1224657).
- commit 578815c
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
(bsc#1224575 CVE-2024-35976).
- commit bc0a82d
- bpf, skmsg: Fix NULL pointer dereference in
sk_psock_skb_ingress_enqueue (bsc#1225761 CVE-2024-36938).
- commit 38f788d
- inet: inet_defrag: prevent sk release while still in use
(CVE-2024-26921 bsc#1223138).
- commit fb20c1d
- Update references
- commit 006ab15
- ipv4: check for NULL idev in ip_route_use_hint()
(CVE-2024-36008 bsc#1224540)
- commit 49edcb5
- drm/client: Fully protect modes with dev->mode_config.mutex (CVE-2024-35950 bsc#1224703).
- commit 75706b6
- kABI: bpf: struct bpf_insn_aux_data kABI workaround
(bsc#1225756).
- commit b5b7cd0
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- commit 1edb341
- vhost-vdpa: fix use after free in vhost_vdpa_probe()
(CVE-2023-52795 bsc#1225085).
- commit 423f910
- smb3: fix lock ordering potential deadlock in
cifs_sync_mid_result (bsc#1224020, bsc#1224549, CVE-2024-35998).
- commit fbb4c17
- smb: client: fix potential deadlock when releasing mids
(bsc#1224020, bsc#1225548, CVE-2023-52757).
- commit edc36f8
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array (bsc#1225506 CVE-2021-47548)
- commit b006eef
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355).
Adding the CVE references.
- commit 2df316d
- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
CVE-2024-26828).
- commit cade548
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- bpf: mostly decouple jump history management from
is_state_visited() (bsc#1225756).
- bpf: decouple prune and jump points (bsc#1225756).
- commit 574a67d
- Refresh patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
This fixes following build warning:
Changed build warnings:
* **** 1 warnings *****
* comparison of distinct pointer types lacks a cast in ../kernel/dma/swiotlb.c in swiotlb_do_find_slots (from ../include/linux/minmax.h)
In file included from ../include/linux/kernel.h:17:0,
../kernel/dma/swiotlb.c: In function 'swiotlb_do_find_slots':
../include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
../include/linux/minmax.h:26:4: note: in expansion of macro '__typecheck'
../include/linux/minmax.h:36:24: note: in expansion of macro '__safe_cmp'
../include/linux/minmax.h:52:19: note: in expansion of macro '__careful_cmp'
../kernel/dma/swiotlb.c:648:12: note: in expansion of macro 'max'
- commit a52b0ca
- blacklist.conf: add d380ce70058a4ccddc3e5f5c2063165dc07672c6
netrom: Fix data-races around sysctl_net_busy_read
(CVE-2024-27419 bsc#1224759)
- commit b538410
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- commit 7a7f193
- blacklist.conf: added fix that needs code not present
- commit 9671fd4
- smb: client: set correct id, uid and cruid for multiuser
automounts (bsc#1223011, CVE-2024-26822).
- commit 04cc660
- smb3: missing lock when picking channel (bsc#1224020,
bsc#1224550, CVE-2024-35999).
- commit dfca6b0
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224020, bsc#1224766,
CVE-2024-35861).
- commit 40c4ccf
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224020, bsc#1224764, CVE-2024-35862).
- commit 464e649
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224763, CVE-2024-35863).
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1224020, bsc#1224763, CVE-2024-35863).
- commit bfa9e6b
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
(bsc#1224020, bsc#1224668, CVE-2024-35865).
- commit 08baf42
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224020, bsc#1224765, CVE-2024-35864).
- commit b0dc4df
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224664, CVE-2024-35867).
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1224020, bsc#1224664, CVE-2024-35867).
- commit 45bad5a
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224678, CVE-2024-35868).
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1224020, bsc#1224678, CVE-2024-35868).
- commit 3ae3416
- smb: client: fix potential UAF in cifs_dump_full_key()
(bsc#1224020, bsc#1224667, CVE-2024-35866).
- commit f99c74f
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1223532, CVE-2024-26928).
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1224020, bsc#1223532, CVE-2024-26928).
- commit e95e3a6
- smb: client: guarantee refcounted children from parent session
(bsc#1224020, bsc#1224679, CVE-2024-35869).
- commit 6773173
- smb: client: fix UAF in smb2_reconnect_server() (bsc#1224020,
bsc#1224672, CVE-2024-35870).
- commit 69f157e
- cifs: failure to add channel on iface should bump up weight
(git-fixes, bsc#1224020).
- commit f21b7f9
- Revert "cifs: reconnect work should have reference on server
struct" (git-fixes, bsc#1224020).
- commit 04d1a0e
- cifs: fix leak of iface for primary channel (git-fixes,
bsc#1224020).
- commit 0af0c46
- smb: client: fix mount when dns_resolver key is not available
(git-fixes, bsc#1224020).
- commit 751b43e
- cifs: handle cases where multiple sessions share connection
(bsc#1224020).
- commit caf101a
- smb3: show beginning time for per share stats (bsc#1224020).
- commit 9120f21
- cifs: cifs_chan_is_iface_active should be called with chan_lock
held (bsc#1224020).
- commit 8eaf345
- cifs: do not pass cifs_sb when trying to add channels
(bsc#1224020).
- commit 0be08c0
- smb: client: remove extra @chan_count check in
__cifs_put_smb_ses() (bsc#1224020).
- commit 48869a9
- cifs: reconnect work should have reference on server struct
(bsc#1224020).
- commit 4099f48
- cifs: handle cases where a channel is closed (bsc#1224020).
- commit 856c9d4
- smb: client: reduce stack usage in cifs_try_adding_channels()
(bsc#1224020).
- commit 664baaf
- smb: client: get rid of dfs code dep in namespace.c
(bsc#1224020).
- commit fd4a262
- smb: client: get rid of dfs naming in automount code
(bsc#1224020).
- commit ffae390
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- commit 28e987f
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit af0feb9
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- commit ba31c72
- cifs: fix charset issue in reconnection (bsc#1224020).
- commit 18aa95e
- cifs: account for primary channel in the interface list
(bsc#1224020).
- commit a4889d1
- smb: Fix regression in writes when non-standard maximum write
size negotiated (bsc#1222464, CVE-2024-26692).
- commit 3c009aa
- cifs: distribute channels across interfaces based on speed
(bsc#1224020).
- commit 607d036
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes CVE-2024-26894 bsc#1223043).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes CVE-2024-27436 bsc#1224803).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes CVE-2024-36906 bsc#1225715).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes CVE-2024-26801 bsc#1222413).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes CVE-2024-35978 bsc#1224571).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes CVE-2024-35965 bsc#1224579).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes CVE-2024-35966 bsc#1224576).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes CVE-2024-35967 bsc#1224587).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes CVE-2024-35933 bsc#1224640).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes CVE-2024-27416 bsc#1224723).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes CVE-2024-35963 bsc#1224582).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes CVE-2024-27399 bsc#1224177).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes CVE-2024-36012 bsc#1225502).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes CVE-2024-36880 bsc#1225722).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes CVE-2024-35851 bsc#1224509).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes CVE-2024-36032 bsc#1225720).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes CVE-2024-26839 bsc#1222975).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes CVE-2024-26870 bsc#1223113).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes CVE-2024-35809 bsc#1224738).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes CVE-2024-26838 bsc#1222974).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes CVE-2024-26907 bsc#1223203).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes CVE-2024-26916 bsc#1223137).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes CVE-2024-27388 bsc#1223744).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes CVE-2024-36896 bsc#1225734).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes CVE-2024-26934 bsc#1223671).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes CVE-2024-26989 bsc#1223748).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes CVE-2024-35887 bsc#1224663).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes CVE-2024-35982 bsc#1224566).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 CVE-2024-36918 bsc#1225766).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes CVE-2024-35849 bsc#1224733).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes CVE-2024-27004 bsc#1223762).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes CVE-2024-27037 bsc#1223717).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes CVE-2024-27001 bsc#1223698).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes CVE-2024-27051 bsc#1223769).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes CVE-2024-26974 bsc#1223638).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes CVE-2024-26880 bsc#1223188).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes CVE-2024-35990 bsc#1224559).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes CVE-2024-35833 bsc#1224632).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes CVE-2024-26788 bsc#1222783).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes CVE-2024-35989 bsc#1224558).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes CVE-2024-36897 bsc#1225735).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes CVE-2024-27045 bsc#1223826).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes CVE-2024-36026 bsc#1225705).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes CVE-2024-27400 bsc#1224180).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes CVE-2024-26922 bsc#1223315).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes CVE-2024-36014 bsc#1225593).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
CVE-2024-35952 bsc#1224705).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes CVE-2024-35950 bsc#1224703).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes CVE-2024-26938 bsc#1223678).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes CVE-2024-26937 bsc#1223677).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes CVE-2024-35829 bsc#1224707).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes CVE-2024-26874 bsc#1223048).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes CVE-2024-27008 bsc#1223802).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes CVE-2024-35932 bsc#1224650).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes CVE-2024-26940 bsc#1223718).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes CVE-2024-35947 bsc#1224647).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26778 bsc#1222770).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes CVE-2024-26777 bsc#1222765).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes CVE-2024-35922 bsc#1224660).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes CVE-2024-35984 bsc#1224567).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes CVE-2024-26988 bsc#1223747).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes CVE-2024-35847 bsc#1224697).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes CVE-2024-35955 bsc#1224676).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes CVE-2024-27075 bsc#1223842).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes CVE-2024-27074 bsc#1223844).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes CVE-2024-27076 bsc#1223779).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes CVE-2024-26829 bsc#1223027).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes CVE-2024-27073 bsc#1223843).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes CVE-2024-27072 bsc#1223837).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes CVE-2024-27077 bsc#1223780).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes CVE-2024-27078 bsc#1223781).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes CVE-2024-35813 bsc#1224618).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes CVE-2024-36029 bsc#1225708).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes CVE-2024-26698 bsc#1222374).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes CVE-2024-35901 bsc#1224495).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 CVE-2024-26859 bsc#1223049).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes CVE-2024-35796 bsc#1224615).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes CVE-2024-27047 bsc#1223828).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes CVE-2024-26597 bsc#1220363).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes CVE-2024-35915 bsc#1224479).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes CVE-2024-26984 bsc#1223633).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes CVE-2024-26846 bsc#1223023).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes CVE-2024-27435 bsc#1224717).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes CVE-2024-26977 bsc#1223631).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes CVE-2024-27412 bsc#1224437).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes CVE-2024-36015 bsc#1225640).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes CVE-2024-35940 bsc#1224537).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes CVE-2024-27054 bsc#1223819).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 CVE-2024-36931 bsc#1225747).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 CVE-2024-36928 bsc#1225775).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 CVE-2024-26957 bsc#1223666).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 CVE-2024-35930 bsc#1224651).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 CVE-2024-26931 bsc#1223627).
- Update patches.suse/scsi-qla2xxx-Fix-double-free-of-fcport.patch
(bsc1221816 CVE-2024-26929 bsc#1223715).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 CVE-2024-26930 bsc#1223626).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes CVE-2024-27000 bsc#1223757).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes CVE-2024-26999 bsc#1223754).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes CVE-2024-35806 bsc#1224699).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes CVE-2024-26994 bsc#1223750).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes CVE-2024-27028 bsc#1223788).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes CVE-2024-36016 bsc#1225642).
- Update
patches.suse/ubifs-Set-page-uptodate-in-the-correct-place.patch
(git-fixes CVE-2024-35821 bsc#1224629).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes CVE-2024-35812 bsc#1224624).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes CVE-2024-26748 bsc#1222513).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes CVE-2024-26997 bsc#1223741).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes CVE-2024-26996 bsc#1223752).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes CVE-2024-27405 bsc#1224423).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes CVE-2024-35825 bsc#1224681).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes CVE-2024-36893 bsc#1225748).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes CVE-2024-35822 bsc#1224739).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes CVE-2024-26964 bsc#1223650).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes CVE-2024-35823 bsc#1224692).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 CVE-2024-35938 bsc#1224643).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes CVE-2024-35845 bsc#1224731).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes CVE-2024-35912 bsc#1224487).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes CVE-2024-35828 bsc#1224622).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes CVE-2024-35789 bsc#1224749).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes CVE-2024-27410 bsc#1224432).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes CVE-2024-27052 bsc#1223829).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes CVE-2024-27053 bsc#1223737).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes CVE-2024-35801 bsc#1224732).
- commit aea06f9
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes CVE-2023-52683 bsc#1224627).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes CVE-2023-52693 bsc#1224686).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes CVE-2023-52851 bsc#1225587).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes CVE-2023-52657 bsc#1224722).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes CVE-2023-52803 bsc#1225008).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 CVE-2023-52653 bsc#1223712).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 CVE-2023-52732 bsc#1225222).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes CVE-2023-52669 bsc#1224637).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2023-52773 bsc#1225041).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes CVE-2023-52691 bsc#1224607).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes CVE-2023-52815 bsc#1225568).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes CVE-2023-52678 bsc#1224617).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes CVE-2023-52861 bsc#1224941).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes CVE-2023-52694 bsc#1224598).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes CVE-2023-52650 bsc#1223770).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes CVE-2023-52661 bsc#1224445).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes CVE-2023-52662 bsc#1224449).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 CVE-2023-52731 bsc#1224929).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes CVE-2023-52643 bsc#1222960).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes CVE-2023-52642 bsc#1223031).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes CVE-2023-52705 bsc#1225480).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes CVE-2023-52679 bsc#1224508).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes CVE-2023-52696 bsc#1224601).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes CVE-2023-52685 bsc#1224728).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes CVE-2023-52808 bsc#1225555).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 CVE-2023-52811 bsc#1225559).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes CVE-2023-52809 bsc#1225556).
- Update
patches.suse/sysv-don-t-call-sb_bread-with-pointers_lock-held.patch
(git-fixes CVE-2023-52699 bsc#1224659).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes CVE-2023-52777 bsc#1224992).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes CVE-2023-52644 bsc#1222961).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes CVE-2023-52659 bsc#1224442).
- commit c90a371
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48633 bsc#1223489).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes CVE-2022-48669
bsc#1223756).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 CVE-2022-48705 bsc#1223895).
- commit 5061b21
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47532 bsc#1225444).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47531 bsc#1225443).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47530 bsc#1225442).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 CVE-2021-47552 bsc#1225513).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes CVE-2021-47508 bsc#1225408).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 CVE-2021-47504 bsc#1225382).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 CVE-2021-47569 bsc#1225515).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 CVE-2021-47512 bsc#1225424).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 CVE-2021-47557 bsc#1225468).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes CVE-2021-47555 bsc#1225467).
- commit 89b5f8b
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes CVE-2023-52736 bsc#1225486).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes CVE-2023-52806 bsc#1225554).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes CVE-2023-52833 bsc#1225595).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes CVE-2023-52745 bsc#1225032).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes CVE-2023-52747 bsc#1224931).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes CVE-2023-52840 bsc#1224928).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes CVE-2023-52744 bsc#1225121).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes CVE-2023-52834 bsc#1225599).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes CVE-2023-52878 bsc#1225000).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes CVE-2023-52741 bsc#1225479).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52875 bsc#1225096).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52870 bsc#1224937).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52873 bsc#1225589).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52865 bsc#1225086).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes CVE-2023-52858 bsc#1225566).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes CVE-2023-52876 bsc#1225036).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes CVE-2023-52819 bsc#1225532).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes CVE-2023-52818 bsc#1225530).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes CVE-2023-52753 bsc#1225478).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes CVE-2023-52817 bsc#1225569).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes CVE-2023-52814 bsc#1225565).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes CVE-2023-52738 bsc#1225005).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes CVE-2023-52825 bsc#1225076).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2023-52816 bsc#1225529).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes CVE-2023-52856 bsc#1224932).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2023-52821 bsc#1225022).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes CVE-2023-52867 bsc#1225009).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes CVE-2023-52838 bsc#1225031).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes CVE-2023-52810 bsc#1225557).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes CVE-2023-52759 bsc#1225560).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes CVE-2023-52853 bsc#1224988).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes CVE-2023-52791 bsc#1225108).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes CVE-2023-52763 bsc#1225570).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes CVE-2023-52788 bsc#1225106).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(git-fixes CVE-2023-52743 bsc#1225003).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes CVE-2023-52799 bsc#1225472).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes CVE-2023-52805 bsc#1225553).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes CVE-2023-52847 bsc#1225588).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes CVE-2023-52764 bsc#1225571).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes CVE-2023-52754 bsc#1225490).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-52844 bsc#1225590).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes CVE-2023-52708 bsc#1225483).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes CVE-2023-52730 bsc#1224956).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes CVE-2023-52742 bsc#1225482).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes CVE-2023-52702 bsc#1224945).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes CVE-2023-52703 bsc#1225549).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes CVE-2023-52854 bsc#1225584).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes CVE-2023-52864 bsc#1225132).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
CVE-2023-52756 bsc#1225461).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes CVE-2023-52871 bsc#1225534).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes CVE-2023-52868 bsc#1225044).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes CVE-2023-52872 bsc#1225591).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes CVE-2023-52789 bsc#1225180).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes CVE-2023-52781 bsc#1225092).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes CVE-2023-52855 bsc#1225583).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes CVE-2023-52877 bsc#1224944).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes CVE-2023-52798 bsc#1224947).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(git-fixes CVE-2022-48710 bsc#1225230).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(git-fixes CVE-2022-48709 bsc#1225095).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes CVE-2021-47511 bsc#1225411).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes CVE-2021-47509 bsc#1225409).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes CVE-2021-47502 bsc#1225369).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes CVE-2021-47522 bsc#1225437).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes CVE-2021-47521 bsc#1225435).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes CVE-2021-47514 bsc#1225425).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(git-fixes CVE-2021-47550 bsc#1225379).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(git-fixes CVE-2021-47551 bsc#1225510).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(git-fixes CVE-2021-47535 bsc#1225446).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(git-fixes CVE-2021-47533 bsc#1225445).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes CVE-2021-47499 bsc#1225358).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes CVE-2021-47500 bsc#1225360).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes CVE-2021-47529 bsc#1225373).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes CVE-2021-47560 bsc#1225495).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes CVE-2021-47513 bsc#1225380).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes CVE-2021-47564 bsc#1225501).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-47542 bsc#1225455).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes CVE-2021-47559 bsc#1225396).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes CVE-2021-47536 bsc#1225447).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes CVE-2021-47518 bsc#1225372).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes CVE-2021-47507 bsc#1225405).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes CVE-2021-47506 bsc#1225404).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes CVE-2021-47537 bsc#1225375).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes CVE-2021-47549 bsc#1225508).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes CVE-2021-47553 bsc#1225464).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes CVE-2021-47565 bsc#1225384).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes CVE-2021-47503 bsc#1225374).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes CVE-2021-47527 bsc#1194288).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes CVE-2021-47526 bsc#1225376).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes CVE-2021-47524 bsc#1225377).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes CVE-2021-47525 bsc#1225441).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes CVE-2021-47544 bsc#1225463).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes CVE-2021-47528 bsc#1225368).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes CVE-2021-47554 bsc#1225466).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b
- blacklist.conf: add fix that requires absent infrastruucture
- commit dbb8058
- kABI: bpf, sockmap: struct psock related kABI workaround
(bsc#1225475 CVE-2023-52735).
- commit 4b30d8d
- selftests/bpf: Cover listener cloning with progs attached to
sockmap (bsc#1225475 CVE-2023-52735).
- selftests/bpf: Pass BPF skeleton to sockmap_listen ops tests
(bsc#1225475 CVE-2023-52735).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a
listener (git-fixes).
- bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call
itself (bsc#1225475 CVE-2023-52735).
- bpf, sock_map: Move cancel_work_sync() out of sock lock
(bsc#1225475 CVE-2023-52735).
- bpf: Fix sockmap calling sleepable function in teardown path
(bsc#1225475 CVE-2023-52735).
- bpf, sockmap: Fix sk->sk_forward_alloc warn_on in
sk_stream_kill_queues (bsc#1225475 CVE-2023-52735).
- commit 0ce00d7
- scsi: lpfc: Copyright updates for 14.4.0.2 patches
(bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask
(bsc#1225842).
Refresh:
- patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list
(bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver
is unloading (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O
(bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT
MIB commands (bsc#1225842).
- commit 5e95ee6
- Update
patches.suse/1321-drm-msm-devfreq-Fix-OPP-refcnt-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225444
CVE-2021-47532).
- Update
patches.suse/1322-drm-msm-Fix-mmap-to-include-VM_IO-and-VM_DONTDUMP.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225443
CVE-2021-47531).
- Update
patches.suse/1323-drm-msm-Fix-wait_fence-submitqueue-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225442
CVE-2021-47530).
- Update
patches.suse/1622-drm-gma500-Fix-WARN_ON-lock-magic-lock-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
bsc#1223489 CVE-2022-48633).
- Update
patches.suse/ACPI-LPIT-Avoid-u32-multiplication-overflow.patch
(git-fixes bsc#1224627 CVE-2023-52683).
- Update
patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch
(git-fixes bsc#1223043 CVE-2024-26894).
- Update
patches.suse/ACPI-video-check-for-error-while-searching-for-backl.patch
(git-fixes bsc#1224686 CVE-2023-52693).
- Update
patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
(git-fixes bsc#1225486 CVE-2023-52736).
- Update
patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
(git-fixes bsc#1225554 CVE-2023-52806).
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955).
- Update
patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
(git-fixes bsc#1225411 CVE-2021-47511).
- Update
patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
(git-fixes bsc#1225409 CVE-2021-47509).
- Update
patches.suse/ALSA-usb-audio-Stop-parsing-channels-bits-when-all-c.patch
(git-fixes bsc#1224803 CVE-2024-27436).
- Update
patches.suse/ARM-9381-1-kasan-clear-stale-stack-poison.patch
(git-fixes bsc#1225715 CVE-2024-36906).
- Update
patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
(git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
(git-fixes bsc#1225369 CVE-2021-47502).
- Update
patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch
(git-fixes bsc#1222413 CVE-2024-26801).
- Update
patches.suse/Bluetooth-Fix-memory-leak-in-hci_req_sync_complete.patch
(git-fixes bsc#1224571 CVE-2024-35978).
- Update
patches.suse/Bluetooth-L2CAP-Fix-not-validating-setsockopt-user-i.patch
(git-fixes bsc#1224579 CVE-2024-35965).
- Update
patches.suse/Bluetooth-RFCOMM-Fix-not-validating-setsockopt-user-.patch
(git-fixes bsc#1224576 CVE-2024-35966).
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(git-fixes bsc#1224587 CVE-2024-35967).
- Update
patches.suse/Bluetooth-btintel-Fix-null-ptr-deref-in-btintel_read.patch
(stable-fixes bsc#1224640 CVE-2024-35933).
- Update
patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
(git-fixes bsc#1225595 CVE-2023-52833).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889).
- Update
patches.suse/Bluetooth-hci_event-Fix-handling-of-HCI_EV_IO_CAPA_R.patch
(git-fixes bsc#1224723 CVE-2024-27416).
- Update
patches.suse/Bluetooth-hci_sock-Fix-not-validating-setsockopt-use.patch
(git-fixes bsc#1224582 CVE-2024-35963).
- Update
patches.suse/Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_tim.patch
(git-fixes bsc#1224177 CVE-2024-27399).
- Update
patches.suse/Bluetooth-msft-fix-slab-use-after-free-in-msft_do_cl.patch
(git-fixes bsc#1225502 CVE-2024-36012).
- Update
patches.suse/Bluetooth-qca-add-missing-firmware-sanity-checks.patch
(git-fixes bsc#1225722 CVE-2024-36880).
- Update
patches.suse/Bluetooth-qca-fix-NULL-deref-on-non-serdev-suspend.patch
(git-fixes bsc#1224509 CVE-2024-35851).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942).
- Update
patches.suse/Bluetooth-qca-fix-info-leak-when-fetching-fw-build-i.patch
(git-fixes bsc#1225720 CVE-2024-36032).
- Update
patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
(bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
(stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
(stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
(git-fixes bsc#1225437 CVE-2021-47522).
- Update
patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
(stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
(git-fixes bsc#1225032 CVE-2023-52745).
- Update
patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch
(git-fixes bsc#1222975 CVE-2024-26839).
- Update
patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
(jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
(git-fixes bsc#1224931 CVE-2023-52747).
- Update
patches.suse/IB-mlx5-Fix-init-stage-error-handling-to-avoid-doubl.patch
(git-fixes bsc#1225587 CVE-2023-52851).
- Update
patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
(stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
(git-fixes bsc#1224928 CVE-2023-52840).
- Update
patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
(stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
(stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
(stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
(stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
(stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
(stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
(stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
patches.suse/NFSv4.2-fix-nfs4_listxattr-kernel-BUG-at-mm-usercopy.patch
(git-fixes bsc#1223113 CVE-2024-26870).
- Update
patches.suse/PCI-PM-Drain-runtime-idle-callbacks-before-driver-re.patch
(git-fixes bsc#1224738 CVE-2024-35809).
- Update
patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
(stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
(stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
(stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch
(git-fixes bsc#1222974 CVE-2024-26838).
- Update
patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
(git-fixes bsc#1225121 CVE-2023-52744).
- Update
patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch
(git-fixes bsc#1223203 CVE-2024-26907).
- Update
patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
(stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944).
- Update
patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch
(git-fixes bsc#1223137 CVE-2024-26916).
- Update
patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch
(git-fixes bsc#1224722 CVE-2023-52657).
- Update
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch
(git-fixes bsc#1225008 CVE-2023-52803).
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858 bsc#1223712 CVE-2023-52653).
- Update
patches.suse/SUNRPC-fix-some-memleaks-in-gssx_dec_option_array.patch
(git-fixes bsc#1223744 CVE-2024-27388).
- Update
patches.suse/USB-core-Fix-access-violation-during-port-device-rem.patch
(git-fixes bsc#1225734 CVE-2024-36896).
- Update
patches.suse/USB-core-Fix-deadlock-in-usb_deauthorize_interface.patch
(git-fixes bsc#1223671 CVE-2024-26934).
- Update
patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
(CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
patches.suse/arm64-hibernate-Fix-level3-translation-fault-in-swsu.patch
(git-fixes bsc#1223748 CVE-2024-26989).
- Update
patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
(git-fixes bsc#1225599 CVE-2023-52834).
- Update
patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
(stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(git-fixes bsc#1224663 CVE-2024-35887).
- Update
patches.suse/batman-adv-Avoid-infinite-loop-trying-to-resize-loca.patch
(git-fixes bsc#1224566 CVE-2024-35982).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
(stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
(stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch
(jsc#PED-1183 bsc#1225513 CVE-2021-47552).
- Update
patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
(stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
(stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
(stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update patches.suse/bpf-Check-bloom-filter-map-value-size.patch
(bsc#1224488 CVE-2024-35905 bsc#1225766 CVE-2024-36918).
- Update
patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
(stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
(stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
patches.suse/btrfs-fix-information-leak-in-btrfs_ioctl_logical_to.patch
(git-fixes bsc#1224733 CVE-2024-35849).
- Update
patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
(bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
patches.suse/btrfs-free-exchange-changeset-on-failures.patch
(git-fixes bsc#1225408 CVE-2021-47508).
- Update
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
(git-fixes bsc#1225000 CVE-2023-52878).
- Update
patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
(stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
(stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
(git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
(stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
(git-fixes bsc#1225435 CVE-2021-47521).
- Update
patches.suse/ceph-blocklist-the-kclient-when-receiving-corrupted-snap-trace.patch
(jsc#SES-1880 bsc#1225222 CVE-2023-52732).
- Update
patches.suse/cfg80211-fix-management-registrations-locking.patch
(git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
(stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
(stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
(git-fixes bsc#1225479 CVE-2023-52741).
- Update
patches.suse/clk-Get-runtime-PM-before-walking-tree-during-disabl.patch
(git-fixes bsc#1223762 CVE-2024-27004).
- Update
patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225096 CVE-2023-52875).
- Update
patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1224937 CVE-2023-52870).
- Update
patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225589 CVE-2023-52873).
- Update
patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225086 CVE-2023-52865).
- Update
patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
(git-fixes bsc#1225566 CVE-2023-52858).
- Update
patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
(git-fixes bsc#1225036 CVE-2023-52876).
- Update
patches.suse/clk-zynq-Prevent-null-pointer-dereference-caused-by-.patch
(git-fixes bsc#1223717 CVE-2024-27037).
- Update
patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
(stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
(git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
(git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
(git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
patches.suse/comedi-vmk80xx-fix-incomplete-endpoint-checking.patch
(git-fixes bsc#1223698 CVE-2024-27001).
- Update
patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
(git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
patches.suse/cpufreq-brcmstb-avs-cpufreq-add-check-for-cpufreq_cp.patch
(git-fixes bsc#1223769 CVE-2024-27051).
- Update
patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
(stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
patches.suse/crypto-qat-resolve-race-condition-during-AER-recover.patch
(git-fixes bsc#1223638 CVE-2024-26974).
- Update
patches.suse/crypto-s390-aes-Fix-buffer-overread-in-CTR-mode.patch
(git-fixes bsc#1224637 CVE-2023-52669).
- Update
patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
(git-fixes bsc#1225425 CVE-2021-47514).
- Update
patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch
(git-fixes bsc#1223188 CVE-2024-26880).
- Update
patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
(stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
(stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
(stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update patches.suse/dma-xilinx_dpdma-Fix-locking.patch
(git-fixes bsc#1224559 CVE-2024-35990).
- Update
patches.suse/dmaengine-fsl-qdma-Fix-a-memory-leak-related-to-the-.patch
(git-fixes bsc#1224632 CVE-2024-35833).
- Update
patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch
(git-fixes bsc#1222783 CVE-2024-26788).
- Update
patches.suse/dmaengine-idxd-Fix-oops-during-rmmod-on-single-CPU-p.patch
(git-fixes bsc#1224558 CVE-2024-35989).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
(git-fixes bsc#1225532 CVE-2023-52819).
- Update
patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
(git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225379
CVE-2021-47550).
- Update
patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225510
CVE-2021-47551).
- Update
patches.suse/drm-amd-display-Atom-Integrated-System-Info-v2_2-for.patch
(stable-fixes bsc#1225735 CVE-2024-36897).
- Update
patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
(git-fixes bsc#1225478 CVE-2023-52753).
- Update
patches.suse/drm-amd-display-Fix-a-potential-buffer-overflow-in-d.patch
(git-fixes bsc#1223826 CVE-2024-27045).
- Update
patches.suse/drm-amd-display-fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes bsc#1225041 CVE-2023-52773).
- Update
patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225153
CVE-2021-47362).
- Update
patches.suse/drm-amd-pm-fix-a-double-free-in-si_dpm_init.patch
(git-fixes bsc#1224607 CVE-2023-52691).
- Update
patches.suse/drm-amd-pm-fixes-a-random-hang-in-S4-for-SMU-v13.0.4.patch
(stable-fixes bsc#1225705 CVE-2024-36026).
- Update
patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
(git-fixes bsc#1225569 CVE-2023-52817).
- Update
patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
(git-fixes bsc#1225565 CVE-2023-52814).
- Update
patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
(git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
(stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225353
CVE-2021-47421).
- Update
patches.suse/drm-amdgpu-once-more-fix-the-call-oder-in-amdgpu_ttm.patch
(git-fixes bsc#1224180 CVE-2024-27400).
- Update
patches.suse/drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch
(git-fixes bsc#1223315 CVE-2024-26922).
- Update
patches.suse/drm-amdgpu-vkms-fix-a-possible-null-pointer-derefere.patch
(git-fixes bsc#1225568 CVE-2023-52815).
- Update
patches.suse/drm-amdkfd-Confirm-list-is-non-empty-before-utilizin.patch
(git-fixes bsc#1224617 CVE-2023-52678).
- Update
patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
(git-fixes bsc#1225076 CVE-2023-52825).
- Update
patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
(git-fixes bsc#1225529 CVE-2023-52816).
- Update
patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225339
CVE-2021-47420).
- Update
patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
(stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
patches.suse/drm-arm-malidp-fix-a-possible-null-pointer-dereferen.patch
(git-fixes bsc#1225593 CVE-2024-36014).
- Update patches.suse/drm-ast-Fix-soft-lockup.patch (git-fixes
bsc#1224705 CVE-2024-35952).
- Update
patches.suse/drm-bridge-it66121-Fix-invalid-connector-dereference.patch
(git-fixes bsc#1224941 CVE-2023-52861).
- Update
patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
(git-fixes bsc#1224932 CVE-2023-52856).
- Update
patches.suse/drm-bridge-tpd12s015-Drop-buggy-__exit-annotation-fo.patch
(git-fixes bsc#1224598 CVE-2023-52694).
- Update
patches.suse/drm-client-Fully-protect-modes-with-dev-mode_config..patch
(stable-fixes bsc#1224703 CVE-2024-35950).
- Update
patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225243
CVE-2021-47444).
- Update
patches.suse/drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_en.patch
(stable-fixes bsc#1223678 CVE-2024-26938).
- Update
patches.suse/drm-i915-gt-Reset-queue_priority_hint-on-parking.patch
(git-fixes bsc#1223677 CVE-2024-26937).
- Update
patches.suse/drm-lima-fix-a-memleak-in-lima_heap_alloc.patch
(git-fixes bsc#1224707 CVE-2024-35829).
- Update
patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch
(git-fixes bsc#1223048 CVE-2024-26874).
- Update
patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225261
CVE-2021-47445).
- Update
patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225260
CVE-2021-47447).
- Update
patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225240
CVE-2021-47446).
- Update
patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225446
CVE-2021-47535).
- Update
patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225187
CVE-2021-47471).
- Update
patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225366
CVE-2021-47423).
- Update
patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225233
CVE-2021-47422).
- Update patches.suse/drm-nv04-Fix-out-of-bounds-access.patch
(git-fixes bsc#1223802 CVE-2024-27008).
- Update
patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
(git-fixes bsc#1225022 CVE-2023-52821).
- Update
patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
(git-fixes bsc#1225077 CVE-2023-52826).
- Update
patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225230
CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
(git-fixes bsc#1225009 CVE-2023-52867).
- Update
patches.suse/drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch
(git-fixes bsc#1223770 CVE-2023-52650).
- Update
patches.suse/drm-tegra-rgb-Fix-missing-clk_put-in-the-error-handl.patch
(git-fixes bsc#1224445 CVE-2023-52661).
- Update
patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225436
CVE-2021-47490).
- Update
patches.suse/drm-vc4-don-t-check-if-plane-state-fb-state-fb.patch
(stable-fixes bsc#1224650 CVE-2024-35932).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47534).
- Update
patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1225445
CVE-2021-47533).
- Update
patches.suse/drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry.patch
(git-fixes bsc#1223718 CVE-2024-26940).
- Update
patches.suse/drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch
(git-fixes bsc#1224449 CVE-2023-52662).
- Update
patches.suse/dyndbg-fix-old-BUG_ON-in-control-parser.patch
(stable-fixes bsc#1224647 CVE-2024-35947).
- Update
patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
(stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
(jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
(stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
patches.suse/fbdev-Fix-invalid-page-access-after-closing-deferred.patch
(bsc#1207284 bsc#1224929 CVE-2023-52731).
- Update
patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
(git-fixes bsc#1225031 CVE-2023-52838).
- Update
patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222770 CVE-2024-26778).
- Update
patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
(git-fixes bsc#1222765 CVE-2024-26777).
- Update
patches.suse/fbmon-prevent-division-by-zero-in-fb_videomode_from_.patch
(stable-fixes bsc#1224660 CVE-2024-35922).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950).
- Update
patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
(git-fixes bsc#1225557 CVE-2023-52810).
- Update
patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
(git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
(git-fixes bsc#1225560 CVE-2023-52759).
- Update
patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
(git-fixes bsc#1224988 CVE-2023-52853).
- Update
patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
(git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
(stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
(stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
(git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
(git-fixes bsc#1225108 CVE-2023-52791).
- Update
patches.suse/i2c-smbus-fix-NULL-function-pointer-dereference.patch
(git-fixes bsc#1224567 CVE-2024-35984).
- Update
patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
(git-fixes bsc#1225570 CVE-2023-52763).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update
patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
(jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
(stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
(git-fixes bsc#1225106 CVE-2023-52788).
- Update
patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
(stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
(jsc#PED-376 bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
(jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
(stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
(jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
(jsc#PED-376 bsc#1225095 CVE-2022-48709).
- Update
patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
(git-fixes bsc#1225358 CVE-2021-47499).
- Update
patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
(git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch
(git-fixes bsc#1222960 CVE-2023-52643).
- Update
patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
(git-fixes bsc#1225360 CVE-2021-47500).
- Update
patches.suse/init-main.c-Fix-potential-static_command_line-memory.patch
(git-fixes bsc#1223747 CVE-2024-26988).
- Update
patches.suse/io_uring-ensure-task_work-gets-run-as-part-of-cancel.patch
(bsc#1205205 bsc#1225382 CVE-2021-47504).
- Update
patches.suse/io_uring-fail-cancellation-for-EXITING-tasks.patch
(bsc#1205205 bsc#1225515 CVE-2021-47569).
- Update
patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
(stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
(stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
(stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
patches.suse/irqchip-gic-v3-its-Prevent-double-free-on-error.patch
(git-fixes bsc#1224697 CVE-2024-35847).
- Update
patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
(stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
(stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
(git-fixes bsc#1225373 CVE-2021-47529).
- Update
patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
(git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
(stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
(git-fixes bsc#1225472 CVE-2023-52799).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
(git-fixes bsc#1225553 CVE-2023-52805).
- Update
patches.suse/kprobes-Fix-possible-use-after-free-issue-on-kprobe-registration.patch
(git-fixes bsc#1224676 CVE-2024-35955).
- Update
patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
(stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
(git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
(git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
(git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
(git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
(stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
patches.suse/md-Don-t-ignore-suspended-array-in-md_check_recovery-1baa.patch
(git-fixes CVE-2024-26758).
- Update
patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
(git-fixes bsc#1225588 CVE-2023-52847).
- Update
patches.suse/media-dvb-frontends-avoid-stack-overflow-warnings-wi.patch
(git-fixes bsc#1223842 CVE-2024-27075).
- Update
patches.suse/media-go7007-fix-a-memleak-in-go7007_load_encoder.patch
(git-fixes bsc#1223844 CVE-2024-27074).
- Update
patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
(git-fixes bsc#1225571 CVE-2023-52764).
- Update
patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
(git-fixes bsc#1225490 CVE-2023-52754).
- Update
patches.suse/media-imx-csc-scaler-fix-v4l2_ctrl_handler-memory-le.patch
(git-fixes bsc#1223779 CVE-2024-27076).
- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch
(git-fixes bsc#1223027 CVE-2024-26829).
- Update
patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch
(git-fixes bsc#1223031 CVE-2023-52642).
- Update
patches.suse/media-ttpci-fix-two-memleaks-in-budget_av_attach.patch
(git-fixes bsc#1223843 CVE-2024-27073).
- Update
patches.suse/media-usbtv-Remove-useless-locks-in-usbtv_video_free.patch
(git-fixes bsc#1223837 CVE-2024-27072).
- Update
patches.suse/media-v4l2-mem2mem-fix-a-memleak-in-v4l2_m2m_registe.patch
(git-fixes bsc#1223780 CVE-2024-27077).
- Update
patches.suse/media-v4l2-tpg-fix-some-memleaks-in-tpg_alloc.patch
(git-fixes bsc#1223781 CVE-2024-27078).
- Update
patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
(git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
(git-fixes bsc#1225590 CVE-2023-52844).
- Update
patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
(git-fixes bsc#1225495 CVE-2021-47560).
- Update
patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
(stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
(stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
(stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
(stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
(stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
patches.suse/mmc-core-Avoid-negative-index-with-array-access.patch
(git-fixes bsc#1224618 CVE-2024-35813).
- Update
patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
(git-fixes bsc#1225483 CVE-2023-52708).
- Update
patches.suse/mmc-sdhci-msm-pervent-access-to-suspended-controller.patch
(git-fixes bsc#1225708 CVE-2024-36029).
- Update
patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
(git-fixes bsc#1224956 CVE-2023-52730).
- Update
patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
(stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
(stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
(git-fixes bsc#1222374 CVE-2024-26698).
- Update
patches.suse/msft-hv-2971-net-mana-Fix-Rx-DMA-datasize-and-skb_over_panic.patch
(git-fixes bsc#1224495 CVE-2024-35901).
- Update
patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
(git-fixes bsc#1225386 CVE-2021-47540).
- Update
patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
(git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
(git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch
(bsc#1215322 bsc#1223049 CVE-2024-26859).
- Update
patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
(git-fixes bsc#1225380 CVE-2021-47513).
- Update
patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
(stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
(stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
(stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update
patches.suse/net-ll_temac-platform_get_resource-replaced-by-wrong.patch
(git-fixes bsc#1224615 CVE-2024-35796).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
(stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
(git-fixes bsc#1225501 CVE-2021-47564).
- Update
patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
(stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
(jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
(stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
(git-fixes bsc#1224945 CVE-2023-52702).
- Update
patches.suse/net-phy-fix-phy_get_internal_delay-accessing-an-empt.patch
(git-fixes bsc#1223828 CVE-2024-27047).
- Update
patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes bsc#1225455 CVE-2021-47542).
- Update
patches.suse/net-qualcomm-rmnet-fix-global-oob-in-rmnet_policy.patch
(git-fixes bsc#1220363 CVE-2024-26597).
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
patches.suse/net-sched-fq_pie-prevent-dismantle-issue.patch
(bsc#1207361 bsc#1225424 CVE-2021-47512).
- Update
patches.suse/net-sched-sch_ets-don-t-peek-at-classes-beyond-nband.patch
(bsc#1207361 bsc#1225468 CVE-2021-47557).
- Update
patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
(stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
(git-fixes bsc#1225396 CVE-2021-47559).
- Update
patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
(git-fixes bsc#1225447 CVE-2021-47536).
- Update
patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
(jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
(stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
(git-fixes bsc#1225549 CVE-2023-52703).
- Update
patches.suse/net-vlan-fix-underflow-for-the-real_dev-refcnt.patch
(git-fixes bsc#1225467 CVE-2021-47555).
- Update
patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
(stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
(stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
(stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
(stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
(stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
(stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
(stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
(git-fixes bsc#1225372 CVE-2021-47518).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_dev_up-and-nci_ntf_p.patch
(git-fixes bsc#1224479 CVE-2024-35915).
- Update
patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
(git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
(git-fixes bsc#1225405 CVE-2021-47507).
- Update
patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
(git-fixes bsc#1225404 CVE-2021-47506).
- Update
patches.suse/nilfs2-fix-underflow-in-second-superblock-position-c.patch
(git-fixes bsc#1225480 CVE-2023-52705).
- Update
patches.suse/nouveau-dmem-handle-kcalloc-allocation-failure.patch
(git-fixes CVE-2024-26943).
- Update
patches.suse/nouveau-fix-instmem-race-condition-around-ptr-stores.patch
(git-fixes bsc#1223633 CVE-2024-26984).
- Update
patches.suse/nvme-fc-do-not-wait-in-vain-when-unloading-module.patch
(git-fixes bsc#1223023 CVE-2024-26846).
- Update
patches.suse/nvme-fix-reconnection-fail-due-to-reserved-tag-alloc.patch
(git-fixes bsc#1224717 CVE-2024-27435).
- Update
patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
(bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
(stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
(stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
(stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
(stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
(git-fixes bsc#1225375 CVE-2021-47537).
- Update
patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
(stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
patches.suse/of-Fix-double-free-in-of_parse_phandle_with_args_map.patch
(git-fixes bsc#1224508 CVE-2023-52679).
- Update
patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
(git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/pci_iounmap-Fix-MMIO-mapping-leak.patch
(git-fixes bsc#1223631 CVE-2024-26977).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
patches.suse/pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch
(git-fixes CVE-2024-36940).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
(git-fixes bsc#1224942 CVE-2022-48708).
- Update
patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
(git-fixes bsc#1225132 CVE-2023-52864).
- Update
patches.suse/power-supply-bq27xxx-i2c-Do-not-free-non-existing-IR.patch
(git-fixes bsc#1224437 CVE-2024-27412).
- Update
patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
(stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
(stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
(bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_pow.patch
(bsc#1181674 ltc#189159 git-fixes bsc#1224601 CVE-2023-52696).
- Update
patches.suse/powerpc-pseries-Fix-potential-memleak-in-papr_get_at.patch
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes bsc#1223756
CVE-2022-48669).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926).
- Update
patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
(stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
patches.suse/ppdev-Add-an-error-check-in-register_device.patch
(git-fixes bsc#1225640 CVE-2024-36015).
- Update
patches.suse/pstore-ram_core-fix-possible-overflow-in-persistent_.patch
(git-fixes bsc#1224728 CVE-2023-52685).
- Update
patches.suse/pstore-zone-Add-a-null-pointer-check-to-the-psz_kmsg.patch
(stable-fixes bsc#1224537 CVE-2024-35940).
- Update
patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
(stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
bsc#1225461 CVE-2023-52756).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947).
- Update
patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
(git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
(stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
(stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes bsc#1223819 CVE-2024-27054).
- Update
patches.suse/s390-cio-Ensure-the-copied-buf-is-NUL-terminated.patch
(git-fixes bsc#1223875 bsc#1225747 CVE-2024-36931).
- Update
patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
(git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
(git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
patches.suse/s390-qeth-Fix-kernel-panic-after-setting-hsuid.patch
(git-fixes bsc#1223879 bsc#1225775 CVE-2024-36928).
- Update
patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
(stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
(stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
patches.suse/s390-zcrypt-fix-reference-counting-on-zcrypt-card-objects.patch
(git-fixes bsc#1223595 bsc#1223666 CVE-2024-26957).
- Update
patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
(git-fixes bsc#1225508 CVE-2021-47549).
- Update
patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
(bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
(git-fixes bsc#1225464 CVE-2021-47553).
- Update
patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
(stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
patches.suse/scsi-hisi_sas-Set-debugfs_dir-pointer-to-NULL-after-removing-debugfs.patch
(git-fixes bsc#1225555 CVE-2023-52808).
- Update
patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
(bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
(stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
patches.suse/scsi-libfc-Fix-potential-NULL-pointer-dereference-in-fc_lport_ptp_setup.patch
(git-fixes bsc#1225556 CVE-2023-52809).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch
(bsc#1220021 bsc#1224651 CVE-2024-35930).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924).
- Update
patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
(git-fixes bsc#1225384 CVE-2021-47565).
- Update
patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
(git-fixes bsc#1225374 CVE-2021-47503).
- Update
patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
(stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
patches.suse/scsi-qla2xxx-Fix-command-flush-on-cable-pull.patch
(bsc1221816 bsc#1223627 CVE-2024-26931).
- Update
patches.suse/scsi-qla2xxx-Fix-double-free-of-the-ha-vp_map-pointer.patch
(bsc1221816 bsc#1223626 CVE-2024-26930).
- Update
patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
(stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
(git-fixes bsc#1194288 CVE-2021-47527).
- Update
patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
(git-fixes bsc#1225376 CVE-2021-47526).
- Update
patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
(git-fixes bsc#1225377 CVE-2021-47524).
- Update
patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
(git-fixes bsc#1225441 CVE-2021-47525).
- Update
patches.suse/serial-mxs-auart-add-spinlock-around-changing-cts-st.patch
(git-fixes bsc#1223757 CVE-2024-27000).
- Update
patches.suse/serial-pmac_zilog-Remove-flawed-mitigation-for-rx-ir.patch
(git-fixes bsc#1223754 CVE-2024-26999).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(git-fixes bsc#1224699 CVE-2024-35806).
- Update
patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
(git-fixes bsc#1225534 CVE-2023-52871).
- Update patches.suse/speakup-Avoid-crash-on-very-long-word.patch
(git-fixes bsc#1223750 CVE-2024-26994).
- Update
patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
(stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
patches.suse/spi-spi-mt65xx-Fix-NULL-pointer-access-in-interrupt-.patch
(git-fixes bsc#1223788 CVE-2024-27028).
- Update
patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
(stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
(git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
(git-fixes bsc#1225463 CVE-2021-47544).
- Update
patches.suse/thermal-core-prevent-potential-string-overflow.patch
(git-fixes bsc#1225044 CVE-2023-52868).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920).
- Update
patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
(stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
patches.suse/tty-n_gsm-fix-possible-out-of-bounds-in-gsm0_receive.patch
(git-fixes bsc#1225642 CVE-2024-36016).
- Update
patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
(git-fixes bsc#1225591 CVE-2023-52872).
- Update
patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
(bsc#1222619 CVE-2023-52880).
- Update
patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
(git-fixes bsc#1225180 CVE-2023-52789).
- Update
patches.suse/usb-cdc-wdm-close-race-between-read-and-workqueue.patch
(git-fixes bsc#1224624 CVE-2024-35812).
- Update
patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
(git-fixes bsc#1222513 CVE-2024-26748).
- Update
patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
(git-fixes bsc#1225368 CVE-2021-47528).
- Update
patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
(git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
(git-fixes bsc#1225092 CVE-2023-52781).
- Update
patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
(stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
(git-fixes bsc#1225583 CVE-2023-52855).
- Update
patches.suse/usb-dwc2-host-Fix-dereference-issue-in-DDMA-completi.patch
(git-fixes bsc#1223741 CVE-2024-26997).
- Update
patches.suse/usb-gadget-f_ncm-Fix-UAF-ncm-object-at-re-bind-after.patch
(stable-fixes bsc#1223752 CVE-2024-26996).
- Update
patches.suse/usb-gadget-ncm-Avoid-dropping-datagrams-of-properly-.patch
(git-fixes bsc#1224423 CVE-2024-27405).
- Update
patches.suse/usb-gadget-ncm-Fix-handling-of-zero-block-length-pac.patch
(git-fixes bsc#1224681 CVE-2024-35825).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
(git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
patches.suse/usb-typec-tcpm-Check-for-port-partner-validity-befor.patch
(git-fixes bsc#1225748 CVE-2024-36893).
- Update
patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
(git-fixes bsc#1224944 CVE-2023-52877).
- Update
patches.suse/usb-udc-remove-warning-when-queue-disabled-ep.patch
(stable-fixes bsc#1224739 CVE-2024-35822).
- Update
patches.suse/usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch
(git-fixes bsc#1223650 CVE-2024-26964).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
(stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
(stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
(git-fixes bsc#1225466 CVE-2021-47554).
- Update
patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
(stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
patches.suse/vt-fix-unicode-buffer-corruption-when-deleting-chara.patch
(git-fixes bsc#1224692 CVE-2024-35823).
- Update
patches.suse/wifi-ath11k-decrease-MHI-channel-buffer-length-to-8K.patch
(bsc#1207948 bsc#1224643 CVE-2024-35938).
- Update
patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
(git-fixes bsc#1224947 CVE-2023-52798).
- Update
patches.suse/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
(git-fixes bsc#1224992 CVE-2023-52777).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- Update
patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch
(git-fixes bsc#1222961 CVE-2023-52644).
- Update
patches.suse/wifi-iwlwifi-dbg-tlv-ensure-NUL-termination.patch
(git-fixes bsc#1224731 CVE-2024-35845).
- Update
patches.suse/wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch
(git-fixes bsc#1224487 CVE-2024-35912).
- Update
patches.suse/wifi-libertas-fix-some-memleaks-in-lbs_allocate_cmd_.patch
(git-fixes bsc#1224622 CVE-2024-35828).
- Update
patches.suse/wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch
(stable-fixes bsc#1224749 CVE-2024-35789).
- Update
patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
(git-fixes bsc#1225577 CVE-2023-52832).
- Update
patches.suse/wifi-mt76-mt7921e-fix-crash-in-chip-reset-fail.patch
(bsc#1209980 bsc#1223895 CVE-2022-48705).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941).
- Update
patches.suse/wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch
(git-fixes bsc#1224432 CVE-2024-27410).
- Update
patches.suse/wifi-rtl8xxxu-add-cancel_work_sync-for-c2hcmd_work.patch
(git-fixes bsc#1223829 CVE-2024-27052).
- Update
patches.suse/wifi-wilc1000-fix-RCU-usage-in-connect-path.patch
(git-fixes bsc#1223737 CVE-2024-27053).
- Update
patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
(stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
patches.suse/x86-fpu-Keep-xfd_state-in-sync-with-MSR_IA32_XFD.patch
(git-fixes bsc#1224732 CVE-2024-35801).
- Update
patches.suse/x86-mm-Ensure-input-to-pfn_to_kaddr-is-treated-as-a-64-bit-type.patch
(jsc#PED-7167 git-fixes bsc#1224442 CVE-2023-52659).
- Update
patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
(stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit 7e29329
- powerpc/pseries/lparcfg: drop error message from guest name
lookup (bsc#1187716 ltc#193451 git-fixes).
- commit 1d8f6b6
- blacklist.conf: PPC fsl_msi is not used
- commit 346d509
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- powerpc/uaccess: Fix build errors seen with GCC 13/14
(bsc#1194869).
- commit 0f3f8d5
- nvmet: fix ns enable/disable possible hang (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- commit dd54933
- netfilter: nf_tables: release mutex after nft_gc_seq_end from
abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f
- cls_rsvp: check user supplied offsets (CVE-2023-42755
bsc#1215702).
- commit b6c6fb3
- llc: call sock_orphan() at release time
(CVE-2024-26625 bsc#1221086)
- commit bc4fd65
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
(git-fixes).
- commit 53d4b05
- bpf: fix precision backtracking instruction iteration
(bsc#1225756).
- commit 5aec043
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- nvme: fix miss command type check (git-fixes).
- commit b122221
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- commit e08ce4d
- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 65a74c5
- Bluetooth: ISO: Fix not validating setsockopt user input
(bsc#1224581 CVE-2024-35964).
- commit cf9835d
- printk: Update @console_may_schedule in
console_trylock_spinning() (bsc#1225616).
- commit 9f61f12
- Bluetooth: ISO: Add support for BT_PKT_STATUS (bsc#1224581
CVE-2024-35964).
- commit 9488226
- Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic (bsc#1224581
CVE-2024-35964).
- Refresh
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch.
- commit 07d66e7
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
Update patches.kabi/kABI-Work-around-kABI-changes-after-20347fca71a3-swi.patch (jsc#PED-3259, bsc#1224331).
- commit 861d481
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- commit 00a5ac9
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- commit be23e64
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- commit ec1f4ec
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- commit cdb0386
- calipso: fix memory leak in netlbl_calipso_add_pass()
(CVE-2023-52698 bsc#1224621)
- commit 77eb4f6
- blacklist.conf: add commit for config change not needed
- commit 938b50b
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
(git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in
sd_probe() (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
(git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: mpt3sas: Prevent sending diag_reset when the controller
is ready (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching
page (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
(git-fixes).
- scsi: libfc: Don't schedule abort twice (git-fixes).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886
(git-fixes).
- commit f4328c2
- net: atlantic: eliminate double free in error handling logic
(CVE-2023-52664 bsc#1224747).
- Refresh
patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch.
- commit 3161f6b
- blacklist.conf: arm: kernel does not support folios
- commit 44a14d2
- Delete BT and WiFi cleanup patches for netif_rx()
Drop two cleanup patches that are likely broken: SLE15-SP5 kernel has
no prerequisite commit baebdf48c3600 backported (yet):
patches.suse/bluetooth-Use-netif_rx-d33d0dc9.patch
patches.suse/wireless-Atheros-Use-netif_rx.patch
- commit d16d77f
- net: hns3: fix out-of-bounds access may occur when coalesce
info is read via debugfs (CVE-2023-52807 bsc#1225097).
- commit 2628336
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- commit 58a5216
- blacklist.conf: Add c5b0a7eefc70 sched/fair: Remove sysctl_sched_migration_cost condition
- commit 251d591
- cpumap: Zero-initialise xdp_rxq_info struct before running
XDP program (bsc#1224718 CVE-2024-27431).
- commit 1d6e754
- blacklist.conf: optimization, not a fix
- commit 6b6d3e6
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- commit 60a3fbf
- PCI: dwc: ep: Fix DBI access failure for drivers requiring
refclk from host (git-fixes).
- PCI: dwc: Detect iATU settings after getting "addr_space"
resource (git-fixes).
- commit a26d4db
- kABI: bpf: struct bpf_link and bpf_link_ops kABI workaround
(bsc#1224531 CVE-2024-35860).
- commit 35186ef
- ppdev: Add an error check in register_device (git-fixes).
- commit cd9959b
- bpf: support deferring bpf_link dealloc to after RCU grace
period (bsc#1224531 CVE-2024-35860).
- commit 5cff30d
- blacklist.conf: kABI
- commit f83467b
- tpm_tis_spi: Account for SPI header when allocating TPM SPI
xfer buffer (git-fixes).
- commit 65639af
- drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 (CVE-2023-52671 bsc#1224729).
- commit d5b1287
- blacklist.conf: Ignore all devicetree schemes changes
We do not use them, so lets silence all git-fixes for them.
- commit c94d164
- drm/amd/display: Prevent crash when disable stream (CVE-2024-35799 bsc#1224740).
- commit 7764a6b
- drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (CVE-2024-35951 bsc#1224701).
- commit c3405cd
- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
CVE-2024-27413).
- commit bcbd0b7
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893).
- commit 7df29b0
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a
- x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1224525
CVE-2024-35877).
- commit b573b7a
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
(CVE-2024-35969 bsc#1224580)
- commit 217a49b
- Refresh patches.suse/x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch.
Remove defined but unused variable warning.
- commit 2a387cc
- xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
(CVE-2023-52746 bsc#1225114)
- commit 1a99ba9
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
(CVE-2024-35872 bsc#1224530).
- commit 1a7a850
- Update CVE references (CVE-2024-35935 bsc#1224645)
Update patches.suse/btrfs-send-handle-path-ref-underflow-in-header-itera.patch
(CVE-2024-35935 bsc#1224645).
- commit 1afc656
- Update CVE references (CVE-2024-35936 bsc#1224644)
- Update patches.suse/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys.patch
(CVE-2024-35936 bsc#1224644).
- Update patches.suse/btrfs-handle-chunk-tree-lookup-error-in-btrfs_reloca.patch
(CVE-2024-35936 bsc#1224644).
- commit 46ae3a6
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- Update config files.
- commit 99579af
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- Update config files.
- commit 6a0eda0
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash
work (CVE-2024-35852 bsc#1224502).
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
(CVE-2024-36006 bsc#1224541).
- mlxsw: spectrum_acl_tcam: Fix warning during rehash
(CVE-2024-36007 bsc#1224543).
- mlxbf_gige: stop interface during shutdown (CVE-2024-35885
bsc#1224519).
- mlxbf_gige: call request_irq() after NAPI initialized
(CVE-2024-35907 bsc#1224492).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- ipvlan: add ipvlan_route_v6_outbound() helper (CVE-2023-52796
bsc#1224930).
- commit de506c4
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
(git-fixes).
- commit 9feb6d7
- ring-buffer: Fix a race between readers and resize checks
(git-fixes).
- commit 1627912
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- commit 8692851
- blacklist.conf: add a not-relevant tracing commit
- commit 784f511
- dma-direct: Leak pages on dma_set_decrypted() failure (bsc#1224535 CVE-2024-35939).
- commit 7213b4b
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665 CVE-2024-35875).
- Refresh patches.suse/suse-hv-cc_attr_cpu_hotplug_disabled.patch.
- commit 234fdb1
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- commit 450733a
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- commit bab84b2
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- commit caf6529
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- commit 085895e
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- commit 76ca8ec
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- commit 20c646a
- x86/lib: Fix overflow when counting digits (git-fixes).
- commit 5eb97ad
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- commit f16b82f
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- commit 22da5da
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- commit f63acb6
- blacklist.conf: Blacklist broken patch that gets reverted subsequently
- commit 5a2bbf2
- KVM: x86: Mark target gfn of emulated atomic instruction as
dirty (bsc#1224638, CVE-2024-35804).
- commit e14475b
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- commit ead7031
- KVM: SVM: Flush pages under kvm->lock to fix UAF in
svm_register_enc_region() (bsc#1224725, CVE-2024-35791).
- commit 5b89286
- selinux: avoid dereference of garbage after mount failure
(bsc#1224494 CVE-2024-35904).
- commit dad5bc3
- nilfs2: fix unexpected freezing of nilfs_segctor_sync()
(git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread
(git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client
IBI handler (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during
start frame (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
(stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config
(stable-fixes).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin() (stable-fixes).
- commit 062f495
- media: rkisp1: Fix IRQ handling due to shared interrupts
(CVE-2023-52660 bsc#1224443).
- commit aadfd1f
- Input: cyapa - add missing input core locking to suspend/resume
functions (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
(git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
(git-fixes).
- ALSA: core: Fix NULL module pointer assignment at card init
(git-fixes).
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using
prescaler (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible
(git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch
(git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
(git-fixes).
- commit 1d7ff63
- kABI workaround for drivers/of/dynamic.c (CVE-2024-35879
bsc#1224524).
- commit 2e9ad08
- pmdomain: ti: Add a null pointer check to the
omap_prm_domain_init (CVE-2024-35943 bsc#1224649).
- commit aa89394
- of: module: prevent NULL pointer dereference in vsnprintf()
(CVE-2024-35878 bsc#1224671).
- commit 715f7d4
- of: dynamic: Synchronize of_changeset_destroy() with the
devlink removals (CVE-2024-35879 bsc#1224524).
- driver core: Introduce device_link_wait_removal()
(CVE-2024-35879 bsc#1224524).
- commit fe69cd8
- drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls()
for hisi_hns3_pmu uninit process (CVE-2023-52860 bsc#1224936).
- commit 1703104
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- commit f0643dd
- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (CVE-2024-35959
bsc#1224666).
- Refresh
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch.
- Refresh
patches.suse/powerpc-eeh-Permanently-disable-the-removed-device.patch.
- commit 2088b29
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
rehash (CVE-2024-35854 bsc#1224636).
- commit 0674818
- geneve: fix header validation in geneve[6]_xmit_skb
(CVE-2024-35973 bsc#1224586).
- commit ef0dd47
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
(CVE-2024-27417 bsc#1224721)
- commit 9d4dafd
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1223384).
- Refresh
patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c
- Update patch reference for media fix (CVE-2024-35830 bsc#1224680)
- commit aae637c
- regulator: bd71828: Don't overwrite runtime voltages
(git-fixes).
- nfc: nci: Fix handling of zero-length payload packets in
nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns
(git-fixes).
- commit 6c22f99
- bpf: Protect against int overflow for stack access size
(bsc#1224488 CVE-2024-35905).
- bpf: Check bloom filter map value size (bsc#1224488
CVE-2024-35905).
- commit c3a457f
- io_uring: drop any code related to SCM_RIGHTS (git-fixes
CVE-2023-52656 bsc#1224187).
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- commit 2c7c0cc
- autofs: use wake_up() instead of wake_up_interruptible(()
(bsc#1224166).
- commit 63af67f
- Update patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099)
This commit was merged twice, through the net and io_uring maintainer
trees. Add an Alt-commit entry to document that.
- commit 8d7b4ed
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- commit c7be571
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- commit c17c3b1
- Update
patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
(stable-5.14.9 CVE-2021-47366 bsc#1225160).
- commit f8c347d
- s390/ipl: Fix incorrect initialization of len fields in nvme
reipl block (git-fixes bsc#1225139).
- commit fa2a3c7
- s390/ipl: Fix incorrect initialization of nvme dump block
(git-fixes bsc#1225138).
- commit 99842eb
- ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
(CVE-2023-52674 bsc#1224727).
- ALSA: scarlett2: Add missing error checks to *_ctl_get()
(CVE-2023-52680 bsc#1224608).
- ALSA: scarlett2: Add missing error check to
scarlett2_usb_set_config() (CVE-2023-52692 bsc#1224628).
- commit 76e573a
- spmi: hisi-spmi-controller: Do not override device identifier
(git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it
(git-fixes).
- vmci: prevent speculation leaks by sanitizing event in
event_deliver() (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device()
(git-fixes).
- iio: pressure: dps310: support negative temperature values
(git-fixes).
- iio: core: Leave private pointer NULL when no private data
supplied (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown
(git-fixes).
- serial: sc16is7xx: add proper sched.h include for
sched_set_fifo() (git-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal
(git-fixes).
- serial: max3100: Lock port->lock when calling
uart_handle_cts_change() (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock
(git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in
vmci_datagram_invoke_guest_handler() (stable-fixes).
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
(stable-fixes CVE-2024-35944 bsc#1224648).
- spmi: Add a check for remove callback when removing a SPMI
driver (git-fixes).
- commit d71c003
- Update
patches.suse/efi-libstub-Implement-support-for-unaccepted-memory.patch
(jsc#PED-7167, bsc#1224169).
- commit a57eb93
- libsubcmd: Fix parse-options memory leak (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size
(git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
(git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
(git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
(git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
(git-fixes).
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a
safety margin (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by
cpu5wdt_trigger (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- nilfs2: make superblock data array index computation sparse
friendly (git-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- commit 4148cf4
- Update
patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
(bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
patches.suse/fs-aio-Check-IOCB_AIO_RW-before-the-struct-aio_kiocb.patch
(bsc#1222721 CVE-2024-26764 CVE-2024-35815 bsc#1224685).
- Update
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
(bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
(CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit 78f49e4
- Update
patches.suse/bpf-Guard-stack-limits-against-32bit-overflow.patch
(git-fixes CVE-2023-52676 bsc#1224730).
- commit bdae745
- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
CVE-2021-47365 bsc#1224895).
- Update
patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch
(bsc#1191949 CVE-2021-42327 stable-5.14.16 CVE-2021-47489
bsc#1224901).
- Update
patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch
(stable-5.14.16 bsc#1193983 CVE-2021-4148 CVE-2021-47491
bsc#1224900).
- Update
patches.suse/mm-thp-bail-out-early-in-collapse_file-for-writeback.patch
(stable-5.14.16 CVE-2021-47492 bsc#1224898).
- commit 9ce4e35
- Update
patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
(git-fixes stable-5.14.12 CVE-2020-36788 bsc#1224816).
- commit 92d2a7f
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- commit da02dfd
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
(bsc#1065729 CVE-2023-52686).
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
(bsc#1194869 CVE-2023-52690).
- commit 2a79a5d
- blacklist.conf: Add a1fd0b9d751f sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
- commit b928aae
- blacklist.conf: Add 8b8ace080319 block: fix q->blkg_list corruption during disk rebind
...and its prerequisite.
- commit c97b9f9
- s390/cio: fix tracepoint subchannel type field (git-fixes
bsc#1224796).
- commit 681015b
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes
bsc#1224795).
- commit 99a2b7b
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M
(git-fixes bsc#1224794).
- commit 9db7bb3
- rpm/kernel-obs-build.spec.in: remove reiserfs from OBS initrd
We disabled the FS in bug 1202309. And we actively blacklist it in:
/usr/lib/modprobe.d/60-blacklist_fs-reiserfs.conf
This, as a side-effect, fixes obs-build's warning:
dracut-pre-udev[1463]: sh: line 1: /usr/lib/module-init-tools/unblacklist: No such file or directory
Exactly due to the above 60-blacklist_fs-reiserfs.conf trying to call the
above unblacklist.
We should likely drop ext2+ext3 from the list too, as we don't build
them at all. But that's a different story.
- commit 9e1a078
- blacklist.conf: add "libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos"
- commit 10a4e51
- scsi: qla2xxx: Fix double free of fcport (bsc#1223715
CVE-2024-26929).
- commit b3136a1
- scsi: smartpqi: Fix disable_managed_interrupts (git-fixes
bsc#1222608 CVE-2024-26742).
- commit c1f56fa
- Update
patches.suse/sysv-don-t-call-sb_bread-with-pointers_lock-held.patch
(git-fixes CVE-2023-52699).
- commit ff72612
- Update
patches.suse/ubifs-Set-page-uptodate-in-the-correct-place.patch
(git-fixes CVE-2024-35821).
- commit 06c29ae
- blacklist.conf: ("dt-bindings: iio: health: maxim,max30102: fix compatible check")
- commit 07f5bfe
- blacklist.conf: ("dt-bindings: display: ti,am65x-dss: Add support for common1 region")
- commit a826456
- blacklist.conf: ("dt-bindings: arm: rockchip: Correct vendor for Orange Pi RK3399 board")
- commit f64b409
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- commit 75af646
- blacklist.conf: ("dt-bindings: arm: qcom: drop the superfluous device compatibility")
- commit 98f7e2c
- blacklist.conf: ("dt-bindings: riscv: cpus: Clarify mmu-type interpretation")
- commit 4c1baf8
- blacklist.conf: ("dt-bindings: rtc: qcom-pm8xxx: fix inconsistent example")
- commit 540d1b9
- blacklist.conf: ("dt-bindings: media: renesas,vin: Fix field-even-active spelling")
- commit 22e1af0
- blacklist.conf: ("dt-bindings: iio/adc: qcom,spmi-vadc: fix example node names")
- commit fb5277a
- blacklist.conf: ("dt-bindings: iio/adc: qcom,spmi-iadc: fix example node name")
- commit 543ec38
- blacklist.conf: ("dt-bindings: mfd: hisilicon,hi6421-spmi-pmic: Fix regulator binding")
- commit f5d6a06
- blacklist.conf: ("dt-bindings: mfd: hisilicon,hi6421-spmi-pmic: Fix up binding")
- commit 15133cc
- blacklist.conf: ("dt-bindings: mmc: sdhci-pxa: Fix 'regs' typo")
- commit c7887f6
- blacklist.conf: ("dt-bindings: Remove alt_ref from versal")
- commit a75ae45
- blacklist.conf: ("dt-bindings: thermal: qcom-spmi-adc-tm5/hc: Fix example node names")
- commit 67fe04a
- blacklist.conf: ("dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp")
- commit 5e81b59
- blacklist.conf: ("dt-bindings: panel-simple-dsi: move LG 5" HD TFT LCD panel into DSI")
- commit 33d5f8a
- blacklist.conf: ("dt-bindings: trivial-devices: Fix MEMSIC MXC4005 compatible string")
- commit 89a2df5
- blacklist.conf: ("dt-bindings: net: mediatek,net: add missing mediatek,mt7621-eth")
- commit 727c548
- blacklist.conf: ("dt-bindings: net: rockchip-dwmac: fix {tx|rx}-delay defaults/range in")
- commit ab68edc
- blacklist.conf: ("dt-bindings: clock: qcom,gcc-sm8250: add missing bi_tcxo_ao clock")
- commit 52da43d
- blacklist.conf: ("dt-bindings: pm8941-misc: Fix usb_id and usb_vbus definitions")
- commit a42a970
- blacklist.conf: ("dt-bindings: iio: ad7192: Add mandatory reference voltage source")
- commit b4e9e96
- blacklist.conf: ("dt-bindings: display/msm: dsi-controller-main: Document qcom,")
- commit bd4cacf
- blacklist.conf: ("dt-bindings: mailbox: qcom,apcs-kpss-global: correct SDX55 clocks")
- commit 2028c09
- blacklist.conf: ("dt-bindings: display: novatek,nt36672a: correct VDDIO supply")
- commit 4857fdf
- blacklist.conf: ("dt-bindings: gpu: mali-bifrost: Fix power-domain-names validation")
- commit db0bde8
- blacklist.conf: ("dt-bindings: mailbox: qcom: correct the list of platforms using")
- commit 0ce56a3
- blacklist.conf: ("dt-bindings: mailbox: qcom: add SDX55 compatible")
- commit a74bad0
- blacklist.conf: ("dt-bindings: phy: amlogic,g12a-usb3-pcie-phy: add missing optional")
- commit 2e226ef
- blacklist.conf: ("ASoC: qcom: dt-bindings: lpass-va-macro: Update clock name")
- commit f62ea0a
- blacklist.conf: ("dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation")
- commit 208b061
- blacklist.conf: ("dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string")
- commit 8a48b9d
- blacklist.conf: ("dt-bindings: msm: dsi-controller-main: Fix power-domain constraint")
- commit c5566b8
- blacklist.conf: ("dt-bindings: mmc: mtk-sd: Set clocks based on compatible")
- commit 53afd50
- blacklist.conf: ("dt-bindings: PCI: fu740-pci: fix missing clock-names")
- commit 6782e29
- blacklist.conf: ("dt-bindings: mailbox: fix the mpfs' reg property")
- commit bfd3dd0
- blacklist.conf: ("dt-bindings: phy: qcom,qmp-usb: add missing qcom,sc7180-qmp-usb3-phy")
- commit f5485ba
- blacklist.conf: ("dt-bindings: phy: qcom,qmp-usb: add missing child node schema")
- commit 582911b
- blacklist.conf: ("dt-bindings: phy: qcom,qmp-ufs: add missing child node schema")
- commit 15f94b3
- blacklist.conf: ("dt-bindings: phy: qcom,qmp-pcie: add missing child node schema")
- commit b698bb5
- blacklist.conf: ("dt-bindings: phy: qcom,msm8996-qmp-pcie: add missing child node")
- commit 357977a
- blacklist.conf: ("dt-bindings: hwmon: sparx5: use correct clock")
- commit 3cdd468
- blacklist.conf: ("dt-bindings: riscv: fix SiFive l2-cache's cache-sets")
- commit 6986322
- blacklist.conf: ("dt-bindings: arm: qcom: fix Longcheer L8150 compatibles")
- commit e170deb
- blacklist.conf: ("dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x")
- commit 5f209c0
- blacklist.conf: ("dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group")
- commit 3a53ac7
- blacklist.conf: ("dt-bindings: mfd: samsung,exynos5433-lpass: Fix")
- commit 407acb7
- blacklist.conf: ("dt-bindings: net: snps: remove duplicate name")
- commit f7543e1
- blacklist.conf: ("dt-bindings: memory: mtk-smi: Correct minItems to 2 for the gals")
- commit 5970048
- blacklist.conf: ("dt-bindings: memory: mtk-smi: Rename clock to clocks")
- commit 96f85b3
- blacklist.conf: ("Revert "dt-bindings: pinctrl: bcm4708-pinmux: rework binding to use")
- commit 89b2a7f
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- commit 4e2227a
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- commit c90aa66
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- commit 101e7e8
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- commit 9b195ba
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- commit 8706619
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- commit dda4cd3
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- commit 8a7e34d
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- commit babd9f3
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- commit a60c9b0
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- commit dd98c69
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- commit 1491654
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- commit 6714845
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- commit d4ad30e
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- commit 10645e8
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- commit c414cca
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- commit ffe591d
- qibfs: fix dentry leak (git-fixes)
- commit 610d1c4
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- commit 38a61b1
- RDMA/rxe: Fix the problem "mutex_destroy missing" (git-fixes)
- commit e67f56e
- blacklist.conf: Add unaffecting CVE
for branch-reachability CVE checker
- commit c6313c8
- powerpc/pseries/vio: Don't return ENODEV if node or compatible
missing (bsc#1220783).
- commit 1f4ad41
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- commit f8629fb
- 9p: explicitly deny setlease attempts (git-fixes).
- commit 87fc9de
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- commit 5d62c08
- fs/9p: only translate RWX permissions for plain 9P2000
(git-fixes).
- commit 4c1bbf3
- blacklist.conf: Add reverted dmaengine commit entries
- commit c217056
- Bluetooth: qca: fix firmware check error path (git-fixes).
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods
(git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35
(stable-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation
(stable-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes
(git-fixes).
- power: rt9455: hide unused rt9455_boost_voltage_values
(git-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
(git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable()
(git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf
of GPIOR-T (git-fixes).
- clk: Don't hold prepare_lock when calling kref_put()
(stable-fixes).
- drm/nouveau/dp: Don't probe eDP ports twice harder
(stable-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices
(stable-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and
bottom half (stable-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order
(stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
(stable-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- commit 5c4ce2b
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(bsc#1224174 CVE-2024-27398).
- commit d55ff83
- af_unix: Fix garbage collector racing against connect()
(CVE-2024-26923 bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 94450ec
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks
(bsc#1223575).
- commit f1fed0b
- btrfs: fix silent failure when deleting root reference (git-fixes)
- commit f078eaa
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- commit c636d84
- btrfs: repair super block num_devices automatically (git-fixes)
- commit 32923eb
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- commit d70817a
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- commit ff787e8
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- commit b395410
- btrfs: extend locking to all space_info members accesses (git-fixes)
- commit 4332b8c
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- commit 41ad45c
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- commit bc68d31
- blacklist.conf: btrfs: cleanup, unused variable removal
- commit f116b06
- btrfs: send: in case of IO error log it (git-fixes)
- commit ae97fc7
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- commit 83c095f
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- commit 8756aca
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- commit 23fe652
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- commit a052f3d
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- commit e0cc982
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- commit 602c5bc
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- commit cb7f515
- btrfs: free exchange changeset on failures (git-fixes)
- commit caf57c7
- blacklist.conf: btrfs: check-integrity not built
- commit ea24c09
- blacklist.conf: btrfs: cleanup, unused variable removal
- commit c0b042e
- blacklist.conf: btrfs: comment removal
- commit de4bb23
- platform/x86/intel-uncore-freq: Don't present root domain on
error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting
key events (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in
mtd_otp_nvmem_add() (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain
(git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video()
(git-fixes).
- media: mc: mark the media devnode as registered from the,
start (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in
load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names
(git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check
(git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
(git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks
(git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards
(git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm
(git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
(git-fixes).
- fbdev: savage: Handle err return when savagefb_check_var failed
(git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
(git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original
mode pclk (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24
(git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format,
flags, connector (git-fixes).
- drm/panel: novatek-nt35950: Don't log an error when DSI host
can't be found (git-fixes).
- drm/bridge: dpc3433: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: tc358775: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: lt9611: Don't log an error when DSI host can't be
found (git-fixes).
- drm/bridge: lt8912b: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: icn6211: Don't log an error when DSI host can't
be found (git-fixes).
- drm/bridge: anx7625: Don't log an error when DSI host can't
be found (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference
(git-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amd/display: Fix potential index out of bounds in color
transformation function (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer
dereference (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates
(git-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case
HPD doesn't assert (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware
(git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info()
(git-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints
(git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath10k: Fix an error code problem in
ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- net: nfc: remove inappropriate attrs check (stable-fixes).
- wifi: ath11k: don't force enable power save on non-running vdevs
(git-fixes).
- wifi: ath10k: poll service ready message before failing
(git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- efi: libstub: only free priv.runtime_map when allocated
(git-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
(git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property
(git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of
PR_SCHED_CORE_GET (git-fixes).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
(git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings
(git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for
hci_add_adv_monitor() (git-fixes).
- commit b58e70a
- drm/msm/dpu: Add mutex lock in control vblank irq (CVE-2023-52586 bsc#1221081).
- commit 29edf8b
- Move upstreamed patches into sorted section
- commit 5da5b18
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc#1223626 CVE-2024-26930).
- commit dba3cc6
- Update
patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
(bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- commit 659f245
- s390/cpum_cf: make crypto counters upward compatible across
machine types (bsc#1224346).
- commit 92b222a
- blacklist.conf: mfd fixes that break KABI and are not relevant
- commit dc96e9c
- net: usb: ax88179_178a: fix link status when link is set to
down/up (git-fixes).
- commit e11b05f
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- commit 3074ef8
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- commit 7392ae5
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- commit b6e5b9b
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991
ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event()
(bsc#1223991 ltc#205740).
- Refresh patches.suse/powerpc-eeh-Set-channel-state-after-notifying-the-dr.patch
- commit de617cf
- powerpc/eeh: Permanently disable the removed device (bsc#1223991
ltc#205740).
- commit 2349f02
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- commit 440eb05
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- commit 0f43a22
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- commit 61ce074
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (bsc#1224098
CVE-2024-27395).
- commit 9dd8826
- Refresh
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch.
- Refresh
patches.suse/x86-boot-Ignore-relocations-in-.notes-sections-in-walk_rel.patch.
- commit 9696669
- net: gtp: Fix Use-After-Free in gtp_dellink (bsc#1224096
CVE-2024-27396).
- commit 3a088c1
- usb: dwc3: gadget: Fix NULL pointer dereference in
dwc3_gadget_suspend (bsc#1222561 CVE-2024-26715).
- commit a21446a
- usb: dwc3: Remove DWC3 locking during gadget suspend/resume
(bsc#1222561 CVE-2024-26715).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit a8e6e1a
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- commit 20c1915
- Bluetooth: hci_sync: Don't double print name in add/remove
adv_monitor (bsc#1216358).
- commit c312f28
- usb: ulpi: Fix debugfs directory leak (bsc#1223847
CVE-2024-26919).
- commit 97ae025
- xfs: fix exception caused by unexpected illegal bestcount in
leaf dir (git-fixes).
- commit 354440e
- xfs: Fix false ENOSPC when performing direct write on a delalloc
extent in cow fork (git-fixes).
- commit 09541ce
- xfs: fix inode reservation space for removing transaction
(git-fixes).
- commit 47013bd
- xfs: add missing cmap->br_state = XFS_EXT_NORM update
(git-fixes).
- commit 4d7f88f
- xfs: fix imprecise logic in xchk_btree_check_block_owner
(git-fixes).
- commit 0e818cc
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
- commit 9c49a44
- sysv: don't call sb_bread() with pointers_lock held (git-fixes).
- commit 55f88f8
- jffs2: prevent xattr node from overflowing the eraseblock
(git-fixes).
- commit d6d35af
- nilfs2: fix out-of-range warning (git-fixes).
- commit 5e5e50a
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit a741c33
- Update
patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
(bsc#1217169 CVE-2023-52655).
Added bugzilla ID and CVE
- commit e177a81
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- commit df207bd
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- firewire: nosy: ensure user_length is taken into account when
fetching packet contents (CVE-2024-27401 bsc#1224181).
- commit c84510f
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- commit 262f224
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- commit 616144a
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- commit 7d4e374
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- commit 7ffe18f
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- commit 41270ad
- md: fix kmemleak of rdev->serial (CVE-2024-26900, bsc#1223046).
- commit 46303cd
- btrfs: send: ensure send_fd is writable (git-fixes)
- commit bb19617
- aoe: avoid potential deadlock at set_capacity (CVE-2024-26775,
bsc#1222627).
- commit 6e30008
- blacklist.conf: add 13f3956eb5681a4045a8dfdef48df5dc4d9f58a6 which
breaks KABI
- commit 61d5c73
- fail_function: fix wrong use of fei_attr_remove().
- commit fbd7566
- KVM: x86: Delete duplicate documentation for
KVM_X86_SET_MSR_FILTER (git-fixes).
- commit db41c1c
- blacklist.conf: pure cleanup
- commit 2720339
- blacklist.conf: relevant only without a config option we always set
- commit b3ed637
- locking/atomic: Make test_and_*_bit() ordered on failure
(git-fixes).
- commit 1d020ff
- blacklist.conf: not relevant in our build
- commit 09d07f3
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state
(git-fixes).
- commit 6a4baff
- nfs: fix UAF in direct writes (bsc#1223653 CVE-2024-26958).
- commit e54fcee
- drm/connector: Add \n to message about demoting connector
force-probes (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU
13.0.4/13.0.11 users (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- commit 0e34b53
- netfilter: nf_tables: mark set as dead when unbinding anonymous
set with timeout (bsc#1221829 CVE-2024-26643).
- commit cfcc70a
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- commit 1ace211
- mfd: intel-lpss: Revert "Add missing check for
platform_get_resource" (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely
(git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property
(git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode
selection (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities
(git-fixes).
- commit 763351d
- block/rnbd-srv: Check for unlikely string overflow (bsc#1221615
CVE-2023-52618).
- commit 7417f1e
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
(git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a
spinlock (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete()
in ccp_raw_event() (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands
(git-fixes).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
(git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id
(git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close()
(git-fixes).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
(git-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- commit 9f11ba4
- Update
patches.suse/xen-netfront-Add-missing-skb_mark_for_recycle.patch
(git-fixes CVE-2024-27393 bsc#1224076).
- commit 80c2241
- kcm: do not sense pfmemalloc status in kcm_sendpage()
(git-fixes bsc#1223959)
- commit 99fbfaf
- net: do not sense pfmemalloc status in skb_append_pagefrags()
(git-fixes bsc#1223959)
- commit 08d0491
- net: introduce __skb_fill_page_desc_noacc
(git-fixes bsc#1223959)
- commit 4746bcf
- tcp: TX zerocopy should not sense pfmemalloc status
(CVE-2022-48689 bsc#1223959)
- commit 04462e7
- net: vmxnet3: Fix NULL pointer dereference in
vmxnet3_rq_rx_complete() (bsc#1223360).
- commit 7acf5e5
- Update
patches.suse/USB-core-Fix-deadlock-in-port-disable-sysfs-attribut.patch
(bsc#1223670 CVE-2024-26933).
- commit 00172be
- netfilter: nf_tables: clean up hook list when offload flags check fails
(CVE-2022-48691 bsc#1223961)
- commit 0430a1c
- netfilter: nf_tables: bail out early if hardware offload is not supported
(git-fixes bsc#1223961)
- commit faaa2c1
- Update
patches.suse/USB-usb-storage-Prevent-divide-by-0-error-in-isd200_.patch
(bsc#1223738 CVE-2024-27059).
Added CVE and bugzilla ID
- commit a7346fe
- drm/amdgpu: Reset IH OVERFLOW_CLEAR bit (bsc#1223207 CVE-2024-26915)
- commit 8adefb2
- Update
patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch
(bsc#1223140 CVE-2024-26877).
CVE and bugzilla id added
- commit 73d8093
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- Refresh patches.suse/x86-bugs-Fix-BHI-handling-of-RRSBA.patch.
- commit 2155e75
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 54de3e2
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- commit 7067d06
- x86/bugs: Fix BHI documentation (git-fixes).
- commit c9aeaed
- blacklist.conf: We don't have syscall hardening
- commit 22f583b
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- commit 7152334
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- commit f36b29c
- Fix "drm/amd/display: Fix MST Null Ptr for RV" (CVE-2024-26700 bsc#1222870)
Attibute the patch to the correct bsc# and CVE numbers.
- commit ba486d5
- Update "drm/vmwgfx: Fix possible null pointer derefence with invalid contexts" (CVE-2024-26979 bsc#1223628)
- commit 2fa33a2
- Update
patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
(git-fixes bsc#1223858).
- commit e50ed21
- drm/i915/vma: Fix UAF on destroy against retire race (CVE-2024-26939 bsc#1223679).
- commit 017ecd8
- Update
patches.suse/sched-debug-fix-dentry-leak-in-update_sched_domain_d.patch
(git-fixes CVE-2022-48699 bsc#1223996).
- commit 201a58f
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- commit 2f340e7
- btrfs: dev-replace: properly validate device names (CVE-2024-26791 bsc#1222793)
- commit 71c7afc
- Update
patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch
(bsc#1220267 bsc#1222976 CVE-2024-26840).
- commit a7d6da2
- Update patches.suse/aio-fix-mremap-after-fork-null-deref.patch
(git-fixes CVE-2023-52646 bsc#1223432).
- commit 2adb86a
- inet: read sk->sk_family once in inet_recv_error() (bsc#1222385
CVE-2024-26679).
- commit b5f1323
- USB: core: Fix access violation during port device removal
(git-fixes).
- commit 3a8cd11
- USB: core: Fix deadlock in port "disable" sysfs attribute
(git-fixes).
- commit 200e4b0
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- commit 49cc1c1
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 892e634
- Update
patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
a4e7ccdac38e ("drm/i915: Move context management under GEM")
CVE-2022-48662 bsc#1223505).
- commit a7faced
- netfilter: nft_ct: fix l3num expectations with inet pseudo
family (git-fixes).
- commit 87e8a80
- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- commit 8f3269f
- Update
patches.suse/1576-drm-amd-display-fix-memory-leak-when-using-debugfs_l.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48698 bsc#1223956).
- commit a0e3008
- Update patches.suse/ice-Fix-DMA-mappings-leak.patch (jsc#PED-376
CVE-2022-48690 bsc#1223960).
- commit 7e1bf3d
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- Update
patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
(jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
(git-fixes CVE-2022-48692 bsc#1223962).
- Update
patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
(bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
(git-fixes CVE-2022-48704 bsc#1223932).
- Update
patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
(jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
(git-fixes CVE-2022-48673 bsc#1223934).
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
CVE-2022-48697 bsc#1223922).
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- Update
patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
(bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
CVE-2022-48700 bsc#1223957).
- commit c8677b5
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 6e591e7
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit 517d4f7
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505).
Unbreak metadata (References: collides with our internal tracking,
switch to Fixes: when referencing a commit).
- commit cd38265
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in
custom expectations (bsc#1222368 CVE-2024-26673).
- commit 785b7d0
- igc: avoid returning frame twice in XDP_REDIRECT (bsc#1223061
CVE-2024-26853).
- commit 021db33
- net: sparx5: Fix use after free inside sparx5_del_mact_entry
(bsc#1223052 CVE-2024-26856).
- commit fc5c6ad
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993 bsc#1223693)
- commit b0c9830
- Update
patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
(git-fixes CVE-2022-48675 bsc#1223894).
- Update
patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
(git-fixes CVE-2022-48634 bsc#1223501).
- Update
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
context management under GEM") bsc#1223505).
- Update
patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
(git-fixes CVE-2022-48632 bsc#1223481).
- Update
patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
(git-fixes CVE-2022-48652 bsc#1223520).
- Update
patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
(git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c
- blacklist.conf: add a not-relevant module-loader patch
- commit 90c64db
- ring-buffer: Only update pages_touched when a new page is
touched (git-fixes).
- commit b42aba1
- kprobes: Fix possible use-after-free issue on kprobe
registration (git-fixes).
- commit e007447
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page
in concurrent environment (git-fixes).
- commit 118cfcd
- tracing/net_sched: Fix tracepoints that save qdisc_dev()
as a string (git-fixes).
- commit a272f90
- tracing: Show size of requested perf buffer (git-fixes).
- commit f8d068b
- Bluetooth: Add new quirk for broken read key length on ATS2851
(git-fixes).
- commit 9ac913a
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE
(git-fixes).
- commit 83cd609
- fuse: don't unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal
(bsc#1223949).
- commit fdf9216
- RDMA/cm: Print the old state when cm_destroy_id gets timeout
(git-fixes).
- commit 9b2934b
- nouveau: lock the client object tree. (bsc#1223834 CVE-2024-27062)
- commit e828498
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- commit 5647172
- drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (CVE-2024-27042 bsc#1223823).
- commit f41733d
- drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() (CVE-2024-27041 bsc#1223714)
- commit ae6f7a9
- tun: limit printing rate when illegal packet received by tun
dev (bsc#1223745 CVE-2024-27013).
- net/mlx5e: Prevent deadlock while disabling aRFS (bsc#1223735
CVE-2024-27014).
- octeontx2-af: Use separate handlers for interrupts (bsc#1223790
CVE-2024-27030).
- wireguard: netlink: access device through ctx instead of peer
(bsc#1223661 CVE-2024-26950).
- wireguard: netlink: check for dangling peer via is_dead instead
of empty list (bsc#1223660 CVE-2024-26951).
- wireguard: receive: annotate data-race around
receiving_counter.counter (bsc#1223076 CVE-2024-26861).
- nfp: flower: handle acti_netdevs allocation failure (bsc#1223827
CVE-2024-27046).
- commit b495510
- drm/amd/display: Add a dc_state NULL check in dc_state_release (CVE-2024-26948 bsc#1223664)
- commit 211db77
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation
(git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- usb: typec: tcpm: Check for port partner validity before
consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before
re-registration (bsc#1220569).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual
SuperSpeed device (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup
packets (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic
(git-fixes).
- commit d9cff03
- pstore: inode: Only d_invalidate() is needed (bsc#1223705
CVE-2024-27389).
- commit bbe965a
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
(stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops
(stable-fixes).
- commit 86753e0
- ASoC: meson: axg-tdm-interface: manage formatters in trigger
(git-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe
(git-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of
device_get_named_child_node() (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events
(git-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()
v2 (git-fixes).
- spi: hisi-kunpeng: Delete the dump interface of data registers
in debugfs (git-fixes).
- commit 79c4a57
- wifi: iwlwifi: mvm: ensure offloading TID queue exists
(CVE-2024-27056 bsc#1223822).
- wifi: iwlwifi: mvm: protect TXQ list manipulation
(CVE-2024-27056 bsc#1223822).
- commit 5895d13
- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
bsc#1223824).
- commit e3d9ce5
- clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
(CVE-2024-27039 bsc#1223821).
- commit 70ad74a
- clk: Fix clk_core_get NULL dereference (CVE-2024-27038
bsc#1223816).
- commit bcf8ce4
- Rename to
patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch.
- commit e953a9a
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes
bsc#1223879).
- commit 1b0c7f2
- s390/mm: Fix storage key clearing for guest huge pages
(git-fixes bsc#1223878).
- commit fc57acc
- s390/mm: Fix clearing storage keys for huge pages (git-fixes
bsc#1223877).
- commit c73273d
- s390/vdso: Add CFI for RA register to asm macro vdso_func
(git-fixes bsc#1223876).
- commit 15b93ff
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes
bsc#1223875).
- commit c670b5d
- NTB: fix possible name leak in ntb_register_device()
(CVE-2023-52652 bsc#1223686).
- commit 206337a
- mm: swap: fix race between free_swap_and_cache() and swapoff()
(CVE-2024-26960 bsc#1223655).
- commit b6bee56
- swap: comments get_swap_device() with usage rule (CVE-2024-26960
bsc#1223655).
- commit 15510e4
- Refresh patches.suse/powerpc-pseries-iommu-LPAR-panics-when-rebooted-with.patch.
- commit 2ecdc0a
- clk: qcom: mmcc-msm8974: fix terminating of frequency table
arrays (CVE-2024-26965 bsc#1223648).
- commit 1dd34df
- clk: qcom: mmcc-apq8084: fix terminating of frequency table
arrays (CVE-2024-26966 bsc#1223646).
- commit a12a96e
- clk: qcom: gcc-ipq8074: fix terminating of frequency table
arrays (CVE-2024-26969 bsc#1223645).
- commit 8dca0be
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit f5401a7
- drm/bridge: adv7511: fix crash on irq during probe (CVE-2024-26876 bsc#1223119).
- commit baf14c5
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit cdd225e
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- commit 87fa6a6
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp
(git-fixes).
- commit 77fb94f
- net: stream: purge sk_error_queue in sk_stream_kill_queues()
(git-fixes).
- commit cb9fa4c
- netfilter: br_netfilter: Drop dst references before setting
(git-fixes).
- commit 28508ef
- net: mld: fix reference count leak in mld_{query |
report}_work() (git-fixes).
- commit 389c7c7
- net: ipv6: ensure we call ipv6_mc_down() at most once
(git-fixes).
- commit e46b1a5
- net: fix a memleak when uncloning an skb dst and its metadata
(git-fixes).
- commit 9e895dd
- net: bridge: vlan: fix memory leak in __allowed_ingress
(git-fixes).
- commit 26122cb
- Update patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch
(bsc#1223380 bsc#1217408 bsc#1223640).
- commit 48bb894
- netfilter: ipt_CLUSTERIP: fix refcount leak in
clusterip_tg_check() (git-fixes).
- commit 014c7bb
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- commit f6e1f81
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests
(jsc#PED-7167 git-fixes).
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit 8eb012f
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit
type (jsc#PED-7167 git-fixes).
- commit 554f303
- Update
patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
(bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c
- clk: qcom: gcc-ipq6018: fix terminating of frequency table
arrays (CVE-2024-26970 bsc#1223644).
- commit 0c0dddd
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
(stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails
(stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
(stable-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
(stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
(git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry
(stable-fixes).
- commit ac12ea7
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
(CVE-2024-26852 bsc#1223057)
- commit d89430d
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- commit 4bfffd4
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- commit 1d62037
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- commit 93fb4e2
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- commit 5fec238
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- commit 8f27cd5
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit d2d22f0
- s390/decompressor: fix misaligned symbol build error (git-fixes
bsc#1223785).
- commit 47fb728
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- commit c7b5bd6
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- commit a134662
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- commit bb84f10
- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
(CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
(CVE-2024-23848 bsc#1219104).
- commit 70ecf73
- mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659
bsc#1223498).
- commit d72759d
- drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (CVE-2023-52585 bsc#1221080).
- commit cde7c84
- bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1223499
CVE-2022-48640).
- commit 9f14266
- media: cec: abort if the current transmit was canceled
(CVE-2024-23848 bsc#1219104).
- commit e51b978
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit 8ad2647
- Update
patches.suse/ubifs-ubifs_symlink-Fix-memleak-of-inode-i_link-in-error-path.patch
(git-fixes CVE-2024-26972 bsc#1223643).
- commit c1d0983
- Update
patches.suse/nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch
(git-fixes CVE-2024-26955 bsc#1223657).
- commit 59db655
- Update
patches.suse/nilfs2-fix-failure-to-detect-DAT-corruption-in-btree.patch
(git-fixes CVE-2024-26956 bsc#1223663).
- commit b968ba7
- Update patches.suse/nilfs2-fix-OOB-in-nilfs_set_de_type.patch
(git-fixes CVE-2024-26981 bsc#1223668).
- commit 7b2eba5
- ASoC: SOF: Add some bounds checking to firmware data
(CVE-2024-26927 bsc#1223525).
- commit 797ef67
- Update
patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
(git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d
- Update
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
(bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545
- Update
patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
(git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
(bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640
- Update
patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
(jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
(bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6
- drm/i915/gem: Really move i915_gem_context.link under ref
protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422
- Update
patches.suse/net-sched-taprio-avoid-disabling-offload-when-it-was.patch
(bsc#1207361 CVE-2022-48644 bsc#1223511).
- commit 32036dc
- Update
patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
jsc#PED-2849a4e7ccdac38e ("drm/i915: Move context management
under GEM") CVE-2022-48662 bsc#1223505).
- commit 16b0082
- netfilter: nf_tables: disallow timeout for anonymous sets
(CVE-2023-52620 bsc#1221825).
- commit 19a9222
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit a4b4019
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c
- Update
patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
(git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a
- Update
patches.suse/sfc-siena-fix-null-pointer-dereference-in-efx_hard_s.patch
(jsc#PED-1565 CVE-2022-48646 bsc#1223502).
- commit 54704c0
- Update
patches.suse/net-sched-fix-possible-refcount-leak-in-tc_new_tfilt.patch
(bsc#1207361 CVE-2022-48639 bsc#1223490).
- commit 1b88973
- Update
patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
(git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811
- Update
patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
(git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659
- Update
patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
(bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952
- Update
patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
(git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3
- netfilter: nf_tables: fix percpu memory leak at
nf_tables_addchain() (bsc#1223478 CVE-2022-48642).
- commit 839888a
- blacklist.conf: code refactoring
- commit f72ed44
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- commit 15c6bc2
- printk: Avoid non-panic CPUs writing to ringbuffer
(bsc#1223574).
- commit d14ad8e
- Update
patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
(git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad
- blacklist.conf: refactoring, not a fix
- commit ef0f94f
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- commit ed11fe0
- printk: Disable passing console lock owner completely during
panic() (bsc#1223574).
- commit d98358d
- s390/zcrypt: fix reference counting on zcrypt card objects
(git-fixes bsc#1223595).
- commit 0483eb1
- Update
patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
(git-fixes CVE-2024-26875 bsc#1223118).
- commit fd5a947
- printk: ringbuffer: Skip non-finalized records in panic
(bsc#1223574).
- commit c9df6e3
- printk: Wait for all reserved records with pr_flush()
(bsc#1223574).
- commit d04f93d
- Update
patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
(git-fixes CVE-2024-26872 bsc#1223115).
- commit 66d99f5
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- commit a92ce86
- printk: Add this_cpu_in_panic() (bsc#1223574).
- commit 0b039ad
- quota: Fix potential NULL pointer dereference (bsc#1223060
CVE-2024-26878).
- commit 93c484c
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
(bsc#1223198 CVE-2024-26901).
- commit a397ff1
- blk-mq: fix IO hang from sbitmap wakeup race (bsc#1222357
CVE-2024-26671).
- commit 9908e06
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_find_by_goal() (bsc#1222613 CVE-2024-26772).
- commit be73fd6
- printk: Rename abandon_console_lock_in_panic() to
other_cpu_in_panic() (bsc#1223574).
- commit 6336c25
- Update
patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
(bsc#1141539 git-fixes).
- commit 111a038
- printk: Drop console_sem during panic (bsc#1223574).
- commit 725427c
- clk: meson: Add missing clocks to axg_clk_regmaps
(CVE-2024-26879 bsc#1223066).
- commit 46eee50
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- commit 0f13b5c
- printk: ringbuffer: Do not skip non-finalized records with
prb_next_seq() (bsc#1223574).
- commit 28b403a
- printk: ringbuffer: Improve prb_next_seq() performance
(bsc#1223574).
- commit 6a93375
- Update
patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
(git-fixes CVE-2024-26820 bsc#1223078).
- commit d0bb689
- Update
patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
(git-fixes CVE-2024-26825 bsc#1223065).
- commit 4685711
- wifi: wfx: fix memory leak when starting AP (CVE-2024-26896
bsc#1223042).
- commit f3e25cb
- Update
patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
(git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
- commit f3895d7
- printk: Use prb_first_seq() as base for 32bit seq macros
(bsc#1223574).
- commit e3b59e0
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- commit 7e7615e
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- commit 6dcabeb
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- commit c13f8d3
- PM / devfreq: Fix buffer overflow in trans_stat_show
(CVE-2023-52614 bsc#1221617).
- commit 43b7d5b
- Update
patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
(git-fixes CVE-2024-26891 bsc#1223037).
- commit 7b52ba2
- Update
patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
(git-fixes CVE-2024-26833 bsc#1223036).
- commit 6c18411
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1223513 CVE-2022-48651).
- commit c96a663
- net: hns3: fix kernel crash when 1588 is received on HIP08
devices (bsc#1223041 CVE-2024-26881).
- net: ice: Fix potential NULL pointer dereference in
ice_bridge_setlink() (bsc#1223051 CVE-2024-26855).
- geneve: make sure to pull inner header in geneve_rx()
(bsc#1223058 CVE-2024-26857).
- ppp_async: limit MRU to 64K (bsc#1222379 CVE-2024-26675).
- commit 61a60e2
- Update
patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
(git-fixes CVE-2024-26843 bsc#1223014).
- commit 3f9577f
- net: usb: ax88179_178a: stop lying about skb->truesize
(git-fixes).
- commit 416a90a
- Update
patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
(git-fixes CVE-2024-26897 bsc#1223323).
- commit 938950f
- drm/amd/display: Fix MST Null Ptr for RV (CVE-2021-47200 bsc#1222838)
- commit 3d0cc91
- Update
patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
(git-fixes CVE-2024-26895 bsc#1223197).
- commit 73cb93c
- amdkfd: use calloc instead of kzalloc to avoid integer overflow (CVE-2024-26817 bsc#1222812)
- commit 5946a4f
- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb
- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in
task context (CVE-2022-48658 bsc#1223496).
- commit 3480d23
- firmware: arm_scmi: Fix double free in SMC transport cleanup
path (CVE-2024-26893 bsc#1223196).
- commit 689202d
- nfsd: use __fput_sync() to avoid delayed closing of files
(bsc#1223380 bsc#1217408).
- commit aa925bb
- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
This reverts commit b92b60703522e3531f77c5af2f34b4b165007b3a.
This commit was reverted upstream by commit 0ecff05e6c59dd82dbcb9706db911f7fd9f40fb8
with note:
ice_check_vf_ready_for_cfg() already contain waiting for reset.
New condition in ice_check_vf_ready_for_reset() causing only problems.
- commit 33e8bb2
- Sort recent BHI patches
- Refresh patches.suse/KVM-x86-Add-BHI_NO.patch.
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- commit 065fb7d
- Update patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch
(jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- commit 29ca2f7
- x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word (bsc#1217339 CVE-2024-2201).
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Delete
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit b2ddc32
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- commit e9b75ba
- livepatch: Fix missing newline character in
klp_resolve_symbols() (bsc#1223539).
- commit ccf2afb
- blacklist.conf: cosmetic; kind of code documentation
- commit 6c8cbf7
- blacklist.conf: workqueue: prevent false circular dependency by lockdep,
code churn, primary useful when developing new code, lockdep is
disabled on production kernels (bsc#1223536)
- commit 6ab7164
- Update
patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
(git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d
- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
(CVE-2023-52616 bsc#1221612).
- commit 6fa74bc
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone
index (bsc#1222615 CVE-2024-26783).
- commit d2a6383
- mm/vmscan: make sure wakeup_kswapd with managed zone
(bsc#1223473).
- commit c954567
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd
- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48
- hugetlb, userfaultfd: fix reservation restore on userfaultfd
error (bsc#1222710 CVE-2021-47214).
- commit 4a75d88
- drm/amdgpu: fix use-after-free bug (CVE-2024-26656 bsc#1222307)
- commit 2c0e8cb
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
(git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- idma64: Don't try to serve interrupts when device is powered
off (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions
(stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
(stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product
(stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650
(stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models
(stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants
(stable-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume
(stable-fixes).
- thunderbolt: Fix wake configurations after device unplug
(stable-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb
ep transport error (stable-fixes).
- clk: Get runtime PM before walking tree during disable_unused
(git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- arm64: hibernate: Fix level3 translation fault in swsusp_save()
(git-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with
ALC269VC (stable-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/amd/display: Do not recursively call manual trigger
programming (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
(stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
(stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages
(stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB
(stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct
(stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- clk: Print an info line before disabling unused clocks
(stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11
(stable-fixes).
- clk: remove extra empty line (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- commit 2a4676e
- i40e: Fix VF MAC filter removal (git-fixes).
- commit 03f8d56
- mmc: sdhci-msm: pervent access to suspended controller
(git-fixes).
- fbdev: fix incorrect address computation in deferred IO
(git-fixes).
- wifi: nl80211: don't free NULL coalescing rule (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
(git-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new
one (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend
(git-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports
(git-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
dev->devc (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow
(git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
(git-fixes).
- commit eb0d29c
- blacklist.conf: Add 246f80a0b17f8 ("sh: push-switch: Reorder cleanup operations to avoid use-after-free bug")
- commit 701f2ea
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33
- i40e: Do not allow untrusted VF to remove administratively
set MAC (git-fixes CVE-2024-26830 bsc#1223012).
- commit 67a5cff
- net: ip_tunnel: make sure to pull inner header in
ip_tunnel_rcv() (git-fixes CVE-2024-26882 bsc#1223034).
- commit 1915836
- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
(CVE-2023-52635 bsc#1222294).
- commit 6f88f1b
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369
ltc#205888).
- powerpc/rtas: define pr_fmt and convert printk call sites
(bsc#1223369 ltc#205888).
- commit 13f68b5
- Update
patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
(bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a
- Renamepatches before cve/linux-5.14-LTSS
- commit 0b096bb
- PCI: rpaphp: Error out on busy status from get-sensor-state
(bsc#1223369 ltc#205888).
- commit f9716ef
- bpf: Fix stackmap overflow check on 32-bit arches (bsc#1223035
CVE-2024-26883).
- bpf: Fix hashtab overflow check on 32-bit arches (bsc#1223189
CVE-2024-26884).
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
(bsc#1223190 CVE-2024-26885).
- commit c435af8
- Update
patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch
(bsc#1222596 cve-2024-26760), updating CVE number.
- commit 0b78c9a
- powerpc/kasan: Don't instrument non-maskable or raw interrupts
(bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- Refresh patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
- commit 8a00767
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt
(bsc#1221645 ltc#205739 bsc#1223191).
- commit caf6e20
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood
(git-fixes).
- serial: mxs-auart: add spinlock around changing cts state
(git-fixes).
- Revert "usb: cdc-wdm: close race between read and workqueue"
(git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow
(git-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- commit 28e1f50
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- commit e92aa40
- blacklist.conf: We don't support FRED
- commit ce7dd35
- clk: Remove prepare_lock hold assertion in __clk_release()
(git-fixes).
- commit 7812d3f
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit 236cddf
- drm/panel: visionox-rm69299: don't unregister DSI device
(git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference
(git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- nouveau: fix instmem race condition around ptr stores
(git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations
more clearly (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit d2ecf52
- pmdomain: mediatek: fix race conditions with genpd
(CVE-2023-52645 bsc#1223033).
- commit 9a65bfe
- spi: spi-fsl-lpspi: remove redundant spi_controller_put call
(CVE-2024-26866 bsc#1223024).
- commit 1408e84
- spi: lpspi: Avoid potential use-after-free in probe()
(CVE-2024-26866 bsc#1223024).
- commit 233d8aa
- platform/x86: think-lmi: Fix password opcode ordering for
workstations (CVE-2024-26836 bsc#1222968).
- platform/x86: think-lmi: Enable opcode support on BIOS settings
(CVE-2024-26836 bsc#1222968).
- commit 13fd3e3
- net: usb: ax88179_178a: avoid writing the mac address before
first reading (git-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed()
(git-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
(stable-fixes).
- nouveau: fix function cast warning (git-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316
(stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
(stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure
(stable-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used
(stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
active (git-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input
(git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete()
(git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT
(git-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of
probe (git-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack
(stable-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn
establishes (stable-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
(stable-fixes).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not
attached (stable-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode()
(stable-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
(stable-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms
(stable-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and
MM0110113M (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product
(stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100
(stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
(stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
(git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy
(stable-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is
defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible
(stable-fixes).
- ahci: asm1064: asm1166: don't limit reported ports (git-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for
"phys" fails (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- media: cec: core: remove length check of Timer Status
(stable-fixes).
- ALSA: firewire-lib: handle quirk to calculate payload quadlets
as data block counter (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle
by default" (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant
of the Chuwi Vi8 tablet (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle
(stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided
IDs (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini
(stable-fixes).
- drm/vc4: don't check if plane->state->fb == state->fb
(stable-fixes).
- hwmon: (amc6821) add of_match table (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
(stable-fixes).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
(stable-fixes).
- pstore/zone: Add a null pointer check to the psz_kmsg_read
(stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags
(stable-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running
(stable-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- commit 5f4b68d
- Update
patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
(git-fixes CVE-2024-26798 bsc#1222798).
- commit 3f5154a
- Update
patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
(bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
(CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e
- Update
patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
(git-fixes CVE-2021-47207 bsc#1222790).
- Update
patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
(bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
(jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
(git-fixes CVE-2021-47187 bsc#1222703).
- Update
patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
(git-fixes CVE-2021-47194 bsc#1222829).
- Update
patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
(git-fixes CVE-2021-47205 bsc#1222888).
- Update
patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
(git-fixes CVE-2021-47200 bsc#1222838).
- Update
patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
(jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
(jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
(git-fixes CVE-2021-47217 bsc#1222836).
- Update
patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
(git-fixes CVE-2021-47204 bsc#1222787).
- Update
patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
(jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
(jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
(jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
(bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
(git-fixes CVE-2021-47216 bsc#1222876).
- Update
patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
(git-fixes CVE-2021-47192 bsc#1222867).
- Update
patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
(bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
(bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
(git-fixes CVE-2021-47193 bsc#1222879).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(git-fixes CVE-2021-47191 bsc#1222866).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
(git-fixes CVE-2021-47188 bsc#1222671).
- Update
patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
(git-fixes CVE-2021-47218 bsc#1222791).
- Update
patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
(stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185 bsc#1222669).
- Update
patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
(git-fixes CVE-2021-47206 bsc#1222894).
- Update
patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
(git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
(git-fixes).
- Refresh
patches.suse/coresight-etm-Override-TRCIDR3.CCITMIN-on-errata-affected-cpus.patch.
- commit d93f0f0
- Update
patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
(git-fixes CVE-2024-26779 bsc#1222772).
- commit c8c8675
- wifi: wfx: fix possible NULL pointer dereference in
wfx_set_mfp_ap() (CVE-2023-52593 bsc#1221042).
- commit 846e85e
- iommu/mediatek: Flush IOTLB completely only if domain has
been attached (git-fixes).
- commit 623c929
- media: rkisp1: Fix IRQ disable race issue (CVE-2023-52589
bsc#1221084).
- commit e4627b0
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- commit b3bdbef
- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
- commit 9b2027c
- iommu/amd: Don't block updates to GATag if guest mode is on
(git-fixes).
- commit 9ffdfc7
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- commit c8c9239
- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
bsc#1221299).
- commit e7967c5
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- commit 6d1aa27
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c
(git-fixes).
- commit 452d862
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
(git-fixes).
- commit 161366f
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- commit b3ada40
- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
bsc#1222435).
- commit eb41ab9
- xen/xenbus: document will_handle argument for
xenbus_watch_path() (git-fixes).
- commit c749895
- blacklist.conf: Append 'drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()''
- commit f765ec7
- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d
- blacklist.conf: Append 'drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()''
- commit 182dade
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- libceph: init the cursor when preparing sparse read in msgr2
(bsc#1222247 CVE-2023-52636).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap
(bsc#1223067).
- libceph: just wait for more data to be available on the socket
(bsc#1222247 CVE-2023-52636).
- libceph: rename read_sparse_msg_*() to
read_partial_sparse_msg_*() (bsc#1222247 CVE-2023-52636).
- commit c683288
- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap
functions for FIFO (bsc#1221162 CVE-2023-52488).
- commit 0ac4803
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- commit aa65491
- Refresh patches.kabi/kabi-allow-extra-bugints.patch. (bsc#1222952)
- commit a04a1a9
- iommu/amd: Fix "Guest Virtual APIC Table Root Pointer"
configuration in IRTE (git-fixes).
- commit 9b574c1
- afs: Fix endless loop in directory parsing (bsc#1223030
CVE-2024-26848).
- commit 38522d0
- iommu/vt-d: Allow zero SAGAW if second-stage not supported
(git-fixes).
- commit 9bb9de0
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1220342 CVE-2024-26601).
- commit c12e20f
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- commit f532194
- iommu/amd: Add a length limitation for the ivrs_acpihid
command-line parameter (git-fixes).
- commit 8f23b5e
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- commit 87554ac
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- commit 6fc55b4
- blacklist.conf: Blacklist 83e80a6e3543f3
- commit 62a580e
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
(bsc#1222721 CVE-2024-26764).
- commit b81d662
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via
libaio (bsc#1222721 CVE-2024-26764).
- commit 6f0ed6e
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found() (bsc#1222618 CVE-2024-26773).
- commit 821043d
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- commit 78b0780
- xen-netback: properly sync TX responses (git-fixes).
- commit b347f75
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf
import (git-fixes).
- commit 78d5534
- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (stable-5.14.21 CVE-2021-47202 bsc#1222878)
- commit 9b2ed28
- drm/amd/display: Implement bounds check for stream encoder creation (bsc#1222266 CVE-2024-26660)
- commit 3a8faf0
- iommu/amd: Fix error handling for pdev_pri_ats_enable()
(git-fixes).
- commit 9598a5a
- Update
patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
(bsc#1222609 CVE-2024-26747).
Added CVE reference
- commit c356fce
- iommu/vt-d: Fix error handling in sva enable/disable paths
(git-fixes).
- commit a7d0d80
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- commit 997077c
- iommu/vt-d: Allocate local memory for page request queue
(git-fixes).
- commit 29949ff
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
PE (bsc#1222011 ltc#205900).
- commit 92932bc
- Update references in
patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
(bsc#1221044 bsc#1221088 CVE-2023-52591 CVE-2023-52590).
- commit 6a6852e
- Update patches.suse/spi-fix-use-after-free-of-the-add_lock-mutex.patch (git-fixes CVE-2021-47195 bsc#1222832)
- commit e8d48f1
- mm/vmalloc: huge vmalloc backing pages should be split rather
than compound (bsc#1217829).
- commit 539be83
- netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
(bsc#1222630 CVE-2024-26805).
- commit 62396b0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (bsc#1222726 CVE-2024-26766)
- commit dc4bba0
- spi: cadence-qspi: fix pointer reference in runtime PM hooks (CVE-2024-26807 bsc#1222801)
- commit 4dd5f9f
- Update
patches.suse/nvmet-fc-avoid-deadlock-on-delete-association-path.patch
(git-fixes CVE-2024-26769 bsc#1222727).
- commit fb3505a
- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
(git-fixes bsc#1222449 CVE-2024-26744)
- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
(git-fixes bsc#1222677 CVE-2024-26743)
- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
(git-fixes bsc#1222726 CVE-2024-26766)
- commit c5a8a5e
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- commit 1af9c1e
- NFS: avoid spurious warning of lost lock that is being unlocked
(bsc#1221791).
- commit 1efde72
- gtp: fix use-after-free and null-ptr-deref in
gtp_genl_dump_pdp() (bsc#1222428 CVE-2024-26793 bsc#1222632
CVE-2024-26754).
- commit eebe79d
- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
- commit 3445a30
- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
- commit fa581a2
- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
- commit 97121f5
- iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. (CVE-2023-52627 bsc#1222051)
- commit e5bef1f
- dm: don't lock fs when the map is NULL during suspend or resume
(git-fixes).
- commit 78ef342
- blacklist.conf: add a commit for bcache typo fix.
- commit 22e6069
- dm integrity: fix out-of-range warning (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm raid: fix false positive for requeue needed during reshape
(git-fixes).
- dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes).
- md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume
(git-fixes).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Don't clear MD_CLOSING when the raid is about to stop
(git-fixes).
- dm-verity, dm-crypt: align "struct bvec_iter" correctly
(git-fixes).
- dm-crypt: don't modify the data when using authenticated
encryption (bsc#1222720, CVE-2024-26763).
- dm-crypt, dm-verity: disable tasklets (bsc#1222416, CVE-2024-26718).
- dm-integrity: don't modify bio's immutable bio_vec in
integrity_metadata() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
(git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set()
(git-fixes).
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up
race (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx
(git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
(git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size
(git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio
(git-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and
check its return value (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices
(git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu()
(git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in
unregister_nvdimm_pmu() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
progress (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr()
(git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
error paths (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit
architectures (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client
(git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
(git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- dm thin metadata: check fail_io before using data_sm
(git-fixes).
- dm: don't lock fs when the map is NULL in process of resume
(git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
error path (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error
path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
(git-fixes).
- dm stats: check for and propagate alloc_percpu failure
(git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- commit 876bda1
- dm thin: fix deadlock when swapping to thin device
(bsc#1177529).
- Use above upstream patch, delete in-house patch,
patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch.
- commit f651b2e
- dm cache: add cond_resched() to various workqueue loops
(git-fixes).
- dm thin: add cond_resched() to various workqueue loops
(git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
(git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed
block devices (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions
without mappings (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def
in stats.h (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- nvdimm/namespace: drop nested variable in
create_namespace_pmem() (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous
device registration' (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms
(git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded
CPU false sharing (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish
(git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit
(git-fixes).
- bcache: move uapi header bcache.h to bcache code directory
(git-fixes).
- bcache: remove bch_crc64_update (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- commit fd7b7d9
- bcache: remove the backing_dev_name field from struct cached_dev
(git-fixes).
- Rebased for the above change,
patches.suse/0017-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch.
- commit fddbf12
- bcache: remove the cache_dev_name field from struct cache
(git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing
device detach (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- commit b239072
- scsi: target: pscsi: Fix bio_put() for error case (bsc#1222596
cve-2024-267600).
- commit 54b96d8
- arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as (CVE-2023-52561 bsc#1220935)
- commit 003c2c9
- selftests/bpf: Test racing between bpf_timer_cancel_and_free
and bpf_timer_cancel (bsc#1222557 CVE-2024-26737).
- bpf: Fix racing between bpf_timer_cancel_and_free and
bpf_timer_cancel (bsc#1222557 CVE-2024-26737).
- commit 141641a
- iio: adc: ad7091r: Allow users to configure device events (CVE-2023-52627 bsc#1222051)
- commit 4afaad3
- ARM: ep93xx: Add terminator to gpiod_lookup_table (CVE-2024-26751 bsc#1222724)
- commit 9f7da20
- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
- commit fb21423
- Update
patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
(git-fixes CVE-2021-47189 bsc#1222706).
- commit 95bc72d
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
Properly check whether the feature we are patching in the alternatives
is a feature or a bug. This was broken because in apply_alternative()
boot_cpu_has is used and if we have an alternative that depends on a bug
bit (such as X86_BUG_SYSRET_SS_ATTRS) the boot_cpu_has will erroneously
check if this bit is set in the feature ints rather than the bug ints.
While at it ensure that static_cpu_has isn't called with extended
bugs features as those aren't supported right now.
- commit 793068f
- Refresh
patches.kabi/PCI-Add-locking-to-RMW-PCI-Express-Capability-Regist.patch.
Drop a bogus hunk. It was introduced by mistake.
Fixes: acf0d9920aee
- commit 3a754ef
- Update
patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
(git-fixes CVE-2024-26749 bsc#1222680).
- commit 515d996
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
(bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
- commit 3731b61
- blacklist.conf: Add f7ec1cd5cc7e getrusage: use sig->stats_lock rather than lock_task_sighand()
and its prereqs
- commit 0650209
- tee: amdtee: fix use-after-free vulnerability in
amdtee_close_session (bsc#1220915 CVE-2023-52503).
- commit 926b64b
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- Delete
patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch.
- commit bf0e61f
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185).
- commit de9e1db
- Update
patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
(bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit 720685d
- blacklist.conf: Add d9b3ce8769e3 mm: writeback: ratelimit stat flush from mem_cgroup_wb_stats
- commit 3201b4c
- Update
patches.suse/scsi-core-Fix-scsi_mode_sense-buffer-length-handling.patch
(git-fixes CVE-2021-47182 bsc#1222662).
- commit 641c737
- Update
patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
(git-fixes CVE-2021-47181 bsc#1222660).
- commit 27da195
- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
bsc#1222503).
- commit c307f9b
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
(bsc#1222619).
- commit 3d3186c
- PCI/PM: Drain runtime-idle callbacks before driver removal
(git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
(git-fixes).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
(git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports
(git-fixes).
- Refresh
patches.suse/PCI-Lengthen-reset-delay-for-VideoPropulsion-Torrent.patch.
- PCI: Drop pci_device_remove() test of pci_dev->driver
(git-fixes).
- commit 1625155
- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
bsc#1222585).
- commit aed9764
- net/sched: act_mirred: don't override retval if we already
lost the skb (CVE-2024-26733 bsc#1222585).
- commit 57213f3
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- commit aa158b4
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- commit 7ab1530
- Update
patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch
(git-fixes CVE-2024-26736 bsc#1222586).
- commit 95b873b
- Update
patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26727 bsc#1222536).
- commit 9619dfe
- Update
patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch
(git-fixes CVE-2024-26697 bsc#1222550).
- commit a10bcda
- nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
(bsc#1222549 CVE-2024-26696).
- commit b7a4096
- Update
patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
(git-fixes CVE-2024-26722 bsc#1222520).
- commit 227851b
- blacklist.conf: kABI
- commit b7c2dcf
- blacklist.conf: kABI
- commit 4fed026
- blacklist.conf: kABI
- commit 9643918
- ring-buffer: Make wake once of ring_buffer_wait() more robust
(git-fixes).
- commit 9369b70
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- commit 0c26abb
- ext4: fix double-free of blocks due to wrong extents moved_len
(bsc#1222422 CVE-2024-26704).
- commit 4e96ad3
- net: stmmac: xgmac: use #define for string constants
(bsc#1222445 CVE-2024-26684).
- net: stmmac: xgmac: fix a typo of register name in DPP safety
handling (bsc#1222445 CVE-2024-26684).
- commit d142965
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
(git-fixes CVE-2024-26681 bsc#1222431).
- commit 6e625f6
- References update
- commit e2989ce
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- commit 4edf006
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
channels (bsc#1222445 CVE-2024-26684).
- commit f5bac1a
- gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
(bsc#1222428 CVE-2024-26793).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1222427
CVE-2024-26680).
- commit 8477f57
- ring-buffer: Use wait_event_interruptible() in
ring_buffer_wait() (git-fixes).
- commit a852b18
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- commit a44bf56
- ring-buffer: Do not set shortest_full when full target is hit
(git-fixes).
- commit 4381c01
- tracing: Use .flush() call to wake up readers (git-fixes).
- commit d993c13
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- commit 966f555
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- commit 676cf24
- tracing: Remove precision vsnprintf() check from print event
(git-fixes).
- commit 6b7c133
- tracing: Have saved_cmdlines arrays all in one allocation
(git-fixes).
- commit 49f31e7
- blacklist.conf: We don't have annotate_noendbr in this kernel
So shut up the warning.
- commit f6d75ac
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- commit eb744cd
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264 CVE-2024-0841).
- commit fe3c052
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264 CVE-2024-0841).
- commit aa8204a
- nilfs2: fix potential bug in end_buffer_async_write (bsc#1222437
CVE-2024-26685).
- commit dafe6fe
- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
CVE-2023-52591).
- commit a849be1
- blacklist.conf: kABI
- commit 94d8026
- net: usb: ax88179_178a: avoid the interface always configured
as random address (git-fixes).
- commit c53377c
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- commit 629693d
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes).
- Drivers: hv: vmbus: Calculate ring buffer size for more
efficient use of memory (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER
missed (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and
netvsc_remove (git-fixes).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not
4 Kbytes (git-fixes).
- commit 82617ea
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- commit 22061fc
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- commit a61527a
- blacklist.conf: ("arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card")
- commit 4b90502
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- commit b828266
- blacklist.conf: add a couple of PCI git-fixes
- commit 37743ca
- ata: sata_mv: Fix PCI device ID table declaration compilation
warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
(git-fixes).
- ASoC: amd: acp: fix for acp_init function error handling
(git-fixes).
- ASoC: rt711-sdw: fix locking sequence (git-fixes).
- ASoC: rt711-sdca: fix locking sequence (git-fixes).
- ASoC: rt5682-sdw: fix locking sequence (git-fixes).
- ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
(git-fixes).
- ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support
headset with microphone (git-fixes).
- drm/i915/gt: Do not generate the command streamer for all the
CCS (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- commit 56ef24f
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500).
- commit fc88013
- KVM: x86: Add BHI_NO (bsc#1217339 CVE-2024-2201).
- commit c0e1ffe
- Update
patches.suse/ALSA-sh-aica-reorder-cleanup-operations-to-avoid-UAF.patch
(git-fixes CVE-2024-26654 bsc#1222304).
- Update
patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
(git-fixes CVE-2024-26717 bsc#1222360).
- Update
patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
(bsc#1219443 CVE-2024-26670 bsc#1222356).
- Update
patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
(git-fixes CVE-2024-26695 bsc#1222373).
- Update
patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
(git-fixes CVE-2024-26667 bsc#1222331).
- Update
patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
(git-fixes CVE-2024-26664 bsc#1222355).
- Update patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch
(bsc#1218968 CVE-2024-26629 bsc#1221379).
- Update
patches.suse/pwm-Fix-out-of-bounds-access-in-of_pwm_single_xlate.patch
(git-fixes CVE-2024-26599 bsc#1220365).
- Update
patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch
(git-fixes bsc1220398 CVE-2024-26602 bsc#1220398).
- Update
patches.suse/scsi-core-Move-scsi_host_busy-out-of-host-lock-for-waking-up-EH-handler.patch
(git-fixes CVE-2024-26627 bsc#1221090).
- Update
patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
(git-fixes CVE-2024-26651 bsc#1221337).
- Update
patches.suse/tracing-Ensure-visibility-when-inserting-an-element-into-tracing_map.patch
(git-fixes CVE-2024-26645 bsc#1222056).
- Update
patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
(git-fixes CVE-2024-26659 bsc#1222317).
- commit bd16cf6
- Update
patches.suse/Bluetooth-hci_codec-Fix-leaking-content-of-local_cod.patch
(git-fixes CVE-2023-52518 bsc#1221056).
- Update
patches.suse/FS-JFS-UBSAN-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2023-52604 bsc#1221067).
- Update patches.suse/IB-ipoib-Fix-mcast-list-locking.patch
(git-fixes CVE-2023-52587 bsc#1221082).
- Update
patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
(git-fixes bsc#1220393 CVE-2023-52639 bsc#1222300).
- Update
patches.suse/PCI-switchtec-Fix-stdev_release-crash-after-surprise.patch
(git-fixes CVE-2023-52617 bsc#1221613).
- Update
patches.suse/SUNRPC-Fix-a-suspicious-RCU-usage-warning.patch
(git-fixes CVE-2023-52623 bsc#1222060).
- Update
patches.suse/UBSAN-array-index-out-of-bounds-in-dtSplitRoot.patch
(git-fixes CVE-2023-52603 bsc#1221066).
- Update
patches.suse/bus-mhi-host-Add-alignment-check-for-event-ring-read.patch
(git-fixes CVE-2023-52494 bsc#1221273).
- Update
patches.suse/bus-mhi-host-Drop-chan-lock-before-queuing-buffers.patch
(git-fixes CVE-2023-52493 bsc#1221274).
- Update
patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
(git-fixes CVE-2023-52637 bsc#1222291).
- Update
patches.suse/crypto-scomp-fix-req-dst-buffer-overflow.patch
(git-fixes CVE-2023-52612 bsc#1221616).
- Update
patches.suse/drm-Don-t-unref-the-same-fb-many-times-by-mistake-du.patch
(git-fixes CVE-2023-52486 bsc#1221277).
- Update
patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
(git-fixes CVE-2023-52632 bsc#1222274).
- Update
patches.suse/drm-meson-fix-memory-leak-on-hpd_notify-callback.patch
(git-fixes CVE-2023-52563 bsc#1220937).
- Update
patches.suse/hwrng-core-Fix-page-fault-dead-lock-on-mmap-ed-hwrng.patch
(git-fixes CVE-2023-52615 bsc#1221614).
- Update
patches.suse/iommu-arm-smmu-v3-Fix-soft-lockup-triggered-by-arm_smmu_mm_invalidate_range.patch
(bsc#1215921 CVE-2023-52484 bsc#1220797).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2023-52601 bsc#1221068).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-diNewExt.patch
(git-fixes CVE-2023-52599 bsc#1221062).
- Update
patches.suse/jfs-fix-slab-out-of-bounds-Read-in-dtSearch.patch
(git-fixes CVE-2023-52602 bsc#1221070).
- Update patches.suse/jfs-fix-uaf-in-jfs_evict_inode.patch
(git-fixes CVE-2023-52600 bsc#1221071).
- Update
patches.suse/perf-x86-intel-uncore-Fix-NULL-pointer-dereference-issue-in-upi_fill_topology.patch
(bsc#1218958 CVE-2023-52450 bsc#1220237).
- Update
patches.suse/pstore-ram-Fix-crash-when-setting-number-of-cpus-to-.patch
(git-fixes CVE-2023-52619 bsc#1221618).
- Update
patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
(git-fixes CVE-2023-52500 bsc#1220883).
- Update
patches.suse/wifi-ath9k-Fix-potential-array-index-out-of-bounds-r.patch
(git-fixes CVE-2023-52594 bsc#1221045).
- Update
patches.suse/wifi-rt2x00-restart-beacon-queue-when-hardware-reset.patch
(git-fixes CVE-2023-52595 bsc#1221046).
- commit b1046c1
- Update
patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
(CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- commit fd3aabc
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- commit a7b445d
- mm,page_owner: Fix accounting of pages when migrating
(bsc#1222366).
- commit 37b3731
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- commit 4dc29b0
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- commit 21d467e
- selinux: saner handling of policy reloads (bsc#1222230 bsc#1221044
CVE-2023-52591).
- commit 66a189d
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- commit b2b2b31
- mm,page_owner: fix recursion (bsc#1222366).
- commit 4517a6d
- mm,page_owner: drop unnecessary check (bsc#1222366).
- commit 0c42427
- mm,page_owner: check for null stack_record before bumping its
refcount (bsc#1222366).
- commit 81f3531
- Update patches metadata
- commit f6df04d
- x86/bhi: Mitigate KVM by default (bsc#1217339 CVE-2024-2201).
- commit e8a52ff
- x86/bhi: Add BHI mitigation knob (bsc#1217339 CVE-2024-2201).
- Update config files.
- commit 66b3207
- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1217339 CVE-2024-2201).
- commit 797a250
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (bsc#1217339 CVE-2024-2201).
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- commit d9a50a1
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1217339 CVE-2024-2201).
- commit c5355fd
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
Extend existing functionality to allow adding extra feature words in
addition to extra bug words. This code is adjusted from SLE12-SP5 patch.
- commit 44177f4
- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1217339 CVE-2024-2201).
- commit 7297553
- x86/cpufeature: Add missing leaf enumeration (bsc#1217339 CVE-2024-2201).
- commit 72a3a61
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails
(git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in
intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
(stable-fixes).
- drm/amd/display: Return the correct HDCP error code
(stable-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
(stable-fixes).
- drm/exynos: do not return negative values from .get_modes()
(stable-fixes).
- drm/panel: do not return negative error codes from
drm_panel_get_modes() (stable-fixes).
- drm/probe-helper: warn about negative .get_modes()
(stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
(stable-fixes).
- ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
(stable-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting
(stable-fixes).
- drm/amd/display: handle range offsets in VRR ranges
(stable-fixes).
- commit 9310237
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- blacklist.conf: omit previous incomplete sockmap fix
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t
(git-fixes).
- commit 9a86a18
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- commit f738a42
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- commit 989b8c6
- blacklist.conf: omit reverted sockmap deadlock fix
- commit 397323e
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642 bsc#1221830).
- commit 02a907f
- netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit 0b47032
- usb: typec: ucsi: Check for notifications after init
(git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
(git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds
(git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- USB: core: Fix deadlock in usb_deauthorize_interface()
(git-fixes).
- staging: vc04_services: fix information leak in
create_component() (git-fixes).
- commit 74f6b3e
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/qxl: remove unused variable from
`qxl_process_single_command()` (git-fixes).
- drm/qxl: remove unused `count` variable from
`qxl_surface_id_alloc()` (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if
needed (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- ACPICA: debugger: check status of acpi_evaluate_object()
in acpi_db_walk_for_fields() (git-fixes).
- commit 22f136e
- README.BRANCH: Remove copy of branch name
- commit 4834fba
- README.BRANCH: Remove copy of branch name
- commit 9b22290
- thermal: intel: hfi: Add syscore callbacks for system-wide PM
(CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Disable an HFI instance when all its CPUs
go offline (CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Enable an HFI instance from its first
online CPU (CVE-2024-26646 bsc#1222070).
- thermal: intel: hfi: Refactor enabling code into helper
functions (CVE-2024-26646 bsc#1222070).
- commit 8d3563b
- ASoC: meson: t9015: fix function pointer type mismatch
(git-fixes).
- drm/tegra: hdmi: Fix some error handling paths in
tegra_hdmi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in
tegra_dsi_probe() (git-fixes).
- net/x25: fix incorrect parameter validation in the
x25_getsockopt() function (git-fixes).
- Bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion
msg (git-fixes).
- Input: gpio_keys_polled - suppress deferred probe error for gpio
(stable-fixes).
- firewire: core: use long bus reset on gap count error
(stable-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
(stable-fixes).
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(stable-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcddc device
(stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
(stable-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe()
(stable-fixes).
- commit 2335ed9
- ACPI: resource: Add Infinity laptops to
irq1_edge_low_force_override (stable-fixes).
- Refresh
patches.suse/ACPI-resource-Add-MAIBENBEN-X577-to-irq1_edge_low_fo.patch.
- commit a322c3a
- ASoC: meson: aiu: fix function pointer type mismatch
(git-fixes).
- ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
(stable-fixes).
- ACPI: resource: Do IRQ override on Lunnen Ground laptops
(stable-fixes).
- ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
(stable-fixes).
- ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono
mode (stable-fixes).
- ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
(stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi
Vi8 tablet (stable-fixes).
- ASoC: rt5645: Make LattePanda board DMI match more precise
(stable-fixes).
- ASoC: meson: Use dev_err_probe() helper (stable-fixes).
- commit 8f94a4d
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- ALSA: aoa: avoid false-positive format truncation warning
(git-fixes).
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
(git-fixes).
- wifi: iwlwifi: fw: don't always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks
(git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function
(git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
(git-fixes).
- ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
(stable-fixes).
- commit a43d7a1
- ipv6: init the accept_queue's spinlocks in inet6_create
(bsc#1221293 CVE-2024-26614).
- commit 0ab8c0f
- net/bnx2x: Prevent access to a freed page in page_pool
(bsc#1215322).
- commit 6d39ac9
- tcp: make sure init the accept_queue's spinlocks once
(bsc#1221293 CVE-2024-26614).
- commit 943f002
- powerpc/boot: Disable power10 features after BOOTAFLAGS
assignment (bsc#1194869).
- commit 17f8de7
- powerpc/boot: Fix boot wrapper code generation with
CONFIG_POWER10_CPU (bsc#1194869).
- commit 9b67460
- powerpc/lib: Validate size for vector operations (bsc#1194869 CVE-2023-52606 bsc#1221069).
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
(CVE-2023-52607 bsc#1221061).
- powerpc: add compile-time support for lbarx, lharx
(bsc#1194869).
- Update config files.
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- Update config files.
- powerpc/sstep: Use bitwise instead of arithmetic operator for
flags (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__
(bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding
(bsc#1194869).
- powerpc/lib/sstep: Don't use __{get/put}_user() on kernel
addresses (bsc#1194869).
- commit b17389a
- RDMA/mlx5: Relax DEVX access upon modify commands (git-fixes)
- commit 9423a91
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment (git-fixes)
- commit 16e4eca
- Revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
This reverts commit 81476d7e609a6d383f3d404542eebc93cebd0a4d.
This fixes bsc#1221814
- commit bc3a73c
- Update
patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch
(git-fixes CVE-2023-52519 bsc#1220920).
- Update
patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch
(git-fixes CVE-2023-52529 bsc#1220929).
- Update
patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
(git-fixes CVE-2023-52474 bsc#1220445).
- Update
patches.suse/RDMA-siw-Fix-connection-failure-handling.patch
(git-fixes CVE-2023-52513 bsc#1221022).
- Update
patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch
(git-fixes CVE-2023-52515 bsc#1221048).
- Update
patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch
(git-fixes CVE-2023-52564 bsc#1220938).
- Update
patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch
(bsc#1220251 CVE-2023-52447 CVE-2023-52621 bsc#1222073).
- Update
patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch
(git-fixes CVE-2023-52510 bsc#1220898).
- Update
patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch
(git-fixes CVE-2023-52524 bsc#1220927).
- Update
patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch
(git-fixes CVE-2023-52528 bsc#1220843).
- Update
patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch
(git-fixes CVE-2023-52507 bsc#1220833).
- Update
patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch
(git-fixes CVE-2023-52566 bsc#1220940).
- Update
patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
(bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch
(git-fixes CVE-2023-52520 bsc#1220921).
- Update
patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
(bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch
(git-fixes CVE-2023-52501 bsc#1220885).
- Update
patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch
(git-fixes CVE-2023-52567 bsc#1220839).
- Update
patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch
(git-fixes CVE-2023-52517 bsc#1221055).
- Update
patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch
(git-fixes CVE-2023-52511 bsc#1221012).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(git-fixes CVE-2023-52525 bsc#1220840).
- Update
patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch
(git-fixes CVE-2023-52504 bsc#1221553).
- Update
patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
(git-fixes CVE-2023-52575 bsc#1220871).
- commit 5f353b0
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- Update
patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch
(git-fixes CVE-2022-48629 bsc#1220989).
- Update
patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch
(git-fixes CVE-2022-48630 bsc#1220990).
- commit f8cf886
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-harden-detection-of-controll.patch
(git-fixes CVE-2021-46926 bsc#1220478).
- Update
patches.suse/ALSA-rawmidi-fix-the-uninitalized-user_pversion.patch
(git-fixes CVE-2021-47096 bsc#1220981).
- Update
patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
(git-fixes CVE-2021-47104 bsc#1220960).
- Update
patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
(git-fixes CVE-2021-47097 bsc#1220982).
- Update
patches.suse/KVM-x86-mmu-Don-t-advance-iterator-after-restart-due.patch
(git-fixes CVE-2021-47094 bsc#1221551).
- Update patches.suse/NFSD-Fix-READDIR-buffer-overflow.patch
(git-fixes bsc#1196346 CVE-2021-47107 bsc#1220965).
- Update
patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
(git-fixes CVE-2021-47101 bsc#1220987).
- Update
patches.suse/drm-mediatek-hdmi-Perform-NULL-pointer-check-for-mtk.patch
(git-fixes CVE-2021-47108 bsc#1220986).
- Update
patches.suse/hwmon-lm90-Prevent-integer-overflow-underflow-in-hys.patch
(git-fixes CVE-2021-47098 bsc#1220983).
- Update
patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
(git-fixes CVE-2021-47100 bsc#1220985).
- Update
patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
(bsc#1193490 CVE-2021-47095 bsc#1220979).
- Update
patches.suse/mac80211-fix-locking-in-ieee80211_start_ap-error-pat.patch
(git-fixes CVE-2021-47091 bsc#1220959).
- Update
patches.suse/net-fix-use-after-free-in-tw_timer_handler.patch
(bsc#1217195 CVE-2021-46936 bsc#1220439).
- Update
patches.suse/net-marvell-prestera-fix-incorrect-structure-access.patch
(git-fixes CVE-2021-47102 bsc#1221009).
- Update
patches.suse/net-smc-fix-kernel-panic-caused-by-race-of-smc_sock
(git-fixes CVE-2021-46925 bsc#1220466).
- Update
patches.suse/nitro_enclaves-Use-get_user_pages_unlocked-call-to-handle-mmap-assert.patch
(git fixes (mm/gup) CVE-2021-46927 bsc#1220443).
- Update
patches.suse/platform-x86-intel_pmc_core-fix-memleak-on-registrat.patch
(git-fixes CVE-2021-47093 bsc#1220978).
- Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch
(CVE-2022-20154 bsc#1200599 CVE-2021-46929 bsc#1220482).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
(jsc#SLE-21844 CVE-2021-47087 bsc#1220954).
- Update
patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
(bsc#1209635 CVE-2022-4744 git-fixes CVE-2021-47082
bsc#1220969).
- Update
patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
(git-fixes CVE-2021-46933 bsc#1220487).
- Update patches.suse/usb-mtu3-fix-list_head-check-warning.patch
(git-fixes CVE-2021-46930 bsc#1220484).
- Update
patches.suse/veth-ensure-skb-entering-GRO-are-not-cloned.patch
(git-fixes CVE-2021-47099 bsc#1220955).
- commit b15f74e
- RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619).
- commit 1bac2ee
- RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619).
- commit 0a6b09b
- RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- commit 11123f1
- selftests/bpf: add generic BPF program tester-loader
(bsc#1222033).
- Refresh patches.suse/selftests-bpf-convenience-macro-for-use-with-asm-vol.patch
- commit fac2b7e
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - resolve race condition during AER recovery
(git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - fix unregistration of compression algorithms
(git-fixes).
- crypto: qat - fix unregistration of crypto algorithms
(git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- commit 57086a4
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- commit b45a9b9
- PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
(git-fixes).
- PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address
(git-fixes).
- commit 71917a0
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit 30c5680
- s390/vtime: fix average steal time calculation (git-fixes
bsc#1221951).
- commit dcc65eb
- s390/ptrace: handle setting of fpc register correctly
(CVE-2023-52598 bsc#1221060 git-fixes).
- commit 997994b
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
CVE-2023-7042).
- commit 1784f9f
- ubi: Check for too small LEB size in VTBL code (bsc#1219834
CVE-2024-25739).
- commit ad7e175
- PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
(git-fixes).
- commit 617f4f7
- PCI: rockchip: Fix window mapping and address translation for
endpoint (git-fixes).
- Refresh
patches.suse/PCI-rockchip-Use-u32-variable-to-access-32-bit-regis.patch.
- commit ebc378b
- PCI: qcom: Enable BDF to SID translation properly (git-fixes).
- PCI: mediatek-gen3: Fix translation window size calculation
(git-fixes).
- PCI: mediatek: Clear interrupt status before dispatching handler
(git-fixes).
- PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment
support (git-fixes).
- PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
(git-fixes).
- Revert "PCI: tegra194: Enable support for 256 Byte payload"
(git-fixes).
- PCI: fu740: Set the number of MSI vectors (git-fixes).
- PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: Make link retraining use RMW accessors for changing LNKCTL
(git-fixes).
- PCI: Add locking to RMW PCI Express Capability Register
accessors (git-fixes).
- kABI: PCI: Add locking to RMW PCI Express Capability Register
accessors (kabi).
- PCI: qcom: Use DWC helpers for modifying the read-only DBI
registers (git-fixes).
- commit 150da46
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- commit 20654b5
- wifi: ath11k: decrease MHI channel buffer length to 8KB
(bsc#1207948).
- commit ccda276
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- commit 76719ba
- nvme: fix reconnection fail due to reserved tag allocation
(git-fixes).
- commit 08c50ef
- blacklist.conf: add a couple of PCI ones
- commit 37e30e0
- bpf, scripts: Correct GPL license name (git-fixes).
- commit b7a1062
- Refresh
patches.suse/nfsd4-add-refcount-for-nfsd4_blocked_lock.patch.
Add another commit id
- commit 6697f38
- blacklist.conf: add unwanted nfs commit
- commit a4cc44e
- NFSv4.2: fix wrong shrinker_id (git-fixes).
- commit 5ba59c3
- Add cherry-picked id of amdgpu patch (git-fixes)
- commit 3498702
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
(git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- nouveau: reset the bo resource bus info after an eviction
(git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it
(git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock
(git-fixes).
- kconfig: fix infinite loop when expanding a macro at the end
of file (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx()
API (git-fixes).
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- serial: 8250_exar: Don't remove GPIO device on suspend
(git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
(git-fixes).
- serial: max310x: fix syntax error in IRQ error message
(git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to
net2272_probe_fin (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma
(git-fixes).
- usb: audio-v2: Correct comments for struct
uac_clock_selector_descriptor (git-fixes).
- commit d110a91
- blacklist.conf: add usb gadget patch to be reverted later
- commit d1cbd2f
- Add cherry-picked id to amdgpu patch
- commit 2d7799f
- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 02ed75a
- ubifs: Queue up space reservation tasks if retrying many times
(git-fixes).
- commit 061dcaa
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed
(git-fixes).
- commit 493a02c
- ubifs: Remove unreachable code in dbg_check_ltab_lnum
(git-fixes).
- commit 2771652
- ubifs: fix sort function prototype (git-fixes).
- commit 6125609
- Update patches.suse/dmaengine-fix-NULL-pointer-in-channel-unregistration.patch (git-fixes bsc#1221276 CVE-2023-52492)
- commit 7007f7d
- ubifs: Set page uptodate in the correct place (git-fixes).
- commit 219703b
- iommu/vt-d: Allow to use flush-queue when first level is
default (git-fixes).
- commit 1821f9c
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- commit 23b5322
- iommu/vt-d: Set No Execute Enable bit in PASID table entry
(git-fixes).
- commit 3ba9d71
- iommu/mediatek-v1: Fix an error handling path in
mtk_iommu_v1_probe() (git-fixes).
- commit 3b5ce5d
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(bsc#1219170 CVE-2024-22099).
- commit ece27a6
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Change debug message during driver unload
(bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
(bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored
(bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- commit ac0c897
- scsi: lpfc: Copyright updates for 14.4.0.1 patches
(bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3
ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr
(bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr
(bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state
(bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in
lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
(bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling
(bsc#1221777 bsc#1217959).
- scsi: lpfc: Move NPIV's transport unregistration to after
resource clean up (bsc#1221777).
- scsi: lpfc: Remove unnecessary log message in queuecommand path
(bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
(bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- commit 173a64c
- firmware: arm_scmi: Check mailbox/SMT channel for consistency (bsc#1221375 CVE-2023-52608)
- commit f829935
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- commit dfc50d6
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- commit c06fc74
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- commit b983475
- NFS: Fix an off by one in root_nfs_cat() (git-fixes).
- NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
(git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
(git-fixes).
- NFSD: Retransmit callbacks after client reconnects (git-fixes).
- NFSD: Reschedule CB operations when backchannel rpc_clnt is
shut down (git-fixes).
- NFSD: Convert the callback workqueue to use delayed_work
(git-fixes).
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- NFSD: fix LISTXATTRS returning more bytes than maxcount
(git-fixes).
- NFSD: fix LISTXATTRS returning a short list with eof=TRUE
(git-fixes).
- NFSD: change LISTXATTRS cookie encoding to big-endian
(git-fixes).
- NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes).
- SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes).
- SUNRPC: fix a memleak in gss_import_v2_context (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- commit 90396a4
- clk: zynq: Prevent null pointer dereference caused by kmalloc
failure (git-fixes).
- commit 6c59283
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
(git-fixes).
- commit c2aa41d
- iommu/dma: Trace bounce buffer usage when mapping buffers
(git-fixes).
- commit e3645be
- media: staging: ipu3-imgu: Set fields before
media_entity_pads_init() (git-fixes).
- commit 5978536
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- commit 936859f
- Drop temporarily amdgpu patch (to be reapplied later)
- commit 809ae8f
- RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- commit 373361b
- RDMA/device: Fix a race between mad_client and cm_client init (git-fixes)
- commit 5b52744
- RDMA/hns: Fix mis-modifying default congestion control algorithm (git-fixes)
- commit 95141c0
- RDMA/srpt: Do not register event handler until srpt device is fully setup (git-fixes)
- commit 5d33595
- RDMA/irdma: Remove duplicate assignment (git-fixes)
- commit 9841c04
- blacklist.conf: cleanup only
- commit ecab69c
- blacklist.conf: kABI
- commit 94731b9
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled
(git-fixes).
- commit dc89308
- drm/amd/display: Fix possible underflow for displays with
large vblank (git-fixes).
- drm/amd/display: Revert vblank change that causes null pointer
crash (git-fixes).
- commit 7e422d7
- Revert "Revert "drm/amdgpu/display: change pipe policy for
DCN 2.0"" (git-fixes).
- drm/amd/display: perform a bounds check before filling dirty
rectangles (git-fixes).
- commit 7922bac
- Refresh patches.suse/drm-amd-display-always-switch-off-ODM-before-committ.patch
Add cherry-pickd id
- commit feac6cf
- Refresh patches.suse/drm-amd-display-Write-to-correct-dirty_rect.patch
Add cherry-picked id
- commit d1b610a
- drm/amd/display: For prefetch mode > 0, extend prefetch if
possible (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again
(git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or
KCSAN in dml (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314
(git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8
(git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy
p-state (git-fixes).
- drm/amdgpu: Force order between a read and write to the same
address (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK
(git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting
enabled (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
(git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above
(git-fixes).
- drm/amd/display: fix a NULL pointer dereference in
amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set
(git-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to
panel-simple (git-fixes).
- Revert "drm/amd: Disable S/G for APUs when 64GB or more host
memory" (git-fixes).
- drm/amd/display: always switch off ODM before committing more
streams (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for
DCN31 (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
(git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc
(git-fixes).
- commit e9791f4
- Refresh patches.suse/drm-amdgpu-vcn-Disable-indirect-SRAM-on-Vangogh-brok.patch (git-fixes)
Alt-commit
- commit 633cb3b
- Refresh patches.suse/1398-drm-i915-pass-a-pointer-for-tlb-seqno-at-vma_invalid.patch (git-fixes)
Alt-commit
- commit 4cec8c9
- Refresh patches.suse/1866-drm-i915-ttm-fix-32b-build.patch (git-fixes)
Alt-commit
- commit a1a2486
- drm/amd/display: ensure async flips are only accepted for fast
updates (git-fixes).
- drm/exynos: fix a possible null-pointer dereference due to
data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
(git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing
(git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings
(git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets
(git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to
access PHY (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family
(git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous
GFX Curr Clock (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
(git-fixes).
- drm/ttm: Don't leak a resource on eviction error (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT
(git-fixes).
- Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON"
(git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on
Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on
Rembrandt (git-fixes).
- drm/amd/display: Update correct DCN314 register header
(git-fixes).
- drm/amd/display: Fix possible underflow for displays with
large vblank (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards
(git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround
(git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it
(git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
(git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe
(git-fixes).
- Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"
(git-fixes).
- Revert "drm/amdgpu/display: change pipe policy for DCN 2.1"
(git-fixes).
- commit 5e1df8b
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/ttm: Don't print error message if eviction was interrupted
(git-fixes).
- Revert "drm/vc4: hdmi: Enforce the minimum rate at
runtime_resume" (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: clean code-style issues in
dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off
(git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate
modes on dcn315 (git-fixes).
- drm/amd/display: use low clocks for no plane configs
(git-fixes).
- drm/amd/display: Use min transition for all SubVP plane
add/remove (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP
(git-fixes).
- drm/amd/display: Update OTG instance in the commit stream
(git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Add function for validate and update new stream
(git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams
(git-fixes).
- drm/amd/display: Copy DC context in the commit streams
(git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x
(git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10
(SW5-017) (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
(git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
(git-fixes).
- commit 17a985c
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
(git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro
(git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit
(git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free()
(git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang
(git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: go7007: add check of return value of go7007_read_addr()
(git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
(git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
(git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: em28xx: annotate unchecked call to
media_device_register() (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
(git-fixes).
- media: staging: ipu3-imgu: Set fields before
media_entity_pads_init() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop
(git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning
(git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests
(git-fixes).
- commit 6d10a8f
- blacklist.conf: kABI
- commit 6018730
- blacklist.conf: merely a cleanup
- commit f35d79c
- xhci: handle isoc Babble and Buffer Overrun events properly
(git-fixes).
- commit b33a274
- xhci: process isoc TD properly when there was a transaction
error mid TD (git-fixes).
- commit ef9dcf9
- Refresh patches.suse/Revert-drm-amd-pm-resolve-reboot-exception-for-si-ol.patch (git-fixes)
Alt-commit
- commit 51173ed
- Refresh patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch (git-fixes)
Alt-commit
- commit 9a337ae
- Refresh patches.suse/drm-amdgpu-display-Initialize-gamma-correction-mode-.patch (git-fixes)
Alt-commit
- commit ae35079
- Refresh patches.suse/drm-amd-display-Fix-possible-NULL-dereference-on-dev.patch (git-fixes)
Alt-commit
- commit 968007a
- Refresh patches.suse/Revert-drm-amd-display-increased-min_dcfclk_mhz-and-.patch (git-fixes)
Alt-commit
- commit 29d289f
- Refresh patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch (git-fixes)
Alt-commit
- commit 6c8d470
- Refresh patches.suse/drm-amd-display-Fix-possible-buffer-overflow-in-find.patch (git-fixes)
Alt-commit
- commit d66904a
- Refresh patches.suse/drm-amdgpu-Fix-missing-error-code-in-gmc_v6-7-8-9_0_.patch (git-fixes)
Alt-commit
- commit 17a587a
- Refresh patches.suse/drm-bridge-sii902x-Fix-probing-race-issue.patch (git-fixes)
Alt-commit
- commit 0c6bf24
- Refresh patches.suse/drm-i915-dp-Fix-passing-the-correct-DPCD_REV-for-drm.patch (git-fixes)
Alt-commit
- commit eeb30fc
- Refresh patches.suse/drm-amd-Disable-ASPM-for-VI-w-all-Intel-systems.patch (git-fixes)
Alt-commit
- commit 2b0efc6
- Refresh patches.suse/drm-amd-Fix-detection-of-_PR3-on-the-PCIe-root-port.patch (git-fixes)
Alt-commit
- commit 0458ace
- Refresh patches.suse/drm-amd-display-fix-the-white-screen-issue-when-64GB.patch (git-fixes)
Alt-commit
- commit 46ed395
- Refresh patches.suse/drm-amd-display-prevent-potential-division-by-zero-e.patch (git-fixes)
Alt-commit
- commit b7ab8de
- Refresh patches.suse/drm-amd-display-enable-cursor-degamma-for-DCN3-DRM-l.patch (git-fixes)
Alt-commit
- commit 885580e
- Refresh patches.suse/drm-amd-display-Remove-wait-while-locked.patch (git-fixes)
Alt-commit
- commit 43c45c5
- Refresh patches.suse/drm-amd-display-Add-smu-write-msg-id-fail-retry-proc.patch (git-fixes)
Alt-commit
- commit b800d81
- Refresh patches.suse/drm-amd-display-register-edp_backlight_control-for-D.patch (git-fixes)
Alt-commit
- commit 164cdf4
- Refresh patches.suse/drm-amdgpu-fix-Null-pointer-dereference-error-in-amd.patch (git-fixes)
Alt-commit
- commit c814bba
- Refresh patches.suse/drm-amdgpu-gfx10-Disable-gfxoff-before-disabling-pow.patch (git-fixes)
Alt-commit
- commit e937913
- Refresh patches.suse/drm-amd-pm-parse-pp_handle-under-appropriate-conditi.patch (git-fixes)
Alt-commit
- commit f5d987c
- Refresh patches.suse/drm-amd-display-fix-access-hdcp_workqueue-assert.patch (git-fixes)
Alt-commit
- commit 0906f4d
- Refresh patches.suse/drm-amdgpu-nv-Apply-ASPM-quirk-on-Intel-ADL-AMD-Navi.patch (git-fixes)
Alt-commit
- commit c25da25
- Refresh patches.suse/drm-amdgpu-Correct-the-power-calcultion-for-Renior-C.patch (git-fixes)
Alt-commit
- commit bb8f92f
- Refresh patches.suse/0549-drm-amdgpu-enable-Vangogh-VCN-indirect-sram-mode.patch (git-fixes)
Alt-commit
- commit aa42634
- Refresh patches.suse/drm-i915-Never-return-0-if-not-all-requests-retired.patch (git-fixes)
Alt-commit
- commit bf8aa0c
- Refresh patches.suse/drm-i915-Fix-negative-value-passed-as-remaining-time.patch (git-fixes)
Alt-commit
- commit 33c3117
- Refresh patches.suse/drm-display-dp_mst-Fix-drm_dp_mst_add_affected_dsc_c.patch (git-fixes)
Alt-commit
- commit 5f0e59c
- Refresh patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch (git-fixes)
Alt-commit
- commit ae7a01a
- Refresh patches.suse/drm-amdgpu-dm-dp_mst-Don-t-grab-mst_mgr-lock-when-co.patch (git-fixes)
Alt-commit
- commit a480119
- Refresh patches.suse/drm-amdgpu-dm-mst-Use-the-correct-topology-mgr-point.patch (git-fixes)
Alt-commit
- commit cfd3d6f
- Refresh patches.suse/1625-drm-i915-vdsc-Set-VDSC-PIC_HEIGHT-before-using-for-D.patch (git-fixes)
Alt-commit
- commit 0691a9b
- Refresh patches.suse/1585-drm-i915-slpc-Let-s-fix-the-PCODE-min-freq-table-set.patch (git-fixes)
Alt-commit
- commit b19cad4
- Refresh patches.suse/1536-drm-i915-guc-clear-stalled-request-after-a-reset.patch (git-fixes)
Alt-commit
- commit fb1fad7
- Refresh patches.suse/1396-drm-i915-gt-Batch-TLB-invalidations.patch (git-fixes)
Alt-commit
- commit 1d66c31
- Refresh patches.suse/1394-drm-i915-gt-Invalidate-TLB-of-the-OA-unit-at-TLB-inv.patch (git-fixes)
Alt-commit
- commit 5c89722
- Refresh patches.suse/1393-drm-i915-gt-Ignore-TLB-invalidations-on-idle-engines.patch (git-fixes)
Alt-commit
- commit 43ab4df
- Refresh patches.suse/1536-drm-i915-guc-clear-stalled-request-after-a-reset.patch (git-fixes)
Alt-commit
- commit 9329ad7
- Refresh patches.suse/1859-drm-i915-selftests-fix-subtraction-overflow-bug.patch (git-fixes)
Alt-commit
- commit 3943b71
- Refresh patches.suse/1855-drm-i915-ttm-fix-sg_table-construction.patch (git-fixes)
Alt-commit
- commit d989f7a
- Refresh patches.suse/1644-i915-guc-reset-Make-__guc_reset_context-aware-of-gui.patch (git-fixes)
Alt-commit
- commit 4511955
- Refresh patches.suse/1639-drm-amd-Don-t-reset-dGPUs-if-the-system-is-going-to-.patch (git-fixes)
Alt-commit
- commit 69ca555
- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
CVE-2023-52476).
- commit c52b506
- fs: introduce lock_rename_child() helper (bsc#1221044
CVE-2023-52591).
Refresh patches.suse/fs-Establish-locking-order-for-unrelated-directories.patch
- commit 86376e0
- rename(): avoid a deadlock in the case of parents having no
common ancestor (bsc#1221044 CVE-2023-52591).
- commit 16e3098
- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit 8b8deef
- rename(): fix the locking of subdirectories (bsc#1221044
CVE-2023-52591).
- commit 146d81f
- f2fs: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 5344280
- ext4: don't access the source subdirectory content on
same-directory rename (bsc#1221044 CVE-2023-52591).
- commit b2b6374
- ext2: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 2edcc11
- udf_rename(): only access the child content on cross-directory
rename (bsc#1221044 CVE-2023-52591).
- commit 0257614
- ocfs2: Avoid touching renamed directory if parent does not
change (bsc#1221044 CVE-2023-52591).
- commit e786f3a
- reiserfs: Avoid touching renamed directory if parent does not
change (git-fixes bsc#1221044 CVE-2023-52591).
Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit 523ddca
- fs: don't assume arguments are non-NULL (bsc#1221044
CVE-2023-52591).
- commit 2177893
- fs: Restrict lock_two_nondirectories() to non-directory inodes
(bsc#1221044 CVE-2023-52591).
- commit a59a7cb
- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 8c6576f
- s390/pai: fix attr_event_free upper limit for pai device drivers
(git-fixes bsc#1221633).
- commit dcd390e
- KVM: s390: only deliver the set service event bits (git-fixes
bsc#1221631).
- commit 6e3593c
- Update
patches.suse/s390-vfio-ap-always-filter-entire-AP-matrix.patch
(git-fixes bsc#1219012 CVE-2024-26620 bsc#1221298).
- commit 4fb9779
- iommu/vt-d: Don't issue ATS Invalidation request when device
is disconnected (git-fixes).
- commit 4c37f6f
- net/sched: Add module alias for sch_fq_pie (bsc#1210335 CVE-2023-1829).
- commit a69d933
- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
(bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
(bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- commit 961c535
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and
direct mappings (git-fixes).
- ALSA: usb-audio: Stop parsing channels bits when all channels
are found (git-fixes).
- ALSA: aaci: Delete unused variable in aaci_do_suspend
(git-fixes).
- ASoC: meson: axg-tdm-interface: add frame rate constraint
(git-fixes).
- ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
(git-fixes).
- ASoC: amd: acp: Add missing error handling in sof-mach
(git-fixes).
- ALSA: seq: fix function cast warnings (git-fixes).
- ALSA: aw2: avoid casting function pointers (git-fixes).
- ALSA: ctxfi: avoid casting function pointers (git-fixes).
- PCI: dwc: endpoint: Fix advertised resizable BAR size
(git-fixes).
- PCI: switchtec: Fix an error handling path in
switchtec_pci_probe() (git-fixes).
- PCI/P2PDMA: Fix a sleeping issue in a RCU read section
(git-fixes).
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
(git-fixes).
- PCI/DPC: Print all TLP Prefixes, not just the first (git-fixes).
- PCI/AER: Fix rootport attribute paths in ABI docs (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check
(git-fixes).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during
probe (git-fixes).
- backlight: lm3630a: Don't set bl->props.brightness in
get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init
(git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when
of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle()
takes a ref (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for
MT8192 (git-fixes).
- HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
(git-fixes).
- HID: amd_sfh: Update HPD sensor structure elements (git-fixes).
- commit d46946b
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (bsc#1213456 CVE-2023-28746).
This is an optimisation patch which got added late so there's no hurry
to merge it.
- commit 69db574
- Properly sort already upstream patches
- Refresh
patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
patches.suse/x86-entry-ia32-Ensure-s32-is-sign-extended-to-s64.patch.
- Refresh
patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit fe7e19d
- iommu/amd: Mark interrupt as managed (git-fixes).
- commit 7365cc3
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- commit e4605be
- blacklist.conf: ("arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL")
- commit 037b20c
- blacklist.conf: ("arm64: dts: imx8mm-kontron: Disable pull resistors for SD card")
- commit a5753b4
- blacklist.conf: ("arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals")
- commit 1c17a18
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- commit f4fdf95
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- commit a51708e
- arm64: mm: fix VA-range sanity check (git-fixes)
- commit dd606ae
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- commit 4c81404
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- commit 59dc2f8
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- commit b5996a2
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- commit 499e8df
- Update patches.kabi/kabi-fix-zone-unaccepted-memory.patch
(jsc#PED-7167 bsc#1218643 bsc#1221338 bsc#1220114).
- commit 727559f
- Make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- commit d2f65b3
- drm/msm/dpu: add division of drm_display_mode's hskew parameter
(git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of
atom_get_src_int() (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
enabled (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
(git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/mediatek: Fix a null pointer crash in
mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
(git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create
(git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in
ni_init_microcode() (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in
'dp_dsc_clock_en_read()' (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode()
(git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid
contexts (git-fixes).
- media: tc358743: register v4l2 async device only after
successful setup (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- PM: suspend: Set mem_sleep_current during kernel command line
setup (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region()
call in the .remove function (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done()
(git-fixes).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data
(git-fixes).
- commit 7758a76
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing
defer (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error
handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling
paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in
tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error
handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in
tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node
(git-fixes).
- ACPI: processor_idle: Fix memory leak in
acpi_processor_power_exit() (git-fixes).
- ACPI: resource: Add MAIBENBEN X577 to
irq1_edge_low_force_override (git-fixes).
- ACPI: scan: Fix device check notification handling (git-fixes).
- ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
(git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's
return value (git-fixes).
- cpufreq: amd-pstate: Fix min_perf assignment in
amd_pstate_adjust_perf() (git-fixes).
- commit 1cf1fe2
- RAS: Export helper to get ras_debugfs_dir (jsc#PED-7619).
- commit 2d174a0
- powerpc/pseries: Fix potential memleak in papr_get_attr()
(bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- commit 3aea930
- RAS/AMD/FMPM: Fix off by one when unwinding on error (jsc#PED-7619).
- commit b104443
- RAS/AMD/FMPM: Add debugfs interface to print record entries (jsc#PED-7619).
- commit 0fb8312
- RAS/AMD/FMPM: Save SPA values (jsc#PED-7619).
- commit 749cc57
- Sort the AMD edac patches
- Refresh
patches.suse/Documentation-RAS-Add-index-and-address-translation-sectio.patch.
- Refresh
patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Add-MI300-DRAM-to-normalized-address-translati.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Add-MI300-row-retirement-support.patch.
- Refresh patches.suse/RAS-AMD-ATL-Add-MI300-support.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Fix-array-overflow-in-get_logical_coh_st_fabri.patch.
- Refresh
patches.suse/RAS-AMD-ATL-Fix-bit-overflow-in-denorm_addr_df4_np2.patch.
- Refresh
patches.suse/RAS-Introduce-AMD-Address-Translation-Library.patch.
- Refresh
patches.suse/RAS-Introduce-a-FRU-memory-poison-manager.patch.
- commit 9e22745
- net: phy: fix phy_get_internal_delay accessing an empty array
(git-fixes).
- Bluetooth: Remove superfluous call to hci_conn_check_pending()
(git-fixes).
- Bluetooth: mgmt: Remove leftover queuing of power_off work
(git-fixes).
- Bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
(git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init
is complete (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning
up all interfaces (git-fixes).
- wifi: iwlwifi: mvm: don't set replay counters to 0xff
(git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
(git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices
(git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures
(git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data
header (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir() (git-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif
(git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
(git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled
(git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is
disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is
disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros
(git-fixes).
- commit 15851fa
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- commit 407c3c5
- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
Add git-commit info
- commit bc859f9
- pNFS: Fix the pnfs block driver's calculation of layoutget size
(git-fixes).
- NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
(git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node
(git-fixes).
- SUNRPC: Fix a suspicious RCU usage warning (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
(git-fixes).
- NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- SUNRPC: Add an IS_ERR() check back to where it was (git-fixes).
- SUNRPC: ECONNRESET might require a rebind (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same
fs (git-fixes).
- pNFS/flexfiles: Check the layout validity in
ff_layout_mirror_prepare_stats (git-fixes).
- pNFS: Fix a hang in nfs4_evict_inode() (git-fixes).
- Revert "SUNRPC dont update timeout value on connection reset"
(git-fixes).
- NFSv4: Fix a state manager thread deadlock regression
(git-fixes).
- NFSv4: Fix a nfs4_state_manager() race (git-fixes).
- NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- NFS: rename nfs_client_kset to nfs_kset (git-fixes).
- commit dc5b918
- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
Fix for kABI workaround.
- commit 6ba2f5d
- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
CVE-2023-52583).
- commit 1a81018
- sched/rt: Disallow writing invalid values to sched_rt_period_us
(bsc#1220176).
- commit ee86051
- Update
patches.suse/netfs-fscache-Prevent-Oops-in-fscache_put_cache.patch
(bsc#1220003 bsc#1221291 CVE-2024-26612).
- commit 0607d13
- netfs: Only call folio_start_fscache() one time for each folio
(CVE-2023-52582 bsc#1220878).
- commit dfd082b
- netfs: Only call folio_start_fscache() one time for each folio
(CVE-2023-52582 bsc#1220878).
- commit b301f9c
- Refresh
patches.suse/mm-ima-kexec-of-use-memblock_free_late-from-ima_free.patch.
Fix:
* Section mismatch (function ima_free_kexec_buffer()) in modpost: vmlinux.o in ima_free_kexec_buffer()
WARNING: modpost: vmlinux.o(.text+0xac1250): Section mismatch in reference from the function ima_free_kexec_buffer() to the function .init.text:__memblock_free_late()
- commit 5522f01
- scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252).
- commit 1d550ca
- sched/rt: sysctl_sched_rr_timeslice show default timeslice
after reset (bsc#1220176).
- commit 4ac46cd
- powerpc/pseries/iommu: IOMMU table is not initialized for
kdump over SR-IOV (bsc#1220492 ltc#205270).
- commit 27b28f5
- Update
patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
(bsc#1220790 CVE-2023-52477).
- commit d33bab7
- nvmet-fc: take ref count on tgtport before delete assoc
(git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- commit 4d1e993
- raid1: fix use-after-free for original bio in
raid1_write_request() (bsc#1221097).
- md: fix data corruption for raid456 when reshape restart while
grow up (git-fixes).
- commit 35ee14b
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe()
(git-fixes).
- i2c: i801: Avoid potential double call to
gpiod_remove_lookup_table (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion
(git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS
is enabled (git-fixes).
- vt: fix unicode buffer corruption when deleting characters
(git-fixes).
- usb: port: Don't try to peer unused USB ports based on location
(git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets
(git-fixes).
- USB: usb-storage: Prevent divide-by-0 error in
isd200_ata_command (git-fixes).
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
(git-fixes).
- ASoC: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- ASoC: madera: Fix typo in madera_set_fll_clks shift value
(git-fixes).
- ALSA: hda/realtek - Fix headset Mic no show at resume back
for Lenovo ALC897 platform (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ
(git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- commit 5e91dbb
- s390/vfio-ap: wire in the vfio_device_ops request callback
(bsc#1205316).
- commit dc0bc15
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl
(bsc#1205316).
- commit 17d9de4
- Fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices" (bsc#1220775)
Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- Refresh patches.suse/coresight-etm4x-Change-etm4_platform_driver-driver-for-MMIO-devices.patch.
- Refresh patches.suse/coresight-etm4x-Ensure-valid-drvdata-and-clock-before-clk_put.patch.
- commit 8983adc
- raid1: fix use-after-free for original bio in
raid1_write_request() (bsc#1221097).
- commit 5154c94
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl
(bsc#1205316).
- commit dbbf2ae
- ALSA: hda/realtek: fix mute/micmute LED For HP mt440
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
(git-fixes).
- commit d4f6f9f
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit 9d7d799
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit f4f0cf4
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- commit 4473cfd
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- Refresh patches.suse/coresight-etm4x-Change-etm4_platform_driver-driver-for-MMIO-devices.patch.
- Refresh patches.suse/coresight-etm4x-Ensure-valid-drvdata-and-clock-before-clk_put.patch.
- commit ef5cdf7
- IB/ipoib: Fix mcast list locking (git-fixes)
- commit 8d1c71a
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (git-fixes)
- commit c54bb31
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- commit fba33fc
- group-source-files.pl: Quote filenames (boo#1221077).
The kernel source now contains a file with a space in the name.
Add quotes in group-source-files.pl to avoid splitting the filename.
Also use -print0 / -0 when updating timestamps.
- commit a005e42
- mm,ima,kexec,of: use memblock_free_late from
ima_free_kexec_buffer (bsc#1220872 CVE-2023-52576).
- commit b1b1c9a
- PCI/MSI: Prevent MSI hardware interrupt number truncation (bsc#1218777)
- commit 5410859
- Update patches.suse/phy-ti-phy-omap-usb2-Fix-NULL-pointer-dereference-fo.patch (git-fixes,bsc#1220340,CVE-2024-26600)
- commit e321d5a
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit 78e2b4a
- erofs: fix lz4 inplace decompression (CVE-2023-52497
bsc#1220879).
- commit ddeedf9
- ACPI: extlog: fix NULL pointer dereference check (bsc#1221039
CVE-2023-52605).
- commit 635c481
- Update patches.suse/arm64-errata-Add-Cortex-A520-speculative-unprivileged-load-workaround.patch (bsc#1219443, bsc#1220887, CVE-2023-52481)
- commit 52243ca
- kernel-binary: Fix i386 build
Fixes: 89eaf4cdce05 ("rpm templates: Move macro definitions below buildrequires")
- commit f7c6351
- btrfs: remove BUG() after failure to insert delayed dir index
item (bsc#1220918 CVE-2023-52569).
- btrfs: improve error message after failure to add delayed dir
index item (bsc#1220918 CVE-2023-52569).
- commit 53e1d2d
- net: nfc: fix races in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831).
- commit 8c33586
- kabi: team: Hide new member header_ops (bsc#1220870
CVE-2023-52574).
- commit 9f49992
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392
bsc#1221040 CVE-2023-52597).
- commit a90b87c
- tracing: Inform kmemleak of saved_cmdlines allocation
(git-fixes).
- commit bb07230
- Update
patches.suse/ceph-drop-messages-from-MDS-when-unmounting.patch
(jsc#SES-1880 CVE-2022-48628 bsc#1220848).
- commit 187fa94
- kernel-binary: vdso: fix filelist for non-usrmerged kernel
Fixes: a6ad8af207e6 ("rpm templates: Always define usrmerged")
- commit fb3f221
- bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
(bsc#1220926 CVE-2023-52523).
- commit 90d9f50
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE
(git-fixes).
- md: Don't ignore suspended array in md_check_recovery()
(git-fixes).
- md: Whenassemble the array, consult the superblock of the
freshest device (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
md_set_readonly() (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should
wait on the reshape (git-fixes).
- md/raid5: release batch_last before waiting for another
stripe_head (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(git-fixes).
- md: introduce md_ro_state (git-fixes).
- commit cef73db
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
(bsc#1218562 CVE-2023-6270).
- commit 57a4cd4
- efivarfs: force RO when remounting if SetVariable is not
supported (bsc#1220328 CVE-2023-52463).
- commit eed7fb0
- topology: Fix up build warning in topology_is_visible()
(jsc#PED-7618).
- commit 6c82a8d
- topology/sysfs: Hide PPIN on systems that do not support it
(jsc#PED-7618).
- commit d8d9717
- blacklist.conf: add non-backport md git-fixes commits
- commit b13564d
- iommu/vt-d: Avoid memory allocation in iommu_suspend()
(CVE-2023-52559 bsc#1220933).
- commit c9b01ef
- Refresh patches.suse/0001-powerpc-pseries-memhp-Fix-access-beyond-end-of-drmem.patch.
- update to upstream version
- rename to same name as SLE15 SP5
- commit 1d2def1
- ravb: Fix use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514 CVE-2023-35827).
- team: fix null-ptr-deref when team device type is changed
(bsc#1220870 CVE-2023-52574).
- commit 2cc53f5
- Update
patches.suse/ice-xsk-return-xsk-buffers-back-to-pool-when-cleanin.patch
(jsc#SLE-18375 bsc#1220961 CVE-2021-47105).
- Update patches.suse/net-mana-Fix-TX-CQE-error-handling.patch
(bsc#1215986 bsc#1220932 CVE-2023-52532).
- Update
patches.suse/net-mlx5e-Wrap-the-tx-reporter-dump-callback-to-extr.patch
(jsc#SLE-19253 bsc#1220486 CVE-2021-46931).
Added CVE references.
- commit 3e396c2
- Input: pm8941-powerkey - fix debounce on gen2+ PMICs
(git-fixes).
- commit bbebd44
- Input: pm8941-pwrkey - add support for PON GEN3 base addresses
(git-fixes).
- commit 7ab5a9e
- Update patches.suse/i2c-validate-user-data-in-compat-ioctl.patch
(git-fixes bsc#1220469 CVE-2021-46934).
Add bug and CVE references.
- commit 3a04060
- bpf: fix check for attempt to corrupt spilled pointer
(bsc#1220325 CVE-2023-52462).
- commit 34faa5d
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- commit 6793acf
- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit 7f00c86
- tracing/probes: Fix to show a parse error for bad type for $comm
(git-fixes).
- commit fceb89f
- x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746).
- commit ee70608
- ring-buffer: Clean ring_buffer_poll_wait() error return
(git-fixes).
- commit 27ae4ee
- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit c955133
- blacklist.conf: add kABI-breaking tracing fixes, not worth it
- commit 8058748
- wifi: mac80211: fix potential key use-after-free (CVE-2023-52530
bsc#1220930).
- commit 3feca94
- Update patch reference for iwlwifi fix (CVE-2023-52531 bsc#1220931)
- commit bde87cf
- Update patch reference for pinctrl fix (CVE-2021-47083 bsc#1220917)
- commit b608623
- drm/bridge: sii902x: Fix probing race issue (bsc#1220736 CVE-2024-26607).
- commit 70198c4
- Update
patches.suse/vt-fix-memory-overlapping-when-deleting-chars-in-the.patch
(git-fixes bsc#1220845 CVE-2022-48627).
- Update
patches.suse/x86-srso-add-srso-mitigation-for-hygon-processors.patch
(git-fixes bsc#1220735 CVE-2023-52482).
Add CVE references.
- commit dcdac38
- mfd: syscon: Fix null pointer dereference in
of_syscon_register() (bsc#1220433 CVE-2023-52467).
- commit b0262b8
- Input: pm8941-pwrkey - add software key press debouncing support
(git-fixes).
- commit 00016c1
- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
(bsc#1220254 CVE-2024-26591).
- commit fc948d3
- selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255
CVE-2024-26589).
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
CVE-2024-26589).
- commit 8a833ce
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- commit 1306bff
- kabi: restore return type of dst_ops::gc() callback
(CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
bsc#1219295).
- commit b8eec42
- netfilter: nf_tables: fix 64-bit load issue in
nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit e095cd0
- netfilter: nft_set_pipapo: skip inactive elements during set
walk (CVE-2023-6817 bsc#1218195).
- commit 4032aa7
- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
CVE-2024-26622).
- commit c8e5b38
- doc/README.SUSE: Update information about module support status
(jsc#PED-5759)
Following the code change in SLE15-SP6 to have externally supported
modules no longer taint the kernel, update the respective documentation
in README.SUSE:
* Describe that support status can be obtained at runtime for each
module from /sys/module/$MODULE/supported and for the entire system
from /sys/kernel/supported. This provides a way how to now check that
the kernel has any externally supported modules loaded.
* Remove a mention that externally supported modules taint the kernel,
but keep the information about bit 16 (X) and add a note that it is
still tracked per module and can be read from
/sys/module/$MODULE/taint. This per-module information also appears in
Oopses.
- commit 9ed8107
- btrfs: fix double free of anonymous device after snapshot
creation failure (bsc#1219126 CVE-2024-23850).
- commit 257a534
- btrfs: do not ASSERT() if the newly created subvolume already
got read (bsc#1219126 CVE-2024-23850).
- commit a2ac581
- bpf: Minor cleanup around stack bounds (bsc#1220257
CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
CVE-2023-52452).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
(git-fixes).
- bpf: Minor cleanup around stack bounds (bsc#1220257
CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
CVE-2023-52452).
- bpf: Add some comments to stack representation (bsc#1220257
CVE-2023-52452).
- Refresh patches.kabi/kABI-fix-bpf-Tighten-ptr_to_btf_id-checks.patch
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
(git-fixes).
- bpf: Minor logging improvement (bsc#1220257).
- commit 7d03125
- Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
(git-fixes).
- commit b66785f
- Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
(git-fixes).
- commit 33289fd
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- commit a41f935
- Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
(git-fixes).
- commit 80bb041
- blacklist.conf: kABI
- commit e10e64a
- Input: i8042 - add quirk for Fujitsu Lifebook A574/H
(git-fixes).
- commit f166a3d
- blacklist.conf: kABI
- commit 2948031
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457).
- commit c82f528
- serial: imx: fix tx statemachine deadlock (bsc#1220364
CVE-2023-52456).
- commit cd9f92c
- powerpc/pseries/memhp: Fix access beyond end of drmem array
(bsc#1220250,CVE-2023-52451).
- commit fdc7254
- usb: f_mass_storage: forbid async queue when shutdown happen
(git-fixes).
- commit 35228c0
- usb: hub: Replace hardcoded quirk value with BIT() macro
(git-fixes).
- commit 1d57e38
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
(git-fixes).
- commit 012813c
- Update patch reference for input fix (CVE-2021-46932 bsc#1220444)
- commit e44e0b1
- lan78xx: enable auto speed configuration for LAN7850 if no
EEPROM is detected (git-commit).
- commit bcacbd9
- usb: dwc3: gadget: Ignore End Transfer delay on teardown
(git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Add-1ms-delay-after-end-transfer-com.patch.
- commit 251cd08
- tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
- wifi: nl80211: reject iftype change with mesh ID change
(git-fixes).
- usb: dwc3: gadget: Don't disconnect if not started (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call
(git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen
(git-fixes).
- usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit
(git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- usb: dwc3: gadget: Queue PM runtime idle on disconnect event
(git-fixes).
- usb: dwc3: gadget: Handle EP0 request dequeuing properly
(git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro
(git-fixes).
- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
(git-fixes).
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for
IT8784/IT8786 (git-fixes).
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
(git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
(git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
(git-fixes).
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
(git-fixes).
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset
(git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow
(git-fixes).
- wifi: wext-core: Fix -Wstringop-overflow warning in
ioctl_standard_iw_point() (git-fixes).
- wifi: ath11k: fix registration of 6Ghz-only phy without the
full channel range (git-fixes).
- usb: dwc3: gadget: Refactor EP0 forced stall/restart into a
separate API (git-fixes).
- usb: dwc3: gadget: Submit endxfer command if delayed during
disconnect (git-fixes).
- commit 8b4f9a3
- power: supply: bq27xxx-i2c: Do not free non existing IRQ
(git-fixes).
- mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
- mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
- mmc: core: Fix eMMC initialization with 1-bit bus connection
(git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
(git-fixes).
- mtd: spinand: gigadevice: Fix the get ecc status issue
(git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission
(git-fixes).
- mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
- regulator: pwm-regulator: Add validity checks in continuous
.get_voltage (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the TECLAST X16
Plus tablet (git-fixes).
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were
detected (git-fixes).
- PCI: switchtec: Fix stdev_release() crash after surprise hot
remove (git-fixes).
- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
- PCI: Only override AMD USB controller if required (git-fixes).
- PCI/AER: Decode Requester ID when no error info found
(git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe
(git-fixes).
- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
(git-fixes).
- pstore/ram: Fix crash when setting number of cpus to an odd
number (git-fixes).
- PNP: ACPI: fix fortify warning (git-fixes).
- regulator: core: Only increment use_count when enable_count
changes (git-fixes).
- PM: core: Remove unnecessary (void *) conversions (git-fixes).
- serial: 8250: Remove serial_rs485 sanitization from em485
(git-fixes).
- PM: runtime: Have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
- commit 9894050
- gpio: fix resource unwinding order in error path (git-fixes).
- commit f4d7f82
- gpiolib: Fix the error path order in
gpiochip_add_data_with_key() (git-fixes).
- commit 9367441
- Update patches.suse/i2c-Fix-a-potential-use-after-free.patch
(git-fixes bsc#1220409 CVE-2019-25162).
Add bug and CVE references.
- commit 6df4ebd
- Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and
pm_sleep_ptr() (git-fixes).
- Refresh
patches.suse/Input-iqs269a-do-not-poll-during-suspend-or-resume.patch.
- commit 7360a05
- i2c: imx: Add timer for handling the stop condition (git-fixes).
- Refresh
patches.suse/i2c-imx-Make-sure-to-unregister-adapter-on-remove.patch.
- commit 3a3d0f8
- gpio: 74x164: Enable output pins after registers are reset
(git-fixes).
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font()
(git-fixes).
- lan78xx: enable auto speed configuration for LAN7850 if no
EEPROM is detected (git-fixes).
- i2c: imx: when being a target, mark the last read as processed
(git-fixes).
- i2c: i801: Fix block process call transactions (git-fixes).
- iio: hid-sensor-als: Return 0 for
HID_USAGE_SENSOR_TIME_TIMESTAMP (git-fixes).
- firewire: core: send bus reset promptly on gap count error
(git-fixes).
- efi: Don't add memblocks for soft-reserved memory (git-fixes).
- hwmon: (coretemp) Enlarge per package core count limit
(git-fixes).
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
(git-fixes).
- fbdev: sis: Error out if pixclock equals zero (git-fixes).
- fbdev: savage: Error out if pixclock equals zero (git-fixes).
- libsubcmd: Fix memory leak in uniq() (git-fixes).
- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
- i3c: master: cdns: Update maximum prescaler value for i2c clock
(git-fixes).
- leds: trigger: panic: Don't register panic notifier if creating
the trigger failed (git-fixes).
- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
- media: stk1160: Fixed high volume of stk1160_dbg messages
(git-fixes).
- i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
- HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
- HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
- commit 0f0032c
- dmaengine: ptdma: use consistent DMA masks (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization
(git-fixes).
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
(git-fixes).
- Revert "drm/amd/pm: resolve reboot exception for si oland"
(git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE
flag is set (git-fixes).
- drm/ttm: Fix an invalid freeing on already freed page in error
path (git-fixes).
- drm/amd/display: Preserve original aspect ratio in create stream
(git-fixes).
- Revert "drm/amd/display: increased min_dcfclk_mhz and
min_fclk_mhz" (git-fixes).
- drm/prime: Support page array >= 4GB (git-fixes).
- efi: runtime: Fix potential overflow of soft-reserved region
size (git-fixes).
- drm/amd/display: Increase frame-larger-than for all
display_mode_vba files (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program GFXDEC registers for suspend abort
(git-fixes).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
command DMA (git-fixes).
- dmaengine: ti: edma: Add some null pointer checks to the
edma_probe (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
(git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- commit 61b82a0
- ALSA: Drop leftover snd-rtctimer stuff from Makefile
(git-fixes).
- ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
- Bluetooth: qca: Fix wrong event type for patch config command
(git-fixes).
- Bluetooth: Enforce validation on max value of connection
interval (git-fixes).
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
(git-fixes).
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
(git-fixes).
- Bluetooth: hci_sync: Fix accept_list when attempting to suspend
(git-fixes).
- Bluetooth: Avoid potential use-after-free in hci_error_reset
(git-fixes).
- Bluetooth: hci_sync: Check the correct flag before starting
a scan (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED For HP mt645
(git-fixes).
- ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
(git-fixes).
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
- bus: moxtet: Add spi device table (git-fixes).
- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
- crypto: api - Disallow identical driver names (git-fixes).
- commit a409ffd
- ALSA: usb-audio: Ignore clock selector errors for single
connection (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
(git-fixes).
- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287
thinkpads (git-fixes).
- ALSA: usb-audio: Check presence of valid altsetting control
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
(git-fixes).
- ALSA: hda/realtek: Fix the external mic not being recognised
for Acer Swift 1 SF114-32 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
(git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
synchronous events (git-fixes).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
(git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1
and iMac12,2 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad
X131e (3371 AMD version) (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
(git-fixes).
- ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
(git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
(git-fixes).
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
(git-fixes).
- ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
- commit 728134a
- efivarfs: force RO when remounting if SetVariable is not
supported (bsc#1220328 CVE-2023-52463).
- commit 6239d33
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- commit b7359fc
- btrfs: fix double free of anonymous device after snapshot
creation failure (bsc#1219126 CVE-2024-23850).
- commit f8ba729
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238 CVE-2023-52449).
- commit c132b67
- fs/mount_setattr: always cleanup mount_kattr (bsc#1220457
CVE-2021-46923).
- commit 89afe2f
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
(bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
CVE-2023-52447).
- commit bec1c61
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
(bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
CVE-2023-52447).
- commit aa6db76
- Update patch reference for HID fix (CVE-2023-52478 bsc#1220796)
- commit 4aec836
- Update patch reference for input fix (CVE-2023-52475 bsc#1220649)
- commit 00a87c8
- topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618).
- Refresh
patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit e74360b
- topology/sysfs: Add format parameter to macro defining "show" functions for proc (jsc#PED-7618).
- Refresh
patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit 978a12d
- x86/cpu: X86_FEATURE_INTEL_PPIN finally has a CPUID bit (jsc#PED-7618).
- Refresh patches.suse/x86-speculation-disable-rrsba-behavior.patch.
- commit f7bed0d
- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
cache (bsc#1220326, CVE-2024-26598).
- commit 74fd0dd
- scsi: lpfc: Replace deprecated strncpy() with strscpy()
(bsc#1220021).
- scsi: lpfc: Copyright updates for 14.4.0.0 patches
(bsc#1220021).
- scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: Change lpfc_vport load_flag member into a bitmask
(bsc#1220021).
- scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask
(bsc#1220021).
- scsi: lpfc: Protect vport fc_nodes list with an explicit spin
lock (bsc#1220021).
- scsi: lpfc: Change nlp state statistic counters into atomic_t
(bsc#1220021).
- scsi: lpfc: Remove shost_lock protection for fc_host_port
shost APIs (bsc#1220021).
- scsi: lpfc: Move handling of reset congestion statistics events
(bsc#1220021).
- scsi: lpfc: Save FPIN frequency statistics upon receipt of
peer cgn notifications (bsc#1220021).
- scsi: lpfc: Add condition to delete ndlp object after sending
BLS_RJT to an ABTS (bsc#1220021).
- scsi: lpfc: Fix failure to delete vports when discovery is in
progress (bsc#1220021).
- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN
processing for ndlps (bsc#1220021).
- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute
for Fabric nodes (bsc#1220021).
- scsi: lpfc: Remove D_ID swap log message from trace event logger
(bsc#1220021).
- scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's
length (bsc#1220021).
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
(bsc#1220021).
- scsi: lpfc: Initialize status local variable in
lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal
(bsc#1220021).
- PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
- commit 41ec061
- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603).
- commit 4cbbdbf
- Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459)
- commit 8ac32a8
- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- commit 71868f2
- media: pvrusb2: fix use after free on context disconnection
(CVE-2023-52445 bsc#1220241).
- commit e4643a5
- RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
- commit 62d6d3a
- hisi_acc_vfio_pci: Update migration data pointer correctly on (bsc#1220337,CVE-2023-52453)
- commit 6a9df09
- RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
- Delete patches.suse/EDAC-amd64-Add-MI300-row-retirement-support.patch.
- commit 3cc5727
- uio: Fix use-after-free in uio_open (bsc#1220140
CVE-2023-52439).
- commit fbf52b1
- apparmor: avoid crash when parsed profile name is empty
(CVE-2023-52443 bsc#1220240).
- commit 732bc93
- ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
- commit c9fe433
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- commit 6df2cbb
- xfs: short circuit xfs_growfs_data_private() if delta is zero
(git-fixes).
- commit fcba050
- xfs: remove unused fields from struct xbtree_ifakeroot
(git-fixes).
- commit 86da8f9
- fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
- commit 595274a
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
(git-fixes).
- commit 8b6113c
- nilfs2: fix data corruption in dsync block recovery for small
block sizes (git-fixes).
- commit 3bf00f7
- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
- commit 95bef1f
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- commit d7a8248
- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit e676b4f
- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
- commit fc7d276
- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
- commit bcf9251
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit 9b22efe
- afs: Increase buffer size in afs_update_volume_status()
(git-fixes).
- commit dd84cc3
- afs: Hide silly-rename files from userspace (git-fixes).
- commit 3ff836d
- afs: fix the usage of read_seqbegin_or_lock() in
afs_find_server*() (git-fixes).
- commit c7a2b9c
- afs: fix the usage of read_seqbegin_or_lock() in
afs_lookup_volume_rcu() (git-fixes).
- commit 4fa847b
- btrfs: do not ASSERT() if the newly created subvolume already
got read (bsc#1219126 CVE-2024-23850).
- commit 087f1fb
- Update
patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch
(git-fixes, bsc1220398, CVE-2024-26602).
- commit 7349e3e
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- commit edd994d
- i2c: i801: Fix block process call transactions (bsc#1220009
CVE-2024-26593).
- commit 1b64da9
- RDMA/core: Fix uninit-value access in ib_get_eth_speed()
(bsc#1219934).
- commit 3ebf8e4
- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
CVE-2024-26586).
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
error path (bsc#1220344 CVE-2024-26595).
- commit 6e8b589
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464)
- commit 369d1fd
- RDMA/core: Get IB width and speed from netdev (bsc#1219934).
- commit 24279f3
- KVM: s390: vsie: fix race during shadow creation (git-fixes
bsc#1220393).
- commit 72fd28e
- Update config files.
Cleanup with run_oldconfig.sh
- commit ef734e5
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
- commit 8d2ffe7
- supported.conf: remove external flag from IBM supported modules.
(bsc#1209412)
- commit a25e99f
- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes)
- commit 7e2b55c
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- commit b343796
- arm64: irq: set the correct node for VMAP stack (git-fixes)
- commit f682ae8
- blacklist.conf: ("arm64: lib: Import latest version of Arm Optimized Routines' strncmp")
- commit 88ead84
- Refresh sorted patches.
- commit 9f45380
- powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
(bsc#1220348).
- powerpc/pseries: Add a clear modifier to ibm,pa/pi-features
parser (bsc#1220348).
- commit 7e988f6
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed
NTBs (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet
(git-fixes).
- usb: cdns3: fixed memory use after free at
cdns3_gadget_ep_disable() (git-fixes).
- usb: roles: don't get/set_role() when usb_role_switch is
unregistered (git-fixes).
- usb: roles: fix NULL pointer issue when put module's reference
(git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting CDNSP family
controllers (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- USB: serial: option: add Fibocom FM101-GL variant (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
(git-fixes).
- USB: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
- commit 6aacbee
- s390: use the correct count for __iowrite64_copy() (git-fixes
bsc#1220317).
- commit 3d0908e
- md: bypass block throttle for superblock update (bsc#1220154,
CVE-2023-52437).
- commit 3b94bb4
- cachefiles: fix memory leak in cachefiles_add_cache()
(bsc#1220267).
- commit 9bb720c
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253 CVE-2023-52448).
- commit 12cdab5
- platform/x86: thinkpad_acpi: Only update profile if successfully
converted (git-fixes).
- platform/x86: touchscreen_dmi: Allow partial (prefix) matches
for ACPI names (git-fixes).
- commit d153a3a
- rpm templates: Always define usrmerged
usrmerged is now defined in kernel-spec-macros and not the distribution.
Only check if it's defined in kernel-spec-macros, not everywhere where
it's used.
- commit a6ad8af
- USB: gadget: core: adjust uevent timing on gadget unbind
(git-fixes).
- commit e3b30d8
- blacklist.conf: entry for usb/gadget/udc/core that has been reverted
- commit 50292b0
- mm,page_owner: Update Documentation regarding page_owner_stacks
(jsc-PED#7423).
- commit 96f4587
- mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
- commit e683246
- mm,page_owner: Display all stacks and their count
(jsc-PED#7423).
- commit cfad590
- rpm templates: Move macro definitions below buildrequires
Many of the rpm macros defined in the kernel packages depend directly or
indirectly on script execution. OBS cannot execute scripts which means
values of these macros cannot be used in tags that are required for OBS
to see such as package name, buildrequires or buildarch.
Accumulate macro definitions that are not directly expanded by mkspec
below buildrequires and buildarch to make this distinction clear.
- commit 89eaf4c
- mm,page_owner: Implement the tracking of the stacks count
(jsc-PED#7423).
- commit 4c2de65
- mm,page_owner: Maintain own list of stack_records structs
(jsc-PED#7423).
- commit 91e49cb
- scsi: ibmvfc: Open-code reset loop for target reset
(bsc#1220106).
- commit 8ab46b6
- scsi: ibmvfc: Limit max hw queues by num_online_cpus()
(bsc#1220106).
- commit 648a1af
- lib/stackdepot: Move stack_record struct definition into the
header (jsc-PED#7423).
- commit 6077ffb
- lib/stackdepot: Fix first entry having a 0-handle
(jsc-PED#7423).
- commit 992fd7d
- lib/stackdepot: add refcount for records (jsc-PED#7423).
- commit 714c529
- sched/membarrier: reduce the ability to hammer on sys_membarrier
(git-fixes).
- commit 050cced
- lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
- commit 2786362
- RDMA/srpt: fix function pointer cast warnings (git-fixes)
- commit dac438c
- RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
- commit b146859
- RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
- commit 8d48d24
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
- commit da3f72a
- RDMA/irdma: Add AE for too many RNRS (git-fixes)
- commit f63a394
- RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
- commit 3b512eb
- RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
- commit 98f2343
- RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
- commit 83211d5
- RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
- commit 675dc2d
- RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
- commit c51f388
- IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
- commit 2afc750
- x86/mm: Fix memory encryption features advertisement (bsc#1206453).
- commit 143c33b
- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
goto" issue").
- commit be1bdab
- net: openvswitch: limit the number of recursions from action
sets (bsc#1219835 CVE-2024-1151).
- commit ed2fd55
- net: qualcomm: rmnet: fix global oob in rmnet_policy
(git-fixes).
- commit 0b41491
- scsi: core: Move scsi_host_busy() out of host lock if it is
for per-command (git-fixes).
- commit 65a3d05
- mfd: syscon: Fix null pointer dereference in
of_syscon_register() (git-fixes).
- commit ac6a500
- powerpc/64: Set task pt_regs->link to the LR value on scv entry
(bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y
(bsc#1194869).
- powerpc/watchpoints: Annotate atomic context in more places
(bsc#1194869).
- powerpc/watchpoint: Disable pagefaults when getting user
instruction (bsc#1194869).
- powerpc/watchpoints: Disable preemption in thread_change_pc()
(bsc#1194869).
- powerpc/pseries: Rework lppaca_shared_proc() to avoid
DEBUG_PREEMPT (bsc#1194869).
- powerpc: Don't include lppaca.h in paca.h (bsc#1194869).
- powerpc/powernv: Fix fortify source warnings in opal-prd.c
(bsc#1194869).
- commit 148ec5a
- modpost: trim leading spaces when processing source files list
(git-fixes).
- kbuild: Fix changing ELF file type for output of gen_btf for
big endian (git-fixes).
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
(git-fixes).
- driver core: Fix device_link_flag_is_sync_state_only()
(git-fixes).
- iio: accel: bma400: Fix a compilation problem (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value
read from RM3100_REG_TMRC (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- commit 55c0c3a
- compute-PATCHVERSION: Do not produce output when awk fails
compute-PATCHVERSION uses awk to produce a shell script that is
subsequently executed to update shell variables which are then printed
as the patchversion.
Some versions of awk, most notably bysybox-gawk do not understand the
awk program and fail to run. This results in no script generated as
output, and printing the initial values of the shell variables as
the patchversion.
When the awk program fails to run produce 'exit 1' as the shell script
to run instead. That prevents printing the stale values, generates no
output, and generates invalid rpm spec file down the line. Then the
problem is flagged early and should be easier to diagnose.
- commit 8ef8383
- Drop bcm5974 input patch causing a regression (bsc#1220030)
- commit cdfe144
- nvme-fabrics: fix I/O connect error handling (git-fixes).
- commit 1cf32dd
- scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
bsc#1219141).
- scsi: Revert "scsi: fcoe: Fix potential deadlock on
&fip->ctlr_lock" (git-fixes bsc#1219141).
- scsi: core: Move scsi_host_busy() out of host lock for waking
up EH handler (git-fixes).
- scsi: isci: Fix an error code problem in isci_io_request_build()
(git-fixes).
- scsi: mpi3mr: Refresh sdev queue depth after controller reset
(git-fixes).
- commit bb93e52
- scsi: hisi_sas: Prevent parallel FLR and controller reset
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- commit 90473ca
- drm/amdgpu/display: Initialize gamma correction mode variable
in dcn30_get_gamcor_current() (git-fixes).
- drm/amd/display: Fix possible NULL dereference on device
remove/driver unload (git-fixes).
- Revert "drm/amd: flush any delayed gfxoff on suspend entry"
(git-fixes).
- drm/amd/display: Fix possible buffer overflow in
'find_dcfclk_for_voltage()' (git-fixes).
- drm/crtc: fix uninitialized variable use even harder
(git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- can: j1939: Fix UAF in j1939_sk_match_filter during
setsockopt(SO_J1939_FILTER) (git-fixes).
- wifi: iwlwifi: uninitialized variable in
iwl_acpi_get_ppag_table() (git-fixes).
- wifi: iwlwifi: Fix some error codes (git-fixes).
- spi-mxs: Fix chipselect glitch (git-fixes).
- spi: ppc4xx: Drop write-only variable (git-fixes).
- HID: wacom: generic: Avoid reporting a serial of '0' to
userspace (git-fixes).
- HID: wacom: Do not register input devices until after
hid_hw_start (git-fixes).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
(git-fixes).
- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in
BPC unknown case (git-fixes).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
(git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- crypto: ccp - Fix null pointer dereference in
__sev_platform_shutdown_locked (git-fixes).
- commit 8c41a3a
- ALSA: usb-audio: More relaxed check of MIDI jack names
(git-fixes).
- ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
(git-fixes).
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks
table (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix device ID / model name
(git-fixes).
- ALSA: usb-audio: Sort quirk table entries (git-fixes).
- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
(git-fixes).
- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
(git-fixes).
- commit 4ee9775
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 515312a
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
Also add mds_user_clear to kABI severities since it's strictly
mitigation related so should be low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit f298aab
- netfs, fscache: Prevent Oops in fscache_put_cache()
(bsc#1220003).
- commit 70831f5
- mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
- commit 4c346fc
- netfilter: nf_tables: disallow rule removal from chain binding
(bsc#1218216 CVE-2023-5197).
- commit dcfc62f
- netfilter: nf_tables: skip bound chain in netns release path
(bsc#1218216 CVE-2023-5197).
- commit 29d741f
- netfilter: nf_tables: disallow rule removal from chain binding
(bsc#1218216 CVE-2023-5197).
- commit d7a1a4d
- netfilter: nf_tables: skip bound chain in netns release path
(bsc#1218216 CVE-2023-5197).
- commit af879c8
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- commit e5b6bde
- mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE
(bsc#1218663).
- commit d6fa958
- mm/hwpoison: mf_mutex for soft offline and unpoison
(bsc#1218663).
- commit 177fcfa
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127 CVE-2024-23849).
- commit 43577c1
- Refresh
patches.suse/scsi-lpfc-use-unsigned-type-for-num_sge.patch.
- commit 6b5c8aa
- USB: hub: check for alternate port before enabling
A_ALT_HNP_SUPPORT (bsc#1218527).
- Delete patches.suse/usb-otg-numberpad-exception.patch.
Removal of temporary work around
- commit 51410f7
- kernel-binary: Move build script to the end
All other spec templates have the build script at the end, only
kernel-binary has it in the middle. Align with the other templates.
- commit 98cbdd0
- rpm templates: Aggregate subpackage descriptions
While in some cases the package tags, description, scriptlets and
filelist are located together in other cases they are all across the
spec file. Aggregate the information related to a subpackage in one
place.
- commit 8eeb08c
- rpm templates: sort rpm tags
The rpm tags in kernel spec files are sorted at random.
Make the order of rpm tags somewhat more consistent across rpm spec
templates.
- commit 8875c35
- blacklist.conf: irrelevant in our configs
- commit 011570e
- dm: limit the number of targets and parameter size area
(bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit 26dc83e
- usb: cdns3: Modify the return value of cdns_set_active ()
to void when CONFIG_PM_SLEEP is disabled (git-fixes).
- Refresh patches.kabi/usb-cdns-readd-old-API.patch.
- commit f63fe1f
- usb: cdns: readd old API (git-fixes).
- commit e63cfaf
- usb: gadget: f_hid: fix report descriptor allocation
(git-fixes).
- commit b1aee6d
- Refresh
patches.suse/USB-dwc2-write-HCINT-with-INTMASK-applied.patch.
moved into sorted section
- commit 19ade31
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
(git-fixes).
- commit e5f0b82
- usb: cdns3: Put the cdns set active part outside the spin lock
(git-fixes).
- commit 86f2eb0
- USB: Gadget: core: Help prevent panic during UVC unconfigure
(git-fixes).
- commit 00fdbf2
- usb: gadget: core: remove unbalanced mutex_unlock in
usb_gadget_activate (git-fixes).
- commit 4803ff6
- usb: gadget: udc: Handle gadget_connect failure during bind
operation (git-fixes).
- commit 70218de
- USB: gadget: core: Add missing kerneldoc for vbus_work
(git-fixes).
- commit 25e9543
- usb: gadget: udc: core: Prevent soft_connect_store() race
(git-fixes).
- commit eb5f8ac
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
(git-fixes).
- commit 7a7bf5a
- blacklist.conf: changed reason
The old reason applied only to SP4. However
this patch by coincidence still needs to be blacklisted in SP5
for a completely different reason
- commit 5f8bebe
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(git-fixes).
- Refresh
patches.suse/USB-gadget-Fix-use-after-free-during-usb-config-swit.patch.
- commit a8658e1
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(git-fixes).
- commit 6205e50
- s390/qeth: Fix potential loss of L3-IP@ in case of network
issues (git-fixes bsc#1219840).
- commit 4987d16
- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
- commit 47fbb44
- Add reference to recently released CVE
- Update
patches.suse/x86-entry-convert-int-0x80-emulation-to-idtentry.patch
(bsc#1217927 CVE-2024-25744).
- Update
patches.suse/x86-entry-do-not-allow-external-0x80-interrupts.patch
(bsc#1217927 CVE-2024-25744).
- commit 1dc32d2
- nvme-host: fix the updating of the firmware version (git-fixes).
- commit 27cca59
- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
- commit 8b0cea9
- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- commit 713244d
- arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
- commit 2aa2cc1
- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
Fix following error when building kvmsmall config by removing left over
declaration:
[ 216s] In file included from ../arch/x86/kernel/cpu/mce/core.c:52:0:
[ 216s] ../arch/x86/include/asm/mce.h:366:1: error: duplicate 'static'
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~~~
[ 216s] ../arch/x86/include/asm/mce.h:366:15: error: two or more data types in declaration specifiers
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~
[ 216s] ../arch/x86/include/asm/mce.h: In function 'mce_hygon_feature_init':
[ 216s] ../arch/x86/include/asm/mce.h:366:75: error: void value not ignored as it ought to be
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
[ 216s] ^~~~~~~~~~~~~~~~~~~~~~~
[ 216s] ../arch/x86/include/asm/mce.h:366:50: error: control reaches end of non-void function [-Werror=return-type]
[ 216s] static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
- commit 7015e17
- arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
Enable workaround.
- commit 72bb690
- arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
- Update config files.
- Refresh caps file
- commit 12d16a6
- arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443)
Enable workaround without kABI break.
- Update config files.
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 2067234
- arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes)
Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
- Update config files
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 4d24e79
- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
Fix build due to incomplete line removal
- commit 720d084
- vhost: use kzalloc() instead of kmalloc() followed by memset()
(CVE-2024-0340, bsc#1218689).
- commit 4c5a740
- README.BRANCH: Update cve/linux-5.14 maintainers
Add myself to match SLE15-SP5 consumer + fix typo in branch name.
- commit da26653
- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
Accidentally removed nfs4_get_stateowner
- commit ad106c0
- kernel-binary: certs: Avoid trailing space
- commit bc7dc31
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
(git-fixes bsc#1219608 CVE-2024-24860).
- commit a1186fd
- Update
patches.suse/Bluetooth-Fix-atomicity-violation-in-min-max-_key_si.patch
(git-fixes bsc#1219608 CVE-2024-24860).
- commit dedfe8a
- README.BRANCH: update branch name to cve/linux-5.14, update maintainers
as requested
- commit 8e34879
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
(bsc#1219653)
They are put into -devel subpackage. And a proper link to
/usr/share/gdb/auto-load/ is created.
- commit 1dccf2a
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- commit fb688f3
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- commit a26a502
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- commit 83df5af
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- commit 761e3c8
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- commit d6e1334
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- commit f1baba4
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- commit d6ad6ba
- netfilter: nf_tables: check if catch-all set element is active
in next generation (CVE-2024-1085 bsc#1219429).
- commit 7b3f4c4
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
(CVE-2024-1086 bsc#1219434).
- commit 5f917ff
- fs: indicate request originates from old mount API (git-fixes).
- commit 8ccbbb1
- tracefs: Add missing lockdown check to tracefs_create_dir()
(git-fixes).
- commit 36d0f04
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- commit b1a5e63
- attr: block mode changes of symlinks (git-fixes).
- commit c0d7be1
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- commit 3a099ca
- kernfs: fix missing kernfs_idr_lock to remove an ID from the
IDR (git-fixes).
- commit 5156b80
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based
tmpfs (git-fixes).
- commit a75bdfb
- fs: drop peer group ids under namespace lock (git-fixes).
- commit b6028f3
- nsfs: add compat ioctl handler (git-fixes).
- commit 38694b2
- aio: fix mremap after fork null-deref (git-fixes).
- commit 22e33d9
- fs: don't audit the capability check in simple_xattr_list()
(git-fixes).
- commit 5b6e2cc
- mm: fs: initialize fsdata passed to write_begin/write_end
interface (git-fixes).
- commit af45b4c
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- commit 088d52b
- vfs: make freeze_super abort when sync_filesystem returns error
(git-fixes).
- commit 6a3b59b
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- commit 113e698
- Update
patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-v2.patch
(bsc#1219128 CVE-2023-51042 git-fixes).
- commit 4b937fc
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
(git-fixes).
- drm/amdkfd: Fix 'node' NULL check in
'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in
'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table'
in 'get_platform_power_management_table()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070
and SN6140 (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in
'kfd_add_peer_prop()' (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
(git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in
'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable
(git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases
(git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on
same heap (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
time (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp
(git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- commit 3c1f8a7
- rpm/mkspec: sort entries in _multibuild
Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
due to readdir() using "random" order as served by the underlying
filesystem.
See for example:
https://build.opensuse.org/request/show/1144457/changes
- commit d1155de
- Revert "tracing: Increase trace array ref count on enable and
filter files" (bsc#1219490).
Deleted:
patches.suse/tracing-Increase-trace-array-ref-count-on-enable-and-filter-files.patch
patches.suse/tracing-Fix-uaf-issue-when-open-the-hist-or-hist_debug-file.patch
patches.suse/tracing-Have-event-inject-files-inc-the-trace-array-ref-count.patch
Backported commit f5ca233e2e66 ("tracing: Increase trace array ref count
on enable and filter files") causes a kernel panic and its upstream
fix-up bb32500fb9b7 ("tracing: Have trace_event_file have ref counters")
cannot be easily backported because it affects kABI. Revert the commit
and its two related + dependent patches, at least for now.
- commit b75b68d
- fs: Move notify_change permission checks into may_setattr
(git-fixes).
- commit 9c54f53
- blacklist.conf: add 'nvme: fix error-handling for io_uring
nvme-passthrough'
- commit 580a5ab
- nvme-rdma: Fix transfer length when write_generate/read_verify
are 0 (git-fixes).
- commit b0bd240
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context
(git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- commit 45d7afe
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID
reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after
FDISC (bsc#1219582).
- scsi: lpfc: Change VMID driver load time parameters to read only
(bsc#1219582).
- commit bb7c841
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- commit 5e28675
- misc: fastrpc: Mark all sessions as invalid in cb_remove
(git-fixes).
- serial: max310x: fail probe if clock crystal is unstable
(git-fixes).
- serial: max310x: improve crystal stable clock detection
(git-fixes).
- serial: max310x: set default value when reading clock ready bit
(git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget
(git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: host: xhci-plat: Add support for
XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- dmaengine: fix is_slave_direction() return false when
DMA_DEV_TO_DEV (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
(git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
(git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor
(git-fixes).
- commit 4d4442b
- Input: atkbd - do not skip atkbd_deactivate() when skipping
ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping
ATKBD_CMD_GETID (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic
(git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack
(git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls
(git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
(git-fixes).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
(git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- firewire: core: correct documentation of fw_csr_string()
kernel API (git-fixes).
- commit 2100750
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- commit a1a4e04
- perf/x86/uncore: Use u64 to replace unsigned for the uncore
offsets array (bsc#1219512).
- commit 1425233
- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
bsc#1218730).
- commit 658d424
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
Update an existing patch to fix bsc#1216441.
- commit 1c5c5fe
- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
XSA-448, bsc#1218836).
- commit 9a897ff
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- commit fe7e152
- nouveau/vmm: don't set addr on the fail path to avoid warning
(git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable
W/A (git-fixes).
- drm: Don't unref the same fb many times by mistake due to
deadlock handling (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event
(git-fixes).
- commit 962c8b3
- Update
patches.suse/ext4-fix-kernel-BUG-in-ext4_write_inline_data_end.patch
(CVE-2021-33631 bsc#1219412 bsc#1206894).
- commit 2260246
- kabi, vmstat: skip periodic vmstat update for isolated CPUs
(bsc#1217895).
- commit 8cb5798
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- trace,smp: Add tracepoints around remotelly called functions
(bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs
(bsc#1217895).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 668c0e0
- kernel-source: Fix description typo
- commit 8abff35
- nvmet-tcp: Fix the H2C expected PDU len calculation
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
CVE-2023-6536 CVE-2023-6356).
- commit d968940
- clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
- commit b33ffd8
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968
bsc#1219349).
- commit e7c782d
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
(CVE-2023-47233 bsc#1216702).
- commit 433859d
- rpm/constraints.in: set jobs for riscv to 8
The same workers are used for x86 and riscv and the riscv builds take
ages. So align the riscv jobs count to x86.
- commit b2c82b9
- blacklist.conf: add a not-relevant module commit
- commit d1799c4
- tracing/trigger: Fix to return error if failed to alloc snapshot
(git-fixes).
- commit 6a3a4f2
- blacklist.conf: Add bunch of uclamp fixups
244226035a1f sched/uclamp: Fix fits_capacity() check in feec()
b759caa1d9f6 sched/uclamp: Make select_idle_capacity() use util_fits_cpu()
c56ab1b3506b sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
d81304bc6193 sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition
6b00a4014765 sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
- commit 6be119f
- platform/x86: ISST: Reduce noise for missing numa information
in logs (bsc#1219285).
- commit 017b316
- tracing: Ensure visibility when inserting an element into
tracing_map (git-fixes).
- commit 95dfb0f
- bpf: Limit the number of kprobes when attaching program to
multiple kprobes (git-fixes).
- commit ecd4878
- ring-buffer: Do not record in NMI if the arch does not support
cmpxchg in NMI (git-fixes).
- commit 2ced0ce
- tracing: Fix uaf issue when open the hist or hist_debug file
(git-fixes).
- commit 8c95da9
- tracing: Add size check when printing trace_marker output
(git-fixes).
- commit ea9dc7e
- tracing: Have large events show up as '[LINE TOO BIG]' instead of
nothing (git-fixes).
- commit 57bb6f3
- asix: Add check for usbnet_get_endpoints (git-fixes).
- commit ce1c3e3
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250
(git-fixes).
- commit a726891
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in
the error case (git-fixes).
- commit b1d3207
- clocksource: Skip watchdog check for large watchdog intervals
(git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable()
(git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in
.post_disable() (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma
tm070jvhg[30/33] (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX
transfer (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in
gsc_runtime_resume (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane
(git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type
(git-fixes).
- commit 0576231
- net: sched: sch_qfq: Use non-work-conserving warning handler
(CVE-2023-4921 bsc#1215275).
- commit b50ba0e
- mkspec: Use variant in constraints template
Constraints are not applied consistently with kernel package variants.
Add variant to the constraints template as appropriate, and expand it
in mkspec.
- commit cc68ab9
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol
It's an internal function that shouldn't have been exported
- commit eb24ddf
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry
(git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
(git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
(git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- pstore: ram_core: fix possible overflow in
persistent_ram_init_ecc() (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference
(git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
(git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where
applicable (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of
streamon (git-fixes).
- commit d4f3c53
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
boost on HP ZBook (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
(git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command
(git-fixes).
- drivers: clk: zynqmp: update divider round rate logic
(git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
(git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab
S10346 (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- ASoC: ops: add correct range check for limiting volume
(git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure
(git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration
(git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function
(git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to
restricted __be16 (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path
(git-fixes).
- commit f91e3c6
- Drop clk imx patch that was reverted in the stable tree
- commit ab74263
- Drop ASoC atmel patch that was reverted on stable tree
- commit 7e99407
- rpm/constraints.in: add static multibuild packages
Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
constraints on multibuild) added "kernel-source:" prefix to the
dynamically generated kernels. But there are also static ones like
kernel-docs. Those fail to build as the constraints are still not
applied.
So add the prefix also to the static ones.
Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
will ever be multibuilt...
- commit c2e0681
- Update
patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonblocki.patch
(bsc#1219120 CVE-2023-51043 git-fixes).
- commit d004027
- Revert "Limit kernel-source build to architectures for which the kernel binary"
This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a
- mkspec: Include constraints for both multibuild and plain package always
There is no need to check for multibuild flag, the constraints can be
always generated for both cases.
- commit 308ea09
- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b
- scsi: hisi_sas: Correct the number of global debugfs registers
(git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed
(git-fixes).
- commit 2336743
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Add-more-logs-for-runtime-suspend-resume.patch.
- Refresh
patches.suse/scsi-hisi_sas-Fix-rescan-after-deleting-a-disk.
- Refresh
patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- Refresh
patches.suse/scsi-hisi_sas-Use-libsas-internal-abort-support.patch.
- Refresh
patches.suse/scsi-libsas-Don-t-always-drain-event-workqueue-for-HA-resume.patch.
- commit 6d49430
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- commit afe2033
- rpm/kernel-source.rpmlintrc: add action-ebpf
Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
plugin) added this precompiled binary blob. Adapt rpmlintrc for
kernel-source.
- commit b5ccb33
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- commit ef8225f
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
(bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13
(bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common
code (bsc#1219136).
- commit 4161e83
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
(bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming
Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting
Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols
(bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols
(bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies
(bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings
(bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform
(bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file
(bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and
config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream
(bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver
(bsc#1219136).
- ASoC: amd: acp: store platform device reference created in
pci probe call (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable
interrupts functions (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for
rembrandt platform (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence
(bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- commit 120d62d
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table
(bsc#1219136).
- commit 150a883
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
(bsc#1219136).
- commit c977ecd
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
(bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh
platform (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions
(bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers
(bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver
(bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the
quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
(bsc#1219136).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
(8A42) (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false
condition (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function
(bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop
16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
(8A43) (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
(bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain
(bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms
(bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver
(bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence
(bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation
(bsc#1219136).
- ASoC: amd: acp: Add new cpu dai's in machine driver
(bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in
create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in
pdm driver (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers
(bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler
(bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic
(bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config
(bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms
(bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table
(bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver
(bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention
(bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine
driver (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S
controller (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header
(bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
(bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks
table (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo
ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of
devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc()
(bsc#1219136).
- ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build
(bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic
(bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver
(bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build
(bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic
driver (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header
(bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic
(bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean
(bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream
(bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during
pcm_open (bsc#1219136).
- commit 14632ae
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- commit 3eba4f6
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- commit ee809a9
- xhci: track port suspend state correctly in unsuccessful resume
cases (git-fixes).
- commit 5f8b948
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- commit a7b727f
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- commit f3c4bfe
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- commit 7e17ca6
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- commit ed0fb4a
- blacklist.conf: ("arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer")
- commit 76fd77c
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- commit 872bee1
- scsi: hisi_sas: Replace with standard error code return value
(git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: core: Always send batch on reset or error handling command
(git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
(git-fixes).
- commit 3a87f07
- blacklist.conf: add commit that breaks kabi
- commit 4ab1644
- scsi: qla2xxx: Fix system crash due to bad pointer access
(git-fixes).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from
3 to 30 for selected registers (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in
fc_lport_ptp_setup() (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall
return code (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing
debugfs (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending
PHY_START command (git-fixes).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump
(git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed
(git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
(git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing
(git-fixes).
- commit d038b1c
- xhci: pass port pointer as parameter to xhci_set_port_power()
(git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- commit b297848
- USB: xhci: workaround for grace period (git-fixes).
- commit 66e1fb8
- xhci: Add grace period after xHC start to prevent premature
runtime suspend (git-fixes).
- blacklist.conf: I wanted to avoid the kABI workaround for this, but it
is needed; reinstate it.
- Refresh
patches.suse/xhci-remove-unused-command-member-from-struct-xhci_h.patch.
- commit e6ea339
- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
The previous change added the manual entry from kernel-sources.change.old
to old_changelog.txt unnecessarily. Let's fix it.
- commit fb033e8
- Update
patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch
(bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 97ea702
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- commit e0e972e
- blacklist.conf: add 4fbc3a52cd4d ("RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz")
- commit 294e9b8
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- commit 345f1ff
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- commit 4a6aa38
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- commit 281db3f
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- commit 63679fd
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- commit 3c73c12
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- commit 8cc2bd1
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- commit 8d9fb90
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- commit e242a3d
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- commit 29a41f7
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- commit 538f2e3
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- commit 263fc9c
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- commit 59ab729
- rpm/kernel-docs.spec.in: fix build with 6.8
Since upstream commit f061c9f7d058 (Documentation: Document each netlink
family), the build needs python yaml.
- commit 6a7ece3
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing
(git-fixes).
- Refresh
patches.suse/scsi-hisi_sas-Handle-NCQ-error-when-IPTT-is-valid.patch.
- commit 44aa3a5
- blacklist.conf: kABI
- commit d83f18a
- blacklist.conf: kABI
- commit 59ff7e1
- Update patch reference for ax88179 fix (bsc#1218948)
- commit 5a21b74
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize
hv_nmi_unknown() (git-fixes).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM
(git-fixes).
- commit 7633c65
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel
null pointer (git-fixes).
- commit 3bf351b
- dmaengine: fix NULL pointer in channel unregistration function
(git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type
on io.h (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer
(git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs
(git-fixes).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init
(git-fixes).
- apparmor: avoid crash when parsed profile name is empty
(git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360
13-ay0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models
(git-fixes).
- drm/amd/display: get dprefclk ss info from integration info
table (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix a potential error pointer dereference
(git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32
bps format (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- commit 091325f
- net: usb: ax88179_178a: avoid two consecutive device resets
(bsc#1218948).
- net: usb: ax88179_178a: Bind only to vendor-specific interface
(bsc#1218948).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- commit d91b154
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- commit ad625bb
- badblocks: avoid checking invalid range in badblocks_check()
(bsc#1174649).
- badblocks: switch to the improved badblock handling code
(bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges
handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges
handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling
(bsc#1174649).
- badblocks: add helper routines for badblock ranges handling
(bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h
(bsc#1174649).
- commit 6a46786
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- commit 4ac18f0
- perf/x86/intel/uncore: Factor out topology_gidnid_map()
(bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology() (bsc#1218958).
- commit fe3658c
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- Refresh
patches.suse/net-usb-ax88179_178a-wol-optimizations.patch.
- commit 8b1488e
- s390/vfio-ap: let on_scan_complete() callback filter matrix
and update guest's APCB (git-fixes bsc#1219014).
- commit b83db20
- s390/vfio-ap: loop over the shadow APCB when filtering guest's
AP configuration (git-fixes bsc#1219013).
- commit 0f291d1
- s390/vfio-ap: always filter entire AP matrix (git-fixes
bsc#1219012).
- commit a461bd5
- s390/pci: fix max size calculation in zpci_memcpy_toio()
(git-fixes bsc#1219006).
- commit 18b0ac3
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h
(git-fixes).
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling
mode (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- pwm: jz4740: Don't use dev_err_probe() in .request()
(git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate()
(git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault
(git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
(git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer
(git-fixes).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for
mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq
(git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg
enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled
(git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
(git-fixes).
- Revert "usb: dwc3: don't reset device side if dwc3 was
configured as host-only" (git-fixes).
- Revert "usb: dwc3: Soft reset phy on probe for host"
(git-fixes).
- Revert "usb: typec: class: fix typec_altmode_put_partner to
put plugs" (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency
(git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during
probe (git-fixes).
- serial: imx: Correct clock error message in function probe()
(git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable()
fails (git-fixes).
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed (git-fixes).
- software node: Let args be NULL in
software_node_get_reference_args (git-fixes).
- acpi: property: Let args be NULL in
__acpi_node_get_property_reference (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: don't ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers
(git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing
TREs (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer
(git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs
(git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- pinctrl: intel: Revert "Unexport intel_pinctrl_probe()"
(git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate
(git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags
(git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen
machines and ASM108x/VT630x PCIe cards (git-fixes).
- mmc: core: Cancel delayed work before releasing host
(git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- commit 050b9b3
- blacklist.conf: documentation fix
- commit 056879c
- KVM: s390: vsie: Fix STFLE interpretive execution identification
(git-fixes bsc#1218997).
- commit a78caf7
- nvme: move nvme_stop_keep_alive() back to original position
(bsc#1211515).
- commit d640b69
- netfilter: nf_tables: Reject tables of unsupported family
(bsc#1218752 CVE-2023-6040).
- commit e03f1d3
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme-loop: always quiesce and cancel commands before destroying
admin q (bsc#1211515).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue()
(bsc#1211515).
- commit f407c87
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- commit 79783f0
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
(git-fixes).
- commit cc469c7
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under
@c->lp_mutex (git-fixes).
- commit d5d1991
- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
CVE-2024-0641).
- commit d898738
- Drop PCI vmd patches that caused a regression (bsc#1218005)
Deleted:
patches.suse/PCI-vmd-Fix-secondary-bus-reset-for-Intel-bridges.patch
patches.suse/PCI-vmd-Fix-uninitialized-variable-usage-in-vmd_enab.patch
- commit 1697177
- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
CVE-2024-0641).
- commit 7953be2
- Update metadata
- commit c015ae2
- smb: client: fix OOB in receive_encrypted_standard()
(bsc#1218832 CVE-2024-0565).
- commit 3cac9c2
- smb: client: fix OOB in receive_encrypted_standard()
(bsc#1218832 CVE-2024-0565).
- commit e9083ae
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- commit b54373d
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- commit 69805de
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- commit 17233cd
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- commit 3e4d18d
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- commit c22413e
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- commit 366f439
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- commit bb70cd4
- Documentation: Begin a RAS section (jsc#PED-7622).
- commit b55cb06
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- commit 2a68e97
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- commit 44e51c1
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- commit 05504bb
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- commit ea69eb6
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- Refresh
patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit 7126e83
- ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804
CVE-2023-6915).
- commit 7caa324
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- commit 12e7799
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- commit 1360d63
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- commit 289eab7
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- commit ac44ea2
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- Refresh
patches.suse/platform-x86-amd-pmc-remove-CONFIG_DEBUG_FS-checks.patch.
- commit 9b51c97
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- commit 58aa5aa
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- commit f30c55c
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- commit ffa78e3
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- commit cfe246e
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- Refresh
patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit cb392fd
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- Refresh
patches.suse/edac-add-rddr5-and-lrddr5-memory-types.patch.
- commit eca21a4
- usb: otg numberpad exception (bsc#1218527).
- commit 3d70e84
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- commit 16c2c66
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- commit b84231c
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- commit b7d2f10
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- commit ea43a00
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- commit 2c6263f
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- commit 375eb6a
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- commit 2903760
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- commit 9071635
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- commit 21842b7
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- commit 93157a0
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- commit 01c4123
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- commit 59d41b9
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- commit ddb7d7a
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- commit cb412ef
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- commit f32e3e6
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- commit e87aae6
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- commit 555ada3
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- commit 8839a23
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- commit 9f0bb93
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- commit 13890aa
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- commit 78d7b48
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- commit a00b2ae
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- commit 49bc10d
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- commit c2e9755
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- commit 320ccbc
- EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- commit 85a16a7
- EDAC/amd64: Add context struct (jsc#PED-7615).
- commit 98c3472
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- commit d8a1ed8
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- commit deabf4e
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- commit c071d82
- s390: vfio-ap: tighten the NIB validity check (git-fixes)
blacklist.conf: the reason for valid for SLE15-SP4, not so much for SP5
- commit fbc62d2
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- commit 854c05d
- blacklist.conf: not a fix
- commit e48ddb7
- Delete
patches.suse/s390-sles15sp2-kdump-fix-out-of-memory-with-PCI.patch.
Patch obsoleted by 73045a08cf55 ("s390: unify identity mapping limits
handling")
- commit efb62ac
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- commit 3b938a7
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- commit a6bc99c
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- commit 36e1498
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- commit aa5d7f2
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- commit cf6ac73
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- commit 1e7e6ff
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- commit 86846ee
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- commit 6ecb7b5
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- Fix crash in vmw_context_cotables_unref when 3d support is enabled
(bsc#1218738)
- commit 99a9f67
- of: unittest: Fix of_count_phandle_with_args() expected value
message (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking
(git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS
irq (git-fixes).
- commit e43eec3
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- commit 29695c1
- of: Fix double free in of_parse_phandle_with_args_map
(git-fixes).
- HID: wacom: Correct behavior when processing some confidence ==
false touches (git-fixes).
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync()
(git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency
from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error
handling path of m88ds3103_probe() (git-fixes).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- media: ov9734: Enable runtime PM before registering async
sub-device (git-fixes).
- media: imx355: Enable runtime PM before registering async
sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection
(git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog
is unused (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
(git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init
(git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing
list_first_entry in kfd_topology.c (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the
clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from
dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match
its functionality (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt
leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/amd/pm: fix a double-free in
amdgpu_parse_extended_power_table (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors
are NULL (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in
trinity_parse_power_table (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table
(git-fixes).
- drm/radeon: check the alloc_workqueue return value in
radeon_crtc_init() (git-fixes).
- drm/bridge: tc358767: Fix return value on error case
(git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable
(git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
(git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all()
(git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/radeon: check return value of radeon_ring_lock()
(git-fixes).
- drm/radeon/r100: Fix integer overflow issues in
r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in
r600_cs_check_reg() (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- commit 10ca9c4
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property
(git-fixes).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
(git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in
si5341_output_clk_set_rate (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]
(git-fixes).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common
(git-fixes).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION
(git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch
(git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include
(git-fixes).
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table
(git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove
function (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu
pointer (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare
(git-fixes).
- drm/panfrost: Really power off GPU cores in
panfrost_gpu_power_off() (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- Revert "drm/omapdrm: Annotate dma-fence critical section in
commit path" (git-fixes).
- Revert "drm/tidss: Annotate dma-fence critical section in
commit path" (git-fixes).
- commit 335f137
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS
is encrypted (git-fixes).
- commit 8930a6f
- exfat: support handle zero-size directory (git-fixes).
- commit aa8d54f
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
(git-fixes).
- commit eabf8a7
- exfat: fix reporting fs error when reading dir beyond EOF
(git-fixes).
- commit 006310e
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
(git-fixes).
- commit bd29027
- gfs2: low-memory forced flush fixes (git-fixes).
- commit 7520dfb
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- commit de4f7d3
- gfs2: Always check inode size of inline inodes (git-fixes).
- commit 6a40877
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- Refresh
patches.suse/gfs2-Fix-inode-height-consistency-check.patch.
- commit 2086607
- gfs2: Disable page faults during lockless buffered reads
(git-fixes).
- commit 083a438
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- commit 4875ffd
- gfs2: release iopen glock early in evict (git-fixes).
- Refresh patches.suse/gfs2-fix-an-oops-in-gfs2_permission.patch.
- commit c3246bf
- gfs2: Eliminate ip->i_gh (git-fixes).
- commit c0a896f
- gfs2: Move the inode glock locking to gfs2_file_buffered_write
(git-fixes).
- commit 25a5c4c
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- commit fb547d4
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- commit 4f703a1
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- commit e22854c
- Update patch reference for rose fix (CVE-2023-51782 bsc#1218757)
- commit da9f8e9
- ring-buffer/Documentation: Add documentation on buffer_percent
file (git-fixes).
- kernel-doc: handle a void function without producing a warning
(git-fixes).
- scripts/kernel-doc: restore warning for Excess struct/union
(git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
(git-fixes).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
(git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request
(git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP
(git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA
association fail (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915
(git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
(git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable
code (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift
behavior (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix
(git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- crypto: sahara - do not resize req->src when doing hash
operations (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes <
sg->length (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process()
(git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error
handling (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
(git-fixes).
- crypto: sahara - fix processing requests with cryptlen <
sg->length (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error
(git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- commit bb694d9
- powerpc/powernv: Add a null pointer check to
scom_debug_init_one() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in
init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- powerpc/fadump: reset dump area size if fadump memory reserve
fails (bsc#1194869).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1194869).
- commit 5dce54b
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct
mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- commit f1ad417
- powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
- powerpc/powernv: Add a null pointer check in
opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
- powerpc/pseries/memhp: Fix access beyond end of drmem array
(bsc#1065729).
- commit 9ecfceb
- s390/vfio-ap: unpin pages on gisc registration failure
(git-fixes bsc#1218723).
- commit e07d25b
- series.conf: the patch is not in git and breaks series_insert.py
- commit fae10c6
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- commit c8d4ebe
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- commit b7954e5
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- commit 78d747c
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
The old entries are found in kernel-docs/old_changelog.txt in docdir.
rpm/old_changelog.txt can be an optional file that stores the similar
info like rpm/kernel-sources.changes.old. It can specify the commit
range that have been truncated. scripts/tar-up.sh expands from the
git log accordingly.
- commit c9a2566
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- commit 8afebed
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- PM: hibernate: Enforce ordering during image
compression/decompression (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC
handled the error (git-fixes).
- ACPI: video: check for error while searching for backlight
device parent (git-fixes).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc
comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller
response (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
(git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
(git-fixes).
- usr/Kconfig: fix typos of "its" (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static
(git-fixes).
- EDAC/thunderx: Fix possible out-of-bounds string access
(git-fixes).
- ACPI: property: Allow _DSD buffer data only for byte accessors
(git-fixes).
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map
(git-fixes).
- commit 7e9a91a
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1218447 CVE-2023-6531).
Requires a kABI fix due to the following:
net/core/scm.c:135: warning: __scm_destroy: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:217: warning: __scm_send: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:266: warning: put_cmsg: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:280: warning: put_cmsg_scm_timestamping64: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:294: warning: put_cmsg_scm_timestamping: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:353: warning: scm_detach_fds: modversion changed because of changes in struct io_uring_cmd (became defined)
net/core/scm.c:373: warning: scm_fp_dup: modversion changed because of changes in struct io_uring_cmd (became defined)
- commit aa4f175
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
(bsc#1218659).
- commit 4ee6819
- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- commit a036bcf
- xen/events: fix delayed eoi list handling (git-fixes).
- commit eb0149c
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
(git-fixes).
- commit f6ed3e4
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- commit a41e3fe
- Update patches.kabi/kabi-fix-zone-unaccepted-memory.patch
(jsc#PED-7167 bsc#1218643).
- commit f781e3d
- vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space() (git-fixes).
- commit db5c328
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
(git-fixes).
- commit ad9e29a
- virtio_balloon: Fix endless deflation and inflation on arm64
(git-fixes).
- commit 6583f74
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- commit d624528
- swiotlb: use the calculated number of areas (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- commit b9aedb4
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
(git-fixes).
- commit 8696527
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- commit 146bca2
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1218447, CVE-2023-6531).
- commit fdc256b
- swiotlb: reduce the number of areas to match actual memory
pool size (git-fixes).
- swiotlb: always set the number of areas before allocating the
pool (git-fixes).
- swiotlb: fix debugfs reporting of reserved memory pools
(git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure
(git-fixes).
- swiotlb: don't panic! (git-fixes).
- Revert "swiotlb: panic if nslabs is too small" (git-fixes).
- commit 1b89825
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit cfca7f7
- x86/purgatory: Remove LTO flags (git-fixes).
- commit bbd4f84
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- commit 46d60b3
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- commit 7686df9
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- Refresh patches.suse/x86-srso-set-cpuid-feature-bits-independently-of-bug-or-mitigation-status.patch.
- commit c22f4b4
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- commit d74349c
- vsprintf/kallsyms: Prevent invalid data when printing symbol
(bsc#1217602).
- commit 8dab9cc
- Limit kernel-source build to architectures for which the kernel binary
is built (bsc#1108281).
- commit 08a9e44
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- commit fdc98a7
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- commit 6bf16e1
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
(git-fixes).
- commit 3929c70
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit 4a0b72a
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- commit 7029135
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- commit 8087b92
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- commit 7b8dfd1
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- Refresh
patches.suse/x86-srso-fix-vulnerability-reporting-for-missing-microcode.patch.
- commit b121d1d
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 43e31d9
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- commit 98085ae
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- commit 270b9c8
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- commit 1bd102b
- gfs2: fix an oops in gfs2_permission (git-fixes).
- commit 60a8e84
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- commit a2dd84b
- gfs2: ignore negated quota changes (git-fixes).
- commit c2a4d43
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- commit 50de71c
- gfs2: Fix possible data races in gfs2_show_options()
(git-fixes).
- commit 7592b99
- gfs2: Fix inode height consistency check (git-fixes).
- commit 935054a
- gfs2: jdata writepage fix (git-fixes).
- commit e5f9516
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- commit 86c44aa
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 130df3d
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- commit 3054547
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- commit 4e4b75a
- gfs2: Fix filesystem block deallocation for short writes
(git-fixes).
- commit 87cd867
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
(git-fixes).
- commit 62669a7
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- commit d0e789c
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- commit 1a34aa3
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- commit 09da26e
- gfs2: Clean up function may_grant (git-fixes).
- commit ce33b14
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- commit e045f1b
- locks: fix KASAN: use-after-free in
trace_event_raw_event_filelock_lock (git-fixes).
- commit 4758492
- fs: avoid empty option when generating legacy mount string
(git-fixes).
- commit 00945db
- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit d4a18c5
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
(git-fixes).
- commit b9e9b76
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
(git-fixes).
- commit 1d47e4a
- orangefs: Fix sysfs not cleanup when dev init failed
(git-fixes).
- commit f7a82d1
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- commit e861bd6
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- commit 41989d9
- orangefs: Fix the size of a memory allocation in
orangefs_bufmap_alloc() (git-fixes).
- commit 6623b23
- iomap: Fix iomap_dio_rw return value for user copies
(git-fixes).
- commit 2b65ea1
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- commit dfe9a1f
- ubifs: fix possible dereference after free (git-fixes).
- commit 971dae9
- fs: ocfs2: namei: check return value of ocfs2_add_entry()
(git-fixes).
- commit 63eae38
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- commit 8906b9a
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- commit 28815ad
- fs/jfs: Add validity check for db_maxag and db_agpref
(git-fixes).
- commit 39d5b5e
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- commit f831778
- jfs: validate max amount of blocks before allocation
(git-fixes).
- commit 4be1419
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
(git-fixes).
- commit 5b4b023
- fs/jfs: prevent double-free in dbUnmount() after failed
jfs_remount() (git-fixes).
- commit 51a993a
- reiserfs: Replace 1-element array with C99 style flex-array
(git-fixes).
- commit 6ad83f4
- reiserfs: Check the return value from __getblk() (git-fixes).
- commit 0e912c9
- afs: Fix use-after-free due to get/remove race in volume tree
(git-fixes).
- commit f4a57bf
- afs: Fix overwriting of result of DNS query (git-fixes).
- commit fe0f4c6
- afs: Fix dynamic root lookup DNS check (git-fixes).
- commit 1e86064
- afs: Fix the dynamic root's d_delete to always delete unused
dentries (git-fixes).
- commit 3d5b3d7
- afs: Fix refcount underflow from error handling race
(git-fixes).
- commit 0a9c8bb
- afs: Fix file locking on R/O volumes to operate in local mode
(git-fixes).
- commit 5431cb3
- afs: Return ENOENT if no cell DNS record can be found
(git-fixes).
- commit 863355b
- afs: Make error on cell lookup failure consistent with OpenAFS
(git-fixes).
- commit 5fcd2cf
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- commit 8fc4f69
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- commit 6bd8135
- i2c: core: Fix atomic xfer check for non-preempt config
(git-fixes).
- commit 1b8a296
- Bluetooth: MGMT/SMP: Fix address type when using SMP over
BREDR/LE (git-fixes).
- commit ea51a70
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- Refresh
patches.suse/net-usb-ax88179_178a-fix-failed-operations-during-ax.patch.
- commit 10095df
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset
(git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions
(git-fixes).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- USB: serial: option: add Quectel EG912Y module support
(git-fixes).
- USB: serial: ftdi_sio: update Actisense PIDs constant names
(git-fixes).
- USB: serial: option: add Quectel RM500Q R13 firmware support
(git-fixes).
- USB: serial: option: add Foxconn T99W265 with new baseline
(git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device
is disconnected (git-fixes).
- Input: soc_button_array - add mapping for airplane mode button
(git-fixes).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf
(git-fixes).
- Bluetooth: L2CAP: Send reject on command corrupted request
(git-fixes).
- Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has
been sent (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order
(git-fixes).
- wifi: cfg80211: Add my certificate (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- commit 8fe75c7
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit b8b3309
- ALSA: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- ALSA: hda - Fix speaker and headset mic pin config for CHUWI
CoreBook XPro (git-fixes).
- commit a14754c
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook
440 G6 (git-fixes).
- ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook
(git-fixes).
- ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion
14-ec1xxx series (git-fixes).
- commit 379d8d1
- r8169: Fix PCI error on system resume (git-fixes).
- wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
(git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a
ref to llcp_local (git-fixes).
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
(git-fixes).
- ASoC: meson: g12a-toacodec: Fix event generation (git-fixes).
- ASoC: meson: g12a-tohdmitx: Validate written enum values
(git-fixes).
- ASoC: meson: g12a-toacodec: Validate written enum values
(git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV,
G200SE (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len
(git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size
bytes in AUX xfer (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size
bytes in AUX xfer (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for
drm_dp_set_phy_test_pattern (git-fixes).
- commit eecc30f
- Delete doc/config-options.changes (jsc#PED-5021)
Following on adedbd2a5c6 ("kernel-source: Remove config-options.changes
(jsc#PED-5021)"), remove the now unused file from the tree.
- commit d1b9e97
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- commit f6f3907
- ring-buffer: Fix wake ups when buffer_percent is set to 100
(git-fixes).
- commit 21c1070
- tracing / synthetic: Disable events after testing in
synth_event_gen_test_init() (git-fixes).
- commit e21c29f
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- commit 62cdcf8
- powerpc/pseries/vas: Migration suspend waits for no in-progress
open windows (bsc#1218397 ltc#204523).
- commit 26a4d82
- net: mana: select PAGE_POOL (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets
(git-fixes).
- net: ena: Destroy correct number of xdp queues upon failure
(git-fixes).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc
(jsc#PED-1526).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic
(jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic()
(jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume
(jsc#PED-1495).
- RDMA/bnxt_re: Correct module description string (jsc#PED-1495).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc
(jsc#PED-1495).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
(jsc#PED-372).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
(jsc#PED-370).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- i40e: prevent crash on probe if hw registers have invalid values
(jsc#PED-372).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
(jsc#PED-1526).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
(jsc#PED-1495).
- net: ena: Flush XDP packets on error (git-fixes).
- i40e: Fix VF VLAN offloading when port VLAN is configured
(jsc#PED-372).
- igc: Fix infinite initialization loop with early XDP redirect
(jsc#PED-375).
- igb: clean up in all error paths when enabling SR-IOV
(jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
(jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64
and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
(jsc#PED-375).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- i40e: fix potential NULL pointer dereferencing of pf->vf
i40e_sync_vsi_filters() (jsc#PED-372).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- i40e: fix misleading debug logs (jsc#PED-372).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K
(jsc#PED-1495).
- bnxt: don't handle XDP in netpoll (jsc#PED-1495).
- commit 64a4c85
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
(git-fixes).
- commit 9be35d2
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- blacklist.conf: Add c98c18270be1 sched, cgroup: Restore meaning to hierarchical_quota
- commit 6115840
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
(bsc#1218515).
- commit 00f113e
- blacklist.conf: e63a57303599 blk-cgroup: bypass blkcg_deactivate_policy after destroying
- commit 895355e
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- commit dbe7edd
- ring-buffer: Remove useless update to write_stamp in
rb_try_to_discard() (git-fixes).
- commit 64ff947
- RDMA/hfi1: Workaround truncation compilation error (git-fixes)
- commit 2302fb3
- RDMA/hns: The UD mode can only be configured with DCQCN (git-fixes)
- commit ca9d38d
- RDMA/hns: Add check for SL (git-fixes)
- commit cf9e8e3
- RDMA/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- commit 34178f4
- RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- commit 47c4074
- RDMA/hns: Fix printing level of asynchronous events (git-fixes)
- commit 892f8ec
- IB/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- commit ffaf04e
- RDMA/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- commit 4b8aeed
- RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- commit 605983a
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate
3.0 G3 (git-fixes).
- ALSA: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- Bluetooth: hci_event: shut up a false-positive warning
(git-fixes).
- Bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded
(git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free
(git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling
(git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/mediatek: Add spinlock for setting vblank event in
atomic_begin (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT
(git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >=
14 (git-fixes).
- commit 6c0ae87
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks
(bsc#1212139).
- commit a070291
- Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
(bsc#1218461).
- commit 456e758
- uapi: propagate __struct_group() attributes to the container
union (jsc#SLE-18978).
- commit 3b553e2
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: don't use blocking calls from tasklets (git-fixes).
- dm: don't attempt to queue IO under RCU protection (git-fixes).
- null_blk: fix poll request timeout handling (git-fixes).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter
(git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO
(bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- commit 09d4263
- Update References
patches.suse/Bluetooth-Reject-connection-with-the-device-which-ha.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 0b8be40
- Update References
patches.suse/Bluetooth-hci_event-Ignore-NULL-link-key.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 3386934
- iio: adc: ti_am335x_adc: Fix return value check of
tiadc_request_dma() (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer
(git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in
inv_mpu6050_read_raw (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion
time table (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error
(git-fixes).
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
(git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0
(git-fixes).
- ASoC: hdmi-codec: fix missing report for jack initial status
(git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the
start conditions (git-fixes).
- pinctrl: at91-pio4: use dedicated lock class for IRQ
(git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for
rxq->lock (git-fixes).
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
omap_soc_device_init (git-fixes).
- spi: atmel: Fix clock issue when using devices with different
polarities (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link
(git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
(git-fixes).
- PCI: loongson: Limit MRRS to 256 (git-fixes).
- ALSA: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170
variants (git-fixes).
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
(git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- commit ed00079
- Drop PCI AER patch that has been reverted on stable trees
Deleted:
patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch
- commit 43c7676
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- commit b9351c7
- Rename before merging SLE15-SP4
- commit 0506236
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 97b24d1
- Update References
patches.suse/tty-n_gsm-fix-the-UAF-caused-by-race-condition-in-gs.patch
(git-fixes bsc#1218335 CVE-2023-6546).
- commit ad12641
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit f91848d
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 00427a6
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
(git-fixes).
- commit 6c500e1
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218357).
- commit 4f47f85
- blacklist.conf: add nvme entries
- commit 9216151
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap
pointers (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none
(git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-pci: factor the iod mempool creation into a helper
(git-fixes).
Refresh:
- patches.suse/nvme-pci-fix-page-size-checks.patch
- commit 19bc755
- Rename to
patches.suse/nvme-auth-use-chap-s2-to-indicate-bidirectional-auth.patch.
and move the patch into the sorted section
- commit 633cfe2
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit 513a67c
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit a8b1f21
- bus: ti-sysc: Flush posted write only after srst_udelay
(git-fixes).
- commit c942b7c
- reset: Fix crash when freeing non-existent optional resets
(git-fixes).
- commit 6de5ad5
- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
(git-fixes).
- commit 60dd723
- HID: hid-asus: reset the backlight brightness level on resume
(git-fixes).
- commit 79eff80
- HID: hid-asus: add const to read-only outgoing usb buffer
(git-fixes).
- commit 1c939ed
- HID: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- commit d088123
- restore renamed device IDs for USB HID devices (git-fixes).
- commit 5519e39
- HID: glorious: fix Glorious Model I HID report (git-fixes).
- commit ad69d7e
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 95f41ac
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- commit 513fc35
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 3ae518f
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
(git-fixes).
- commit d714a95
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
(git-fixes).
- commit ad9ad0d
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 697b74c
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit 87dfb84
- Refresh patches.suse/gve-Tx-path-for-DQO-QPL.patch.
Fix backport.
- commit f5531ee
- Input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- commit 6d0690b
- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
(git-fixes).
- commit 8fa7ef8
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
(git-fixes).
- commit a4fe241
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- commit df9fac1
- ring-buffer: Have saved event hold the entire event (git-fixes).
- commit 5347597
- ring-buffer: Do not update before stamp when switching
sub-buffers (git-fixes).
- commit 9c594ba
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit d5996f1
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit ee5f869
- ring-buffer: Fix writing to the buffer with max_data_size
(git-fixes).
- commit bb90d48
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- Fix drm gem object underflow (bsc#1218092)
- Fix crash on screen resize (bsc#1218229)
- commit b7258e7
- blacklist.conf: cleanup
- commit 16dcb62
- usb: hub: Guard against accesses to uninitialized BOS
descriptors (git-fixes).
- commit 573da1a
- kABI: restore void return to typec_altmode_attention
(git-fixes).
- commit 9821aa3
- usb: typec: bus: verify partner exists in
typec_altmode_attention (git-fixes).
- commit 5fea3d2
- blacklist.conf: it changes only logging
- commit 3cbbd08
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit f62163f
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 064cc95
- Refresh
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch. (bsc#1216776, bsc#1220277)
- commit c790172
- Documentation: drop more IDE boot options and ide-cd.rst
(git-fixes).
- commit 7993dcc
- Update patches.suse/spi-tegra210-quad-Fix-duplicate-resource-error.patch (git-fixes, jsc#PED-3459
Add reference to PED-3459
- commit c4a5ea6
- Update patches.suse/spi-tegra210-quad-Multi-cs-support.patch (bsc#1212584, jsc#PED-3459
Add reference to PED-3459.
- commit fc374a4
- Update patches.suse/spi-tegra210-quad-Fix-combined-sequence.patch (bsc#1212584, jsc#PED-3459)
Add reference to PED-3459.
- commit bff7fca
- Drop Documentation/ide/ (git-fixes).
- commit d3eb72d
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- commit 5219779
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- commit bc081b4
- tracing: Set actual size after ring buffer resize (git-fixes).
- commit b915dbf
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- commit 9da609b
- tracing: Reuse logic from perf's get_recursion_context()
(git-fixes).
- commit adc2c65
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit 017c09c
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- commit 8b953cc
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler
(git-fixes).
- commit 7981c03
- fprobe: Fix to ensure the number of active retprobes is not zero
(git-fixes).
- commit fe2f6d2
- ALSA: hda/realtek: Add Framework laptop 16 to quirks
(git-fixes).
- ALSA: hda/realtek: add new Framework laptop to quirks
(git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS
(git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0
(git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct
intel_sdvo (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address
(git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address
(git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid
(git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips
(git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery
(git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and
v13_0_10 (git-fixes).
- commit 27aa9c9
- ring-buffer: Force absolute timestamp on discard of event
(git-fixes).
- commit 703d47b
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit ea1804c
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 416045c
- tracing: Always update snapshot buffer size (git-fixes).
- commit ab3ac02
- kprobes: consistent rcu api usage for kretprobe holder
(git-fixes).
- commit bd133f6
- tracing/kprobes: Fix the order of argument descriptions
(git-fixes).
- commit 4822ad0
- tracing: Have the user copy of synthetic event address use
correct context (git-fixes).
- commit ee4a2b2
- nvme-core: check for too small lba shift (bsc#1214117).
- commit 5f6e755
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- commit 5b3fa66
- kabi/severities: ignore kABI for asus-wmi drivers
Tolerate the kABI changes, as used only locally for asus-wmi stuff
- commit 42dad1e
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode
(git-fixes).
- commit 1640ab2
- serial: sc16is7xx: address RX timeout interrupt errata
(git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards
(git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
(git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
(git-fixes).
- ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
(git-fixes).
- nilfs2: fix missing error check for sb_set_blocksize call
(git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared
asus-wmi code (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count
(git-fixes).
- kconfig: fix memory leak from range properties (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR
(git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
(git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch
reporting (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use
struct wmi_driver (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling
(git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing
(git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use
enum (git-fixes).
- commit e47d99c
- tracing/kprobes: Fix the description of variable length
arguments (git-fixes).
- commit ee78d8b
- x86/cpu: Don't write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- commit a99a85b
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
(git-fixes).
- commit 946e077
- netfilter: nf_tables: bail out on mismatching dynset and set
expressions (bsc#1217938 CVE-2023-6622).
- commit de1dd10
- HID: lenovo: Restrict detection of patched firmware only to
USB cptkbd (git-fixes).
- commit 1bd99d4
- mm/pgtable: Fix multiple -Wstringop-overflow warnings
(jsc#PED-7167).
- commit f790208
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
(git-fixes).
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- Documentation: qat: Use code block for qat sysfs example
(git-fixes).
- commit c75f6d8
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
(git-fixes).
- ALSA: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
(git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad
Z470 (git-fixes).
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- ALSA: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- commit 200c0a2
- blacklist.conf: add two ceph commits
- commit d8d4641
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- libceph: use kernel_connect() (bsc#1217981).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1217980).
- commit e3e482f
- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- commit 794f0e7
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- commit 4dcfded
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- commit 0fd1b8d
- arm64: dts: arm: add missing cache properties (git-fixes)
- commit 710ea40
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames")
- commit 37fe1b1
- netfilter: nf_tables: bail out on mismatching dynset and set
expressions (bsc#1217938 CVE-2023-6622).
- commit a69497c
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- commit 8cd5213
- Update metadata
- commit 17c3e48
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- commit 68db0d6
- IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- commit afc5184
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 26540da
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit ec57b73
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 2d81a3a
- tracing: Disable preemption when using the filter buffer
(bsc#1217036).
- commit 0ade134
- tracing: Use __this_cpu_read() in
trace_event_buffer_lock_reserver() (bsc#1217036).
- commit 8aa5d9a
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit b71b6ff
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- commit e923023
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
(git-fixes).
- commit 19f2446
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit e359ed1
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217933).
- commit e39e7a6
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- commit d94a391
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- commit 66b3050
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD
xHC 1.1" (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
(git-fixes).
- ARM: PL011: Fix DMA support (git-fixes).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
(git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
(git-fixes).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in
mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write
(git-fixes).
- commit 09a57bf
- md/raid5-cache: fix null-ptr-deref for
r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in
backlog_store() (git-fixes).
- md: don't update recovery_cp when curr_resync is ACTIVE
(git-fixes).
- commit 0812db6
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- md: raid0: account for split bio in iostat accounting
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
(git-fixes).
- md/md-bitmap: remove unnecessary local variable in
backlog_store() (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices
(git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in
action_store" (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct()
(git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in
raid5_read_one_chunk() (git-fixes).
- md/raid10: don't call bio_start_io_acct twice for bio which
experienced read error (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- commit 75c9e76
- md/raid10: fix task hung in raid10d (git-fixes).
- Refresh patches.suse/md-display-timeout-error.patch for the above change.
- commit 90d12ef
- md: avoid signed overflow in slot_store() (git-fixes).
- md/raid10: factor out code from wait_barrier() to
stop_waiting_barrier() (git-fixes).
- commit c35659b
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- Update patches.suse/md-display-timeout-error.patch for the above change.
- commit 77abf5c
- md: raid10 add nowait support (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md/bitmap: don't set max_write_behind if there is no write
mostly device (git-fixes).
- commit 44a1c08
- blacklist.conf: add non-backport commits
- commit 731fcaa
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- regmap: fix bogus error on regcache_sync success (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value
(git-fixes).
- commit e5d6930
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- efi/unaccepted: Fix off-by-one when checking for overlapping
ranges (jsc#PED-7167).
- commit cbbb7d9
- blacklist.conf: Cleanup entries that are backported
- commit d22e603
- doc/README.SUSE: Remove how to build modules using kernel-source
(jsc#PED-5021)
Remove the first method how to build kernel modules from the readme. It
describes a process consisting of the kernel-source installation,
configuring this kernel and then performing an ad-hoc module build.
This method is not ideal as no modversion data is involved in the
process. It results in a module with no symbol CRCs which can be wrongly
loaded on an incompatible kernel.
Removing the method also simplifies the readme because only two main
methods how to build the modules are then described, either doing an
ad-hoc build using kernel-devel, or creating a proper Kernel Module
Package.
- commit 9285bb8
- blacklist.conf: just in case fix for a corner case
- commit a3fc582
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit d5adf2a
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit 5cdcb2d
- usb: host: xhci-plat: fix possible kernel oops while resuming
(git-fixes).
- commit b0504f4
- NFS: More fixes for nfs_direct_write_reschedule_io()
(bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group()
(bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths
(bsc#1211162).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling
(bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group()
(bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted
data (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release
semantics (bsc#1211162).
- commit e61bcf9
- md: Put the right device in md_seq_next (bsc#1217822).
- commit 99a688a
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 2b9fc44
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 95e2620
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- commit bfb62b0
- xfs: return EINTR when a fatal signal terminates scrub
(git-fixes).
- commit e6f4fe7
- xfs: fix a bug in the online fsck directory leaf1 bestcount
check (git-fixes).
- commit e328537
- xfs: fix incorrect unit conversion in scrub tracepoint
(git-fixes).
- Refresh
patches.suse/xfs-standardize-AG-block-number-formatting-in-ftrace-output.patch.
- Refresh
patches.suse/xfs-standardize-AG-number-formatting-in-ftrace-output.patch.
- commit e256630
- xfs: decode scrub flags in ftrace output (git-fixes).
- commit d1fe7f7
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- commit 4e9f379
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- commit e9c4821
- xfs: convert flex-array declarations in struct xfs_attrlist*
(git-fixes).
- commit e33e297
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- commit c807e19
- xfs: convert flex-array declarations in xfs attr shortform
objects (git-fixes).
- commit 757cbc7
- xfs: convert flex-array declarations in xfs attr leaf blocks
(git-fixes).
- commit 1823624
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- commit d160cc2
- xfs: fix silly whitespace problems with kernel libxfs
(git-fixes).
- commit d822e52
- xfs: rename xfs_has_attr() (git-fixes).
- commit fe8702c
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- commit 6ea2cef
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- commit 74d9b5c
- xfs: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 84db35d
- xfs: simplify two-level sysctl registration for xfs_table
(git-fixes).
- commit 0321d28
- xfs: add selinux labels to whiteout inodes (git-fixes).
- commit 8dc479c
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- Refresh
patches.suse/xfs-reject-crazy-array-sizes-being-fed-to-XFS_IOC_GE.patch.
- commit 89900e3
- xfs: clean up "%Ld/%Lu" which doesn't meet C standard
(git-fixes).
- commit dbcc289
- xfs: aborting inodes on shutdown may need buffer lock
(git-fixes).
- commit 8b202be
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- commit 4747a77
- xfs: dump log intent items that cannot be recovered due to
corruption (git-fixes).
- commit 6f8c678
- xfs: sb verifier doesn't handle uncached sb buffer (git-fixes).
- commit c0c7079
- xfs: remove kmem_alloc_io() (git-fixes).
- commit 831b642
- x86/platform/uv: Use alternate source for socket to node data
(bsc#1215696 bsc#1217790).
- commit ec7f699
- krb5
-
- Fix vulnerabilities in GSS message token handling, add patch
0011-Fix-vulnerabilities-in-GSS-message-token-handling.patch
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
- Fix memory leaks, add patch 0010-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
- less
-
- Fix CVE-2024-32487, mishandling of \n character in paths when
LESSOPEN is set leads to OS command execution
(CVE-2024-32487, bsc#1222849)
* CVE-2024-32487.patch
- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
metacharacters, bsc#1219901
* CVE-2022-48624.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch,
util-linux-chcpu-document-zVM-limitations-generated.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- duktape
-
- Ship libduktape206-32bit: needed by libproxy since version 0.5.
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion
attack when there is isolated use of external parsers.
* Added expat-CVE-2024-28757.patch
- Security fix:
* (CVE-2023-52425, bsc#1219559) denial of service (resource
consumption) caused by processing large tokens.
- Added patch expat-CVE-2023-52425-1.patch
- Added patch expat-CVE-2023-52425-2.patch
- Added patch expat-CVE-2023-52425-backport-parser-changes.patch
- Added patch expat-CVE-2023-52425-fix-tests.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- Added nss-fips-safe-memset.patch, fixing bsc#1222811.
- Removed some dead code from nss-fips-constructor-self-tests.patch.
- Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
- Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
- Updated nss-fips-approved-crypto-non-ec.patch and
nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
bsc#1222828, bsc#1222834.
- Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.
- update to NSS 3.101.1
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
* bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
* bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
* bmo#1899883 - fix formatting issues.
* bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
* bmo#1899593 - remove invalid acvp fuzz test vectors.
* bmo#1898830 - pad short P-384 and P-521 signatures gtests.
* bmo#1898627 - remove unused FreeBL ECC code.
* bmo#1898830 - pad short P-384 and P-521 signatures.
* bmo#1898825 - be less strict about ECDSA private key length.
* bmo#1854439 - Integrate HACL* P-521.
* bmo#1854438 - Integrate HACL* P-384.
* bmo#1898074 - memory leak in create_objects_from_handles.
* bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1748105 - clean up escape handling
* bmo#1896353 - Use lib::pkix as default validator instead of the old-one
* bmo#1827444 - Need to add high level support for PQ signing.
* bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
* bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
* bmo#1793811 - Implement support for PBMAC1 in PKCS#12
* bmo#1897487 - disable VLA warnings for fuzz builds.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
* bmo#215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
* bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
* bmo#1830415 - Switch to the mozillareleases/image_builder image
- Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
- Remove part of nss-fips-zeroization.patch that got removed upstream
- update to NSS 3.100
- bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
faster Xyber operations.
- bmo#1893752 - remove ckcapi.
- bmo#1893162 - avoid a potential PK11GenericObject memory leak.
- bmo#671060 - Remove incomplete ESDH code.
- bmo#215997 - Decrypt RSA OAEP encrypted messages.
- bmo#1887996 - Fix certutil CRLDP URI code.
- bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH.
- bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c.
- bmo#1548723 - Moving the decodedCert allocation to NSS.
- bmo#1885404 - Allow developers to speed up repeated local execution
of NSS tests that depend on certificates.
- update to NSS 3.99
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
- update to NSS 3.98
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
in TLS
* bmo#1879513 - Certificate Compression: enabling the check that
the compression was advertised
* bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
* bmo#1879945 - Remove Email trust bit from OISTE WISeKey
Global Root GC CA
* bmo#1877344 - Replace `distutils.spawn.find_executable` with
`shutil.which` within `mach` in `nss`
* bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
support Certificate compression
* bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
* bmo#1875356 - Add valgrind annotations to freebl kyber operations
for constant-time execution tests
* bmo#1870673 - Set nssckbi version number to 2.66
* bmo#1874017 - Add Telekom Security roots
* bmo#1873095 - Add D-Trust 2022 S/MIME roots
* bmo#1865450 - Remove expired Security Communication RootCA1 root
* bmo#1876179 - move keys to a slot that supports concatenation in
PK11_ConcatSymKeys
* bmo#1876800 - remove unmaintained tls-interop tests
* bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
flags
* bmo#1874937 - bogo: add support for the -curves shim flag and
update Kyber expectations
* bmo#1874937 - bogo: adjust expectation for a key usage bit test
* bmo#1757758 - mozpkix: add option to ignore invalid subject
alternative names
* bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
* bmo#1876390 - take ownership of ecckilla shims
* bmo#1874458 - add valgrind annotations to freebl/ec.c
* bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* bmo#1875965 - Update zlib to 1.3.1
- Use %patch -P N instead of deprecated %patchN.
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
* bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
* bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
* bmo#1867408 - add a defensive check for large ssl_DefSend return values
* bmo#1869378 - Add dependency to the taskcluster script for Darwin
* bmo#1869378 - Upgrade version of the MacOS worker for the CI
- add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
explicit default trust flags" test needs longer than the allowed
6 seconds on s390x
- update to NSS 3.95
* bmo#1842932 - Bump builtins version number.
* bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
* bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
* bmo#1850982 - Remove Camerfirma root certificates from NSS.
* bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
* bmo#1860670 - Add four Commscope root certificates to NSS.
* bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
* bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
* bmo#1861728 - Include P-256 Scalar Validation from HACL*.
* bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
256 ECC without DER wrapping at the softoken level
* bmo#1837987 - Add means to provide library parameters to C_Initialize
* bmo#1573097 - clang format
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
* bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
* bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
* bmo#1573097 - Fix Invalid casts in instance.c
- update to NSS 3.94
* bmo#1853737 - Updated code and commit ID for HACL*
* bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
current NSS
* bmo#1827303 - Softoken C_ calls should use system FIPS setting
to select NSC_ or FC_ variants
* bmo#1774659 - NSS needs a database tool that can dump the low level
representation of the database
* bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
* bmo#1852179 - avoid implicit conversion for ByteString
* bmo#1818766 - update rust version for acvp docker
* bmo#1852011 - Moving the init function of the mpi_ints before
clean-up in ec.c
* bmo#1615555 - P-256 ECDH and ECDSA from HACL*
* bmo#1840510 - Add ACVP test vectors to the repository
* bmo#1849077 - Stop relying on std::basic_string<uint8_t>
* bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
- rebased patches
- added nss-fips-test.patch to fix broken test
- Update to NSS 3.93:
* bmo#1849471 - Update zlib in NSS to 1.3.
* bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
* bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
- Rebase nss-fips-pct-pubkeys.patch.
- update to NSS 3.92
* bmo#1822935 - Set nssckbi version number to 2.62
* bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
* bmo#1839992 - Add 4 SSL.com Root CA certificates
* bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
* bmo#1840437 - Add LAWtrust Root CA2 (4096)
* bmo#1822936 - Remove E-Tugra Certification Authority root
* bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
* bmo#1840505 - Remove Hongkong Post Root CA 1
* bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
* bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
* bmo#1837431 - Implementation of the HW support check for ADX instruction
* bmo#1836925 - Removing the support of Curve25519
* bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
* bmo#1839327 - Adding args to enable-legacy-db build
* bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
default trust flags"
* bmo#1837617 - Initialize flags in slot structures
* bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
* bmo#1829112 - Followup Fixes
* bmo#1784253 - avoid processing unexpected inputs by checking for
m_exptmod base sign
* bmo#1826652 - add a limit check on order_k to avoid infinite loop
* bmo#1834851 - Update HACL* to commit 5f6051d2
* bmo#1753026 - add SHA3 to cryptohi and softoken
* bmo#1753026 - HACL SHA3
* bmo#1836781 - Disabling ASM C25519 for A but X86_64
- removed upstreamed patch nss-fix-bmo1836925.patch
- update to NSS 3.90.3
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1748105 - clean up escape handling.
* bmo#1895032 - remove redundant AllocItem implementation.
* bmo#1836925 - Disable ASM support for Curve25519.
* bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
- remove upstreamed nss-fix-bmo1836925.patch
- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
when using FIPS-mode (bsc#1223724).
- Added "Provides: nss" so other RPMs that require 'nss' can
be installed (jira PED-6358).
- update to NSS 3.90.2
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
decryption in TLS. (bsc#1216198)
* bmo#1867408 - add a defensive check for large ssl_DefSend
return values.
- gnutls
-
- Security fix: [bsc#1221747, CVE-2024-28835]
* gnutls: certtool crash when verifying a certificate chain
* Add gnutls-CVE-2024-28835.patch
- Security fix: [bsc#1221746, CVE-2024-28834]
* gnutls: side-channel in the deterministic ECDSA
* Add gnutls-CVE-2024-28834.patch
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread. [bsc#1221242]
* Add gnutls-FIPS-jitterentropy-deinit-threads.patch
- Security fix: [bsc#1218862, CVE-2024-0567]
* gnutls: rejects certificate chain with distributed trust
* Cockpit (which uses gnuTLS) rejects certificate chain with
distributed trust.
* Add gnutls-CVE-2024-0567.patch
- Security fix: [bsc#1218865, CVE-2024-0553]
* Incomplete fix for CVE-2023-5981.
* The response times to malformed ciphertexts in RSA-PSK
ClientKeyExchange differ from response times of ciphertexts
with correct PKCS#1 v1.5 padding.
* Add gnutls-CVE-2024-0553.patch
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
* Backport from ncurses-6.4-20230615.patch
improve checks in convert_string() for corrupt terminfo entry
- libndp
-
- Add libndp-CVE-2024-5564.patch: add a check on the route
information option length field (bsc#1225771 CVE-2024-5564).
- nghttp2
-
- security update
- added patches
fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-1.patch
fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-2.patch
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
security vulnerability. Calling the function SSL_free_buffers()
potentially caused memory to be accessed that was previously
freed in some situations and a malicious attacker could attempt
to engineer a stituation where this occurs to facilitate a
denial-of-service attack. [CVE-2024-4741, bsc#1225551]
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
- polkit
-
- Change permissions for rules folders (bsc#1209282)
- python3
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
fixing bsc#1226447 (CVE-2024-0397) by removing memory race
condition in ssl.SSLContext certificate store methods.
- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
gh#python/cpython!16557) fixes syslog making default "ident"
from sys.argv[0].
- Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that
it uses features sniffing, not just comparing version number
(bsc#1220664, bsc#1219559, bsc#1221563, bsc#1222075).
- Remove support-expat-CVE-2022-25236-patched.patch, which was
the previous name of this patch.
- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping
failing tests.
- Refresh patches:
- CVE-2023-27043-email-parsing-errors.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- bsc#1221854 (CVE-2024-0450) Add
CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
detecting the vulnerability of the "quoted-overlap" zipbomb
(from gh#python/cpython!110016).
- Add bh42369-thread-safety-zipfile-SharedFile.patch (from
gh#python/cpython!26974) required by the previous patch.
- Add expat-260-test_xml_etree-reparse-deferral.patch to make the
interpreter work with patched libexpat in our distros.
- Move all patches from locally sourced to the branch
opensuse-3.6 branch at GitHub repo, and move all metadata to
commits themselves (readable in the headers of each patch).
- Add bpo-41675-modernize-siginterrupt.patch to make Python build
cleanly even on more recent SPs of SLE-15
(gh#python/cpython#85841).
- Remove patches:
- bpo36263-Fix_hashlib_scrypt.patch - fix against bug in
OpenSSL fixed in 1.1.1c (gh#openssl/openssl!8483), so this
patch is redundant on all SUSE-supported distros
- python-3.3.0b1-test-posix_fadvise.patch - protection
against the kernel issues which has been fixed in
gh#torvalds/linux@3d3727cdb07f, which has been included in
all our kernels more recent than SLE-11.
- python-3.3.3-skip-distutils-test_sysconfig_module.patch -
skips a test, which should be relevant only for testing on
Mac OS X systems with universal builds. I have no valid
record, that this test would be ever problematic on Linux.
- bpo-36576-skip_tests_for_OpenSSL-111.patch, which was
included already in Python 3.5.
- (bsc#1219666, CVE-2023-6597) Add
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
gh#python/cpython!99930) fixing symlink bug in cleanup of
tempfile.TemporaryDirectory.
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
skip_SSL_tests.patch, and make them include all conditionals.
- Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- snapper
-
- handle content-length of stomp in zypper plugin
(gh#openSUSE/snapper#918) (bsc#1229142)
* added pr919.patch
* added pr920.patch
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- add a conflict to older libsolv-tools to libsolv-tools-base
- report unsupported compression in solv_xfopen() with errno
- fix return value of repodata.add_solv() in the bindings
- fix SHA-224 oid in solv_pgpvrfy
- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
cases
- added experimental lua bindings
- bump version to 0.7.29
- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- build for multiple python versions [jsc#PED-6218]
- bump version to 0.7.28
- libssh
-
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
* Added libssh-fix-ipv6-hostname-regression.patch
- Update to version 0.9.8
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- Import commit 2cb4d40f1c6a388706af8a83d5344fc0de3c6f4d (merge of v249.17)
c8578cef7f resolved: actually check authenticated flag of SOA transaction (bsc#1218297 CVE-2023-7008)
- Import commit 86f0670d3a01c1a2d4df17f1c68d03f1586195e3
ba7f1df7a5 vconsole-setup: simplify error handling
94f4eaea77 Introduce RET_GATHER and use it in src/shared/
e02406fcc1 mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
0b8db54511 mount: drop UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT and UNIT_DEPENDENCY_MOUNTINFO_DEFAULT
98ba536bd1 mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
73c7b2bb48 core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
ba585a28d7 core: Add trace logging to mount_add_device_dependencies()
36e0a4f80f core/mount: also remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
bc107c86c3 core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
ce4907c7c3 core: wrap some long comment
- Import commit e677079182c975ecdad88a76f657fecb4de523d9
7692c5bda8 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
29c3eb4681 utmp-wtmp: fix error in case isatty() fails
98970eb90b homed: handle EINTR gracefully when waiting for device node
0305809edd resolved: handle -EINTR returned from fd_wait_for_event() better
40db4d6abe sd-netlink: handle EINTR from poll() gracefully, as success
5e681711c6 varlink: also handle EINTR gracefully when waiting for EIO via ppoll()
6bbd70f092 stdio-bridge: don't be bothered with EINTR
f978feb591 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
746962ff40 core: replace slice dependencies as they get added (bsc#1214668)
- systemd.spec: add missing `%tmpfiles_create systemd-resolve.conf`
- Rename 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch into
1013-strip-the-domain-part-from-etc-hostname-when-setting.patch
- Rename 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch into
1014-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
- Rename 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch into
1015-networkd-make-network.service-an-alias-of-systemd-ne.patch
- Rename 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch into
1016-core-disable-session-keyring-per-system-sevice-entir.patch
- Rename 0011-core-disable-session-keyring-per-system-sevice-entir.patch into
1017-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Hence these patch files can be easily identified as SLE specific ones.
- tpm2-0-tss
-
- add 0001-FAPI-Fix-check-of-magic-number-in-verify-quote.patch: fixes
CVE-2024-29040 (bsc#1223690): Missing verification of the magic number in
Fapi_VerifyQuote(), which might allow an attacker to generate arbitrary
quote data, which would not be detected by Fapi_VerifyQuote().
- libxml2
-
- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in
xmlHTMLPrintFileContext in xmllint.c
* Added libxml2-CVE-2024-34459.patch
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
* Added libxml2-CVE-2024-25062.patch
- libzypp
-
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- zypp-tui: Make sure translated texts use the correct textdomain
(fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)
- don't require libproxy1 on tumbleweed, it is optional now
- version 17.34.0 (34)
- Fix versioning scheme
- version 17.33.4 (35)
- add one more missing export for libyui-qt-pkg
- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)
- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2
- version 17.33.1 (33)
- switch to reduced size libsolv-tools-base (jsc#PED-8153)
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- Add ZYPP_API for exported functions and switch to
visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)
- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)
- Don't try to refresh volatile media as long as raw metadata are
present (bsc#1223094)
- version 17.32.5 (32)
- Fix creation of sibling cache dirs with too restrictive mode
(bsc#1222398)
Some install workflows in YAST may lead to too restrictive (0700)
raw cache directories in case of newly created repos. Later
commands running with user privileges may not be able to access
these repos.
- version 17.32.4 (32)
- Update RepoStatus fromCookieFile according to the files mtime
(bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)
- Fixup New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
Fixed the name of the keyword to "support_superseded" as it was
agreed on in jsc#OBS-301.
- version 17.32.2 (32)
- Add resolver option 'removeUnneeded' to file weak remove jobs
for unneeded packages (bsc#1175678)
- version 17.32.1 (32)
- Add resolver option 'removeOrphaned' for distupgrade
(bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)
- ProblemSolution::skipsPatchesOnly overload to handout the
patches.
- Remove https->http redirection exceptions for
download.opensuse.org.
- version 17.31.32 (22)
- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
output.
- version 17.31.31 (22)
- applydeltaprm: Create target directory if it does not exist
(bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
bsc#1215698)
- version 17.31.30 (22)
- CheckAccessDeleted: fix running_in_container detection
(bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
(bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
(openSUSE/zypper#522)
This patch adds a mechanism to signal libzypp that a shutdown was
requested, usually when CTRL+C was pressed by the user. Currently
only the media backend will utilize this, but can be extended to
all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
Using curl_easy_perform does not give us the required control on
when we want to cancel a download. Switching to the MultiCurl
implementation with a external poll() event loop will give us
much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)
- Fix to build with libxml 2.12.x (fixes #505)
- version 17.31.28 (22)
- shadow
-
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- bsc#1176006: Fix chage date miscalculation
Add shadow-bsc1176006-chage-date.patch
- bsc#1188307: Fix passwd segfault
Add shadow-bsc1188307-passwd-segfault.patch
- bsc#1203823: Remove pam_keyinit from PAM config files
Remove pam_keyinit from PAM configuration.
This was introduced for bsc#1144060.
- bsc#1214806 (CVE-2023-4641):
Fix potential password leak
- Add shadow-CVE-2023-4641.patch
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
- bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch
- Added patch:
* shadow-4.8.1-AUDIT_NO_ID.patch
+ fix bsc#1205502: useradd audit event user id field cannot
be interpreted
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- netcfg
-
- Add krb-prop entry, fix for bsc#1211886.
- openssh
-
- Add patches from upstream to change the default value of
UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
This makes ssh update the known_hosts stored keys with all
published versions by the server (after it's authenticated
with an existing key), which will allow to identify the
server with a different key if the existing key is considered
insecure at some point in the future (bsc#1222831).
* 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
* 0002-upstream-disable-UpdateHostkeys-by-default-if.patch
- Add patches openssh-7.7p1-seccomp_getuid.patch and
openssh-bsc1216474-s390-leave-fds-open.patch
(bsc#1216474, bsc#1218871)
- Fix hostbased ssh login failing occasionally with "signature
unverified: incorrect signature" by fixing a typo in patch
(bsc#1221123):
* openssh-7.8p1-role-mls.patch
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
This limits the use of shell metacharacters in host- and
user names.
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- Fix pam_gnome_keyring module for AUTH.
[pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- pam_lastlog: check localtime_r() return value (bsc#1217000)
* Added: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#166
- log grub2-install errors correctly (bsc#1221470)
- 0.947
- merge gh#openSUSE/perl-bootloader#161
- support old grub versions (<= 2.02) that used /usr/lib
(bsc#1218842)
- create EFI boot fallback directory if necessary
- 0.946
- perl
-
- fix space calculation issues in pp_pack.c [bnc#1082216]
[CVE-2018-6913]
* new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
[CVE-2018-6798]
new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
new patch: perl-net-ftp-tls13.diff
- python-instance-billing-flavor-check
-
- Version 0.0.6 (bsc#1218561)
Support proxy setup on the client to access the update infrastructure
API
- Version 0.0.5
Add IPv6 support (bsc#1218739)
- python-Jinja2
-
- Add CVE-2024-34064.patch upstream patch
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
Also fixes (CVE-2024-22195, bsc#1218722)
- python3-M2Crypto
-
- Disable broken tests with openssl 3.2, bsc#1217782
- add timeout_300hz.patch to accept a small deviation from time
in the testsuite (bsc#1212757)
- Adapt tests for OpenSSL v3.1.0
* Add openssl-adapt-tests-for-3.1.0.patch
- add openssl-stop-parsing-header.patch (bsc#1205042)
- add m2crypto-0.38-ossl3-tests.patch
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-azuremetadata
-
- Version 5.1.6
Fix empty list attributes (bsc#1218760)
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- Add new patches to solve DoS:
- CVE-2023-29483-pre1.patch
- CVE-2023-29483.patch
(bsc#1222693, CVE-2023-29483, gh#rthalley/dnspython#1044)
- python-idna
-
- Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, CVE-2024-3651)
- python3-lxml
-
- Add libexpat-2.6.0-backport.patch to fix compatibility with system
libexpat in tests (bsc#1222075, CVE-2023-52425).
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
- salt
-
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Added:
* skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
* make-reactor-engine-less-blocking-the-eventpublisher.patch
* remove-unused-import-causing-delays-on-starting-salt.patch
* make-logging-calls-lighter.patch
* remove-redundant-_file_find-call-to-the-master.patch
* prevent-possible-exception-in-tornado.concurrent.fut.patch
* do-not-call-the-async-wrapper-calls-with-the-separat.patch
* add-missing-contextvars-dependency-in-salt.version.patch
* prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
* speed-up-salt.matcher.confirm_top-by-using-__context.patch
* improve-broken-events-catching-and-reporting.patch
* make-salt-master-self-recoverable-on-killing-eventpu.patch
- Make "man" a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* make-importing-seco.range-thread-safe-bsc-1211649.patch
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
* decode-oscap-byte-stream-to-string-bsc-1219001.patch
* fix-problematic-tests-and-allow-smooth-tests-executi.patch
* discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
* fix-salt-warnings-and-testuite-for-python-3.11-635.patch
* switch-oscap-encoding-to-utf-8-639.patch
* fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
* improve-pip-target-override-condition-with-venv_pip_.patch
- Prevent directory traversal when creating syndic cache directory
on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
method (CVE-2024-22232, bsc#1219431)
- Added:
* fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
- Added:
* enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
* update-__pillar__-during-pillar_refresh.patch
* fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
* dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
* prefer-unittest.mock-for-python-versions-that-are-su.patch
* fix-the-aptpkg.py-unit-test-failure.patch
* revert-make-sure-configured-user-is-properly-set-by-.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- Update to version 2.1.0 (bsc#1217537)
+ Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
rgnsrv-azure-eastus -> 40.121.202.140.pem expires 10 years
- rpm-ndb
-
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.13>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
+ 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
+ 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
+ 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Update to runc v1.1.12. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
* This release fixes a container breakout vulnerability (CVE-2024-21626). For
more details, see the upstream security advisory:
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
* Remove upstreamed patches:
- CVE-2024-21626.patch
* Update runc.keyring to match upstream changes.
[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+ CVE-2024-21626.patch
- Update to runc v1.1.11. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
- sed
-
- 0001-sed-set-correct-umask-on-temporary-files.patch
Fix for bsc#1221218
- selinux-policy
-
- Update to version 20230511+git17.e258ac27:
* Fix mkhomedir_helper label to match on sbin (bsc#1229701)
- Update to version 20230511+git15.bdc96df2:
* Dontaudit getty and plymouth the checkpoint_restore capability (bsc#1220361)
- Update to version 20230511+git13.edb03d70:
* allow rebootmgr to read the system state (bsc#1205931)
* Allow keepalived_t read+write kernel_t pipes (bsc#1216060)
- sudo
-
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
[bsc#1221151, bsc#1221134]
* Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
* Enable running regression selftests during build time.
- Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465]
* Try to make sudo less vulnerable to ROWHAMMER attacks.
* Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
+ Remove duplicate data collection for the plugin itself
+ Collect archive metering data when available
+ Query billing flavor status
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- Changes in version 3.1.30
+ Added -V key:value pair option (bsc#1222021, PED-8211)
+ Avoid getting duplicate kernel verifications in boot.text (pr#193)
+ Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
+ Includes container log timestamps (pr#197)
- Changes to version 3.1.29
+ Extended scaling for performance (bsc#1214713)
+ Fixed kdumptool output error (bsc#1218632)
+ Corrected podman ID errors (bsc#1218812)
+ Duplicate non root podman entries removed (bsc#1218814)
+ Corrected get_sles_ver for SLE Micro (bsc#1219241)
+ Check nvidida-persistenced state (bsc#1219639)
- Additional changes in version 3.1.28
+ ipset - List entries for all sets
+ ipvsadm - Inspect the virtual server table (pr#185)
+ Correctly detects Xen Dom0 (bsc#1218201)
+ Fixed smart disk error (bsc#1218282)
- Changes in version 3.1.28
+ Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250)
+ powerpc: collect rtas_errd.log and lp_diag.log files (pr#175)
+ Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2)
+ Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
+ Added missing klp information to kernel-livepatch.txt (bsc#1216390)
+ Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
+ Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
+ Optimize lsof usage (bsc#1183663)
+ Added mokutil commands for secureboot (pr#179)
+ Collects chrony or ntp as needed (bsc#1196293)
- Changes in version 3.1.27
+ Fixed podman display issue (bsc#1217287)
+ Added nvme-stas configuration to nvme.txt (bsc#1216049)
+ Added timed command to fs-files.txt (bsc#1216827)
+ Collects zypp history file issue#166 (bsc#1216522)
+ Changed -x OPTION to really be exclude only (issue#146)
+ Collect HA related rpm package versions in ha.txt (pr#169)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- added missing ; in shell script (bsc#1227681)
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them. (bsc#1227429)
gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key.
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
- run import script also in %posttrans section, but only when
libzypp is not active. bsc#1219189 bsc#1219123
- suse-module-tools
-
- Update to version 15.5.5:
* Include unblacklist in initramfs (bsc#1224320)
* regenerate-initrd-posttrans: run update-bootloader --refresh for XEN
(bsc#1223278)
* 60-io-scheduler.rules: test for "scheduler" sysfs attribute (boo#1216717)
- Update to version 15.5.4:
* rpm-script: add symlink /boot/.vmlinuz.hmac (bsc#1217775)
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- Update to version 1.9.0
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
- Update to version 1.8.0
* Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)
- Update to version 1.7.0
* Allow SUSEConnect on read write transactional systems (bsc#1219425)
- Update to version 1.6.0
* Disable EULA display for addons (bsc#1218649 and bsc#1217961)
- Update to version 1.5.0
* Configure docker credentials for registry authentication
* Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
* Add --json output option
- sysconfig
-
- Update to last SLE-15-SP2…5:Update sysconfig version preserving
SLE-Micro specific spec file adjustments (jsc#MSC-784).
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- systemd-default-settings
-
- Import 0.10
5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)
- Import 0.9
bb859bf user@.service: Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its
various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
"feature" has been abandoned.
- Import 0.8
f34372f User priority '26' for SLE-Micro
c8b6f0a Revert "Convert more drop-ins into early ones"
- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
6b8dde1 Convert more drop-ins into early ones
- systemd-presets-branding-SMO
-
- preserve wicked enabled during upgrade if it was enabled
before (NM is default only for new installs) (bsc#1228522)
- systemd-presets-common-SUSE
-
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
(bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
Support both the old and new service to avoid complex version interdependency.
- systemd-rpm-macros
-
- Bump version to 15
- Order packages that requires systemd after systemd-sysvcompat when this part
of the transaction (bsc#1217964)
systemd-sysvcompat has been introduced recently and contains the compatibility
scripts used to support SysV init scripts. Make sure that the packages ordered
after systemd are also ordered after systemd-sysvcompat so theirs rpm
scriptlets can still rely on the compat scripts.
On distributions where systemd-sysvcompat doesn't exist, the new ordering
constraint should be a nop.
- timezone
-
- update to 2024a:
* Kazakhstan unifies on UTC+5. This affects Asia/Almaty and
Asia/Qostanay which together represent the eastern portion of the
country that will transition from UTC+6 on 2024-03-01 at 00:00 to
join the western portion. (Thanks to Zhanbolat Raimbekov.)
* Palestine springs forward a week later than previously predicted
in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward
predictions to the second Saturday after Ramadan, not the first;
this also affects other predictions starting in 2039.
* Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
not 00:00. (Thanks to Đoàn Trần Công Danh.)
* From 1947 through 1949, Toronto's transitions occurred at 02:00
not 00:00. (Thanks to Chris Walton.)
* In 1911 Miquelon adopted standard time on June 15, not May 15.
* The FROM and TO columns of Rule lines can no longer be "minimum"
or an abbreviation of "minimum", because TZif files do not support
DST rules that extend into the indefinite past - although these
rules were supported when TZif files had only 32-bit data, this
stopped working when 64-bit TZif files were introduced in 1995.
This should not be a problem for realistic data, since DST was
first used in the 20th century. As a transition aid, FROM columns
like "minimum" are now diagnosed and then treated as if they were
the year 1900; this should suffice for TZif files on old systems
with only 32-bit time_t, and it is more compatible with bugs in
2023c-and-earlier localtime.c. (Problem reported by Yoshito
Umaoka.)
* localtime and related functions no longer mishandle some
timestamps that occur about 400 years after a switch to a time
zone with a DST schedule. In 2023d data this problem was visible
for some timestamps in November 2422, November 2822, etc. in
America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.)
* strftime %s now uses tm_gmtoff if available. (Problem and draft
patch reported by Dag-Erling Smørgrav.)
* The strftime man page documents which struct tm members affect
which conversion specs, and that tzset is called. (Problems
reported by Robert Elz and Steve Summit.)
- update to 2023d:
* Ittoqqortoormiit, Greenland changes time zones on
2024-03-31.
* Vostok, Antarctica changed time zones on 2023-12-18.
* Casey, Antarctica changed time zones five times since
2020.
* Code and data fixes for Palestine timestamps starting in
2072.
* A new data file zonenow.tab for timestamps starting now.
* Fix predictions for DST transitions in Palestine in
2072-2075, correcting a typo introduced in 2023a.
* Vostok, Antarctica changed to +05 on 2023-12-18. It had
been at +07 (not +06) for years.
* Change data for Casey, Antarctica to agree with
timeanddate.com, by adding five time zone changes since 2020.
Casey is now at +08 instead of +11.
* Much of Greenland, represented by America/Nuuk, changed
its standard time from -03 to -02 on 2023-03-25, not on
2023-10-28.
* localtime.c no longer mishandles TZif files that contain
a single transition into a DST regime. Previously,
it incorrectly assumed DST was in effect before the transition
too.
* tzselect no longer creates temporary files.
* tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL,
PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles
regular expressions of the form /X{2,}/.
* ISO 6709 coordinates when using an awk that lacks the
GNU extension of newlines in -v option-arguments.
* Non UTF-8 locales when using an iconv command that
lacks the GNU //TRANSLIT extension.
* zic no longer mishandles data for Palestine after the
year 2075.
- Refresh tzdata-china.diff
- tpm2.0-tools
-
- Add 0001-tpm2_checkquote-Fix-check-of-magic-number.patch: tpm2_checkquote
did not check whether the magic number in the attest is equal to
TPM2_GENERATED_VALUE, which might allow a malicious actor to generate
arbitrary quote data, undetected by tpm2_checkquote (bsc#1223687, CVE-2024-29038).
- Add 0001-tpm2_checkquote-Add-comparison-of-pcr-selection.patch:
tpm2_checkquote did not compare the --pcr parameter passed to the tool with
the attest. A malicious actor might thus be able to fake a valid
attestation (bsc#1223689, CVE-2024-29039).
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- lscpu: Add more ARM cores (bsc#1223605,
util-linux-lscpu-add-more-ARM-cores-1.patch,
util-linux-lscpu-add-more-ARM-cores-2.patch,
util-linux-lscpu-add-more-ARM-cores-3.patch,
util-linux-lscpu-add-more-ARM-cores-4.patch,
util-linux-lscpu-add-more-ARM-cores-5.patch,
util-linux-lscpu-add-more-ARM-cores-6.patch).
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
util-linux-chcpu-document-zVM-limitations.patch,
util-linux-chcpu-document-zVM-limitations-generated.patch).
- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
+ util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- vim
-
- Updated to version 9.1 with patch level 0330, fixes the following problems
* Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330
- Updated to version 9.1 with patch level 0111, fixes the following security problems
* Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close()
* Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol()
* Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command
* Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count
* Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing
* Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number
* Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line
* Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute
* Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
* Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
- wpa_supplicant
-
- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
- Change ctrl_interface from /var/run to %_rundir (/run)
- xen
-
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop the following patches
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
xen-4.17.5-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
- Update to Xen 4.17.4 security bug fix release (bsc#1027519)
xen-4.17.4-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patches contained in new tarball
650dac01-x86-paging-drop-update_cr3-do_locking.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
659d44da-x86-HVM-hide-SVM-VMX-when.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
65c2104d-AMD-IVMD-memtype-check.patch
65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch
65d7277f-build-fail-when-kconfig-fails.patch
65d727cf-x86emul-EVEX-R-checks.patch
65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch
65dcd66b-x86-entry-EFRAME_-constants.patch
65ddda52-x86-CET-stub-exn-recovery.patch
65ddea60-x86-spec-log-builtin-HARDEN-options.patch
65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch
65ddea90-x86-spec-dont-log-thunk-option-if-not.patch
65df3430-x86-Resync-intel-family-h.patch
65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch
65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch
65eee676-x86-mm-last-L1e-detection-in-mxml.patch
65f079a1-VMX-perform-VERW-flushing-later.patch
65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch
65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch
65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch
65f079a5-x86-spec-ctrl-mitigate-RFDS.patch
65f079a6-swap-order-of-actions-in-FREE-macros.patch
65f079a7-x86-spinlock-block-speculation-into.patch
65f079a8-rwlock-block-speculation-into.patch
65f079a9-percpu-rwlock-block-speculation-into.patch
65f079aa-locking-wrappers-always-inline.patch
65f079ab-x86-mm-speculation-barriers-in-open-coded.patch
65f079ac-x86-protect-conditional-locking-from-speculative.patch
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
65dcd66b-x86-entry-EFRAME_-constants.patch
65df3430-x86-Resync-intel-family-h.patch
65f079a1-VMX-perform-VERW-flushing-later.patch
65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch
65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch
65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch
65f079a5-x86-spec-ctrl-mitigate-RFDS.patch
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
650dac01-x86-paging-drop-update_cr3-do_locking.patch
65f079a6-swap-order-of-actions-in-FREE-macros.patch
65f079a7-x86-spinlock-block-speculation-into.patch
65f079a8-rwlock-block-speculation-into.patch
65f079a9-percpu-rwlock-block-speculation-into.patch
65f079aa-locking-wrappers-always-inline.patch
65f079ab-x86-mm-speculation-barriers-in-open-coded.patch
65f079ac-x86-protect-conditional-locking-from-speculative.patch
- Upstream bug fixes (bsc#1027519)
65eee676-x86-mm-last-L1e-detection-in-mxml.patch
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
65ddda52-x86-CET-stub-exn-recovery.patch
- Upstream bug fixes (bsc#1027519)
659d44da-x86-HVM-hide-SVM-VMX-when.patch
65c2104d-AMD-IVMD-memtype-check.patch
65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch
65d7277f-build-fail-when-kconfig-fails.patch
65d727cf-x86emul-EVEX-R-checks.patch
65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch
65ddea60-x86-spec-log-builtin-HARDEN-options.patch
65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch
65ddea90-x86-spec-dont-log-thunk-option-if-not.patch
65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch
65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch
- Patches replaced by newer upstream versions
xsa451.patch
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
- Upstream bug fixes (bsc#1027519)
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches replaced by newer upstream versions
xsa449.patch
xsa450.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
quarantine devices in !HVM builds (XSA-450)
xsa450.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
- xfsprogs
-
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
- Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch
- yast2
-
- Properly close nested progress callbacks (bsc#1223281)
- 4.5.27
- Allow host/domain names starting with an underscore (bsc#1219920)
- 4.5.26
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)
- Do not try to refresh repo metadata as non-root user
(bsc#1222086)
Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
list them.
- Don't print 'reboot required' message if download-only or
dry-run (fixes #529)
Instead point out that a reboot would be required if the option
was not used.
- Resepect zypper.conf option `showAlias` search commands
(bsc#1221963)
Repository::asUserString (or Repository::label) respects the
zypper.conf option, while name/alias return the property.
- version 1.14.71
- dup: New option --remove-orphaned to remove all orphaned
packages in dup (bsc#1221525)
- version 1.14.70
- info,summary: Support VendorSupportOption flag
VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires: libzypp-devel >= 17.32.0.
API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
The problem description() is one rule out possibly many in
completeProblemInfo() the solver has chosen to represent the
problem. So either description or completeProblemInfo should be
printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
first one (bsc#1218171)
- version 1.14.69