- python-base
-
- Add CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- libssh
-
- Update to 0.9.8: [jsc#PED-7719, bsc#1218126, CVE-2023-48795]
* Rebase 0001-disable-timeout-test-on-slow-buildsystems.patch
* Remove patches fixed in the update:
- CVE-2019-14889.patch
- 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch
- Update to version 0.9.8
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
- Add missing BR for openssh needed for tests
- update to 0.9.5 (bsc#1174713, CVE-2020-16135):
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
- Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)
- wget
-
- Fixed the failure to detect SSL handshake timeout
[bsc#1217717, wget-add-support-for-timeout-with-ssl.patch,
wget-gnutls-honor-connect-timeout.patch]
- python3-azuremetadata
-
- Version 5.1.6
Fix empty list attributes (bsc#1214930)
- Version 5.1.5 (bsc#1194663)
+ Handle lsblk output format change. The json data now contains
"mountpoints" instead of "mountpoint"
- kernel-default
-
- Update
patches.suse/nvmet-tcp-fix-a-crash-in-nvmet_req_complete.patch
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- commit 1a6bd68
- nvmet-tcp: Fix the H2C expected PDU len calculation
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
CVE-2023-6536 CVE-2023-6356).
- commit 3e8a84f
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
Simple arithmetic fix.
- commit df1ea97
- vhost: use kzalloc() instead of kmalloc() followed by memset()
(CVE-2024-0340, bsc#1218689).
- commit 265772f
- blacklist.conf: add Korina ethernet controleer
- commit 754d7b6
- blacklist.conf: update blacklist
- commit 65ec0f0
- mlx4: handle non-napi callers to napi_poll (git-fixes).
- commit 13aca9d
- bnxt_en: Log unknown link speed appropriately (git-fixes).
- commit cab91f3
- net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow (git-fixes).
- commit 30b8d5c
- net: mvneta: fix double free of txq->buf (git-fixes).
- commit abfb85a
- r8169: fix data corruption issue on RTL8402 (git-fixes).
- commit a389731
- net: stmmac: dwmac1000: fix out-of-bounds mac address reg
setting (git-fixes).
- commit 51f13e8
- net: fec: Do not use netdev messages too early (git-fixes).
- commit 24b07f8
- net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).
- commit 156e8fc
- net: stmmac: dwmac1000: Clear unused address entries
(git-fixed).
- commit b89c3f6
- blacklist.conf: add mediatek ethernet
- commit ed969c9
- net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
(git-fixed).
- commit 63f7ed7
- blacklist.conf: update blacklist
- commit ba8fcb7
- net: xilinx: fix possible object reference leak (git-fixed).
- commit 0884dff
- net: macb: Add null check for PCLK and HCLK (git-fixed).
- Refresh
patches.suse/0006-net-macb-fix-error-format-in-dev_err.patch.
- commit 1fdfc75
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
(CVE-2024-1086 bsc#1219434).
- commit 1f42903
- configfs: fix a use-after-free in __configfs_open_file
(git-fixes).
- commit 839bbef
- chardev: fix error handling in cdev_device_add() (git-fixes).
- commit 76071ad
- fs: don't audit the capability check in simple_xattr_list()
(git-fixes).
- commit 32c621d
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
(git-fixes).
- commit 165619a
- pstore/ram: Fix error return code in ramoops_probe()
(git-fixes).
- commit 6c26e9c
- kernfs: fix use-after-free in __kernfs_remove (git-fixes).
- commit 1e4394d
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).
- commit 302cbf3
- configfs: fix a race in configfs_{,un}register_subsystem()
(git-fixes).
- commit ff1ac8a
- vfs: make freeze_super abort when sync_filesystem returns error
(git-fixes).
- commit a0e15ea
- fs: orangefs: fix error return code of
orangefs_revalidate_lookup() (git-fixes).
- commit 05692b2
- fs: warn about impending deprecation of mandatory locks
(git-fixes).
- commit d313c61
- configfs: fix memleak in configfs_release_bin_file (git-fixes).
- commit e182771
- 9p: missing chunk of "fs/9p: Don't update file type when
updating file attributes" (git-fixes).
- commit d7f7957
- kernfs: bring names in comments in line with code (git-fixes).
- commit b2412a4
- configfs: fix config_item refcnt leak in configfs_rmdir()
(git-fixes).
- commit a4e6173
- help_next should increase position index (git-fixes).
- commit a734d52
- configfs: fix a deadlock in configfs_symlink() (git-fixes).
- commit 31f30f9
- locks: print a warning when mount fails due to lack of "mand"
support (git-fixes).
- commit 4a54942
- configfs: provide exclusion between IO and removals (git-fixes).
- commit be9e3af
- configfs: new object reprsenting tree fragments (git-fixes).
- commit 727fecd
- configfs: stash the data we need into configfs_buffer at open
time (git-fixes).
- commit 57d5998
- pstore/ram: Run without kernel crash dump region (git-fixes).
- Refresh patches.suse/pstore-backend-autoaction.
- commit 27a20a7
- fs/file.c: initialize init_files.resize_wait (git-fixes).
- commit 4e99111
- fs: ratelimit __find_get_block_slow() failure message
(git-fixes).
- commit 066abb3
- iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).
- commit c176969
- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
(git-fixes).
- commit 97bf06c
- proc: fix /proc/*/map_files lookup (git-fixes).
- commit 66524a9
- pstore: ram_core: fix possible overflow in
persistent_ram_init_ecc() (git-fixes).
- commit 3b8a874
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit 86b8610
- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit e9ab62b
- aio: fix mremap after fork null-deref (git-fixes).
- commit f633071
- drm/amdgpu: Fix potential fence use-after-free v2 (bsc#1219128
CVE-2023-51042).
- commit 78c123f
- nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).
- commit 45b3590
- scsi: qla0xxx: Fix system crash due to bad pointer access
(git-fixes).
- commit 9c33792
- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
bsc#1218730).
- commit 42f1cd3
- mm,mremap: bail out earlier in mremap_to under map pressure
(bsc#1123986).
- commit d63623c
- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
XSA-448, bsc#1218836).
- commit 6d25bad
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- commit c34221c
- blacklist.conf: Add baa9be4ffb55 sched/fair: Fix throttle_list starvation with low CFS quota
- commit f2444c0
- libceph: use kernel_connect() (bsc#1219446).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1219445).
- commit 92ba85d
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
(git-fixes).
- commit 9c63fba
- USB: serial: option: add entry for Sierra EM9191 with new
firmware (git-fixes).
- commit e18b083
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
(git-fixes).
- commit 3c25206
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
(CVE-2021-33631 bsc#1219412).
- commit 019d3a9
- blacklist.conf: remove a merge relic
Remove a merge relic introduced in 44aaf966aab ("Merge remote-tracking
branch 'origin/SLE12-SP4' into SLE12-SP5-UPDATE").
- commit 78c957f
- blacklist.conf: add a not-relevant jump_label commit
- commit 7bff5db
- tracing/trigger: Fix to return error if failed to alloc snapshot
(git-fixes).
- commit 57e8982
- blacklist.conf: Blacklist 447ae316670230d7d29430e2cbf1f5db4f49d14c
It reworks header inclusion to no real benefit for out kernel and
results in massive kABI breakage. Just blacklist it.
- commit 879fd91
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
(CVE-2023-47233 bsc#1216702).
- commit d2e0155
- net: stmmac: don't overwrite discard_frame status (git-fixes).
- commit af86f48
- net: ethernet: ti: fix possible object reference leak
(git-fixes).
- commit 8292c78
- blacklist.conf: update blacklist
- commit 3ec6d28
- blacklist.conf: update blacklist
- commit b305f8c
- net: ks8851: Set initial carrier state to down (git-fixes).
- commit 667be0a
- net: ks8851: Delay requesting IRQ until opened (git-fixes).
- commit 605f94a
- net: ks8851: Reassert reset pin if chip ID check fails
(git-fixes).
- commit 93e9e83
- net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).
- commit 94c1dc4
- net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing
MII_PHYSID2 (git-fixes).
- commit d97991c
- blacklist.conf: update blacklist
- commit 23ba946
- blacklist.conf: Black unapplicable patch
This one requires 45b575c00d8e72d69d75dd8c112f044b7b01b069 which is
blacklisted. So black list this one as well.
- commit 8ad7e95
- x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).
- commit db29225
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 0b71917
- x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).
- commit 42aa4b1
- x86/purgatory: Don't generate debug info for purgatory.ro (git-fixes).
- commit ad7d236
- x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).
- commit 5e43536
- x86/build: Turn off -fcf-protection for realmode targets (git-fixes).
- commit 06f5589
- x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).
- commit c5cf689
- x86/lib: Fix overflow when counting digits (git-fixes).
- commit 0070bad
- x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).
- commit b6c5df9
- x86: __always_inline __{rd,wr}msr() (git-fixes).
- commit 8507f62
- x86: Mark stop_this_cpu() __noreturn (git-fixes).
- commit 47a8413
- x86: Clear .brk area at early boot (git-fixes).
- commit 63c0fc3
- rpm/constraints.in: add static multibuild packages
Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
constraints on multibuild) added "kernel-source:" prefix to the
dynamically generated kernels. But there are also static ones like
kernel-docs. Those fail to build as the constraints are still not
applied.
So add the prefix also to the static ones.
Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
will ever be multibuilt...
- commit c2e0681
- drm/atomic: Fix potential use-after-free in nonblocking commits
(bsc#1219120 CVE-2023-51043).
- commit a69e3d8
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
Adjust the cpuid check when applying alternatives. Fixes false BUG_ON
in the presence of extra bugints/capints.
- commit 48af78f
- Revert "Limit kernel-source build to architectures for which the kernel binary"
This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a
- mkspec: Include constraints for both multibuild and plain package always
There is no need to check for multibuild flag, the constraints can be
always generated for both cases.
- commit 308ea09
- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b
- wd-functions.sh: Use pixz for xz compresion when available.
This makes xz compression highly non-deterministic but deterministic
results were not provided by xz in the first place.
- commit 1524b56
- rpm/kernel-source.rpmlintrc: add action-ebpf
Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
plugin) added this precompiled binary blob. Adapt rpmlintrc for
kernel-source.
- commit b5ccb33
- Refresh patches.suse/mce-fix-set_mce_nospec-to-always-unmap-the-whole-page.patch.
- commit 97df026
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
(git-fixes).
- commit f9ab50f
- blacklist.conf: not a bug fix
- commit 89a46f3
- blacklist.conf: driver not compiled
- commit e4d38bb
- blacklist.conf: false positive
- commit be0a82f
- blacklist.conf: not a bug fix
- commit 3adfd09
- blacklist.conf: false positive
- commit 9076062
- scsi: qedf: fc_rport_priv reference counting fixes
(bsc#1212152).
Refresh:
- patches.suse/scsi-qedf-correctly-handle-refcounting-of-rdata
- patches.suse/scsi-qedf-print-message-during-bailout-conditions
- patches.suse/scsi-qedf-print-scsi_cmd-backpointer-in-good-completion-path-if-the-command-is-still-being-used
- commit e171158
- ext4: silence the warning when evicting inode with
dioread_nolock (bsc#1206889).
- commit 3433e7a
- writeback: Export inode_io_list_del() (bsc#1216989).
patches/patches.suse/writeback-Protect-inode-i_io_list-with-inode-i_lock.patch:
Refresh
- commit c969261
- ext4: improve error recovery code paths in __ext4_remount()
(bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 3bb0d48
- Update
patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch
(bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit a5b396b
- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
The previous change added the manual entry from kernel-sources.change.old
to old_changelog.txt unnecessarily. Let's fix it.
- commit fb033e8
- Refresh
patches.suse/ipmi-Cleanup-oops-on-initialization-failure.patch.
Alt-commit added
- commit 5093b56
- x86: Pin task-stack in __get_wchan() (git-fixes).
- commit 96f1d7b
- rpm/kernel-docs.spec.in: fix build with 6.8
Since upstream commit f061c9f7d058 (Documentation: Document each netlink
family), the build needs python yaml.
- commit 6a7ece3
- x86: Fix __get_wchan() for !STACKTRACE (git-fixes).
- commit 23a1a0e
- asix: Add check for usbnet_get_endpoints (git-fixes).
- commit d1fcea8
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
- commit d9f49bd
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 79b1f36
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 2dcf8c9
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit d500914
- x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).
- commit 01e7093
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- commit 293b127
- x86: Fix get_wchan() to support the ORC unwinder (git-fixes).
- commit 1693c4c
- x86/pat: Pass valid address to sanitize_phys() (git-fixes).
- commit 9776480
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- blacklist.conf:
- commit 0a8ce61
- x86/mm: Add a x86_has_pat_wp() helper (git-fixes).
- commit 794f377
- veth: Fixing transmit return status for dropped packets
(git-fixes).
- commit c39655b
- preserve KABI for struct sfp_socket_ops (git-fixes).
- commit 58a9bc4
- blacklist.conf:
- Delete
patches.suse/NFSD-Fix-possible-sleep-during-nfsd4_release_lockown.patch.
This patch is harmful on all kernels, and irrelevant on kernels before
v5.4
bsc#1218968
- commit 5365a0a
- KVM: s390: vsie: Fix STFLE interpretive execution identification
(git-fixes bsc#1219022).
- commit 16098a4
- net: phylink: avoid resolving link state too early (git-fixes).
- commit 67b00b5
- gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).
- commit dd6be0d
- mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).
- commit bd062d1
- mlxsw: spectrum: Set LAG port collector only when active (git-fixes).
- commit 42cb04e
- net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).
- commit 5db0cbe
- net: systemport: Fix reception of BPDUs (git-fixes).
- commit 54f0189
- sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).
- commit 36c912f
- net: sfp: do not probe SFP module before we're attached (git-fixes).
- commit b335b5c
- net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).
- commit 921c51c
- blacklist.conf: update blacklist
- commit 0fefc1a
- net: stmmac: Disable EEE mode earlier in XMIT callback
(git-fixes).
- commit 42ea2f4
- blacklist.conf: update blacklist
- commit 16074da
- preserve KABI for struct plat_stmmacenet_data (git-fixes).
- commit be0b5cc
- net: stmmac: Fallback to Platform Data clock in Watchdog
conversion (git-fixes).
- commit c0e8ae4
- net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
(git-fixes).
- commit 1f97aba
- blacklist.conf: update blacklist
- commit 160c442
- net: dsa: bcm_sf2: Propagate error value from mdio_write
(git-fixes).
- commit 042ff8c
- net: (cpts) fix a missing check of clk_prepare (git-fixes).
- commit a0511a4
- blacklist.conf: update blacklist
- commit 778d638
- mlxsw: spectrum: Properly cleanup LAG uppers when removing
port from LAG (git-fixes).
- commit 65b3a7e
- blacklist.conf: update blacklist
- commit 72f91b3
- nfsd: drop st_mutex and rp_mutex before calling
move_to_close_lru() (bsc#1217525).
- commit d08e536
- blacklist.conf: add wont-backport commit
- commit 65861c5
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and
check its return value (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms
(git-fixes).
- nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).
- libnvdimm/region: Fix label activation vs errors (git-fixes).
- commit dc5bee2
- libnvdimm: cover up changes in struct nvdimm_bus_descriptor
(git-fixes).
- libnvdimm: Validate command family indices (git-fixes).
- commit 27f581b
- libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).
- acpi/nfit: improve bounds checking for 'func' (git-fixes).
- libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).
- libnvdimm/pmem: Delete include of nd-core.h (git-fixes).
- =?UTF-8?q?libnvdimm:=20Fix=20endian=20conversion=20issues?=
=?UTF-8?q?=C2=A0?= (git-fixes).
- libnvdimm: Fix compilation warnings with W=1 (git-fixes).
- libnvdimm/pmem: fix a possible OOB access when read and write
pmem (git-fixes).
- libnvdimm/btt: Fix a kmemdup failure check (git-fixes).
- libnvdimm/namespace: Fix a potential NULL pointer dereference
(git-fixes).
- libnvdimm/btt: Fix LBA masking during 'free list' population
(git-fixes).
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init
(git-fixes).
- acpi/nfit: Require opt-in for read-only label configurations
(git-fixes).
- UAPI: ndctl: Fix g++-unsupported initialisation in headers
(git-fixes).
- commit e6b26fa
- blacklist.conf: false positive
- commit de6f57b
- blacklist.conf: blacklist Huawei HiNIC
- commit d68e629
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- commit 1d573b9
- scripts/git_sort/git_sort.py: Add 'perf-tools' branch
- commit 7ef21eb
- netfilter: nf_tables: Reject tables of unsupported family
(CVE-2023-6040 bsc#1218752).
- commit 9e6d9d4
- net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782
bsc#1218757).
- commit 5e6770d
- powerpc/pseries/memhotplug: Quieten some DLPAR operations
(bsc#1065729).
- commit 4d451a9
- powerpc/powernv: Add a null pointer check in
opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
- powerpc/pseries/memhp: Fix access beyond end of drmem array
(bsc#1065729).
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
(bsc#1065729).
- commit d5de04b
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
The old entries are found in kernel-docs/old_changelog.txt in docdir.
rpm/old_changelog.txt can be an optional file that stores the similar
info like rpm/kernel-sources.changes.old. It can specify the commit
range that have been truncated. scripts/tar-up.sh expands from the
git log accordingly.
- commit c9a2566
- fs: ocfs2: namei: check return value of ocfs2_add_entry()
(git-fixes).
- commit 37053b5
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
(git-fixes).
- commit 22c7474
- orangefs: Fix sysfs not cleanup when dev init failed
(git-fixes).
- commit 3dc6f72
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- commit 2e4dd8d
- orangefs: fix orangefs df output (git-fixes).
- commit 14af1e9
- fs/fat/file.c: issue flush after the writeback of FAT
(git-fixes).
- commit 4b5cf8c
- fs/exofs: fix potential memory leak in mount option parsing
(git-fixes).
- commit c3e2f19
- orangefs: rate limit the client not running info message
(git-fixes).
- commit 9ffd7ce
- gfs2: ignore negated quota changes (git-fixes).
- commit 65c2047
- gfs2: Fix possible data races in gfs2_show_options()
(git-fixes).
- commit 57d66df
- gfs2: Fix inode height consistency check (git-fixes).
- commit d7ee5ae
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 381ce29
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
(git-fixes).
- commit 59f59dc
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- commit 8e79a5c
- gfs2: Don't call dlm after protocol is unmounted (git-fixes).
- commit 0e0a651
- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).
- commit 4dff329
- gfs2: report "already frozen/thawed" errors (git-fixes).
- commit e5108bb
- gfs2: Don't skip dlm unlock if glock has an lvb (git-fixes).
- commit 38230f9
- gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).
- commit 3484422
- gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).
- commit 6e96bc8
- gfs2: check for live vs. read-only file system in gfs2_fitrim
(git-fixes).
- commit dece8b9
- gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix
use-after-free (git-fixes).
- commit 5f11647
- gfs2: add validation checks for size of superblock (git-fixes).
- commit 4bfdec0
- gfs2: fix use-after-free on transaction ail lists (git-fixes).
- commit 3c0934a
- gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).
- commit a3dcb8b
- gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).
- commit c3d10eb
- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
(git-fixes).
- commit 50b2782
- gfs2: clear buf_in_tr when ending a transaction in
sweep_bh_for_rgrps (git-fixes).
- commit 0638ce6
- gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).
- commit 6905d0e
- gfs2: Fix lru_count going negative (git-fixes).
- commit 22c6d6f
- gfs2: take jdata unstuff into account in do_grow (git-fixes).
- commit f6cafad
- gfs2: Fix marking bitmaps non-full (git-fixes).
- commit 27f21b4
- GFS2: Flush the GFS2 delete workqueue before stopping the
kernel threads (git-fixes).
- commit c0d61c2
- gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
(git-fixes).
- commit ca05c1f
- gfs2: Special-case rindex for gfs2_grow (git-fixes).
- commit 77ffe3d
- reiserfs: Replace 1-element array with C99 style flex-array
(git-fixes).
- commit ed361ae
- reiserfs: Check the return value from __getblk() (git-fixes).
- commit c984c17
- affs: fix basic permission bits to actually work (git-fixes).
- commit 6abe668
- PCI: Disable ATS for specific Intel IPU E2000 devices
(bsc#1218622).
- commit 6c47e22
- Fix build error in debug config
- commit f49e139
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit 04b527b
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit 74aafd7
- Revert "MyBS: Workaround for kernel-obs-build build failure"
This reverts commit 71a32afaad64088d3426f504905953ff13021f17.
OBS configuration should be updated now.
- commit 7697d64
- Limit kernel-source build to architectures for which the kernel binary
is built (bsc#1108281).
- commit 08a9e44
- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586).
- commit 32951b9
- netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586).
- commit d107d27
- netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586).
- commit b3d22c5
- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586).
- commit 61a0caa
- Resolve build warnings from previous series due to missing commit for
Ice Lake freerunning counters
perf/x86/intel/uncore: Add box_offsets for free-running counters
(jsc#PED-5023 bsc#1211439).
- commit 8524ea3
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit f63e944
- blacklist.conf: update blacklist
- commit 6de7142
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit 21f5e35
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit d5b5186
- MyBS: Workaround for kernel-obs-build build failure
(JSC-SLE#5501, boo#1211226, bsc#1218184)
kernel-obs-build needs root for build. This is in some way enabled for
the package link case but not for multibuild case. As a workaround add
the allowrootforbuild flag to prjconf for multibuild.
- commit 71a32af
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- commit c63e55d
- dm-integrity: don't modify bio's immutable bio_vec in
integrity_metadata() (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
md_set_readonly() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
(git-fixes).
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
progress (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
error paths (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
(git-fixes).
- nbd: Add the maximum limit of allocated index in nbd_dev_add
(git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
error path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
(git-fixes).
- dm stats: check for and propagate alloc_percpu failure
(git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
(git-fixes).
- dm thin: add cond_resched() to various workqueue loops
(git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
(git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors
(git-fixes).
- commit 640b528
- Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix.
- Refresh
patches.suse/perf-Fix-perf_event_validate_size-lockdep-splat.patch.
- Refresh patches.suse/perf-Fix-perf_event_validate_size.patch.
- commit 3382aa6
- MyBS: Fix the logic of the wipe conditional.
- with no_init specified leave the built packages
- with multibuild the package may be present even if build is not
enabled, delete anyway
- commit 9c2f303
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- bs-upload-kernel, MyBS, Buildresults: Support multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
- strip package name prefix when recording results
- add package prefix to linked packages
- when _multibuild file is present do not link packages
- use onlybuild BuildFlag for limiting build to specific packages
- generate is_kotd_qa macro in project config that can be used to
determine if the package is built in the QA repository
This is _very_ convoluted. No shell or lua tools can be used because
this information needs to be available to the OBS to schedule the
package in the correct repository, and it does not run scripts. The
builtin sub macro for slicing strings causes a build error - it
expanded correctly by the scheduler but not available at package build
time. If conditional cannot be used because rpm macros from project
config are added to a macro include file, and those do not support
conditionals. That leaves the option to use an expression that
explicitly enumerates all QA repository names. This requires unusal
and convoluted check in the spec file to make use of.
- commit 747f601
- MyBS: create_package: Specify package should build in QA repository
by argument (JSC-SLE#5501, boo#1211226, bsc#1218184)
Drop the unused title and description arguments, move the package name
match to upload_package and pass teh result, add additional argument for
multibuild.
- commit a355e71
- bs-upload-kernel: Wipe kernel-obs-build before upload
(JSC-SLE#5501, boo#1211226, bsc#1218184)
The kernel upload takes long enough for packages to start building
during the upload. If the project contains kernel-obs-build binary that
crashes on boot builds fail as a result. Wipe kernel-obs-build before
the upload. Handle the case when the package does not exist yet by
ignoring the error.
- commit cdac4cc
- bs-upload-kernel: Use one package list (JSC-SLE#5501, boo#1211226, bsc#1218184)
There were ultiple package lists passed to upload_package supporting the
distinction between package names starting with kernel- which can be
individually selected for build, and other packages. Pass only one
package list to simplify the logic and make it possible to know the full
package list before doing the upload.
- commit ec941eb
- bs-upload-kernel: Support package limit for non-kernel packages
(JSC-SLE#5501, boo#1211226, bsc#1218184)
The -f option of the bs-upload-kernel script adds kernel- prefix
unconditionally the package name.
List all spec files in the uploaded directory, and check if the package
exists with or without the kernel- prefix.
- commit 354b77b
- bs-upload-kernel: Drop BS_SUFFIX (JSC-SLE#5501, boo#1211226, bsc#1218184)
BS_SUFFIX was used by SLE12 SP1 for Arm. This release is no longer
maintained, and this feature gets no testing.
Substantial changes to this script are required, and it's unlikely this
feture would keep working after that.
- commit e27b306
- blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file
- commit a77e914
- blacklist.conf: add non-backport commits of git-fixes
- commit 4d91f49
- blacklist.conf: change to logging only
- commit a144be1
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- commit 0feae40
- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- commit d343735
- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix coding style (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
(bsc#1215237 CVE-2020-26555).
- commit eb3189f
- Bluetooth: Reject connection with the device which has same
BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit fea8835
- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
CVE-2020-26555).
- commit c0e1033
- perf/x86/intel/uncore: Fix reference count leak in
__uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix reference count leak in
snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
server (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix integer overflow on 23 bit left
shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
events (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix oops when counting IMC uncore events
on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix missing marker for
snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439
(git-fixes)).
- commit 1cc4e6d
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 6cfe60a
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit d398d5f
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 6765acb
- perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023
bsc#1211439).
- commit 60ab65b
- perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit fac3f56
- perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 7c0409f
- perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit f918ead
- perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit c544da1
- perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 5b98b63
- perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 0e12a3f
- perf/x86/intel: Fix Ice Lake event constraint table
(jsc#PED-5023 bsc#1211439).
- commit cd283d5
- perf/x86/intel/uncore: Update Ice Lake uncore units
(jsc#PED-5023 bsc#1211439).
- commit 0e10240
- perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR
uncore support (jsc#PED-5023 bsc#1211439).
- commit 9c5fb1a
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to
the to Intel CPU family (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit 2561a0a
- perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2e1087f
- x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023
bsc#1211439).
- commit 5b5d85f
- perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023
bsc#1211439).
- commit c6183ea
- perf/x86/intel/uncore: Add Ice Lake server uncore support
(jsc#PED-5023 bsc#1211439).
- commit 4150606
- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box
(jsc#PED-5023 bsc#1211439).
- commit c73e167
- perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit f5492f0
- perf/x86/cstate: Update C-state counters for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit fef0544
- perf/x86/msr: Add new CPU model numbers for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-add-cannon-lake-to-retbleed-affected-cpu-list.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-speculation-Mark-all-Skylake-CPUs-as-vulnerable-to-GDS.patch.
- Refresh
patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- commit 68588a6
- perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 2ec338b
- x86/cpu: Add Comet Lake to the Intel CPU models header
(jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit bd3eac7
- x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023
bsc#1211439).
- blacklist.conf:
- Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch.
- Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch.
- commit 45e2da6
- perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ebba1f6
- perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x
register (jsc#PED-5023 bsc#1211439).
- commit b357e8f
- perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge
(jsc#PED-5023 bsc#1211439).
- commit 1e6f0c4
- perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023
bsc#1211439).
- commit b9f2803
- perf/x86/intel/uncore: Support MMIO type uncore blocks
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2ed2c09
- perf/x86/intel/uncore: Factor out box ref/unref functions
(jsc#PED-5023 bsc#1211439).
- commit 9298d3b
- perf/x86/intel/uncore: Add uncore support for Snow Ridge server
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 6e7af12
- perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ba0eb7e
- perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/intel_rapl-add-support-for-IceLake-desktop.patch.
- Refresh
patches.suse/powercap-intel-rapl-add-support-for-ICX.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 7786ce1
- perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake,
AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
- commit 4d459ae
- perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs
(jsc#PED-5023 bsc#1211439).
- commit 1e8abbc
- perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 55befa5
- x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit 34f99e6
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218362).
- commit 657e47b
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- commit 6f2b20c
- Input: powermate - fix use-after-free in
powermate_config_complete (git-fixes).
- commit 6690cf9
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 64cb7dc
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit ebe786a
- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors
(bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
(bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
(bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 9108d42
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit 30f36d0
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit 7dfbb97
- blacklist.conf: add a not-relevant ftrace fix
- commit 09bf0c1
- blacklist.conf: false positive
- commit 71ff422
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit 6e72146
- net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
(git-fixes).
- commit ce068ed
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 715a8e7
- blacklist.conf: update blacklist
- commit 9a12072
- blacklist.conf: update blacklist
- commit cc9998b
- net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
- commit e003b9a
- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
- commit 39aa8c8
- net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
- commit a5f5aa8
- netfilter: nft_compat: use-after-free when deleting targets
(git-fixes).
- commit 2ea1f0c
- netfilter: nf_tables: fix use-after-free when deleting compat
expressions (git-fixes).
- commit b4fa1c0
- tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
- commit b480783
- blacklist.conf: update blacklist
- commit 14f35e3
- netfilter: ebtables: also count base chain policies (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 051bd2a
- netfilter: ebtables: compat: un-break 32bit setsockopt when
no rules are present (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 332123a
- netfilter: ebtables: don't attempt to allocate 0-sized compat
array (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 39f9e26
- netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
- commit 71e46a5
- netfilter: compat: reject huge allocation requests (git-fixes).
- commit f398964
- netfilter: compat: prepare xt_compat_init_offsets to return
errors (git-fixes).
- commit a1a8d4f
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
- commit d3f8ccb
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit b07eab3
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 5c0c11a
- tracing: Always update snapshot buffer size (git-fixes).
- commit c831a81
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit f1e2f19
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit 50692e8
- README.BRANCH: update maintainers list
- commit 4795fb8
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit 0afb0f6
- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- commit a02e296
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 934530e
- sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
- commit 96165ef
- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 42264ea
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 8fe5105
- xsk: Fix incorrect netdev reference count (git-fixes).
- commit 2ed0c59
- xfrm: reuse uncached_list to track xdsts (git-fixes).
- blacklist.conf: remove from the blacklist
- Refresh
patches.suse/ipv4-fix-race-condition-between-route-lookup-and-inv.patch.
- Refresh
patches.suse/ipv4-lock-mtu-in-fnhe-when-received-PMTU-net.ipv4.ro.patch.
- commit 38edc03
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
(bsc#1217801).
- commit b55327d
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 5f21a8d
- net: usb: ax88179_178a: fix failed operations during
ax88179_reset (git-fixes).
- commit 9041dc6
- r8152: Cancel hw_phy_work if we have an error in probe
(git-fixes).
- commit 6ae718a
- r8152: Run the unload routine if we have errors during probe
(git-fixes).
- commit d668b36
- r8152: Increase USB control msg timeout to 5000ms as per spec
(git-fixes).
- commit 3e20995
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit 80b9661
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
(git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
(git-fixes).
- commit 9c4175d
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217936).
- commit 4da118c
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit 2021a67
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 9d8e191
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit 693b5e0
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- README.md: Make a few polishing changes (jsc#PED-5021)
* Move @suse.com address at the front of SUSE email domains, as that is
the one that should be normally used for contributions, according to
the current SUSE Open Source Policy.
* Avoid repeatedly using "please" in two consecutive sentences.
* Fix a typo in section "Patch sorting": "commit" -> "commits".
* Prefix relative commands in section "Config option changes" with "./"
even if they are from a subdirectory, for consistency with the rest of
the document.
* Turn "Related information" into a proper list.
- commit 7c8a1e3
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- nfs-utils
-
- Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
Inconsistencies in /etc/exports shouldn't be fatal.
(bsc#1212594)
- openssh
-
- remember the enabled state of sshd state, so openssh8,4 can pick it
up. bsc#1220110
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
This limits the use of shell metacharacters in host- and
user names.
- python
-
- Add CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- yast2-registration
-
- Switch to the new SUSEConnect-ng (bsc#1212799), includes
additional fixes:
- SSL reload fix (bsc#1195220)
- Detection of base products coming from SCC
(bsc#1194989, bsc#1217317)
- 3.3.2
- supportutils
-
- Changes in version 3.0.12
+ Optimize lsof usage (bsc#1183663)
+ Collects ntp or chrony as needed (bsc#1196293)
- Added email.txt based on OPTION_EMAIL
- Added run time detection (bsc#1213127)
- procps
-
- Add patch bsc1216825.patch
Avoid SIGSEGV in case of sending SIGTERM to a top command
running in batch mode (bsc#1216825)
- python-pip
-
- Add CVE-2023-5752-r-param-hg.patch to fix bsc#1217353
(CVE-2023-5752) avoiding injection of arbitrary configuration
through Mercurial parameter.
- samba
-
- Add new idmap_nss option 'use_upn' for those NSS modules able to
handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Do not try to set domain online in the idmap child;
(bsc#1215369); (bso#15317).
- grub2
-
- Make consistent check to enable relative path on btrfs (bsc#1174567) (bsc#1216912)
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- cloud-regionsrv-client
-
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
+ Fix the algorithm to determine the region from the availability zone
information retrieved from IMDS.
- Update to version 10.1.6
+ Support specifying an IPv6 address for a manually configured target
update server.
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
+ Remove duplicate data collection for the plugin itself
+ Collect archive metering data when available
+ Query billing flavor status
- python3
-
- Refresh CVE-2023-27043-email-parsing-errors.patch from
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- regionServiceClientConfigAzure
-
- Update to version 2.0.1 (bsc#1217537)
+ Replacing 104.45.31.195.pem 191.237.254.253.pem certs
expiring in 8 years and new length of 4096
These certs will replace the current certs that
expire soon
- libzypp
-
- Touch /run/reboot-needed if a patch suggesting a reboot was
installed (bsc#1217948)
It is expected that /run is cleaned at boot time, so the presence
of the file is one way to indicate that the system needs a reboot.
The recommended way for scripts to test whether a system reboot
is suggested will be calling `zypper needs-rebooting`.
- version 16.22.11 (0)
- cpio
-
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
* fix-CVE-2023-7207.patch
- systemd
-
- Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f
bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well.
823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967)
256f8e70d2 service: accept the fact that the three xyz_good() functions return ints
2a62219d4d service: drop _pure_ decorator on static function
14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207)
943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good()
87a54d3060 service: fix main_pid_good() comment
- Import commit 17837e912c887402ff309215056d441b2881f9b6
27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
557ac78b1c utmp-wtmp: fix error in case isatty() fails
3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success
61d939f79a stdio-bridge: don't be bothered with EINTR
367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
acca59ec26 libsystemd: ignore both EINTR and EAGAIN
0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT()
- Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651
02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725)
9f0a3ab847 units/initrd-parse-etc.service: Conflict with emergency.target
98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
0a8225faea core/mount: Don't unmount initramfs mounts
9eaf1537b4 man: describe that changing Storage= does not move existing data
- libxml2
-
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
* Added libxml2-CVE-2024-25062.patch
- mozilla-nss
-
- update to NSS 3.90.2
* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
decryption in TLS. (bsc#1216198)
* bmo#1867408 - add a defensive check for large ssl_DefSend
return values.
- update to NSS 3.90.1
* bmo#1813401 - regenerate NameConstraints test certificates.
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.
- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- zypper
-
- Backport needs-rebooting command from Code15 (bsc#1217948)
- BuildRequires: libzypp-devel >= 16.22.11.
- version 1.13.65
- ca-certificates
-
- Use --overwrite option (bsc#1216685, ca-certificates-overwrite.diff)
- ntp
-
- bsc#1215801: Use system-supplied libevent instead of local copy.
- _product:SLES-release
-
n/a
- python3-base
-
- Refresh CVE-2023-27043-email-parsing-errors.patch from
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- tar
-
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
PAX archives can lead to a crash, bsc#1217969
* fix-CVE-2023-39804.patch
- python36
-
- Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- pam
-
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765