- libzypp
-
- Touch /run/reboot-needed if a patch suggesting a reboot was
installed (bsc#1217948)
It is expected that /run is cleaned at boot time, so the presence
of the file is one way to indicate that the system needs a reboot.
The recommended way for scripts to test whether a system reboot
is suggested will be calling `zypper needs-rebooting`.
- version 16.22.11 (0)
- Ignore if the media to unmount is no longer mounted
(bsc#1216064)
- Close all media after having preloaded the cache.
Mitigates the change that during package installation e.g. a
nfs.service restart forcefully unmounts the media we access
(bsc#1216064)
- version 16.22.10 (0)
- repo: Don't download unneeded sqlite metadata (fixes #476)
- version 16.22.9 (0)
- openssh
-
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
This mitigates a prefix truncation attack that could be used to
undermine channel security.
- zlib
-
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
overflow in zipOpenNewFileInZip4_6, bsc#1216378
* CVE-2023-45853.patch
- ca-certificates
-
- Use --overwrite option (bsc#1216685, ca-certificates-overwrite.diff)
- python-urllib3
-
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
gh#urllib3/urllib3@4e98d57809da
- supportutils
-
- Changes in version 3.0.12
+ Optimize lsof usage (bsc#1183663)
+ Collects ntp or chrony as needed (bsc#1196293)
- Added email.txt based on OPTION_EMAIL
- Added run time detection (bsc#1213127)
- mozilla-nss
-
- update to NSS 3.90.1
* bmo#1813401 - regenerate NameConstraints test certificates.
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.
- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- suse-module-tools
-
- Update to version 12.13: added blacklist entries in modprobe.conf
* blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
* blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
* blacklist isst_if_mbox_msr (bsc#1187196)
- docker
-
- Update to Docker 24.0.7-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- sqlite3
-
- Sync version 3.44.0 from Factory
* Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
* sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
* Obsoletes sqlite-CVE-2022-46908.patch
* Obsoletes sqlite-src-3390000-func7-pg-181.patch
- systemd
-
- Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f
bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well.
823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967)
256f8e70d2 service: accept the fact that the three xyz_good() functions return ints
2a62219d4d service: drop _pure_ decorator on static function
14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207)
943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good()
87a54d3060 service: fix main_pid_good() comment
- Import commit 17837e912c887402ff309215056d441b2881f9b6
27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
557ac78b1c utmp-wtmp: fix error in case isatty() fails
3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success
61d939f79a stdio-bridge: don't be bothered with EINTR
367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
acca59ec26 libsystemd: ignore both EINTR and EAGAIN
0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT()
- Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651
02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725)
9f0a3ab847 units/initrd-parse-etc.service: Conflict with emergency.target
98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
0a8225faea core/mount: Don't unmount initramfs mounts
9eaf1537b4 man: describe that changing Storage= does not move existing data
- containerd
-
- Update to containerd v1.7.8. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.8>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- nghttp2
-
- security update
- added patches
fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
+ nghttp2-CVE-2023-44487.patch
- rsyslog
-
- fix rsyslog crash in imrelp (bsc#1210286)
* add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
- _product:SLES-release
-
n/a
- avahi
-
- Add avahi-CVE-2023-38473.patch: derive alternative host name from
its unescaped version (bsc#1216419 CVE-2023-38473).
- autofs
-
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
Don't use initgroups at spawn (bsc#1214710)
- zypper
-
- Backport needs-rebooting command from Code15 (bsc#1217948)
- BuildRequires: libzypp-devel >= 16.22.11.
- version 1.13.65
- _product:sle-sdk-release
-
n/a
- libxml2
-
- Security update:
* [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
in tree.c
- Added file libxml2-CVE-2023-45322.patch
- runc
-
- Update to runc v1.1.10. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.10>.
- regionServiceClientConfigAzure
-
- Update to version 2.0.1 (bsc#1217537)
+ Replacing 104.45.31.195.pem 191.237.254.253.pem certs
expiring in 8 years and new length of 4096
These certs will replace the current certs that
expire soon
- pam
-
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- pam_unix: Add no_pass_expiry option to ignore password expiration
[bsc#1215594 pam-unix-add-no_pass_expiry-option.patch]
- yast2-registration
-
- Switch to the new SUSEConnect-ng (bsc#1212799), includes
additional fixes:
- SSL reload fix (bsc#1195220)
- Detection of base products coming from SCC
(bsc#1194989, bsc#1217317)
- 3.3.2
- procps
-
- Add patch bsc1216825.patch
Avoid SIGSEGV in case of sending SIGTERM to a top command
running in batch mode (bsc#1216825)
- cloud-regionsrv-client
-
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed
over IPv4
+ Enable IMDS access over IPv6
- Update to version 10.1.4 (bsc#1217451)
+ Fetch cert for new update server during failover
- ntp
-
- bsc#1215801: Use system-supplied libevent instead of local copy.
- nfs-utils
-
- Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
Inconsistencies in /etc/exports shouldn't be fatal.
(bsc#1212594)
- vim
-
- Updated to version 9.0 with patch level 2103, fixes the following security problems
* Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
* Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
* Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
* Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103
- kernel-azure
-
- PCI: Disable ATS for specific Intel IPU E2000 devices
(bsc#1218622).
- commit 6c47e22
- Fix build error in debug config
- commit f49e139
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit 04b527b
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit 74aafd7
- Revert "Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281)."
This reverts commit c0310207b48a78630044967e30dbace7bd25c57b.
- commit 1799de4
- Limit kernel-source build to architectures for which the kernel binary
is built (bsc#1108281).
- commit 08a9e44
- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586).
- commit 32951b9
- netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586).
- commit d107d27
- netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586).
- commit b3d22c5
- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586).
- commit 61a0caa
- Resolve build warnings from previous series due to missing commit for
Ice Lake freerunning counters
perf/x86/intel/uncore: Add box_offsets for free-running counters
(jsc#PED-5023 bsc#1211439).
- commit 8524ea3
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit f63e944
- blacklist.conf: update blacklist
- commit 6de7142
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit 21f5e35
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit d5b5186
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- commit c63e55d
- dm-integrity: don't modify bio's immutable bio_vec in
integrity_metadata() (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
md_set_readonly() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
(git-fixes).
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
progress (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
error paths (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
(git-fixes).
- nbd: Add the maximum limit of allocated index in nbd_dev_add
(git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
error path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
(git-fixes).
- dm stats: check for and propagate alloc_percpu failure
(git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
(git-fixes).
- dm thin: add cond_resched() to various workqueue loops
(git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
(git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors
(git-fixes).
- commit 640b528
- Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix.
- Refresh
patches.suse/perf-Fix-perf_event_validate_size-lockdep-splat.patch.
- Refresh patches.suse/perf-Fix-perf_event_validate_size.patch.
- commit 3382aa6
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file
- commit a77e914
- blacklist.conf: add non-backport commits of git-fixes
- commit 4d91f49
- blacklist.conf: change to logging only
- commit a144be1
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- commit 0feae40
- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- commit d343735
- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix coding style (bsc#1215237
CVE-2020-26555).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
(bsc#1215237 CVE-2020-26555).
- commit eb3189f
- Bluetooth: Reject connection with the device which has same
BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit fea8835
- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
CVE-2020-26555).
- commit c0e1033
- perf/x86/intel/uncore: Fix reference count leak in
__uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix reference count leak in
snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
server (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix integer overflow on 23 bit left
shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
(jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
events (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix oops when counting IMC uncore events
on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix missing marker for
snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439
(git-fixes)).
- commit 1cc4e6d
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 6cfe60a
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit d398d5f
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 6765acb
- perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023
bsc#1211439).
- commit 60ab65b
- perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit fac3f56
- perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 7c0409f
- perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit f918ead
- perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit c544da1
- perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 5b98b63
- perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 0e12a3f
- perf/x86/intel: Fix Ice Lake event constraint table
(jsc#PED-5023 bsc#1211439).
- commit cd283d5
- perf/x86/intel/uncore: Update Ice Lake uncore units
(jsc#PED-5023 bsc#1211439).
- commit 0e10240
- perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR
uncore support (jsc#PED-5023 bsc#1211439).
- commit 9c5fb1a
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to
the to Intel CPU family (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit 2561a0a
- perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2e1087f
- x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023
bsc#1211439).
- commit 5b5d85f
- perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023
bsc#1211439).
- commit c6183ea
- perf/x86/intel/uncore: Add Ice Lake server uncore support
(jsc#PED-5023 bsc#1211439).
- commit 4150606
- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box
(jsc#PED-5023 bsc#1211439).
- commit c73e167
- perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit f5492f0
- perf/x86/cstate: Update C-state counters for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit fef0544
- perf/x86/msr: Add new CPU model numbers for Ice Lake
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
patches.suse/x86-bugs-add-cannon-lake-to-retbleed-affected-cpu-list.patch.
- Refresh
patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-speculation-Mark-all-Skylake-CPUs-as-vulnerable-to-GDS.patch.
- Refresh
patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- commit 68588a6
- perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023
bsc#1211439).
- commit 2ec338b
- x86/cpu: Add Comet Lake to the Intel CPU models header
(jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit bd3eac7
- x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023
bsc#1211439).
- blacklist.conf:
- Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch.
- Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch.
- commit 45e2da6
- perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ebba1f6
- perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x
register (jsc#PED-5023 bsc#1211439).
- commit b357e8f
- perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge
(jsc#PED-5023 bsc#1211439).
- commit 1e6f0c4
- perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023
bsc#1211439).
- commit b9f2803
- perf/x86/intel/uncore: Support MMIO type uncore blocks
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 2ed2c09
- perf/x86/intel/uncore: Factor out box ref/unref functions
(jsc#PED-5023 bsc#1211439).
- commit 9298d3b
- perf/x86/intel/uncore: Add uncore support for Snow Ridge server
(jsc#PED-5023 bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-microserver-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 6e7af12
- perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit ba0eb7e
- perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/intel_rapl-add-support-for-IceLake-desktop.patch.
- Refresh
patches.suse/powercap-intel-rapl-add-support-for-ICX.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 7786ce1
- perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake,
AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
- commit 4d459ae
- perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs
(jsc#PED-5023 bsc#1211439).
- commit 1e8abbc
- perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-client-naming.patch.
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- Refresh
patches.suse/x86-perf-events-convert-to-new-cpu-match-macros.patch.
- commit 55befa5
- x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023
bsc#1211439).
- Refresh
patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch.
- commit 34f99e6
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218362).
- commit 657e47b
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- commit 6f2b20c
- Input: powermate - fix use-after-free in
powermate_config_complete (git-fixes).
- commit 6690cf9
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 64cb7dc
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit ebe786a
- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors
(bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
(bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
(bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 9108d42
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit 30f36d0
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit 7dfbb97
- blacklist.conf: add a not-relevant ftrace fix
- commit 09bf0c1
- blacklist.conf: false positive
- commit 71ff422
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit 6e72146
- net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
(git-fixes).
- commit ce068ed
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 715a8e7
- blacklist.conf: update blacklist
- commit 9a12072
- blacklist.conf: update blacklist
- commit cc9998b
- net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
- commit e003b9a
- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
- commit 39aa8c8
- net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
- commit a5f5aa8
- netfilter: nft_compat: use-after-free when deleting targets
(git-fixes).
- commit 2ea1f0c
- netfilter: nf_tables: fix use-after-free when deleting compat
expressions (git-fixes).
- commit b4fa1c0
- tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
- commit b480783
- blacklist.conf: update blacklist
- commit 14f35e3
- netfilter: ebtables: also count base chain policies (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 051bd2a
- netfilter: ebtables: compat: un-break 32bit setsockopt when
no rules are present (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 332123a
- netfilter: ebtables: don't attempt to allocate 0-sized compat
array (git-fixes).
- Refresh
patches.kabi/netfilter-preserve-KABI-for-xt_compat_init_offsets.patch.
- commit 39f9e26
- netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
- commit 71e46a5
- netfilter: compat: reject huge allocation requests (git-fixes).
- commit f398964
- netfilter: compat: prepare xt_compat_init_offsets to return
errors (git-fixes).
- commit a1a8d4f
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
- commit d3f8ccb
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit b07eab3
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 5c0c11a
- tracing: Always update snapshot buffer size (git-fixes).
- commit c831a81
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit f1e2f19
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit 50692e8
- README.BRANCH: update maintainers list
- commit 4795fb8
- ipv6/addrconf: fix a potential refcount underflow for idev
(git-fixes).
- commit 0afb0f6
- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- commit a02e296
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 934530e
- sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
- commit 96165ef
- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 42264ea
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
(git-fixes).
- commit 8fe5105
- xsk: Fix incorrect netdev reference count (git-fixes).
- commit 2ed0c59
- xfrm: reuse uncached_list to track xdsts (git-fixes).
- blacklist.conf: remove from the blacklist
- Refresh
patches.suse/ipv4-fix-race-condition-between-route-lookup-and-inv.patch.
- Refresh
patches.suse/ipv4-lock-mtu-in-fnhe-when-received-PMTU-net.ipv4.ro.patch.
- commit 38edc03
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
(bsc#1217801).
- commit b55327d
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 5f21a8d
- net: usb: ax88179_178a: fix failed operations during
ax88179_reset (git-fixes).
- commit 9041dc6
- r8152: Cancel hw_phy_work if we have an error in probe
(git-fixes).
- commit 6ae718a
- r8152: Run the unload routine if we have errors during probe
(git-fixes).
- commit d668b36
- r8152: Increase USB control msg timeout to 5000ms as per spec
(git-fixes).
- commit 3e20995
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit 80b9661
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
(git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
(git-fixes).
- commit 9c4175d
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217936).
- commit 4da118c
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit 2021a67
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 9d8e191
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit 693b5e0
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787 bsc#1217079).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787 bsc#1217079).
- commit fb04b97
- doc/README.SUSE: Remove how to build modules using kernel-source
(jsc#PED-5021)
Remove the first method how to build kernel modules from the readme. It
describes a process consisting of the kernel-source installation,
configuring this kernel and then performing an ad-hoc module build.
This method is not ideal as no modversion data is involved in the
process. It results in a module with no symbol CRCs which can be wrongly
loaded on an incompatible kernel.
Removing the method also simplifies the readme because only two main
methods how to build the modules are then described, either doing an
ad-hoc build using kernel-devel, or creating a proper Kernel Module
Package.
- commit 9285bb8
- Revert "Bluetooth: btsdio: fix use after free bug in
btsdio_remove due to unfinished work" (git-fixes).
- commit a2b7495
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: Do not add spare disk when recovery fails
(git-fixes).
- md/raid10: clean up md_add_new_disk() (git-fixes).
- md/raid10: prioritize adding disk to 'removed' mirror
(git-fixes).
- md/raid10: improve code of mrdev in raid10_sync_request
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/bitmap: factor out a helper to set timeout (git-fixes).
- md/bitmap: always wake up md_thread in timeout_store
(git-fixes).
- dm-raid: remove useless checking in raid_message() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md: fix data corruption for raid456 when reshape restart while
grow up (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: fix incorrect declaration about claim_rdev in
md_import_device (git-fixes).
- md: remove lock_bdev / unlock_bdev (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: do not return existing mddevs from mddev_find_or_alloc
(git-fixes).
- md: refactor mddev_find_or_alloc (git-fixes).
- md: factor out a mddev_alloc_unit helper from mddev_find
(git-fixes).
- md: get sysfs entry after redundancy attr group create
(git-fixes).
- commit 293695f
- md: fix deadlock causing by sysfs_notify (git-fixes).
- Refresh patches.kabi/md-backport-kabi.patch.
- commit f6c5a12
- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
- md: add new workqueue for delete rdev (git-fixes).
- commit 17e8908
- blacklist.conf: update for non-backport commits
- commit 8da9f2d
- usb-storage: fix deadlock when a scsi command timeouts more
than once (git-fixes).
- commit cf05cec
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
(git-fixes).
- commit 762e0de
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- Refresh
patches.suse/USB-serial-option-add-Quectel-EC200A-module-support.patch.
- commit b94685a
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- commit 55c3b8d
- blacklist.conf: cleanup
- commit 8877293
- blacklist.conf: pure cleanup
- commit e8a295a
- usb: typec: tcpm: Fix altmode re-registration causes sysfs
create fail (git-fixes).
- commit fc9ee7b
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive
(bsc#1214764).
- commit 66a91f5
- Update patches.kabi/NFSv4-Fix-OPEN-CLOSE-race-FIX.patch
(bsc#1176950, bsc#1217525).
- Refresh
patches.kabi/NFSv4-Wait-for-stateid-updates-after-CLOSE-OPEN_DOWN_kabi.patch.
- commit 70e60bf
- netfilter: conntrack: dccp: copy entire header to stack buffer,
not just basic one (CVE-2023-39197 bsc#1216976).
- commit 91c26b6
- kernel-binary: suse-module-tools is also required when installed
Requires(pre) adds dependency for the specific sciptlet.
However, suse-module-tools also ships modprobe.d files which may be
needed at posttrans time or any time the kernel is on the system for
generating ramdisk. Add plain Requires as well.
- commit 8c12816
- Revert "tracing: Fix warning in trace_buffered_event_disable()"
(bsc#1217036)
Temporarily revert the commit. It exposed a separate issue related to
trace buffered event synchronization which needs to be fixed first.
- commit 579dd1d
- README.SUSE: fix patches.addon use
It's series, not series.conf in there.
And make it more precise on when the patches are applied.
- commit cb8969c
- Do not store build host name in initrd
Without this patch, kernel-obs-build stored the build host name
in its .build.initrd.kvm
This patch allows for reproducible builds of kernel-obs-build and thus
avoids re-publishing the kernel-obs-build.rpm when nothing changed.
Note that this has no influence on the /etc/hosts file
that is used during other OBS builds.
https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e
- cpu/hotplug: Create SMT sysfs interface for all arches
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- Refresh patches.suse/cpu-SMT-Move-SMT-prototypes-into-cpu_smt.h.patch.
- Refresh patches.suse/cpu-SMT-Store-the-current-max-number-of-threads.patch.
- Refresh patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- Refresh patches.suse/x86-power-Fix-nosmt-vs-hibernation-triple-fault-duri.patch.
- commit f37a0c7
- Update config files.
- commit dbf7641
- s390/cio: unregister device when the only path is gone
(git-fixes bsc#1217607).
- commit 750467a
- s390/dasd: use correct number of retries for ERP requests
(git-fixes bsc#1217604).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217603).
- commit d2fc41b
- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
- commit 3012e9b
- cpu/SMT: Store the current/max number of threads (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit bfa1761
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
- commit acb1c39
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit 76bedc5
- s390/dasd: protect device queue against concurrent access
(git-fixes bsc#1217519).
- commit dab3b0f
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
docker together (bsc#1216031).
- commit f260538
- Ensure ia32_emulation is always enabled for kernel-obs-build
If ia32_emulation is disabled by default, ensure it is enabled
back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
[ms: Always pass the parameter, no need to grep through the config which
may not be very reliable]
- commit 56a2c2f
- rpm: Define git commit as macro
- commit bcc92c8
- kernel-source: Move provides after sources
- commit dbbf742
- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
CVE-2023-45863).
- commit 9922921
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 0154927
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 6c99467
- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
- commit 0e54c67
- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file
overflow (git-fixes).
- commit 28faea4
- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit f386e74
- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
Implement KABI fix for above
- commit 5b65c0e
- perf/core: Fix __perf_read_group_add() locking (bsc#1216584
CVE-2023-5717).
- perf/core: Fix locking for children siblings group read
(bsc#1216584 CVE-2023-5717).
- commit 8ccfe6e
- s390/crashdump: fix TOD programmable field size (git-fixes
bsc#1217206).
- commit 9780bde
- blacklist.conf: Add a not-suitable kprobes patch
- commit 0eb14eb
- ring-buffer: Avoid softlockup in ring_buffer_resize()
(git-fixes).
- commit d8d3409
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
(git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
(git-fixes).
- commit 9172a73
- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
Not supported by our compiler.
- commit eb32b5a
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
(LTC#203996 bsc#1217087).
- commit 3a41a21
- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
- commit b4ffc60
- s390/mm: add missing arch_set_page_dat() call to gmap
allocations (LTC#203996 bsc#1217087).
- commit 1b2cc83
- s390/mm: add missing arch_set_page_dat() call to
vmem_crst_alloc() (LTC#203996 bsc#1217087).
- commit 0dd665d
- s390/cmma: fix initial kernel address space page table walk
(LTC#203996 bsc#1217087).
- commit 1ad76c2
- igb: set max size RX buffer when store bad packet is enabled
(bsc#1216259 CVE-2023-45871).
- commit d675d77
- drm/qxl: fix UAF on handle creation (CVE-2023-39198
bsc#1216965).
- commit 9ba677b
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit b07c667
- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
to fix build on x86_32.
There was a fix submitted to upstream but it was not accepted:
https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37
- net-memcg: Fix scope of sockmem pressure indicators
(bsc#1216759).
- commit 508863b
- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
bsc#1210778).
- commit 0f8804e
- USB: ene_usb6250: Allocate enough memory for full object
(bsc#1216051 CVE-2023-45862).
- commit 6d3e018
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
bsc#1216514).
- commit 64da298
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
- commit 5844864
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- sched/core: Mitigate race
cpus_share_cache()/update_top_cache_domain() (git fixes
(sched)).
- sched: Reenable interrupts in do_sched_yield() (git fixes
(sched)).
- sched: correct SD_flags returned by tl->sd_flags() (git fixes
(sched)).
- sched: Avoid scale real weight down to zero (git fixes (sched)).
- sched/core: Fix migration to invalid CPU in
__set_cpus_allowed_ptr() (git fixes (sched)).
- sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
(git fixes (sched)).
- sched/rt: Minimize rq->lock contention in
do_sched_rt_period_timer() (git fixes (sched)).
- commit 913e5fc
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit b83449b
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9afb234
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit bb2fa98
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit d6a80de
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit ede2396
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit 8fb5a69
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 1100fe5
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit c026b47
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 0f74b6a
- blacklist.conf: Fix only in the event of a customer bug
- commit 17b0259
- blacklist.conf: Mostly cosmetic fix to a build warning
- commit 1af83e7
- blacklist.conf: Fix to experimental feature, fix only in the event of a customer bug
- commit 56273cd
- blacklist.conf: Complex dependencies missing that applies to an extreme corner case, fix only in the event of a customer bug
- commit d67ae17
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9b299fd
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit cd58927
- blacklist.conf: Guard against unlikely tuning value, fix only in the event of a customer bug
- commit 166c336
- blacklist.conf: Missing dependencies, fix only in the event of a customer bug
- commit cbebcfe
- blacklist.conf: Sparse warning fix
- commit b199522
- blacklist.conf: Cosmetic, debugging patch for unused config
- commit 22b7a31
- iommu/amd: Set iommu->int_enabled consistently when interrupts
are set up (bsc#1206010).
- commit d889c94
- iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
- Delete patches.kabi/kABI-Fix-kABI-for-struct-amd_iommu.patch.
- commit 2e08e52
- kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- commit 422a4d8
- virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
(git-fixes).
- commit 595e0b1
- 9p: virtio: make sure 'offs' is initialized in zc_request
(git-fixes).
- commit 10bf215
- blacklist.conf: add "hwrng: virtio - Fix race on data_avail and actual data"
- commit c5a6489
- virtio_net: Fix error unwinding of XDP initialization
(git-fixes).
- commit 2d8db2e
- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 4eba973
- virtio: Protect vqs list access (git-fixes).
- commit 0445801
- crypto: virtio: Fix use-after-free in
virtio_crypto_skcipher_finalize_req() (git-fixes).
- commit 1c1619c
- vsock/virtio: add transport parameter to the
virtio_transport_reset_no_sock() (git-fixes).
- Refresh
patches.suse/vhost-vsock-accept-only-packets-with-the-right-dst_c.patch.
patches.suse/net-virtio_vsock-Enhance-connection-semantics.patch
- commit b2f8fd4
- virtio_balloon: fix deadlock on OOM (git-fixes).
- commit 55dd88a
- xen-netback: use default TX queue size for vifs (git-fixes).
- commit bcb62a2
- xen/x86: obtain full video frame buffer address for Dom0 also
under EFI (bsc#1215743).
- commit 04d5576
- xen/x86: obtain upper 32 bits of video frame buffer address
for Dom0 (bsc#1215743).
- commit e0fb7ee
- s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
- commit 46941f7
- usb: typec: altmodes/displayport: fix pin_assignment_show
(git-fixes).
- commit d110fbf
- usb: typec: altmodes/displayport: Fix configure initial pin
assignment (git-fixes).
- commit 849955e
- net: usb: dm9601: fix uninitialized variable use in
dm9601_mdio_read (git-fixes).
- commit f96b2d4
- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
xsa-441, cve-2023-34324).
- commit a9545c4
- blacklist.conf: risky backport that doesn't fix any actual bug
- commit 3d04b1a
- s390/vdso: add missing FORCE to build targets (git-fixes
bsc#1216140).
- commit cd866ae
- blacklist.conf: does not really fix any bug
- commit cba9926
- blacklist.conf: changes exported symbol
- commit d468872
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- commit 3f2541c
- blacklist.conf: cleanup, not fix
- commit 23ed894
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (git-fixes).
- commit 4086838
- blacklist.conf: irrelevant in our configs
- commit 60908b6
- tools/thermal: Fix possible path truncations (git-fixes).
- commit 012a1c3
- blacklist.conf: build only fix
- commit 9be29dc
- KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
- commit 1e42611
- blacklist.conf: the codebase changed too much to backport the patch
- commit 79518bf
- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
CVE-2023-39189).
- commit 1a88b87
- mm, memcg: reconsider kmem.limit_in_bytes deprecation
(bsc#1208788 bsc#1213705).
- commit 2d13fe0
- memcg: drop kmem.limit_in_bytes (bsc#1208788)
This brings a breaking commit for easier backport, it'll be fixed
differently in a following commit.
- commit f87e772
- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 154e29d
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
(git-fixes).
- commit 86ad453
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
(git-fixes).
- commit 5c6ec60
- net: usb: smsc75xx: Fix uninit-value access in
__smsc75xx_read_reg (git-fixes).
- commit aaff955
- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
(jsc#PED-5021)
- commit c05cfc9
- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 5490bdd
- tracing: Fix race issue between cpu buffer write and swap
(git-fixes).
- commit cd23ed9
- blacklist.conf: Add a not-needed ftrace cleanup
- commit 8f29597
- tracing: Fix memleak due to race between current_tracer and
trace (git-fixes).
- commit 39d6a56
- tracing: Fix cpu buffers unavailable due to 'record_disabled'
missed (git-fixes).
- commit 6f0b300
- wget
-
- Fixed the failure to detect SSL handshake timeout
[bsc#1217717, wget-add-support-for-timeout-with-ssl.patch,
wget-gnutls-honor-connect-timeout.patch]
- openssl-1_1
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- tar
-
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
PAX archives can lead to a crash, bsc#1217969
* fix-CVE-2023-39804.patch
- python-pip
-
- Add CVE-2023-5752-r-param-hg.patch to fix bsc#1217353
(CVE-2023-5752) avoiding injection of arbitrary configuration
through Mercurial parameter.
- patterns-sles
-
- Require kmod-compat rather than kmod. It's kmod-compat that has the tools
used by the kernel and scripts (bsc#1215533).
- openslp
-
- add separate source openslp.logrotate.systemd to use systemctl
reload for logrotate configuration [bnc#1206153]
new file: openslp.logrotate.systemd
- samba
-
- Add new idmap_nss option 'use_upn' for those NSS modules able to
handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Do not try to set domain online in the idmap child;
(bsc#1215369); (bso#15317).
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765
- openssl-1_0_0
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- curl
-
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
* Add curl-libssh_Implement_SFTP_packet_size_limit.patch
- Security fixes:
* [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
* [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
* Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
- ncurses
-
- Add patch bsc1218014-cve-2023-50495.patch
* Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
(bsc#1218014)