- bind
-
- Upgrade to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- cloud-regionsrv-client
-
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
- kernel-azure
-
- Refresh
patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
Fix KABI restoration also in tracing event message format.
- commit 3bd4a56
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d
- Drop doubly defined References in sound patches
- commit 46ad1df
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
(stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
(git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
format (stable-fixes).
- commit b91fd99
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 8359d86
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1194869).
- commit cc22863
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit b8cf562
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit 21ebef1
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90
- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6
- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
In the 5.15 stable series there was a full backport of nfsd. We don't
won't all of that. So blacklist lots of patches that we don't want.
- commit 0cfb63d
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 51e6ff5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit f28c110
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
CVE-2024-39493).
- commit 14b61d5
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
(git-fixes CVE-2024-40956 bsc#1227810).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
(git-fixes CVE-2024-38588 bsc#1226837).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb
- Update
patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48852 bsc#1228067).
- Update
patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
(jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
(jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48730 bsc#1226713).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
(git-fixes CVE-2022-48809 bsc#1227947).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
(jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6
- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit cd7215b
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit dd99721
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
(bsc#1224548 CVE-2024-36000).
- commit bb54a15
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit d1b1ed5
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 9249ead
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit a021822
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit d6c3d9d
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 8c80fa1
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit ba6e5c8
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit c3c9515
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845
- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
Different code using a local variable, switch to dynamic allocation done
in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
in 5.16.
- commit 40fbbcc
- blk-cgroup: dropping parent refcount after pd_free_fn() is done
(bsc#1224573).
- commit 87d4ac6
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 3c731c9
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 43f2501
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 568c7dd
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 65556f4
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- commit 3b8e93d
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 4f042e1
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit 320d7db
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
is paused (git-fixes).
- commit 81d45da
- wifi: mac80211: handle tasklet frames before stopping
(stable-fixes).
- commit 51c6566
- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
(stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
(stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
(git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
(stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
(stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
(stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
(stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
(stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
(stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
(stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
(stable-fixes).
- mei: demote client disconnect warning on suspend to debug
(stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
(stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
(stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
(stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
(stable-fixes).
- commit 38d8033
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit 9b9175d
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 3a2120b
- jfs: don't walk off the end of ealist (bsc#1228403
CVE-2024-41017).
- commit 553b2ef
- ext4: do not create EA inode under buffer lock (bsc#1227910
CVE-2024-40972).
- commit aacd3b6
- ext4: fold quota accounting into
ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857
- ext4: fix mb_cache_entry's e_refcnt leak in
ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749
- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- ceph: fix incorrect kmalloc size of pagevec mempool
(bsc#1228418).
- commit 2230e72
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 80ce1bf
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 38c1d39
- mptcp: remove tcp ulp setsockopt support
(CVE-2021-47591 bsc#1226570).
- commit 2079fc2
- Refresh
patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 05ae86a
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 875e673
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e
- devres: Fix memory leakage caused by driver API
devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
(git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b
- bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512
- drm/radeon: check bo_va->bo is non-NULL before using it
(stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
(stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
(stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
(stable-fixes).
- commit a18e5d0
- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
bsc#1227919).
- commit 6169baf
- wifi: mt76: mt7921s: fix potential hung tasks during chip
recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4
- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
bsc#1227899).
- commit 713bbc3
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2
- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67
- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558
- smb: client: fix use-after-free in smb2_query_info_compound()
(bsc#1225489, CVE-2023-52751).
- commit a32502b
- bpf: Set run context for rawtp test_run callback (bsc#1227783
CVE-2024-40908).
- commit 3bc3979
- ipv6: prevent possible NULL dereference in rt6_probe()
(CVE-2024-40960 bsc#1227813).
- commit 33bfa43
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
(git-fixes).
- commit e67818e
- cachefiles: flush all requests after setting CACHEFILES_DEAD
(bsc#1227797 CVE-2024-40935).
- commit f7e6672
- xfs: Add cond_resched to block unmap range and reflink remap
path (bsc#1228226).
- commit 398a1d5
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6
- PCI: Introduce cleanup helpers for device reference counts
and locks (git-fixes).
- commit 4645732
- PCI: tegra194: Set EP alignment restriction for inbound ATU
(git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- commit b5dfbee
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit f84afd1
- blacklist.conf: add one pci entry
- commit 8c4446c
- ipv6: prevent possible NULL deref in fib6_nh_init()
(CVE-2024-40961 bsc#1227814).
- commit 09176fe
- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56
- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
(bsc#1227732 CVE-2024-39508).
- commit 9c3b469
- mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f
- usb: typec: tcpm: clear pd_event queue in PORT_RESET
(git-fixes).
- commit 8782764
- netrom: Fix a memory leak in nr_heartbeat_expiry()
(CVE-2024-41006 bsc#1227862).
- commit fa76ffa
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
(git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
(git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
and locks (stable-fixes).
- commit a5ba589
- usb: gadget: call usb_gadget_check_config() to verify UDC
capability (git-fixes).
- commit a789eca
- blacklist.conf: pure dts
- commit ed51b87
- usb: cdns3: fix iso transfer error when mult is not zero
(git-fixes).
- commit 24ef45f
- usb: cdns3: fix incorrect calculation of ep_buf_size when more
than one config (git-fixes).
- commit 1aee554
- usb: cdns3: allocate TX FIFO size according to composite EP
number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228190).
- commit 7cce822
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
is true (git-fixes).
- Refresh
patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84
- usb: cdns3: optimize OUT transfer by copying only actual
received data (git-fixes).
- commit 909f26f
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- commit 82de9d3
- usb: cdns3: improve handling of unaligned address case
(git-fixes).
- commit ada0d19
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
(bsc#1227121 ltc#207129).
- commit 2fe1c33
- blacklist.conf: pure optimization
- commit 0f44899
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Input: elan_i2c - do not leave interrupt disabled on suspend
failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
(git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
(stable-fixes).
- crypto: ecdsa - Fix the public key format description
(git-fixes).
- commit daf9e8d
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
(git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
(git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
(stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
(stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
(stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
(stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
(stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
(stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
(stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
(stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
(stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
(stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
(stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
(stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
(stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
(stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd
- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
(git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
prepare() (git-fixes).
- commit 7e23de0
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
(stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
(stable-fixes).
- commit df254fc
- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 39544d5
- mptcp: ensure snd_una is properly initialized on connect
(CVE-2024-40931 bsc#1227780).
- commit 8410912
- bnxt_en: Adjust logging of firmware messages in case of released
token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7
- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a
- nilfs2: fix incorrect inode allocation from reserved inodes
(git-fixes).
- commit 84d8b23
- nilfs2: convert persistent object allocator to use kmap_local
(git-fixes).
- commit 5ccbbbd
- nilfs2: add missing check for inode numbers on directory entries
(git-fixes).
- commit 907b3f0
- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa
- jffs2: Fix potential illegal address access in jffs2_free_inode
(git-fixes).
- commit 03a6330
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24
- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit 2476f39
- Refresh
patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759
- xfs: fix log recovery buffer allocation for the legacy h_size
fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
(git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
(git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
(git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
(git-fixes).
- leds: triggers: Flush pending brightness before activating
trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee
- Update
patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
(CVE-2024-36889 bsc#1225746).
- commit cf8a3ad
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8
- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9
- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8
- mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889).
- commit d97efaf
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff
- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
bsc#1225851).
- commit f863dba
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977
- r8169: Fix possible ring buffer corruption on fragmented Tx
packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- commit cee3770
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94
- wifi: rtw89: Fix array index mistake in
rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
(git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
(git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
(git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
(git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
(git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
(git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
(git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
(git-fixes).
- drm/gma500: fix null pointer dereference in
cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
(git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
(git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
(git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
(git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
(git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
(git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
(git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
(git-fixes).
- nfsd: don't free files unconditionally in
__nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
(git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
(git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
(git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
(git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
(git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
(git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
(git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
(git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
(git-fixes).
- NFSD: verify the opened dentry after setting a delegation
(git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
(git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
(git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
(git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
(git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
(git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
(git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
(git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
(git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
(git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
(git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(git-fixes).
- commit e973410
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug# reference
- commit 354086f
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- commit b5e215c
- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370
- blacklist.conf: missing backport for fix
- commit 6f546a1
- net/mlx5: Always stop health timer during driver removal
(CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c
- usb: dwc3: gadget: Synchronize IRQ between soft
connect/disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2
- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c
- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc
- hfsplus: fix to avoid false alarm of circular locking
(git-fixes).
- commit 88f4150
- blacklist.conf: cleanup, not a fix
- commit b7bc0b1
- net/mlx5: Register devlink first under devlink lock
(CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
bsc#1222799).
- commit b9232bb
- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
bsc#1221010).
- commit 6ef4a6c
- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
bsc#1226565).
- commit 994eb84
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841
- ionic: fix use after netif_napi_del() (CVE-2024-39502
bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
race (git-fixes).
- commit f8dee1e
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e
- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
(CVE-2024-35853 bsc#1224604).
- commit e216456
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9
- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
bsc#1224414).
- commit 3644194
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 4ab465a
- tracing/net_sched: NULL pointer dereference in
perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5
- tracing: Build event generation tests only as modules
(git-fixes).
- commit 383ccf7
- cachefiles: add output string to
cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c
- ftrace: Fix possible use-after-free issue in ftrace_location()
(git-fixes).
- commit f6aba47
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b
- netfilter: nf_tables: do not compare internal table flags on
updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba
- csky: ftrace: Drop duplicate implementation of
arch_check_ftrace_location() (git-fixes).
- commit c9c9bba
- net/smc: avoid data corruption caused by decline (bsc#1225088
CVE-2023-52775).
- commit 7b97698
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7
- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
bsc#1223806).
- commit 6af6de1
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947
- blacklist.conf: Blacklist unneeded patch
- commit a22ed51
- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
bsc#1220952).
- commit 3d5c321
- tipc: check for null after calling kmemdup (CVE-2021-47186
bsc#1222702).
- commit 34af8f8
- i2c: rcar: bring hardware to known state when probing
(git-fixes).
- i2c: testunit: avoid re-issued work after read message
(git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0
- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
(git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
(git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
(stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
(stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
(stable-fixes).
- drm/amd/display: Check index msg_id before read or write
(stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
(stable-fixes).
- commit 7c70cdc
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit eaeef60
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
is out-of-bounds (git-fixes).
- commit 9ec2217
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
(git-fixes).
- commit 8bd778f
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1227162).
- commit 71773a0
- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
IDs (git-fixes).
- commit bf2b1de
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942 bsc#1225843).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944 bsc#1225847).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
(git-fixes CVE-2024-39475 bsc#1227435).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950 bsc#1225895).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947 bsc#1225856).
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
invalid target (git-fixes).
- commit 112065d
- KVM: x86: Purge "highest ISR" cache when updating APICv state
(git-fixes).
- commit a129b88
- KVM: x86: Disable APIC logical map if vCPUs are aliased in
logical mode (git-fixes).
- commit 8d68b06
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: x86: Disable APIC logical map if logical ID covers multiple
MDAs (git-fixes).
- commit 0357410
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
setup (git-fixes).
- commit 288a73b
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- KVM: x86: Explicitly track all possibilities for APIC map's
logical modes (git-fixes).
- commit 2cf1fb4
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
LDR==0 (git-fixes).
- commit d6f5973
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
routes (git-fixes).
- commit a815f21
- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
in CPUID (git-fixes).
- commit ccf2508
- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- commit ee1e789
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
Misconfig (git-fixes).
- commit 0d2641d
- KVM: VMX: Report up-to-date exit qualification to userspace
(git-fixes).
- commit 606216a
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- commit 7f61c0e
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
(git-fixes).
- commit eea9593
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6
- Refresh
patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 69cbb3f
- Refresh
patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 8238035
- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d
- btrfs: use dev_t to match device in device_matched
(bsc#1227162).
- commit 4a1fa42
- btrfs: add device major-minor info in the struct btrfs_device
(bsc#1227162).
- commit 297d7e5
- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd
- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c
- btrfs: remove the cross file system checks from remap
(bsc#1227157).
- commit b30d559
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
In order to apply current patch need to refresh:
arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7
- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d
- selftests/bpf: test case for callback_depth states pruning logic
(bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
(bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
(bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
(bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
(bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
(bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
(bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
(bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
(bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
expected messages (bsc#1225903).
- commit d974185
- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit dccf281
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit a961424
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(CVE-2024-36939 bsc#1225838).
- commit 1e7c712
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272).
- commit a570654
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- netfilter: conntrack: ignore overly delayed tcp packets
(bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
(bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
(bsc#1223180).
- commit f482451
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557
- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
fixed incorrect bug number reference
- commit 999a0f9
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit a6082a0
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
CVE-2023-52580).
- commit 0ff3299
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
(sched)).
- commit 27be692
- blacklist.conf: Unsupported architecture
- commit 74cc76a
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(git-fixes).
- commit 4c4245d
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1
- drm/nouveau: fix null pointer dereference in
nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
(stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
(stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
(stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
(git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
(stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
(stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
(stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
(stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
(stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
(stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
(stable-fixes).
- commit 7f3043b
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef
- bpf: check bpf_func_state->callback_depth when pruning states
(bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
func exit (bsc#1225903).
- commit d19d633
- bcache: fix variable length array abuse in btree_iter
(CVE-2024-39482 bsc#1227447).
- commit 17815f2
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 450645b
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 2baf830
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit 47079b2
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
(git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(git-fixes).
- commit 2b22fa3
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
(bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
(bsc#1225903).
- commit c363b0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- openssl-1_1
-
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- python-Twisted
-
- Add a couple of upstream patches to fix http process information
disclosure (CVE-2024-41671, bsc#1228549) and XSS via html injection
(CVE-2024-41810, bsc#1228552):
* CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6
* CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- 000release-packages:SLES-release
-
n/a
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)